14 comments

[ 2.9 ms ] story [ 45.7 ms ] thread
It's as if everyone here suddenly forgot all free VPNs are honeypots.
Do you have a VPN you do recommend?
Not OP, but I've used Mullvad for a couple years and have 0 complaints.
I'll second Mullvad. Their interface is dead simple and the list of supported platforms/protocols is great. Quite permissive with 5 connections and port forwarding options. They actually detail how they attempt to never log the payment -> account link for most payment methods on their site. The account has no authentication, it's just an account number with no other identifying information.

They also list all their servers so you can modify your config to have any combination of servers/locations to use and fall back to.

Get a cheap VPS and setup one yourself.

There are plenty of guides, especially for the big VPS providers like DigitalOcean.

Mullvad just got wireguard through the official client on Linux and OSX. Works like a charm.

I pay by cash, so they don't have my payment info.

And free software comes with backdoor? You're right in thst the reputation is mostly accurate but there are a few that offer a free and a paid tier (protonvpn for example)
The biggest honeypots are the paid VPNs....

They have your payment information, identity, and everything all linked to that VPN config.

Don't be fooled by the standard cliche around free VPNs. Some free VPNs are bad, but to say that because a VPN is paid it is legit is just wrong.

You can send Mullvad.net an envelope with cash for an anonymous VPN account. Just make sure to wear gloves when sealing the envelope. ;-)
Also, a lot of providers accept cryptocurrency, which is trivial to anonymise.
The OpenVPN configuration uses AES-128-GCM as the cipher, which itself is fine but the website claims it is using AES-256.

More concerning is the 'Tor VPN' and bridge being offered. The Tor bridge here is not a proper bridge, instead the SOCKS port is being exposed on a public IP rather than the usual 127.0.0.1. SOCKS is an unencrypted protocol so everything being sent to the bridge is exposed on the wire, and your ISP can trivially see that you are connecting to a VPN over it. This is dangerous and misleading - Tor even warns you that the protocol is not encrypted when you expose the SOCKS port publicly. Real Tor bridges are simply relays not listed in the consensus file. Connections using them are still encrypted using TLS. The website incorrectly claims that by using the VPN over Tor configuration files, you are masking your VPN connection from your ISP.

This free VPN is so misleading that I felt the need to make a HN account just to write about it.

Also only available cipher for wireguard is Chacha20Poly1305. I wonder how comes technical information presented by this VPN service is such inaccurate.
Some googling finds the following:

- OpenInternetAccess domain name registration is privacy enabled (who isn't)

- VanwaTech runs this VPN, according to their website

- The phone number listed for VanwaTech is (315) 754-4728

- This number is also the contact for Northwest Hydropower (https://nwhydropower.com/)

- Northwest Hydropower hosts asic crypto currency miners

- u/Nick-Lim has posted advertising OpenInternetAccess VPN, Northwest Hydropower, and VanwaTech

Just so you know who runs this VPN.