I'll second Mullvad. Their interface is dead simple and the list of supported platforms/protocols is great. Quite permissive with 5 connections and port forwarding options. They actually detail how they attempt to never log the payment -> account link for most payment methods on their site. The account has no authentication, it's just an account number with no other identifying information.
They also list all their servers so you can modify your config to have any combination of servers/locations to use and fall back to.
And free software comes with backdoor? You're right in thst the reputation is mostly accurate but there are a few that offer a free and a paid tier (protonvpn for example)
The OpenVPN configuration uses AES-128-GCM as the cipher, which itself is fine but the website claims it is using AES-256.
More concerning is the 'Tor VPN' and bridge being offered. The Tor bridge here is not a proper bridge, instead the SOCKS port is being exposed on a public IP rather than the usual 127.0.0.1. SOCKS is an unencrypted protocol so everything being sent to the bridge is exposed on the wire, and your ISP can trivially see that you are connecting to a VPN over it. This is dangerous and misleading - Tor even warns you that the protocol is not encrypted when you expose the SOCKS port publicly. Real Tor bridges are simply relays not listed in the consensus file. Connections using them are still encrypted using TLS. The website incorrectly claims that by using the VPN over Tor configuration files, you are masking your VPN connection from your ISP.
This free VPN is so misleading that I felt the need to make a HN account just to write about it.
Also only available cipher for wireguard is Chacha20Poly1305. I wonder how comes technical information presented by this VPN service is such inaccurate.
14 comments
[ 2.9 ms ] story [ 45.7 ms ] threadThey also list all their servers so you can modify your config to have any combination of servers/locations to use and fall back to.
There are plenty of guides, especially for the big VPS providers like DigitalOcean.
I pay by cash, so they don't have my payment info.
They have your payment information, identity, and everything all linked to that VPN config.
Don't be fooled by the standard cliche around free VPNs. Some free VPNs are bad, but to say that because a VPN is paid it is legit is just wrong.
More concerning is the 'Tor VPN' and bridge being offered. The Tor bridge here is not a proper bridge, instead the SOCKS port is being exposed on a public IP rather than the usual 127.0.0.1. SOCKS is an unencrypted protocol so everything being sent to the bridge is exposed on the wire, and your ISP can trivially see that you are connecting to a VPN over it. This is dangerous and misleading - Tor even warns you that the protocol is not encrypted when you expose the SOCKS port publicly. Real Tor bridges are simply relays not listed in the consensus file. Connections using them are still encrypted using TLS. The website incorrectly claims that by using the VPN over Tor configuration files, you are masking your VPN connection from your ISP.
This free VPN is so misleading that I felt the need to make a HN account just to write about it.
- OpenInternetAccess domain name registration is privacy enabled (who isn't)
- VanwaTech runs this VPN, according to their website
- The phone number listed for VanwaTech is (315) 754-4728
- This number is also the contact for Northwest Hydropower (https://nwhydropower.com/)
- Northwest Hydropower hosts asic crypto currency miners
- u/Nick-Lim has posted advertising OpenInternetAccess VPN, Northwest Hydropower, and VanwaTech
Just so you know who runs this VPN.