1. 0
  1. 7

    The only attackable claim this article makes is that “NordVPN doesn’t deliver a product” but I see nothing to back this up. I’m using their product right now.

    We know VPNs can be honeypots already, and this article ends with a “nordvpn is a honeypot, maybe” without any real facts or a coherent argument. That four-point checklist is absolutely ridiculous.

    1. 5

      Where is the evidence of “blackmailing journalists”? This whole article seems highly suspect and the methods to back up the claims are anything but rigorous.

      1. 4

        The reason I’m posting this article isn’t because I’m necessarily convinced by what it says (it has a bit of a shady style), but because I’m interested in what others here have to say. Most people in this HN thread seems to be sceptical, but considering how much money NordVPN and other prominent VPN providers spend on advertising, I wanted to see if anyone here knows more.

        1. 2

          A lot of people ask me, what VPN do I recommend? Well, I can’t recommend one, because then all of my blog posts and information would suspect and I’d be a “shill”. The only thing I can do is tell you which VPNs not to use. And today, I’m focusing on NordVPN.

          This sounds like faux-neutrality to me; this article makes very strong claims with very little evidence. Telling people “don’t buy this” can be just as much “shilling” as “do buy this”. I don’t know if the author is trying to “shill” something – they could just be misguided.

          1. 2

            I think this article does a better job at explaining the situation as a whole (I’m biased: I know the author and have written for the blog). The Tesonet incident was covered a while ago and it seems unlikely that they have any links. I still wouldn’t recommend NordVPN due to questions about their ownership misleading advertising. Frankly, I dislike the Nord franchise, however VPN drama has gone too far. VPNs are touted as an all in one privacy preserving service, which simply isn’t the case. Unless you really need to access geo-restricted content, or use a public wifi network that blocks Tor, you don’t need a VPN. For most Lobste.rs users operating one solely to securely make their Homelab available over the internet would make sense.

            1. 1

              VPN services are generally misleading. This isn’t anything new. Either put services that can hold immense control over your data under intense scrutiny before touching them, or run your own.

              Especially with WireGuard, running your own VPN isn’t at all difficult anymore. If you must use a service, I can vouch for cryptostorm.

              1. 3

                run your own

                How do you plan on doing that without giving up more personal data than you would have to for a VPN? A VPS usually requires a credit card or something like that, and physically hosting a server usually requires a ISP.

                1. 3

                  Personally, I’m under the impression that a given VPS provider has less incentive to read your data than a company explicitly advertising VPNs – depends on the provider. However, that’s extremely fair.

                  1. 1

                    Preventing people from reading your data is your own responsibility, using a VPN doesn’t make up for encryption. You want to be protected from people collecting your metadata, by obscuring the path and connecting the flow back to you.

                    I know (or so I’ve heard) that if I were to torrent a movie using a VPN, and some lawyer would request data on who this or that IP was, that they wouldn’t give it out. Doing so would compromise their business, and a lot of people would switch. Try this with a VPS and they’d just forward the accusation on to you. This is even easier when you’re hosting your own hardware. So even if I can imagine a VPN provider would have it easier to make use of the data, I don’t see any alternative that would be less susceptible to that attack, especially when you’re not a rando someone’s trying to scare with strongly worded letters but people are trying to go after you, and your privacy is essential.

                    1. 1

                      yeah i would think the opposite, considering that many VPN providers specifically advertise that they don’t keep logs, whereas few if any VPS providers do.

                  2. 2

                    I don’t think it’s easy to run your own VPN in a way that doesn’t give immense control over your data to a third party.

                    1. 4

                      Immense control over your data may or may not be a bad thing depending on what you are doing. If I live in North Korea and I want to post articles critical of Kim Jong Un, I don’t care if the VPN provider has my blog account password—as long as they are not sharing that data with North Korea. Nowhere else criticizing Kim Jong Un is illegal, so they can have control over all my data, but no power over me.

                      However, if I live in say Canada and I’m doing something that is illegal in most of the world, I may as well give my data to a hypothetical JucheVPN located in North Korea and let them have all my data since as long as I don’t go to North Korea personally, they have no power over me. They can blackmail me of course, but if they want to make money on VPN services, it’s not in their best interests.

                      1. 3

                        man I wish there was a JucheVPN, that’d be awesome

                      2. 3

                        So it goes. It’s all dependent on how motivated that third party is to read your data.