they were all owned by the same company and sold to Kape, which has ties to the Israeli intelligence service, a few years back.

The issue is who he sold it to – the notorious creator of some pernicious data-huffing ad-ware, Crossrider. The UK-based company was cofounded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading who was later named in the Panama Papers. It produced software which previously allowed third-party developers to hijack users’ browsers via malware injection, redirect traffic to advertisers and slurp up private data.

I personally use perfect-privacy, which didn’t turn up any red flags when I did research a few years ago. it’s a little lacking in features but openvpn isn’t that hard to set up on linux & android. no clue how well their desktop app works.

    • 7bicycles [he/him]@hexbear.net
      link
      fedilink
      English
      arrow-up
      44
      ·
      9 months ago

      glad to see another fan of the “it all has backdoors, but opposing governenments can do a lot less harm with it” approach to cybersecurity

    • RyanGosling [none/use name]@hexbear.net
      link
      fedilink
      English
      arrow-up
      17
      ·
      9 months ago

      Westerners don’t want to admit this, but the only safe VPNs are made by their enemies lol. And this isn’t even “tankie” propaganda. If you were Russian or Chinese it’d be your best interest to use western VPNs. Maybe not American ones unless you want to end up like burned Iranian CIA assets

    • farting_weedman [none/use name]@hexbear.net
      link
      fedilink
      English
      arrow-up
      10
      ·
      9 months ago

      Kaspersky was at least at one point a resold version of hotspot.

      here’s an article that has a lot of details.

      Hotspot isn’t exactly in the best situation to be a vpn you’d trust if you were worried about law enforcement.

        • farting_weedman [none/use name]@hexbear.net
          link
          fedilink
          English
          arrow-up
          5
          ·
          9 months ago

          That’s a good way to evaluate lots of stuff.

          One way that kaspersky might not be safe enough for you, if it’s still a rebrand of hotspot which I haven’t confirmed, is that hotspot has offices in states where they can be compelled to install equipment and software to monitor throughput without notifying customers. That’s no big deal for Russians and Syrians because they’re still protected from those states actions by a bunch of layers of international law and whatnot. If you aren’t safe from, for example, the us government because you, for example, live in the us then it might not be the protection appropriate for you and your uses.

          It’s one of those circumstances where at the very least a warrant canary would be good, but would also only provide certain assurances and would rely on the users awareness to function.

    • moondog [he/him]@hexbear.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      Kaspersky:

      Server speeds of up to 10 Gbps keep your devices running fast

      Does this mean I have to browse through them at 10Gbps instead of the typical 100Gbps I get from my ISP? Seems a bit painful

  • JamesConeZone [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    19
    ·
    edit-2
    9 months ago

    perfect-privacy

    $120 a year, god damn. I used PIA because it was $80 for 3 years and because like 10 people can use the same account.

    for others switching from PIA,

    • kaspersky is about $35 a year ($30 first year, then $45) for 5 devices

    • protonvpn $60 a year for 10 devices with the 2 year plan

    • Mullvad is $60ish a year for 5 devices (no port forwarding)

    • IVPN is $80 a year for 7 devices with 2 yr plan (no port forwarding)

    • lapis [fae/faer, comrade/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      10
      ·
      9 months ago

      I also was just looking, and that “reasonable price if you prepay for two years” nonsense is, well, nonsense. I ain’t exactly looking to spend $120+ all at once while crossing my fingers in the hopes the service doesn’t suck.

      Kaspersky seems like a good move, the page is saying it renews at $40/yr which is only $10 more than my current provider. Only five devices is a shame, though.

      • JamesConeZone [they/them]@hexbear.net
        link
        fedilink
        English
        arrow-up
        9
        ·
        9 months ago

        I was leaving towards them too. I paid for two years of NordVPN and got a refund when it sucked ass, so I’m guessing other companies do that if it isn’t great

  • farting_weedman [none/use name]@hexbear.net
    link
    fedilink
    English
    arrow-up
    19
    ·
    9 months ago

    There’s a significant difference between the threat model surrounding vpns that you intend to use for port forwarding torrents and vpns you intend to use to protect yourself from data harvesting/the cops.

    Don’t expect one to do both.

      • farting_weedman [none/use name]@hexbear.net
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        9 months ago

        I totally agree. I made my post for the same reason but not in direct reply to anyone talking about torrenting.

        E: the thing I’m generally posting in the direction of is that all vpns aren’t the same and just turning yours on before you click on the link while you flip down your sunglasses and say “I’m in” or even checking out a company’s reviews before you sign up isn’t enough to keep you protected in the limited ways that VPNs are able to.

        I’m using a hypothetical “you” here, not trying to accuse you of those practices in a passive aggressive way.

    • OrionsMask [he/him,any]@hexbear.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 months ago

      Sorry for messaging on a month-old thread but you seem like you know what you’re talking about. Choosing a solid VPN seems like a minefield between paid sponsorships and reviews, location of headquarters, potential ties to intelligence agencies, privacy features, prices, etc. etc. etc.

      I wanted to get your thoughts on Windscribe as a potential all round good VPN. They talk a real solid game in their blog posts and seem to be very ideologically driven, and they tick all the right boxes… except that they are headquartered in Canada. Do you have any thoughts about them? Would you recommend steering clear or do you think they’re solid?

      Many thanks!

      • farting_weedman [none/use name]@hexbear.net
        link
        fedilink
        English
        arrow-up
        5
        ·
        7 months ago

        The ideology and commitment of a service provider is irrelevant. Companies doing business in a nation are compelled by force to follow those nations laws.

        I would advise against looking for an “all round” vpn. Think about it more like a tool. No one would recommend you replace a socket wrench set with a gerber multitool because the gerber has a lifetime warranty and a screwdriver and wire cutter built in. Those are great things to have and gerber really will honor that warranty when you break the pliers fucking around with barb wire but the multi tool isn’t a socket wrench.

        I use a few vpns. Mullvad, air, proton and a few classic style lil servers that just handle traffic. Air and proton are both very good for torrenting and running services. Mullvad is nice for getting/being serious about privacy from states.

        To use another metaphor, think about a vpn like a gun. They’re not all the same and if you try to use one to do something it’s not suited for you’ll by unsuccessful.

        If you feel comfortable talking about it, what are you planning on using a vpn for?

        • OrionsMask [he/him,any]@hexbear.net
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          7 months ago

          Thanks for the reply. That’s a fair point, but when the time comes to be forced, they may have nothing to provide because of that ideological commitment, no? Windscribe in particular boasts a no logging policy, so what do they have to offer really when push comes to shove? It’s been tested as well, one of their servers in Ukraine was seized by local authorities and not only did they self-report the seizure a week later, apparently nothing came of the seizure apart from a few leaked usernames. Am I being naive in thinking this is a demonstration of their claims?

          I don’t want to get too specific about my use cases for obvious reasons, but I live in the UK and I’m sure you’ve heard that our privacy is slowly being completely hollowed out by legislation. Plus the government has been steadily criminalising several forms of protest, to the point that I worry that even having history on a site like this may one day be an issue. Basically I’m trying to take greater steps to protect my privacy (and services like port forwarding are useful too).

          • farting_weedman [none/use name]@hexbear.net
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            7 months ago

            When the police have a wiretap warrant they’ll install their own logging facilities.

            If you’re really worried id setup and be prepared to use two different vpns, with multihop when the time comes. Not at the same time, but be prepared with a backup.

            One of the ways that effective vpns are targeted is with websites and services blocking their servers. Mullvad had that happen last year when interpol wanted to push csam people off of it. The csam people were using port forwarding to host file sharing with the security that mullvad provided and in order to get mullvad to stop offering port forwarding they leaned on every major website to block their server ips. Whole fens wouldn’t respond to you if you were using mullvad. Eventually they stopped offering the service and the csam people had to go elsewhere.

            So even an effective vpn can be targeted and it’s worth it to have a backup.

            E: also those servers seized in ukrane were unencrypted, which is a huge incredibly stupid unforced error and it means they better have done a big fucker key rotation afterwards. I don’t use windscribe so I don’t know if they did.

            • OrionsMask [he/him,any]@hexbear.net
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 months ago

              I didn’t realise that port forwarding was so intertwined with CSAM. :/ I just know it’s required for torrenting. I actually used to use Mullvad and PIA but moved away from both because they did things that made them look sketchy/cooperated with authorities.

              I’d like to think I’d never be in a position to be on the receiving end of a wiretap, but noted, you never know. I do think that two VPNs might be a bit overkill to assuage my own paranoia though… You’ve sufficiently put me off Windscribe at the very least lmao. I’ll look for a VPN not in a 14 eyes country and since you evidently trust Mullvad, I’ll look into it again too and see if I can make do. Thanks for your insight!

              • farting_weedman [none/use name]@hexbear.net
                link
                fedilink
                English
                arrow-up
                4
                ·
                7 months ago

                What made you raise your eyebrows at mullvad? I know they had a search executed on em but it ended up being a big nothing burger iirc.

                I wouldn’t worry about the eyes-ness of a providers operations based on your concerns. What’s most important is having a fallback for when your main vpn isn’t available and making sure you’re using the fallback when that happens.

                The thing you’re worried about isn’t a particular agency targeting you in particular, but being swept up in police action and mass surveillance. To that end it doesn’t really matter as much that your vpn have the lack of interpol cooperation or even the obfuscating effect of using the same exit node as a bunch of other people but instead that you be always using one, understand what it does and who or what your devices are communicating with and practice the best possible security you can when dealing with the cops.

                Look into securing your devices against intrusion (and keeping secure backups) and how to deal with the police when they take you in. For example: an iPhone is put in a special state when it’s powered on that requires strict authentication before any kind of peripheral will be recognized. If you can’t turn the phone off then just grabbing the two buttons that put it in the “slide to power off” screen drops all peripheral connections and needs an authentication before it’ll let anyone use it.

                Drill that interaction so that no matter how gassed, beaten and dazzled you are, you can put your devices in some kind of secure-ish state.

  • YearOfTheCommieDesktop [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    9 months ago

    I’m sure they still spy on my torrents but this is why I don’t use any vendor provided apps or software for VPN shit (or anything else without a very compelling reason tbh), it’s practically guaranteed to be adware or spyware

    I guess it’s time to check if my provider is on this list though

    • SwitchyWitchyandBitchy [she/her]@hexbear.net
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      9 months ago

      I don’t know the situation on Windows but the network manager VPN integration on Gnome is actually pretty amazing. Just have my VPN set to auto connect and it just works and comes right back up without any drama when the system wakes from sleep or switches access appints etc. definitely +1 for not using the vendor apps.

      • YearOfTheCommieDesktop [they/them]@hexbear.net
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        9 months ago

        Huh I’ve been using that same integration for years with ubuntu, and now pop os, and haven’t seen an option to auto-connect… Not sure I’d want to anyhow for this particular device since I have a bunch of different vpns configured but wondering where you set that? Maybe it’s just Pop that doesn’t have that in the UI? I’m sure I can toggle it in nmcli

        • SwitchyWitchyandBitchy [she/her]@hexbear.net
          link
          fedilink
          English
          arrow-up
          5
          ·
          9 months ago

          The old Pop! shell (I assume you’re using the old one since last I checked the new one written in rust isn’t ready to daily yet, hopefully soon though…) hasn’t gotten any love in a long time, but I’m surprised you don’t see it in Ubuntu. Here’s what it looks like for me on Fedora:

  • M68040 [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    9 months ago

    I set up a Wireguard appliance on my VM host a while back but never got around to actually setting my PC up to actually be able to use it or anything

  • Mardoniush [she/her]@hexbear.net
    link
    fedilink
    English
    arrow-up
    7
    ·
    9 months ago

    I dont think anything conspiricy brained me quite as much as what happed to the person who leaked the Panama Papers. Not Epstein, not the Jakarta Method, not that time when the FBI and CIA found out every member of the Trot Org they were infiltrating was an informant…

  • SwitchyWitchyandBitchy [she/her]@hexbear.net
    link
    fedilink
    English
    arrow-up
    5
    ·
    9 months ago

    Any body know of any good ones that use wireguard? I have PIA (didn’t do anything I needed to be actually secure on fortunately) since I get amazing performance with wire guard vs openvpn, or least it seems to be a lot less picky when the underlying connection is weird or unreliable.

    Also, for anyone who needs to hear it, a VPN alone will not protect you and you shouldn’t use both at the same time unless you know what you’re doing and the security consequences.

    • scoobford@lemmy.zip
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      I don’t think wireguard is recommended yet for privacy reasons, but mullvad has always been solid AFAIK. You can even pay in cash if you like.

    • farting_weedman [none/use name]@hexbear.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      The other reply is correct about wireguard and privacy. If you have concerns about the connection to the vpn server being traced back to you, don’t use wireguard.

      Wireguard uses perfect forward secrecy, which means that no one can see the private keys and none of your information is ever revealed to a man in the middle. A man in the middle would, though, be able to see that a connection was made between the vpn server and your ip.

      It’s worth investigating why that would be a concern and I’ll outline an example here:

      You connect your computer to the vpn and go do some stuff. Unbeknownst to you, someone’s been packet sniffing the vpn server you use for along ass time and has accumulated enough information to say for certainty that you were connected right before the stuff was done. Based on recent examples, that’s enough to get a warrant!

      How would you mitigate that? Key and server rotation! For example, if you created a wireguard config for a bunch of vpn servers and switched them up from time to time and/or deleted your old config and made a new one with a new key. Easy peasy.

      There’s a good overview of some of the problems wireguard can face here. Some of them are shared by other protocols and some are much different than what we’re talking about. Generally though wireguard is very good and almost all concerns are alleviated by key/server rotation.