1 Like
Wew lad
This is gonna be good.
Colour me entirely unsurprised.
Setting yourself up as a āpublic vpn provider to protect your privacy onlineā raises a massive red flag to the NSA, criminals, etc. for obtaining data on āinterestingā people (either in an illegal activity or blackmail potential way).
And yes, failure to disclose for āseveral monthsā is inexcusable for a security company offering a privacy service.
Controversial opinion: Want to fly under the radar? Donāt do dumb/illegal shit online, or do it unencrypted with the rest of the unwashed masses (for petty misdemeanour stuff).
If youāre doing stuff that you really donāt want to be in the clear (e.g., secure comms), use proper encryption between trusted endpoints (e.g., ipsec, pgp, etc.).
Just curious, do people actually trust VPNās with their data more then their ISPās? I personally only use a VPN when Iām on a public WiFi network because fuck that, but I wonāt use a VPN to log on to anything sensitive like my personal finances.
To be honest, Iām somewhat happy this happened and I hope it throws some water on the trash fire that is āVPNs protect your privacyā. If you want to protect yourself against tracking, use uBlock and Privacy Badger. If you want actual privacy, use the Tor browser and disable JS.
I disagree. Shit gets hacked, sometimes due to negligence but sometimes due to pure bad luck. However, not disclosing in a reasonable time frame prevents the end users from taking action in a reasonable time to respond to potential new threats. In a low impact scenario, this would be rotating potentially compromised credentials, but more importantly users may need to move themselves out of harmās way if they live in an area where what they say online can lead to physical harm.
Not relevant in this case, that vulnerability only matters in shared computing environments.
Zoz is great! He has some other talks as well, equally as fun to watch.
Eh, VPN providers act more as uncensored bridge to the internet than security companies.
Absolutely not.
1 Like
No big deal IMO. If they were under investigation or damning lawsuits then Iād move.
VPNs to me add another layer of obfuscation. True privacy and security would include not using the internet haha.
1 Like
Yes.
You could ask for a refund, but hereās the question: Does a minor breach that happened ages ago really make you not want to finish your pay period out?
I wouldnāt say theyāre any worse off than any of the other VPN providers out there, tbh.
1 Like
19 months is also way more than several months, its more than a year for fucks sake.
I donāt use them or really understand fully what happened, literally just woke up, still in bed, so not going to speculate but wow this does look real bad.
1 Like
On the flip-side in Australia, the maximum damages for end-user online copyright infringement is (IIRC, based on the ruling on some case that went to court a few years back) to pay for a copy of the content you stole, so the MPAA/RIAA has backed the fuck off as of late.
It just aināt worth the legal fees for them to pursue an individual for say, $29 for a season of whatever. As opposed to the millions of dollars they typically try to sue individuals for in the states.
edit:
This isnāt legal advice, blahblah.
Ars reports 19 months.
Editā¦
Over the weekend, the VPN biz tweeted a now-deleted boast that āAināt no hacker can steal your online life. (If you use VPN).ā In response, a hacker group calling itself KekSec revealed that some other miscreants had broken into one of the companyās boxes, and leaked various files, including an OpenVPN configuration and associated private key.
Thatās just fucking hilarious. But as always if you want the right answer on the internet the best way is to give to wrong answer and wait for the flood of corrections.
In this case the question being: Are you (nord) secure, they answered yes of course and then were proven quite wrong.
I still know fuck all about this but it is pretty funny.
1 Like
Sure. VPN companies advertise their services will protect their users privacy. They have a strong incentive not to sell them down the river, because that would destroy their business.
Your ISP, on the other hand, is a cable company. Nobody expects Comcast to give a crap about their customersā privacy. Just the opposite, really.
Of course your technically based argument about VPNs not really doing much to protect privacy or anonymity is accurate, they just move your endpoint further away. My feeling is most people use them to evade work firewalls/monitoring and/or for piracy. They just canāt advertise āSign up for NordVPN to safely pirate Game of Thrones!ā
1 Like
Do nothing. Continue to use ā¦ Always encrypt everything end to end!
Rotate servers to which you connect in a more random and systematic way. Try not to rely on one or more servers from a small pool. Rotation will always add a potentially smaller time vector and a smaller place vector as a threat to you if again some server would be exposed to penetration.
If you always connect to one and the same server then the time / place vector is very dangerous for the user if this server is the victim.
A loose example. Letās say we have 96 servers. Instead of always connecting to only one, connect to all 96 randomly and change the server often. Every 15 minutes change your server to the next one, you will jump over 96 servers 
The higher the rotation, the better, although we speak here more in the context of paranoia.
I never trusted nord
Especially when this is how they do sponsors
4 Likes
Who do you trust? They are all very similar at the end of the day. This is business and a ton of BS ā¦
And around the corner are multi-letter agencies and organized crime.
1 Like
Something about them rubbed me the wrong way. I donāt care about the advertising, but the way they came up seemed a bit odd.
Personally, I do not have nordvpn but even if they have something on their conscience, who will guarantee that others also have no sins.
Maybe itās time for a triple tunnel ā¦
You-PIA-NORD-Proton-TargetHost 
Youāre hired.
2 Likes