Once you dig into how the Kape Technologies holding is linked to the same people of the NSO Group scandals, well, good luck finding a VPN that didn't sell out their customers.
I’m not a serious user, but I subscribe to Mozilla’s VPN service. Not free but I believe in their mission and feel good about sending a few bux their way.
Same, I made the poor judgement of subscription to Nord vpn years ago that I ended up not really using because many streaming sites blocked the vpn ips. Then I hear of the behavior of the company claiming they don’t take logs but they definitely take browsing logs. I felt like I was duped into a 2 or 3 year subscription upfront and didn’t really understand the product space or how to evaluate the different companies. Like are there any objective news sources to rank these services and what internet comments to trust at face value? I listened to a youtube ad in the first place, so I’m unsure what I was expecting.
Mozilla gained good will over the years and I like the browser. The vpn is fairly seamless and permissive for number of devices. I understand it is a wrapper on Mullvad and we are paying a healthy overhead. Still, it is worth it because I’d trust that if the vpn service provider behaves in bad faith that Mozilla will be able to quickly respond and adopt another provider. Whereas if it were up to me I may hear of it years later and not necessarily know what service to adopt instead.
My use is merely hoping to reduce tracking based on ip. I wouldn’t trust it to be subpoena proof. I’m not into pirating music anyway.
Actually, they rather lost a lot over the last years, with various shady things, like tracking for advertisement enabled from the browser by default (called studys).
So sadly, I also would not trust them as a VPN. Way more than some random VPN service, sure, but not completely. But I also do not know of a better alternative.
Eh, only if you accept the hype and hyperbole of those that not only hold them to a standard that nobody achieves (which is fine, it gets them closer to that standard) and then use that as a reason to tell people that they should products that are far inferior by those same standards (which is stupid).
I've lost track of the times a Mozilla misstep has resulted in people here saying that's the reason they're switching back to chrome, which I find frankly ridiculous. Also, the whole damn thing is open source, so it's not like they're really hiding anything, people just don't care until someone makes a stink and then all of a sudden everyone cares a lot.
No browser is perfect, but Mozilla is definitely one of the better ones for anyone privacy conscious.
Here we are talking about trust. And a company (Mozilla) that talks a lot about trust and ideals and privacy and then sneaks in tracking by default with a innocent sounding name (studies) is simply not trustworthy to me.
They are hiding bad behavior in nice sounding words.
We technical folks get it and can deactivate it.
Every non technical person I know, who still uses firefox does not know and has all the defaults activated, until I change it for them.
So sure, they are still better than google and microsoft, where I just assume that they track everything, but that is a really low standard.
I do not think it is hyperbole. The Cliqz thing where they just handed user browsing behavior to a third party which they had invested in is inexcusable. Google does a ot more tracking but on the flip side I trust their security more than that of some small German startup.
Some of the other incidents were overblown but the Cliqz thing shows of a company culture where user data is something which can be sold to make a profit, which is essentially what they did, and not something which is vital to protect.
Yes, it was many years ago now but I have no reason to think that they cleaned up their company culture.
At that point, I believe Mullvad (who is actually behind Mozilla VPN service) is more trustworthy than Mozilla themselves. And if that is true, why don't just use Mullvad directly?
My understanding if you given money to Mozilla who then give it to mullvad
All Mozilla know is the mullvad username. Mullvad don’t know the credit card details of the purchaser. To link a given vpn ip to a specific credit card would require compromising mullvad and Mozilla.
(Or of course the normal way of fingerprinting which doesn’t rely on IPs)
Now sure you can buy mullvad via cash, but that’s far more work. Using Mozilla as a reseller feels like one more step in the chain
Why do you think NordVPN maintains browsing logs? According to them, “NordVPN does not log any of your activity online,” and the company states that PWC and Deloitte have audited and verified that claim. If you have evidence to the contrary, I am very interested in seeing it.
I am also familiar with a recent police investigation where law enforcement subpoenaed NordVPN and the company replied, essentially, that they had no information connecting a particular IP address, at a specific date and time, to any specific user.
Was renewing a domain when I noticed my registrar offered VPN service but I couldn't find any substantial information about how it works other than supporting Wireguard and claim not to keep logs. There wasn't even a TOS for me to study before signing up.
I use ProtonVPN and I guess they aren't that stupid to mess up the future of their company by abusing the customers of the service that started the company in the first place. I guess other VPN services offered by prestigious companies, like BitDefender are quite safe from this standpoint. Yes, the free VPN services have always a large risk associated with.
It's not necessarily a problem to use a service, (Signal?), which is funded by an intelligence agency. It can serve their purposes while serving yours too. If the service gets wide enough adoption, then the huge volume of traffic becomes a perfect place to hide their own intelligence activity.
Honestly it's hard to tell, but Mullvard seems to be one of the last options.
The problem I have with all the "checks" that press foundations do is that none of them seem to know what they're talking about in regards to what tech is trustworthy and audited, and what is not.
I found a nice article about it, skimmed through it and seems to be true and reflect my own research that I did for my cyber defense network [1]
They're the best. They don't even ask for personal information when creating an account (heck, they don't ask for anything at all) and you can pay with crypto or cash. They use Wireguard and their desktop and mobile apps are very good.
They shouldn't keep logs but even if they did there's no personal information metadata.
Thats assuming you are using your home IP, and that youre the only one using that IP, and that they are tracking your metadata (whcih there is no proof of)
Mullvad claims to not log IPs so they cannot hand out anything via a court order and at least once a court order has turned up blank [1]. It is possible that CIA or some other intelligence agency has infiltrated Mullvad and logs them but that is nothing that will ever be used in a normal court case. They will only risk revealing their hand if you are some major crime boss, a spy or a terrorist.
If you are just a file sharer or normal low level criminal I doubt the CIA (or whoever may have infiltrated Mullvad) would give anyone your IP.
> It is possible that CIA or some other intelligence agency has infiltrated Mullvad and logs them but that is nothing that will ever be used in a normal court case.
Just so everyone is clear on a few facts, it is possible for a TLA or agency from another large government to just try to blackbox the VPN nodes and be done with it without needing to infiltrate Mullvad. Just pressure the network provider of the VPN instances to get flow data, and at that point they can match up traffic going in and out and the VPN disappears from the picture.
> It is possible that CIA or some other intelligence agency has infiltrated Mullvad and logs them but that is nothing that will ever be used in a normal court case. They will only risk revealing their hand if you are some major crime boss, a spy or a terrorist.
Or NSO or some other private actor did so, and now every dictatorship has access to it, and we all know how broad their “terrorist” definition can be…
If you are a dissident in Iran, you really should not trust some random VPN. Tor is probably safe enough, but there is also no guarantee, that the chinese are not sharing with them, because as far as I know (but last time I checked has been some years), many nodes are china based. So they might know.
But if all you do is pirating some videos, then this is not something to worry about.
I care about websites I visit not seeing my IP since they can track me individually using that. Mullvad is the entity that hides it - of course they will see my IP. I don't care if Mullvad sees it, but I do care if shadywebsite6969.test sees it.
I feel like, inherently, Mullvad is crazy secure. They never ask for email, phone number, name, or any payment details, and the only identifying information (username and password) are replaced by a number they generate for you.
And then it gives you a wireguard config you can use with whatever client you trust.
It eliminates your main use cases for VPNs (and while it's a shame that the feature is being pulled, port forwarding has always been ripe with abuse).
I formerly worked in the consumer VPN space (an older, but once quite big player), and use cases go from content access (including everything from getting US Netflix from Germany, to sidestepping national firewalls), to general-purpose paranoia about IP logging by websites. There are also lots of cases that get marketed a bit too liberally by companies like Nord, Express, and the hydra that is Kape, like that VPNs can add meaningful security to submitting payment information online; this is despite the fact that it's harder than ever to MITM payment sites.
It's generally agreed that the state of public Wi-Fi combined with evolving web standards and sky-high HTTPS adoption makes VPNs largely, though definitely not completely obsolete for protecting yourself against someone sniffing traffic at Starbucks.
Having said all that: if you need a VPN and a lack of port-forwarding isn't a dealbreaker, I wholeheartedly recommend Mullvad. My former company never worked with them directly but our team had immense respect for their integrity, ethics, and approach to developing a quality product.
