back to article Using a free VPN? Why not skip the middleman and just send your data to President Xi?

Many popular free VPN apps are sketchy Chinese operations with dubious privacy policies, according to research. Metric Labs' Top10VPN conducted a rare investigation into the ownership structure and responsiveness of top VPN providers who distributed their services on iOS and through Google's Play Store. 86 per cent are deemed …

  1. LDS Silver badge
    Coat

    As usual, when it's free....

    .... you are the turkey

    (seasonal variation)

    1. steelpillow Silver badge
      Meh

      Re: As usual, when it's free....

      Either that or support is a GitHub wiki that you are the only one to post on in the last five years.

      Or both.

    2. Anonymous Coward
      Anonymous Coward

      Re: As usual, when it's free....

      Just like what you get with Linux.

      1. MMR

        Re: As usual, when it's free....

        Just like what you get with Linux.

        This is so wrong and not true on so many levels it's not worth getting into deeper discussion.

      2. GnuTzu Bronze badge

        Re: As usual, when it's free... -- as in Service

        "Just like what you get with Linux."

        Linux is not a service. You don't sign up for it, and you don't send your data through somebody else's server in order to use Linux.

        (@MMR, voted you up, but I just had to go and at least explain the key difference, in case other don't get it.)

  2. elDog Silver badge

    The only way for the phone/carrier vendors to "curate" the vendors

    Is to become the VPN supplier by default.

    I'm not sure what Migliano wants to do here. Has he ever run, or have good knowledge of, the circuitry involved in protecting all of the networks involved.

    I do think that the eventual path of personal privacy along with stuff like VPNs will be to entrust our souls to the suppliers and governments.

    Perhaps that's what they want?

    1. big_D Silver badge

      Re: The only way for the phone/carrier vendors to "curate" the vendors

      The problem is, Apple and Google are victims of their own success. They never designed their approval systems to consider actually vetting apps, other than a quick code scan to ensure they don't do anything bad on the phone (which, mostly, works). None of these systems actually seems to check the background of the companies writing the apps or the web services behind the apps.

      That would require time and effort and, due to the scale that has built up, it would be next to impossible to start now. You would have to implement this sort of checking when the system was introduced and scale it up with demand. But that would mean hundreds of extra employees who do nothing but background check companies applying to be app developers and auditing their backend services on a regular basis.

      That would then impact their profits, so users are screwed.

  3. R 11

    Browsing history?

    VPNs gain full access to a user's browsing history.

    Do these apps get permission on iOS/Android to access browsing history? Is that something available without user agreement? Or do the apps actually operate as a browser?

    I ask because, in this day and age, most major websites are secured and therefore while the browser knows where you have been, the network operator and any middle men should know only the root of the site. For example my ISP knows I visited forums.theregister.co.uk but can't see that I visited this page (at least not without trying to correlate the timestamp for this submission to that displayed by the post).

    If you're visiting an insecure site, assume everyone and their grandmother knows where you went and what you did while you were there.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Browsing history?

      It depends on the VPN. Anything clear-text can be snooped on or tampered with to inject ads. Any DNS look-ups for host names will be visible. Some VPNs offer a free browser that may collect your browsing history.

      The VPN app could install a root certificate and MITM your SSL/TLS connections, if the websites you browse aren't mitigating that.

      We've tweaked the sentence to clarify it.

      C.

      1. hmv

        Re: Browsing history?

        See also ssl.handshake.extensions_server_name (the Wireshark/Tshark variable) which shows the domain part of the URL in plain text.

    2. big_D Silver badge

      Re: Browsing history?

      They don't need to act as browsers or gain any extra access rights on the phone, all traffic goes through them, so they know where the traffic is routed and what you have been looking at.

      The same as ISPs and mobile operators, if you aren't using a VPN. The traffic goes through their network and they can log where you are going and what you are doing - to a greater or lesser degree; if the traffic is encrypted, they only know where you have been, if it is unencrypted they can see what you are doing.

      That is why responsible VPN providers don't keep logs or delete them after a few hours, if they don't have network problems which need investigating.

  4. chasil

    Just use Tor.

    There are many cases where hostile sites block Tor exit nodes, and shopping through one subjects you to much more extensive 2fa, but the more people who use Tor, the more accommodating they will become.

    1. IceC0ld Bronze badge

      Re: Just use Tor.

      but the more people who use Tor, the more accommodating they will become.

      ==

      Err, I THINK you will find that the more people that use TOR that the whole edifice will start to crumble as stupidity arrives in spades, just because a user has found TOR is NO indication they have any idea of WTF they are actually doing, and so they will whinge and whine, and eventually it will all be as easy as it is now outside TOR ffs :o( and not in a good way

    2. Alister Silver badge

      Re: Just use Tor.

      There are many cases where hostile sites block Tor exit nodes

      That's probably because a high percentage of the traffic coming from Tor exit nodes is malicious.

    3. DerekCurrie
      Gimp

      Re: Just use Tor.

      Tor is helpful, but not perfect. Despite rumors to the contrary, Tor is hacked regularly. Tor was hacked last month, October 2018. Then again, OpenVPN and IPSEC are hacked regularly as well. Use caution no matter the service. Research is required for maximum safety. Don't open yourself to surveillance through personal ignorance or laziness that could have been avoided.

    4. steviebuk Silver badge

      Re: Just use Tor.

      Accept that, according to various sources, most Tor nodes are compromised now by government spooks.

      Whether that is true or not I'm not sure.

      Best solution is a Tor through VPN. I use Airvpn and they have such a feature. Not that I really use that bit much, I just know it's there. Airvpn have been good since I started using them. Very useful when on YouTube and you get "Channel 4 has blocked this video in your country". What? The UK? The very fucking country where Channel 4 is. I'd use your app but it's shit. It has a piss poor habit of playing adverts, then getting to the documentry/show and crapping out. But, magically, the adverts successfully play every fucking time, but the actual show you want to watch, doesn't.

      ):o( rant over.

    5. Anonymous Coward
      Anonymous Coward

      Re: Just use Tor.

      There are many cases where hostile sites block Tor exit nodes, and shopping through one subjects you to much more extensive 2fa, but the more people who use Tor, the more accommodating they will become.

      With respect, I disagree. I have as yet to see a single instance of someone originating from a Tor node actually reading or using the sites I manage. Every single one of the Tor-originated visits was about running some sort of attempt to breach the site or use hacks that may have been installed already.

      Ergo, from a risk management perspective I am about to lock out people that use Tor (source: paid-for Maxmind). The stats show it will not lose any business, but it sure improves business-to-hacking attempts ratio in the logfiles.

  5. Anonymous Coward
    Anonymous Coward

    Damn, now the Chinese know about my unhealthy obsession of watching S-Club 7 videos. I'll never be able to visit China now, oh the shame.

    1. Rich 11 Silver badge

      Given the tat that passes for pop in China, you'd probably be welcomed there like a god.

      Tat that passes for pop. That has to be the lowest of the low.

  6. petef

    The Opera browser has offered free VPN for the web for some time now.

    1. Ledswinger Silver badge

      The Opera browser has offered free VPN for the web for some time now.

      And Opera Software AS was bought by Chinese interests in 2016.

      1. hellwig Silver badge

        Opera's free VPN is good for changing your region of origin for region-locked websites, but yeah, don't use it for actual security.

        1. tiggity Silver badge

          .. free VPN be it Opera or more dubious not really to be trusted. Might be OK to access region locked content e.g. US media from UK (big regional release date differences on film / TV - silly (IMHO) as it encourages the keenest fans (who must see it ASAP) to pirate)

          Dont ever do anything that involves exposing "proper" credentials with them, just use if as a region block unlock and ensure you run it in a VM in case it tries any nasties.

          .Finding a VPN you can trust is non trivial (there's always the set up a box in a different country and roll your own VPN for the truly paranoid)

        2. Anonymous Coward
          Anonymous Coward

          Opera VPN does have its uses (if you want to download gigabytes of porn / cat videos, and you don't want to show your private taste to Ms May's minions, AND if you're not in a hurry. But google search routinely shows you the middle finger, and endless (literally) capchas. But it's a useful stopgap, or just for fun, if you enjoy pissing in the tracking industry's piss-resistant circuits. For serious privacy I would pay for a VPN, though there are only a few which appear (APPEAR) FAIRLY secure (cash payments, no logs, RELATIVELY pressure-resistent legal system (yeah, unlike the UK ;)

          That said, it's quite possible that those hiding behind proper VPNs are flagged as worthy particular interest so, ironically, you might be subject to more detailed scrutiny.

          1. hellwig Silver badge

            re: But google search routinely shows you the middle finger, and endless (literally) capchas.

            Yeah, that's what Duck Duck Go is for.

    2. DerekCurrie
      FAIL

      No, Opera does not offer a VPN. They offer a proxy node only.

      I suggest you research the difference between an actual VPN and a mere proxy node. They are by no means equivalent. You are NOT solving the surveillance dangers by simply exiting onto the Internet at a different IP address. Your DNS lookups remain UNencrypted. Your data transfers back and forth remain UNencrypted. That's bad.

      Also, my understanding is that Opera is dropping their proxy node service.

    3. Baldrickk Silver badge

      Opera

      A family member was having trouble with internet connection over wifi at home, mobile internet was fine, so I had a look.

      He had the Opera security/helper app installed (whatever it is called), which amongst other things enabled a VPN (might have been a proxy, it called it a VPN, I didn't waste time investigating further) which had a terrible throughput. It _may_ have been useful against a dodgy "public" wifi point, but not being able to white-list home wifi?

      nixing that thing was the best solution.

  7. Anonymous Coward
    Anonymous Coward

    If you are going to do something stupid, it might as well be free.

    China.. Keeping foolishness affordable.

  8. Anonymous Coward
    Anonymous Coward

    I don't think the claims are right....

    Most free VPNs are coming from China because Chinese have those need, and some Chinese people have resources that are willing to share to others.

    If you claim that the free VPNs are sending datas to China's President, I could say that U.S. based VPNs are sending datas to CIA or FBI....(although they normally don't)

    If a VPN service is operated in China, it DOES NOT mean it's powered by Chinese Government, because those softwares are used to bypass Chinese firewall, and Chinese Government does not allow such act (actually it's a crime in China to develop / use such kind of service to bypass the firewall)

    1. diodesign (Written by Reg staff) Silver badge

      Re: anonymous coward

      It's true VPNs are useful in China, which is why there's such an interest over there.

      However, that doesn't excuse crap security. If you're using a stranger's VPN, you're placing an enormous amount of trust in that provider to not screw you over. With near-zero transparency, scrutiny or oversight, free VPNs are a privacy nightmare.

      Edit: Oh yeah, don't forget all VPN providers must register with the Chinese government (see below, Google, etc), which is not... great.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: anonymous coward

        I buy all three arguments, i.e. that having so many VPN providers in China is suspicious, that having them in China is not suspicious, because of demand/supply, and having them have crap terms of privacy is suspicious / inexcusable. However, to add to the stack, it might be that their privacy is crap, because privacy in China is crap in general, as much as other issues, such as general "customer service". Though you would think that if somebody offers you a a privacy tool, the key element of the service would be actual privacy. OK, suspicious.

        But then... FREE, so perhaps the reason is just to "monetize" a relatively new and growing trend of "privacy" (hey, did you hear about PRIVACY stuff yet?! Click HERE to find out!), like there's been a new trend in "cargo" cloths, courtesy of Ryanair (fuck you Ryanair, fuckyouverymuch)

    2. DerekCurrie
      FAIL

      EVERY VPN within China is legally required to be APPROVED by the Chinese government

      And you know exactly what that means. The totalitarian Chinese government (inexplicably still considered 'socialist' or 'communist') demands ALL data on citizen behavior be available to them at ALL times. Period. Don't fool yourself otherwise. China is a full bore surveillance state. Rumors to the contrary are plain ignorance. That includes Hong Kong as well.

      1. sabroni Silver badge

        Re: inexplicably still considered 'socialist' or 'communist'

        It's so anyone mentioning redistribution of wealth can be easily demonised.

        1. LDS Silver badge

          "anyone mentioning redistribution of wealth can be easily demonised"

          Because China is redistributing wealth among its citizens?

      2. LDS Silver badge
        Facepalm

        "inexplicably still considered 'socialist' or 'communist' "

        Show me a communist government - which usually names itself "socialist" - that isn't totalitarian...

      3. Anonymous Coward
        Anonymous Coward

        Re: EVERY VPN within China is legally required to be APPROVED by the Chinese government

        >The totalitarian Chinese government (inexplicably still considered 'socialist' or 'communist')

        That is just like all the People's Free Democratic Republic of Wherever is neither free nor democratic, and is not much for the people either. What remains is the wherever part. Still, they like to think people fall for the name.

    3. Symon Silver badge
      Big Brother

      "China's President"

      Since the fifth plenary session of the National People's Congress, that'll be Emperor Xi to you, sonny Jim.

  9. FozzyBear Silver badge
    Black Helicopters

    Well I hope they are enjoying the huge variety of porn the world offers, or would that be still blocked by the great firewall of China?

  10. AdamWill

    run your own? really?

    "For what it's worth, we recommend setting one up yourself using OpenVPN, Algo, or Outline, for example, if you know what you're doing."

    This has always struck me as a bizarre recommendation for what's probably the major reason for using a VPN: making it look like you're somewhere else. After all, most people in the UK who want to look like they're connecting from the US probably don't own a house in the US they can stick a VPN server in. Or even have the means to run one out of a US-based colo or something. (Ditto Chinese people wanting to look like they're almost anywhere else, etc etc). Surely it's more practical to recommend a vaguely reputable paid provider for this case.

    1. gerdesj Silver badge
      Childcatcher

      Re: run your own? really?

      "After all, most people in the UK who want to look like they're connecting from the US"

      Why on earth would I want to appear to be from the US? My use case is to appear to be from the UK when I am abroad so that iPlayer works and I can be confident that I am not being MitMd.

      My OpenVPN relies on *my* CA trust working and if it refuses to connect then I reach for Wireshark to find out why not. If the "free" wifi is being naughty and doling out certs and intercepting TLS it soon becomes obvious.

      1. Jeffrey Nonken Silver badge

        Re: run your own? really?

        Not everybody's use case is the same as everybody else's use case. Some of us prefer to obscure our origin.

      2. DerekCurrie
        Meh

        Re: run your own? really?

        Note that with VPN, as with TOR, countries trying to protect their individual copyrighted media (because we humans are so incredibly uncooperative between countries) go out of their way to SEEK and BLOCK exit nodes onto their country's Internet from outside their country. It is entirely common, for example, for the UK's BBC to identify active VPN or TOR exit nodes with a lot of variable traffic of a questionable nature. They then BLOCK that VPN from accessing their service. In turn, a good VPN will then establish a new exit node in that country to provide to their users. Or, TOR users within the country will volunteer their own exit nodes (at their personal peril I must note) for others outside the country to use.

        I'll also note that these days the BBC require those accessing their media to have an BBC account with a listed physical UK mailing address. VPNs can't help with that wrinkle.

        It's called Cat and Mouse.

        1. Anonymous Coward
          Anonymous Coward

          Re: run your own? really?

          "Note that with VPN, as with TOR, countries trying to protect their individual copyrighted media (because we humans are so incredibly uncooperative between countries) go out of their way to SEEK and BLOCK exit nodes onto their country's Internet from outside their country. It is entirely common, for example, for the UK's BBC to identify active VPN or TOR exit nodes with a lot of variable traffic of a questionable nature."

          I tried viewing El Regs site over Tor the other day.

          Cloudflare complained and wanted me to enable JavaScript.

          1. Kiwi Silver badge
            Linux

            Re: run your own? really?

            I tried viewing El Regs site over Tor the other day.

            Cloudflare complained and wanted me to enable JavaScript.

            El Reg really does need to dispense with clodfool. It drove me away for a while, though it seems better now.

            There's always something like Whonix (think that's the name) which will let you run that JS BS in a VPN that can only connect to the internet via another VPN that acts as a TOR gateway. Not necessarily absolutely perfectly secure, but more than enough to keep you safe from clodfool's harrassment while you're innocently browsing El Reg.

            (As if there was any innocence around here! Naivety maybe, but innocence?????)

        2. FrogsAndChips Bronze badge

          Re: BBC account with a listed physical UK mailing address

          Huh? Last week I had to create an account to access iPlayer on my TV, all I needed was an email address, no name or physical address was ever asked.

          1. Anonymous Coward
            Anonymous Coward

            Re: BBC account with a listed physical UK mailing address

            this is peculiar, because when I went to the registration page, they wanted ridiculous amount of personal information, starting with your address / postcode, and your age, and your full name, if I remember correctly. Of course, you can fake all / some of these, but even if the system bites, would it be legal? Probably similar to "stealing" your neighbours' tv signal ;)

            Actually, this is an interesting legal poser: am I breaking the (UK) law downloading bbc content I am entitled to (supposedly), but from, er... "other sources"?

        3. Anonymous Coward
          Anonymous Coward

          Re: run your own? really?

          > I'll also note that these days the BBC require those accessing

          > their media to have an BBC account with a listed physical UK

          > mailing address. VPNs can't help with that wrinkle.

          No they don't. I have no BBC account but downloaded some Iplayer programmes just yesterday.

          https://github.com/get-iplayer/get_iplayer

        4. Kiwi Silver badge

          Re: run your own? really?

          I'll also note that these days the BBC require those accessing their media to have an BBC account with a listed physical UK mailing address. VPNs can't help with that wrinkle.

          That's not too hard to work around. Same way you can get stuff where you must have a delivery address in a certain country. Just be on good terms with someone over there :)

          You can even do a VPN-swap if you can handle the hit on your data. You set up one there and give me a log in, and I set up one here and give you a log in (no, not offering sorry, my bandwidth is too limited for any more users!)

      3. Anonymous Coward
        Anonymous Coward

        Re: run your own? really?

        "My use case is to appear to be from the UK when I am abroad so that iPlayer works and I can be confident that I am not being MitMd."

        Most people would use VPN to pretend to be someone else than the registered, named, aged and postcoded iPlayer user, whose information is shared by the beeb with all those beeb offspring and God-knows-how-many carefully selected business partners, never mind government agencies.

        1. naive

          Re: run your own? really?

          There are really good reasons to have a VPN that for instance exits in the US. Buying things like fight tickets get really way cheaper when they do not see one is European.

          On-line shopping can be way cheaper, and indeed ones on-line habits are not logged on countless places.

          Creating a personal VPN could go like this:

          1. Purchase a raspberry pi as home VPN server, configure OpenVPN.

          2. Rent a simple t.micro Linux system at AWS in an AWS datacenter located in Virginia.

          3. Configure squid on the AWS system.

          4. Configure OpenVPN on the AWS server to connect with the pi.

          5. Configure AWS linux system as a proxy on the browser.

          6. Fix ip-routing on the PC so that the route to the proxy (squid) server points to the pi.

          There are costs, like around $ 15,- per month for the AWS server.

          This could be more convenient than TOR. With tor ones ip-address exits in random countries, services like gmail and yahoo mail really get nervous about this, and are not accessible anymore.

          1. Anonymous Coward
            Anonymous Coward

            Re: run your own? really?

            Creating a personal VPN could go like this: (list)

            I found buying an upmarket Netgear router is the simplest way forward, although it's time they upgrade their code to the latest standards (some of what they use is being phased out so applications like Tunnelblick immediately give you a heads up when you install the settings).

            I have an Netgear Orbi pair in my place as the walls are annoyingly WiFi opaque that acts as the main router (on a static IP address), and getting a VPN going on that was a matter of a few mouse clicks - it even generates all the required certs/ovpn files.

            It's quite handy in that I can lock down all admin interfaces to my home IP address (my Internet provider has, so far, been reasonably stable, but I also have cert-protected SSH access so I can always open it back up - I believe in resilience :) ).

          2. Anonymous Coward
            Anonymous Coward

            Re: run your own? really?

            good points you made here, especially the ways of using vpn, I can agree with that, but I don't see a point of making your own vpn. Especially when there are such a good ones like Nordvpn for a few dollars a month, they are well developed, if you lucky enough you can get it very cheap. And it still will get u some more advantages than what you can build at home. Just make sure it is not a free vpn, because it does not go in one sentence with privacy.

            1. Kiwi Silver badge
              Pirate

              Re: run your own? really?

              good points you made here, especially the ways of using vpn, I can agree with that, but I don't see a point of making your own vpn. Especially when there are such a good ones like Nordvpn for a few dollars a month, they are well developed, if you lucky enough you can get it very cheap. And it still will get u some more advantages than what you can build at home.

              My own VPN started life as an instance of OpenVPN + PiHole on a Media Centre box that was on 24/7 (collecting the 'necessary data' for the next series or a few movies we wanted to watch ;) ). The machine was on already, so all I needed was a few minutes to install the software and configure the software and a bit of port forwarding on the router. It is effectively free, as the bandwidth is 'unlimited' and the power is already being used. (FTR it now resides on my own cloud server).

              Just make sure it is not a free vpn, because it does not go in one sentence with privacy.

              I often watch a vid or two on YT before I go to sleep, using a tablet propped up against a pillow (it turns itself off after the video stops if I don't start another one). On Saturday I visited NordVPN for the first time, with JS off by default. Among the 4 lots of JS their site wants 2 are their own, one is discuss, and the last is google tag manager. Last night (Monday), I again went to watch a vid and what do I see in my list? Lots and lots of stuff about VPNS.

              On my desktop maching and my tablet I have OpenVPN set up, but my VPN is not at my home now. I don't have OpenVPN on this laptop, so when I looked up NordVPN I did it from the same IP the tablet uses, however for this discussion I am coming from a different IP. Since the videos appeared in YT just after I visited Nord, and I haven't previously looked up any vids on YT nor do I use google to search for stuff, a reasonable conclusion is that google got a record of my visit to NordVPN from them, and from there got the idea that I am interested in that product. If Nord fed that data to google then they're hardly respecting my privacy, and as they use google products in their web site I think it's a fair bet that they don't truly respect your privacy. I have advised them that until I am satisfied such things are not going to occur in future (including the removal of all google js bs from their site) I will tell people to not be keen to trust them. I'm sure with the dozen or so people I might be able to add to their customer base of millions, they'll hop to it right away and perform a complete redesign of their systems to make sure google is as excluded as possible..... :)

              Besides that, I'm not exactly sure where Nord operates from. They could well be subject to a court order which whilst I do not trust1 any online service I don't myself control, I still would not be happy with anyone trying to track anything I am doing.

              1 There are degrees of 'trust'. I do not trust that the information I post to El Reg will make it's way to their servers without someone attempting to look at it, but I do not care because it is for publication. I do not trust that my emails will get through various ISP's without being looked at (pretty sure google et al mine your emails for stuff of interest to them), so I either don't send anything confidential or I encrypt it.

    2. DerekCurrie
      Meh

      Re: run your own? really?

      Agreed! The statement is too vague, leaving out the only actual reason to create your own VPN: Access to an encrypted connection directly to your own computer. That may well be exactly what you need to deal with wide open, unencrypted WiFi hotspots. It means you're effectively (if somewhat more slowly) connecting to the Internet via your own home connection.

      Meanwhile, actual full VPN services offer FAR more than any personal home VPN can provide. Check out my 5 point VPN advice in the thread for some of those added services.

      1. Kiwi Silver badge

        Re: run your own? really?

        Agreed! The statement is too vague, leaving out the only actual reason to create your own VPN: Access to an encrypted connection directly to your own computer. That may well be exactly what you need to deal with wide open, unencrypted WiFi hotspots.

        That's why I run it as well. Plus it allows me SSH as if I'm on my own network whilst not actually leaving the SSH ports open to the public. I now have the port my VPN is on, and the ports for web and email servers.

        I can trust any connection because the VPN is encrypted end-end, and it uses cert-based authentication to connect.

    3. LDS Silver badge

      "major reason for using a VPN: making it look like you're somewhere else"

      Not at all. That's just one reason, and maybe one of the major use for a personal perspective when you have specific needs, but VPN were created to build a secure communication channel between two endpoints over an insecure one.

      You would create a site-to-site VPN between company sites to join networks. You would create a VPN to a remote location to work as if you were connected locally.

      Actually, using a VPN to "appear" somewhere else is just a side effect which can be useful in some circumstances - usually to bypass restrictions or avoid to be tracked, not really a broad need... hope it won't become.

    4. Jamie Jones Silver badge

      Re: run your own? really?

      "After all, most people in the UK who want to look like they're connecting from the US probably don't own a house in the US they can stick a VPN server in. Or even have the means to run one out of a US-based colo or something"

      You can get a virtual server for $2.50 a month with http://www.vultr.com/

      When you buikd your server, you can load one of the various install ISOs, or one of your own, or even install a 'pre-installed' openvpn ISO.. It's virtually point-and-click to get running, but yet it's your own machine with it's own ip, and root access etc.

      Generally faster than using a more expensive 'paid vpn' service.

      (I'm not involved with them - I'm just a happy customer of some of their other services)

  11. mark l 2 Silver badge

    Use the pornhub owned VPN, as then at least you know who the owners are, and they aren't bothered about your surfing pron over the connection

    1. LDS Silver badge

      "at least you know who the owners are"

      Do you trust someone whose money come from utterly exploiting people?

      1. Anonymous Coward
        Anonymous Coward

        Re: Do you trust someone whose money come from utterly exploiting people?

        I thought this is a bang-on description of any governemnt, both auto and demo-cratic?! :D

      2. Andy Tunnah

        Re: "at least you know who the owners are"

        >Do you trust someone whose money come from utterly exploiting people?

        You do realise how incredibly insulting that statement is to adult entertainment working women, right ?

        1. Anonymous Coward
          Anonymous Coward

          Re: "at least you know who the owners are"

          You do realise how incredibly insulting that statement is to adult entertainment working women, right ?

          Why would that not insult the adult entertainment working men? Just curious..

          (sorry, couldn't help adding fuel to that fire :) ).

        2. Jamie Jones Silver badge
          Happy

          Re: "at least you know who the owners are"

          "You do realise how incredibly insulting that statement is to adult entertainment working women, right ?"

          ... unless he was referring to the paid subscribers!

        3. Roj Blake Silver badge

          Re: "at least you know who the owners are"

          A lot of the content on Pornhub is pirated, so it's not insulting to the women who are losing money to say that they're being exploited.

      3. Fred Flintstone Gold badge

        Re: "at least you know who the owners are"

        Do you trust someone whose money come from utterly exploiting people?

        You may want to pay attention to the whooshing sound over your head. It was a joke. Relax. Drink less coffee.

        :)

  12. Paul Crawford Silver badge

    Own VPN?

    Setting up your own VPN might look like a great solution but it is not as clear cut. For a start you probably end up renting a "machine" somewhere for always-on connectivity and a fixed IP address which will cost more and/or also have the question of who has physical access to it.

    Then you have the privacy issue that if its your own machine you have no plausible deniablity, whereas a shared VPN provider has many customers with the same apparent IP address. Finally you have the other reason that many folk use a VPN - to avoid geoblocking etc, and if you want the same you might need to set up hosted machines in a few countries at some cost and, again, the issue of trust in those.

    So while you are putting a lot of trust in your VPN supplier you might still be better with a third party providing you take a bit of effort to select one that suits your use-case and are willing to pay for it as somehow every service has to be paid for...in money or in privacy.

    1. Anonymous Coward
      Anonymous Coward

      Re: Own VPN?

      There is a good case for using the home adsl with its changing dynamic IP if you want to have a randomish network presence.

      1. Anonymous Coward
        Anonymous Coward

        Re: Own VPN?

        There is a good case for using the home adsl with its changing dynamic IP if you want to have a randomish network presence.

        .. as long as you know that dyndns is going to charge for its services now, and your router needs to be offline for quite some minutes to pick up a new DHCP lease on reboot. I used to have it on a timer so it would reboot at night after 15 minutes downtime.

    2. gerdesj Silver badge
      Childcatcher

      Re: Own VPN?

      "Setting up your own VPN might look like a great solution but it is not as clear cut. For a start you probably end up renting a "machine" somewhere for always-on connectivity and a fixed IP address which will cost more and/or also have the question of who has physical access to it."

      For starters you may already have a router capable of being a VPN concentrator already. If not then DD-WRT, Tomato, pfSense, Netgear, Draytek and many others can. You do not need a static IP either - there are loads of dynamic DNS operators available. Most routers will have a built in client for DDNS as well.

      So, no: don't think you should rent a machine in the cloud unless you know what you are doing. Subscribe to /r/homenetworking on Reddit or the pfSense forums or whatever and find out how to get your home network in shape first. The only reason I can think of to not host your own VPN at home is if your ISP blocks all inbound access.

      1. Dave Hilling

        Re: Own VPN?

        ^^ This i use an openvpn appliance on a esx box in my house and dynamic dns client to update my IP, I use it to access my home lab/files while I am on the road for work or if I want to vpn through my house while i am at the hotel to do banking etc.

    3. Kiwi Silver badge

      Re: Own VPN?

      1) Lots of ISP's (at least over these ways) do static IPs, or ones that don't tend to change, without charge (or with a nominal charge). I don't recall when my ADSL IP last changed but it has been more than 2 years.

      2) If you don't use it for nasty behaviour, you don't need 'plausible deniability'.

      2a) Can be aided by letting others use it if you're on Fibre. Unless you can pay your VPN provider in cash, there is potentially a paper trail. And if enough of a VPN's customers are acting nefariously, they may get a 'purchase order' from a government department knowing for buying rubber hose by the kilometre.

      3) Vulture (that someone else mentioned in this thread) charge $2.5(us?)/month per instance, and you can set them up in a number of different countries if you wish - just from looking at their page for a few minutes.

  13. This post has been deleted by its author

  14. Anonymous Coward
    Anonymous Coward

    I use a Chinese VPN on purpose.

    So I can leave the following video running in an endless loop to annoy them.

    https://www.youtube.com/watch?v=7DqvweTYTI0

    (It's the Monty Python "I like Chinese" clip just in case it's blocked by your particular VPN exit node.)

    I tried piping various porn clips instead but Google got kinda pissed that they were getting a few extra petabytes of traffic from a single (VPN) source. Bastards!

    1. Mycho Silver badge

      Re: I use a Chinese VPN on purpose.

      If you were serious it would be Winnie The Pooh.

  15. LateAgain

    VPN advertising now on the telly

    No mention of "we can see all your data"

    1. Kiwi Silver badge

      Re: VPN advertising now on the telly

      Probably the same crowd advertising in NZ.

      1) Your firm appears to be in the US. Nope, no way no how, not a chance.

      2) Your prices suggest that I am the product. Get stuffed!

  16. DerekCurrie
    Holmes

    Free OR Paid, Research All VPNs You're Considering

    Having worked with various VPNs for years, here are some critical tips:

    1) Investigate any/all VPNs you're considering before using them or buying into their service. It doesn't matter if they're free or paid. They may be brilliant, or they may be outright criminals.

    [I bought into one VPN that was part of a 'bundle' of software and services that turned out to be a 100% fraud. They were great and sprucing up their website to look professional, but their service was literally non-existent. It never, ever worked for anyone. I was kindly given my money back by the bundle provider.]

    2) Make certain that the VPN service logs nothing. Nothing. Any logging at all for any period of time, no matter how brief, means your activities on the Internet can and will be handed over to any interested authority or marketing organization. Expect it. Some VPNs are infamous for lying about their logging behavior. PureVPN is one of them. The fact that they're located in China (yes, Hong Kong is part of China) is bad enough. That they lied to all their customers and turned over secret logs to requesting authorities knocks them out of contention.

    3) Never use a VPN service that resides within the 'Five Eyes' countries. They have a pact to share among themselves all citizen behavior on the Internet. Supposedly, that is limited to inter-country Internet activity, versus intra-country activity. But proof provided by Edward Snowden proved entirely otherwise. The Five Eyes countries are:

    - USA

    - UK

    - Australia

    - New Zealand

    - Canada

    4) Be certain to look into the verified SPEED (bandwidth) quality of each VPN as well as its list of available EXIT NODE countries on the Internet.

    - The speed you need is dependent upon the work you need to do on the Internet. Email needs little bandwidth. Video uploading requires maximum bandwidth.

    - Your required exit node on the Internet is also dependent up on what you need to do on the Internet. For example, nearly every country blocks access to copyrighted material available within their country (with some very kind exceptions of international news services, etc.). Therefore, if you need to do some work in a particular country, you may be entirely blocked from accessing resources in that country if your listed source IP address is outside that country. Using an Exit Node via a VPN that exists within that country may solve the problem.

    5) Always use a full VPN service when you're connecting to the Internet at a wide open, unencrypted WiFi hotspot. That may include your library, your local coffee shop, your village's free WiFi service, etc. If you don't have to use a password to get into that service, you're wide open to surveillance and robbery of your unencrypted data. Take this very seriously!

    The VPN business is currently full of crooks and liars as well as brilliant, thoroughly respected providers, free or paid. It doesn't actually matter.

    One FREE VPN provider I vouch for is ProtonVPN out of Switzerland. The free version of their VPN may be all you want or need. But they have higher tiers of service for professionals and those with wider requirements. I also recommend their FREE encrypted email service, ProtonMail, accessible via the web.

    1. Anonymous Coward Silver badge

      Re: Free OR Paid, Research All VPNs You're Considering

      " If you don't have to use a password to get into that service, you're wide open"

      Even if you do have to use a password to get on, you're still probably wide open.

      Pub wifi as an example - a shared password that gets you encrypted as far as the WAP, but any other connected computer is likely to be able to ARP-spoof etc, let alone the WAP being connected to a gateway that's unknown.

      Or, on a simpler level, "The Cloud" style hotspots where the WiFi is open and the password is entered on a web page before granting you internet access. The key here being that the WiFi is open, so snooping and interception at that level is trivial.

    2. Anonymous Coward
      Anonymous Coward

      "Never use a VPN service that resides within the 'Five Eyes' countries"

      Which countries are you going to trust? Even Switzerland, unless you're one of their citizens, or happen to store several millions there, will happily sell you if it's in their interest.

      1. Anonymous Coward
        Anonymous Coward

        Re: "Never use a VPN service that resides within the 'Five Eyes' countries"

        Even Switzerland, unless you're one of their citizens, or happen to store several millions there, will happily sell you if it's in their interest.

        You may want to learn German/French/Italian then and actually read their laws. There are caveats when you store data there (for instance, if you're a foreign company just hosting your data in Switzerland it still remains under jurisdiction of the country of origin - little gotcha that few know about), but in general you can use Swiss law to protect your data.

        However, gotcha #2 is, of course, that that doesn't stop your local authorities from issuing a warrant demanding your data - irrespective of where you have it stored. It's up to you to take the gamble that they don't know about your data in Switzerland, but even the most basic surveillance would show interaction with a Swiss provider - unless (and here we circle back to the original topic) you have a trustworthy VPN and your traffic drowns in the volume of all other connections originating from that exit point.

        1. Anonymous Coward
          Anonymous Coward

          "You may want to learn German/French/Italian"

          It happens I live in Italy nearby the Swiss border - and I learnt to never trust Switzerland...it's very good at exploiting opportunities to make money - but don't believe they are protectors of human rights.

    3. Anonymous Coward
      Anonymous Coward

      Re: Free OR Paid, Research All VPNs You're Considering

      I also recommend their FREE encrypted email service, ProtonMail, accessible via the web.

      That didn't quite work IMHO. The idea is OK, but usability sucks so I had people revert back to other resources for communication. It's OK for people with a technical inclination but, in my experience, non-techs quickly tire of the effort involved.

  17. Kiwi Silver badge
    Boffin

    +1 for OpenVPN and Pi Hole

    I've had no trouble. It runs on a small laptop (Dell D630) in the cupboard my router is in, with it's own sub-domain, and I use cert-based authentication.

    Pi-Hole helps a lot in keeping nasties out as well.

    Makes using outside networks a lot safer, I know if I am at a friend's that my data is safe from their hands. Same for from a cafe, though I am much less likely to do my online banking even then (even though I can verify that the tunnel is encrypted over and above the HTTPS to the bank).

    When a friend was in hospital recently we also had his system using it. Noted the hospital had blocks on the usual VPN port so we moved it - big advantage with home-grown.

    It takes minutes to set up, and so far I've used it with Debian and Devuan based systems, Android (4&6 via the OpenVPN app) and even Win 7. Only issues I had was Devuan not using the server for DNS, which came down to a particular package not being installed that was used to update /etc/resolv.conf.

    (Does pay to set the OpenVPN app to block all traffic on a disconnect, just in case it disconnects on your phone just before you start your banking session while at the local watering hole).

  18. Pascal Monett Silver badge

    I use TunnelBear

    Easy to use, free for low usage levels (like mine), and it has published a security audit from an independant company.

    It's good enough for me.

  19. AegisPrime
    Black Helicopters

    Re: TunnelBear

    I used to use (and recommend) TunnelBear but since their acquisition by McAfee (facepalm) I would't touch them with a shitty stick. I recommend ProtonVPN these days who do have an free, unlimited (though slower) offering in addition to their excellent paid service.

  20. Anonymous Coward
    Anonymous Coward

    Over eight in 10 (83 per cent) app customer support requests for assistance were ignored

    I'm surprised it wasn't 100%. This is the level of customer service nowadays (no, seriously). Unfortunately, payments don't guarantee much more anyway.

  21. Anonymous Coward
    Anonymous Coward

    If I use a VPN it’s normally to hide my activities from the British and the Merkins, so the details being known by the Chinese, who aren’t the most cooperative at handing the details to the West, is probably not a a major problem.

  22. steviebuk Silver badge

    This will continue to happen...

    ...on the mobile and tablet market due to so many people that are on those wanting shit for free. "I don't want to pay for Candy Crush. Pay for a game? Why would I do that"......"Oh it's so annoying you have to wait for a day to play the next level of Candy Crush. All I'm seeing now is adverts. There should be a way to stop these adverts."

    Pay for the fucking thing!*

    ):o(

    *I'm aware rouge apps that you pay for exist on said platforms so you could still end up in China.

    1. hmv

      Re: This will continue to happen...

      "rouge apps"

      Red apps? Communism?

      1. Fred Flintstone Gold badge

        Re: This will continue to happen...

        "rouge apps"

        I think they're photo apps. Blushes the cheeks. Any cheeks.

        :)

  23. Long John Silver
    Pirate

    Fitness for purpose

    Indeed, 'free' VPN services encompass a range from well meaning to scam. Distinguishing among them may nigh be impossible. Also, as noted elsewhere, commercially available VPN services must be taken on trust too; in this regard, the guiding principle is reputation and no known affiliation with 'Five Eyes', NATO, or Russian Federation nations, and no association with China and its like.

    It's the use to which VPN is put that matters when considering security. I suggest most private users are seeking to avoid copyright trolls when BitTorrenting, to bypass blocks set by their home nation, and to persuade Netflix into thinking they reside elsewhere. In these instances it really wouldn't matter who else is aware of one's activities. The feed could go directly to GCHQ, the NSA, or the FSS, on it's way elsewhere, and nobody in those agencies would give a damn about it. Even if Hollywood's MPAA were to set up a honey pot VPN service it wouldn't be able to use information gathered for prosecuting individuals.

    Commercial VPN of good standing suffices for contact with banks when using free WiFi but HTTPS alone ought be enough in an ideal world.

    It's in areas of criminality of interest to state authorities, and decent citizens too, that VPN, Tor, and other obfuscation methods become less trustworthy. Even mixing modalities of obfuscation offers no guarantee of anonymity. Yet, it should be borne in mind that money launderers, sellers and buyers of illicit substances, terrorists, and similar evil operators are generally caught through traditional policing/security investigative methods with IT surveillance merely a sometimes helpful addition; people are caught through careless release of information and when their nefarious activities impinge on the physical world as through use of postal services.

  24. StargateSg7 Bronze badge

    Good thing I don't have to worry about VPN's since I can appear to be from ANY country I want since our company has Carrier Class Routing and Edge-Server capabilities AND I can use the 10 megabit satellite connection ANYWHERE in the world with the Satcom modem on my laptop. This means I can be in Egypt but look like I'm in New Zealand!

    Thank You to my filthy rich, utterly techo-tastic "employer" who has either IN-HOUSE DESIGNED/BUILT or BOUGHT every major computing system and communications gadget known to human kind!

    P.S. Sorry for blittering your $35,000 lens into the Blarney Stone...I promise I will TRY to not wreck the next lens until at least 2020!

  25. Mark Morgan

    Irony

    Somewhat ironic that the links to the original report on top10vpn.com show a certificate error "your connection is not private"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019