Jump to content
Not connected, Your IP: 54.87.90.21

Recommended Posts

The real problem with NordVPN is they claim to be offshore and "securely based in Panama." But I don’t believe that. CloudVPN INC, their payment processor, is based out of Lithuania, and there are clear ties to Tesonet... Just do a Google search.


Suffice to say, NordVPN is fully operated out of Lithuania and Lithuanians own the company that processes all customer billing info. That whole offshore thing is a lie, and they have no clue about international law.


But the big problem here is, Nord is dishonest! This is the big issue. Dishonesty. And, because they are being so dishonest, and choosing not to address it in public, it should make people wonder what else they are hiding. NordVPN if you want us to take down anything here, TELL PEOPLE THE TRUTH. Just admit that the majority of your operations are based out of Lithuania.


They are not securely offshore (It doesn’t matter what their management says), and Lithuania is one of the worst countries for privacy and data retention laws. The official “Owner” of NordVPN such as the domains and trademarks, have gone through great lengths to disguise their identity by registering the entity in Panama. There is NO information on Tefincom co S.A. – the entity that owns Nord trademarks.


Anyone, literally ANYONE, with $1500 can open a shady anonymous Panama company in just a few days. They’ll provide a local address, resident agent, nominee directors, and power of attorney to the person in control so they can pull the strings behind the mask of a panama corporation.


WHY, would anyone trust their privacy to a company who’s owner wishes to remain anonymous, and outsources 100% of it’s daily operations, accounting, billing, software dev, and marketing to a company in Lithuania. (Who just happens to run a bunch of other VPNs).


Moving on to why they are misleading users and need to be called out: They tell people they are more secure because they are based in Panama, all safely tucked away “offshore”.


They are giving people legal advise that is completely incorrect. A persons billing information is no safer just because Nord’s parent is incorporated in Panama. Tefincom doesn’t operate the payment processing, Cloud VPN INC (Tesonet) does, and therefore holds all personal data on subscribers. The US CloudVPN INC entity is not immune to legal process and neither are CloudVPN INC's Lithuanian owners.


So to recap: NordVPN is lying to users about being an “offshore” VPN provider. They are processing payments through a US company CloudVPN INC owned by Lithuanians. This is 100% true, not allegations. They even admit it.


AND, they are going through great lengths to hide the identity of the individuals and/or companies that have majority ownership in NordVPN. People need to understand that transparency in company ownership is the SINGLE most important factor one should consider when picking a VPN. You are literally giving all of your web traffic to this company, you better know who they are, or else you cannot and should not trust them.


Anyone who thinks that their billing info is safe tucked away in a Lithuanian office building should really consult an attorney.


Share this post


Link to post

People need to understand that transparency in company ownership is the SINGLE most important factor one should consider when picking a VPN. You are literally giving all of your web traffic to this company, you better know who they are, or else you cannot and should not trust them.

That is why I picked AirVPN over btguard/nordvpn/strongvpn.

Share this post


Link to post

And what is source? I love nordvpn just like airvpn and winscribe

 

You believe in fairy tales

Share this post


Link to post

And what is source? I love nordvpn just like airvpn and winscribe

 

You believe in fairy tales :angry:

 

 

Hello!

 

It's unclear what sources for what info (because the OP posted a lot of stuff to be pondered) but the fact that Tesonet operates NordVPN can be easily verified. Start from here then go to the official register sources: https://news.ycombinator.com/item?id=17258203

 

Tesonet operates NordVPN and has strict business relations with ProtonVPN; Tesonet also signs the ProtonVPN Android application certificate. Tesonet core business includes data mining according to their web site.

 

Kind regards

Share this post


Link to post

You believe in fairy tales

No, but thx for asking!

NordVPN is heavily marketed, go to https://yts.am

and see for yourself or on Google(Only PIA, ExpressVPN, Tunnelbear etc are being promoted)

AirVPN does not do this kind of marketing(or I have not seen it-there was a mentioning by some Douglas guy that posted a review on AirVPN). Suprise, Suprise it's not there anymore.(WOW)

Torrentfreak https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/

where initially AirVPN was kept off the list, but later they chose to mention it.

Regards,

Flx

Share this post


Link to post

I have paid to nordvpn, I have another ip address what more do you want?

 

You aren't serious, are you? Choosing a VPN provider is about trust, isn't it? Anyway, a few years back I had a subscription with them - I fell into the trap so to speak. Can't comment on honeypotwarning's allegations but besides very unreliable speeds of many servers I found their business practices very shady. I had chosen the recurring payment option with Paypal (since there was no option for single payment) - but when I wanted to cancel my subscription I couldn't find any option/information on where and how to do that. Actually got into contact with their support via email and they told me to just cancel via Paypal (would have done that anyway). Not sure if that's still the case, but not offering a straightforward way to cancel a subscription is a big no-go for me.

Share this post


Link to post

And what is source? I love nordvpn just like airvpn and winscribe

 

You believe in fairy tales

 

No fairy tales. Just facts. NordVPN openly admits tesonet helps them with payment processing.

 

CloudVPN INC handles all NordVPN payments and is registered in the US:

 

https://ibb.co/cKchDo

 

They registered in the US to get cheap cc processing fees. Notice on the link who the president is.

 

Maybe you are unaware but NordVPN was born in Lithuania and never left:

https://web.archive.org/web/20121202094755/http://www.nordvpn.com:80/

(Notice the only two translations available)

 

Yes, Tesonet owns or operates thousands of companies and some of these are involved in big data collection and mining.

 

The problem here is not entirely Tesonet. The problem is NordVPN is being dishonest and making an effort to hide something. 

 

Have you heard of MONKEYROCKET? If not, you should look into it. 

 

If you don't know exactly who is behind your VPN you should assume the worst.

Share this post


Link to post

Well it's a common practice for global companies to have payment processors based in other countries and companies, to handle payments for them because of better acceptance rates. But it doesn't mean that the payment processors own these global businesses or have access to user data, other than was is needed for payment processing of course. Nord does not log user data and these accusations of data mining through Nord services can be easily verified. Anyone can use tools like Wireshark or Glasswire to sniff their own traffic and check which requests are routed where. 

Share this post


Link to post

I'm using NordVPN, and while all seems OK - I am very skeptical. It sucks that we don't have any trustworthy independent review groups for VPNs - just like we have source code reviewers that submit security reviews. For example, someone needs to subpoena NordVPN just to check if they're actually deleting logs, as they say. What has made me skeptical of NordVPN is how many damn ads I see for them everywhere. I'm already a paying customer and I see: Google ads, Youtube ads, Reddit ads, and have had some other strange experiences. If NordVPN really wants to grow bigger, then what they should do is pay for an independent organization to review them - instead of paying so many Youtubers to shill for them!

Share this post


Link to post

Well it's a common practice for global companies to have payment processors based in other countries and companies, to handle payments for them because of better acceptance rates. But it doesn't mean that the payment processors own these global businesses or have access to user data, other than was is needed for payment processing of course.

 

Hello!

 

The situation is not what you describe, since, according to the article we linked:

 

1) the CEO of Tesonet, the CEO of ProtonVPN and the CEO of CloudVPN are all the same one person.

 

2) CloudVPN is not a payment processor. It uses PayPal to collect subscriptions from NordVPN. It's not that you pay to NordVPN via a payment processor called "CloudVPN", you pay to CloudVPN via some payment processor (PayPal for example). In such transactions CloudVPN is not the payment processor, it is the final beneficiary of your payments. To allow such payments via a web site interaction with PayPal, PayPal wants that the beneficiary is the web site owner.

 

Additionally, the developer of NordVPN application in the Google Play Store is CloudVPN. The developer of ProtonVPN application in the Google Play Store is Tesonet.

 

So you know that:

- CloudVPN is not a payment processor in the transaction phase, but the beneficiary of the payment

- CloudVPN signs the application(s) of NordVPN (therefore it has full access to Google Play Store keys of NordVPN)

- Tesonet signs the application(s) of ProtonVPN (therefore it has full access to Google Play Store keys of ProtonVPN)

- the CEO of Tesonet, CloudVPN and ProtonVPN is the same person

- CloudVPN introduced itself to PayPal as the web server owner of NordVPN

 

 

 

Nord does not log user data

 

This is a matter of trust, and when trust is involved, a lack of transparency should trigger a red alert.

 

and these accusations of data mining through Nord services can be easily verified. Anyone can use tools like Wireshark or Glasswire to sniff their own traffic and check which requests are routed where.

 

This is plainly incorrect even under a purely technical aspect. With Wireshark etc. you can only see that your packets go to or come from the VPN server. You have absolutely no idea of what happens once they are there, outside of your control. As an additional side note, please keep in mind that data mining does not necessarily involves inspection of the traffic content, which is rather trivial and obvious (another trivial consideration: otherwise end-to-end encryption would have meant death of intermediary data mining worldwide :) ).

 

Kind regards

Share this post


Link to post

Proton VPN's CEO is Andy Yen.

https://protonmail.com/about

 

Which has nothing to do with Hola/Luminati and tesonet.  Tesonet owns Nord VPN and the lawsuit cited clearly states ownership is outside of and incidental to the scope of the suit.  Hola/Luminati's VPN service is not the subject of the lawsuit either.  The suit centers on proxy networks with Luminati claiming Tesonet's Oxylab has been illegally using their Intellectual Property.

 

Seems it would be very difficult to find a company that does things beside operate a VPN that doesn't do something that could be spun into spying with their VPN.  But it's very easy to create a "news" cycle of VPN intrigue.  Just adding "VPN" to anything written about doubt gets readers in a tizzy.  Read all the stuff posted, follow all the links; lots of correlation but no causation.

 

Never fall in love with software.  I use Air, Proton and Windscribe.  Had mulvad for a while but it didn't work so well for me in my location.  It gets great reviews but may be better for someone elsewhere.  Of the other three, Proton is fastest.  Air is very similar but the fast servers close by are loading up quickly these days; it was much better a year ago.  Windscribe connects quickly but drops more often; way behind the other two.  None of them are completely reliable but they all remain secure when reconnects are being made.  Maybe I'll try Nord, they have a great special running now.

 

People use VPN's for different reasons.  Mine is primarily to avoid being badgered when online; I hate ads and hate obnoxious bots trying to converse with me about where I've been.  It's hard enough to find a VPN that seems honest given all the harebrained offerings out there.  JMO, but I wouldn't touch PIA with a 10 foot pole; they slam their competitors far too much and have been caught with their pants way down.  Don't they even know Pain in the Ass is a poor name?  "Under new ownership!" Sure.

Share this post


Link to post

Proton VPN's CEO is Andy Yen.

https://protonmail.com/about

 

Which has nothing to do with Hola/Luminati and tesonet.  Tesonet owns Nord VPN and the lawsuit cited clearly states ownership is outside of and incidental to the scope of the suit.  Hola/Luminati's VPN service is not the subject of the lawsuit either.  The suit centers on proxy networks with Luminati claiming Tesonet's Oxylab has been illegally using their Intellectual Property.

 

The business correlations between Tesonet, ProtonVPN and NordVPN have been already proved a long ago, see this thread.

 

In the meantime new food for mind suggesting that even the technical management is the same came out.

 

ProtonVPN and NordVPN client software were both affected by the same critical vulnerability. When a patch was attempted, a new bug was entered which did not fix the vulnerability. The new bug is a consequence of the same, identical error and wrong considerations.

 

The fact that both Nord and Proton applications AND the patches for both applications were all flawed in the identical way shows that Proton and Nord are managed by the same technicians in my opinion.

 

Since the bugged patches were released when the critical vulnerabilities had not been disclosed publicly, you can even rule out that one party copied the patch of the other (not to mention that it's all closed source).

 

Since Nord is owned by Tesonet, a close relationship between Proton and Tesonet exists too (actually, as an additional confirmation, the Android ProtonVPN application has been signed by Tesonet since years ago).

 

https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html

 

 

Share this post


Link to post

While the above information is good to know, the biggest reason you don't want to use NordVPN is because they use shared certificates, as do the vast majority of VPN providers.  If you are using shared certificates, all it takes is someone to hijack your login info and they can mirror your session.  This is why I picked AirVPN, they use unique certificates.  Before I setup my account with AirVPN, I asked them this question and this was their response:

 

the client certificate and the client key are of course unique. We don't think that any well designed service can provide the same key to multiple clients (yes, we know that some services do that, but they are just jokes for gullible people, not real services).

 

I asked this question of multiple providers and the majority wouldn't even answer it or they weren't truthful about it.  However, Nord did verify that it uses shared certs.

Share this post


Link to post

I left NordVPN because they offered poor service, particularly, they didn't protect things the way they claimed to. This was a long time ago, you could probably find a link to a story about it. Many VPNs do a shoddy job of vetting their partner servers, a process AirVPN claims to do well but is still a complete mystery to me. Their clients are also poorly maintained or simply do not patch the holes in your traffic they claim to, as was the case with Nord, if I recall correctly.

 

Airvpn offers superior service and I genuinely believe that the ideology expressed by its devs is real and not just another VPN-facade/money grab.

It actually doesn't matter if nord is based in Panama or not, because this doesn't stop bad things from happening to people. Just look at the recent Panama Papers controversy.

Even though protonmail is based in Switzlerland (by the way: NOT NEUTRAL), they have servers in China, yet they are still  greatly admired in the privacy advocate sector.

Tor is based in Seattle. Many of its nodes are operated by the NSA itself.

 

I will still use Protonmail, AirVPN and Tor, because I have to, and overall, I believe that money is not the chief motivation in at least the latter two, because there are easier ways to get rich if you are a great coder than starting a non-profit.

Share this post


Link to post
@Staff I know you can not be 100% sure of anything, but can you be, reasonably, 99.9% sure that this will not happen with AirVPN?

I am specifically referring to this part of Arstechnica's article
 
Quote
The breach was the result of hackers exploiting an insecure remote-management system that administrators of a Finland-based datacenter installed on a server NordVPN leased. The unnamed datacenter, the statement said, installed the vulnerable management system without ever disclosing it to its NordVPN. NordVPN terminated its contract with the datacenter after the remote management system came to light a few months later.

Thank you in advance for your reply :)
 

Share this post


Link to post
58 minutes ago, jeuia3e9x74uxu6wk0r2u9kdos said:
@Staff I know you can not be 100% sure of anything, but can you be, reasonably, 99.9% sure that this will not happen with AirVPN?

I am specifically referring to this part of Arstechnica's article
 
Thank you in advance for your reply :)
 

Hello!

Vulnerable IPMI, iDRAC etc. which are then kept not updated and whose access is not even communicated to the customer is a negligent and intolerable behavior, however it's not impossible.

Good datacenters keep such an access restricted to a VPN, but it's plausible that in some cases access is exposed to some public Internet address. Speaking only about Dell's iDRAC, a study led in 2018 evaluated that tens of millions of servers are critically vulnerable. And that's only Dell, while other management systems add other vulnerabilities.

As disabling a remote management system is not a comfortable solution, because it could be needed for any emergency remote OS installation/maintenance/reboot/whatever, since AirVPN birth we verify IPMI, DRAC, iLOM etc. etc., restrict access to them to a tiny pool of IP addresses reserved to Air management if the server is exposed to the Internet (if it's in a VPN, the risk is remarkably reduced, as the attacker should find a way to enter the VPN first and discover the address inside the VPN) and keep it up to date (datacenters sometimes do not even bother to give you an updated system).

That said, inside jobs can potentially crumble any and each caution, that's why it's important to rely on reputable datacenters; furthemore, if NordVPN statement is true, as incredible as it may sound, then the datacenter committed an outstanding negligence which perhaps might even be considered malicious in court, for having failed to inform NordVPN about the existence of a remote management system capable to bypass any server defense. However, we would like to read a statement from the datacenter company, before jumping to conclusions.

Eliminating hazards completely is impossible, but risk mitigation is a task which must be always pursued with due diligence.

Kind regards
 

Share this post


Link to post

Although it degrades DNS, page loading, torrents, etc with >200ms ping times to SG/HK/JP/US Air servers from Australia, it seems likely that the Assistance and Access Bill https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia#Assistance_and_Access_Bill
could be used for hidden compliance by any local datacentre (and including their individual staff members with threatened prison time) to provide a similar mechanism to that used to hack the Finnish NordVPN server.
It is a positive for AirVPN not to provide servers in these contexts such as AU.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...