OpenSourcerer 1435 Posted ... A german IT security blogger recently discovered that NordVPN's official android app transmits personally identifiable information to NordVPN and a few third parties. The checked version of their app is v3.9.8 which seems a few versions behind the current branch but still fairly recent.The blogger discovered that a user's Google mail address along with the advertising ID and a bit of other info are sent to Iterable, AppsFlyer and Tune along with some Google services like Analytics - all seemingly without the user's consent and even without mentioning it in the app's ToS. Of course customer support has been asked as well. Their answer was not satisfactory: Hello there! We use these tools to monitor aggregated data to improve UI/UX and determine the efficiency of our marketing campaigns. They are not related to the user’s activity when using our VPN service. In case you have further questions, do not hesitate to drop us a DM! Everyone interested in some of the HTTP POSTs discovered can look at them in the article linked above. The article itself is German-language, but it doesn't contain more info than this, only a bit of the writer's opinion which I share: It's very questionable that a "no-log" or even "privacy-centered" VPN provider like NordVPN is bold enough to state "marketing reasons" as their justification to track users of their Android app. Even worse that this tracking is performed by third parties who will most likely use this data in cross-referencing... Try to avoid NordVPN. Searching for "NordVPN" in this forum alone will yield more than enough reason. One in three newly created threads is about them. 4 go558a83nk, pen49, LZ1 and 1 other reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
LZ1 672 Posted ... Hello! That's certainly interesting. Thank you for taking the time to post it here and making it available in English . I completely agree that the choice of justification is very poor in this regard. Moved topic to the proper forum. 2 pen49 and itsmefloraluca reacted to this Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
Staff 9972 Posted ... Hello, we wish and we need to distance ourselves from such a behavior which can even imply a criminal infringement in the EU. Events like the one discovered by Mike Kuketz may cast a general climate of distrust in a delicate sector which needs first and foremost customers' confidence. Nowadays VPN "market" is polluted by shady services. Sometimes you can't even know the owners or the running company behind a service. We are confident that fiscal, legal and technical transparency of AirVPN, as well as high standards both on consumers' protection and privacy fields since the end of 2010, will allow our customers and non-customers to discern honest professionals from anybody and anything else. We have always and only released free and open source software for public scrutiny and we have always supported a variety of privacy enhancing services in fundamental ways. For example, today we contribute to run about 7% of all the existing Tor exit nodes in the world. https://airvpn.org/mission Kind regardsAirVPN Staff 2 nexsteppe and pen49 reacted to this Quote Share this post Link to post
JSD 6 Posted ... Hello, it might be interesting for you that Mr. Kuketz had a look at some other Android Apps from some VPN services. He found some trackers there, too, In one case (Avast SecureLine VPN) he says he found 14 trackers: AppsFlyerFacebook AdsFacebook AnalyticsFacebook LoginFacebook PlacesFacebook ShareGoogle AdsGoogle AnalyticsGoogle CrashLyticsGoogle DoubleClickGoogle Firebase AnalyticsInmobiMoatTwitter MoPub Immediately after the start, Avast SeureLine vPN's app is contacting Facebook, according to Mr. Kuketz, and is sending some information including a Google advertising ID, the type of the device and the display resolution among other information. At least, Avast mentions all the third parties contactd by the app in its Privacy Policy. However, according to Mr. Kuketz, this was not true in many other cases: He said there were no hints that the app would send some information to multiple third parties. In some cases, Kuketz said he could not find out which pieces of information were sent, because they were encrypted. Below are the relevant links. (Regrettably, it seems that Mr. Kuketz’ findings have only been published in German so far, but you may get an impression with the help of a good translation program). https://www.kuketz-blog.de/cyberghost-vpn-android-app-verseucht-mit-trackern/ https://www.kuketz-blog.de/vyprvpn-no-logging-versprechen-wertlos/ https://www.kuketz-blog.de/avast-secureline-vpn-14-tracker-in-einer-app/ https://www.kuketz-blog.de/avg-secure-vpn-weitere-vpn-app-mit-haufenweise-trackern/ This state of affairs is really disquieting. 2 pen49 and OpenSourcerer reacted to this Quote Share this post Link to post
OpenSourcerer 1435 Posted ... It would be more interesting to have insights into the apps of all the providers who regularly place themselves on the no-log VPN provider list of TorrentFreak for example. I only recognize VyprVPN, the rest are more or less known for it. Nevertheless, it seems we've found a silver mine of information on it. Let's see what he digs up next and consider donating a small amount of money for his work. Sent via Tapatalk. 1 pen49 reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post