iVPN: today is the day port forwarding is removed

[revsplus 7]

Announced in June, today all iVPN customers will have remote port forwarding feature removed from their accounts. To justify the contractual change, iVPN claims that port forwarding:
 

Quote

enables activities, such as large scale abuse and sharing of objectionable materials that can have a negative effect on our servers and operations

Strangely, this is the same reason brought by Mullvad when its managers decided to scratch the feature. As several observers commented, the explanation might be a smokescreen, for large scale abuse and sharing of objectionable material do not strictly need remote port forwarding. Some critics (referring not only to iVPN but to Mullvad) added that the whole iVPN/Mullvad operational model, not to mention any generic Internet Service Provider of course, can potentially "enable" such activities. Thus, a coherent consequence and behavior of the dubious explanation, if it was the real reason behind the decision, would be shutting down the whole service or secretly monitoring and logging traffic of the customers.

My very personal opinion, even after having queried AirVPN (to get to know why AirVPN will not remove the feature as it does not consider port forwarding a serious threat causing additional "negative effect"), Mullvad and iVPN customer care, is that there's something that we ignore behind such decisions and that's why they look inexplicable in spite of (or especially for) the rationale/justification given.
 

[OpenSourcerer 1361]

The only thing I can imagine falling under questionable materials is something like CP, defamatory websites and other things published in especially bad taste, which would technically require a forwarded port for reachability. Especially CP would fall under "large scale abuse" and "sharing of objectionable materials". A no-log VPN with no real concept of user accounts like Mullvad (them being random numbers) is quite perfect for this.

Honestly, I don't think it's a smokescreen with either of these services, but something your average company would decide on after some internal discussion upon seeing their front lawn burning up. As you suggested, one of the alternatives would be to start logging (to see who sets the fire) and completely obliterating trust, damaging the user base even more. But this way, you simply stop port forwarding and at least retain users who are not there for that.

[revsplus 7]

Yes, I do agree,

6 hours ago, OpenSourcerer said:

he only thing I can imagine falling under questionable materials is something like CP, defamatory websites and other things published in especially bad taste, which would technically require a forwarded port for reachability.

Yes, me too. That's why I thought the explanations were a smokescreen. Activities such as human trafficking agreements,slavery exploitation, slaves business (nowadays in the world 1 person out of 200 is a slave, according to Guardian and other major newspapers and ONG reports), penetration and cracking, cyberstalking, spamming, malware injections in services, are all "enabled" in the same sense by VPN (and many other service providers,of course) but don't require port forwarding. If the feature was deleted indeed on business ground ("it affects the majority of our users negatively", writes Mullvad; "can have a negative effect on our servers", writes iVPN) then the whole infrastructure should have been re-designed, because as anybody operating in the hosting and housing business knows well, the main reasons for IP addresses to be included in black lists, and for dedicated servers suspended, and for IP addresses to be null-routed, and for police knocking at the door of your company, are all "9 out of 10" actions unrelated to port forwarding.
 

[ss11 15]

I think the explanation might not be so deep. IMO, they just don't want to mess with the hustle to respond to potential legal requests, subpoenas, etc. For them, allowing this feature (while perfectly legal) implies some extra men hours for them, some extra money to be spent in order for someone to keep track of potential abuse reports and respond to law enforcement agencies requests or to requests that come from the server hosting companies.

If they will make (approximately) the same profit by cancelling this extra cost, for them it's just business. Maybe they don't care to fight it, because it costs them.

This is why I think AirVPN is quite different from these companies as it has a mission and as history tells us they pretty much stood up to it. Obviously monetization is another ugly but highly needed feature, as servers eat electricity that costs money and bandwidth which translates also in money.