Leaderboard

Although it degrades DNS, page loading, torrents, etc with >200ms ping times to SG/HK/JP/US Air servers from Australia, it seems likely that the Assistance and Access Bill https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia#Assistance_and_Access_Bill could be used for hidden compliance by any local datacentre (and including their individual staff members with threatened prison time) to provide a similar mechanism to that used to hack the Finnish NordVPN server. It is a positive for AirVPN not to provide servers in these contexts such as AU.

Hello! Vulnerable IPMI, iDRAC etc. which are then kept not updated and whose access is not even communicated to the customer is a negligent and intolerable behavior, however it's not impossible. Good datacenters keep such an access restricted to a VPN, but it's plausible that in some cases access is exposed to some public Internet address. Speaking only about Dell's iDRAC, a study led in 2018 evaluated that tens of millions of servers are critically vulnerable. And that's only Dell, while other management systems add other vulnerabilities. As disabling a remote management system is not a comfortable solution, because it could be needed for any emergency remote OS installation/maintenance/reboot/whatever, since AirVPN birth we verify IPMI, DRAC, iLOM etc. etc., restrict access to them to a tiny pool of IP addresses reserved to Air management if the server is exposed to the Internet (if it's in a VPN, the risk is remarkably reduced, as the attacker should find a way to enter the VPN first and discover the address inside the VPN) and keep it up to date (datacenters sometimes do not even bother to give you an updated system). That said, inside jobs can potentially crumble any and each caution, that's why it's important to rely on reputable datacenters; furthemore, if NordVPN statement is true, as incredible as it may sound, then the datacenter committed an outstanding negligence which perhaps might even be considered malicious in court, for having failed to inform NordVPN about the existence of a remote management system capable to bypass any server defense. However, we would like to read a statement from the datacenter company, before jumping to conclusions. Eliminating hazards completely is impossible, but risk mitigation is a task which must be always pursued with due diligence. Kind regards