Leaderboard

Hello! We're very glad to announce a special promotion on our long terms Premium plans. You can get prices as low as 2.20 €/month with a three years plan, which is a 68.6% discount when compared to monthly plan price of 7 €. You can also send an AirVPN plan as a gift: you have the option to print or send a colorful, dedicated picture with the code to activate the plan. code shown in the above picture is an example, not a real code If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans' special prices on https://airvpn.org and https://airvpn.org/buy Kind regards & datalove AirVPN Staff

The real problem with NordVPN is they claim to be offshore and "securely based in Panama." But I don’t believe that. CloudVPN INC, their payment processor, is based out of Lithuania, and there are clear ties to Tesonet... Just do a Google search. Suffice to say, NordVPN is fully operated out of Lithuania and Lithuanians own the company that processes all customer billing info. That whole offshore thing is a lie, and they have no clue about international law. But the big problem here is, Nord is dishonest! This is the big issue. Dishonesty. And, because they are being so dishonest, and choosing not to address it in public, it should make people wonder what else they are hiding. NordVPN if you want us to take down anything here, TELL PEOPLE THE TRUTH. Just admit that the majority of your operations are based out of Lithuania. They are not securely offshore (It doesn’t matter what their management says), and Lithuania is one of the worst countries for privacy and data retention laws. The official “Owner” of NordVPN such as the domains and trademarks, have gone through great lengths to disguise their identity by registering the entity in Panama. There is NO information on Tefincom co S.A. – the entity that owns Nord trademarks. Anyone, literally ANYONE, with $1500 can open a shady anonymous Panama company in just a few days. They’ll provide a local address, resident agent, nominee directors, and power of attorney to the person in control so they can pull the strings behind the mask of a panama corporation. WHY, would anyone trust their privacy to a company who’s owner wishes to remain anonymous, and outsources 100% of it’s daily operations, accounting, billing, software dev, and marketing to a company in Lithuania. (Who just happens to run a bunch of other VPNs). Moving on to why they are misleading users and need to be called out: They tell people they are more secure because they are based in Panama, all safely tucked away “offshore”. They are giving people legal advise that is completely incorrect. A persons billing information is no safer just because Nord’s parent is incorporated in Panama. Tefincom doesn’t operate the payment processing, Cloud VPN INC (Tesonet) does, and therefore holds all personal data on subscribers. The US CloudVPN INC entity is not immune to legal process and neither are CloudVPN INC's Lithuanian owners. So to recap: NordVPN is lying to users about being an “offshore” VPN provider. They are processing payments through a US company CloudVPN INC owned by Lithuanians. This is 100% true, not allegations. They even admit it. AND, they are going through great lengths to hide the identity of the individuals and/or companies that have majority ownership in NordVPN. People need to understand that transparency in company ownership is the SINGLE most important factor one should consider when picking a VPN. You are literally giving all of your web traffic to this company, you better know who they are, or else you cannot and should not trust them. Anyone who thinks that their billing info is safe tucked away in a Lithuanian office building should really consult an attorney.

Hello! OpenVPN AirVPN 1.0 Release Candidate 2 has just been released! A new version for Linux ARM 64 bit is now available, tested successfully in Ubuntu 19.10 running in a Raspberry Pi 4 with 4 GB RAM. Please check the first post in this thread for updated links, instructions and changelog. Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s servers located in Vancouver (Canada) are available: Nahn and Sham. The AirVPN client will show automatically the new servers; if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). Servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Nahn and Sham support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check servers status in our real time servers monitor: https://airvpn.org/servers/Nahn https://airvpn.org/servers/Sham Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! Vulnerable IPMI, iDRAC etc. which are then kept not updated and whose access is not even communicated to the customer is a negligent and intolerable behavior, however it's not impossible. Good datacenters keep such an access restricted to a VPN, but it's plausible that in some cases access is exposed to some public Internet address. Speaking only about Dell's iDRAC, a study led in 2018 evaluated that tens of millions of servers are critically vulnerable. And that's only Dell, while other management systems add other vulnerabilities. As disabling a remote management system is not a comfortable solution, because it could be needed for any emergency remote OS installation/maintenance/reboot/whatever, since AirVPN birth we verify IPMI, DRAC, iLOM etc. etc., restrict access to them to a tiny pool of IP addresses reserved to Air management if the server is exposed to the Internet (if it's in a VPN, the risk is remarkably reduced, as the attacker should find a way to enter the VPN first and discover the address inside the VPN) and keep it up to date (datacenters sometimes do not even bother to give you an updated system). That said, inside jobs can potentially crumble any and each caution, that's why it's important to rely on reputable datacenters; furthemore, if NordVPN statement is true, as incredible as it may sound, then the datacenter committed an outstanding negligence which perhaps might even be considered malicious in court, for having failed to inform NordVPN about the existence of a remote management system capable to bypass any server defense. However, we would like to read a statement from the datacenter company, before jumping to conclusions. Eliminating hazards completely is impossible, but risk mitigation is a task which must be always pursued with due diligence. Kind regards

I left NordVPN because they offered poor service, particularly, they didn't protect things the way they claimed to. This was a long time ago, you could probably find a link to a story about it. Many VPNs do a shoddy job of vetting their partner servers, a process AirVPN claims to do well but is still a complete mystery to me. Their clients are also poorly maintained or simply do not patch the holes in your traffic they claim to, as was the case with Nord, if I recall correctly. Airvpn offers superior service and I genuinely believe that the ideology expressed by its devs is real and not just another VPN-facade/money grab. It actually doesn't matter if nord is based in Panama or not, because this doesn't stop bad things from happening to people. Just look at the recent Panama Papers controversy. Even though protonmail is based in Switzlerland (by the way: NOT NEUTRAL), they have servers in China, yet they are still greatly admired in the privacy advocate sector. Tor is based in Seattle. Many of its nodes are operated by the NSA itself. I will still use Protonmail, AirVPN and Tor, because I have to, and overall, I believe that money is not the chief motivation in at least the latter two, because there are easier ways to get rich if you are a great coder than starting a non-profit.

While the above information is good to know, the biggest reason you don't want to use NordVPN is because they use shared certificates, as do the vast majority of VPN providers. If you are using shared certificates, all it takes is someone to hijack your login info and they can mirror your session. This is why I picked AirVPN, they use unique certificates. Before I setup my account with AirVPN, I asked them this question and this was their response: the client certificate and the client key are of course unique. We don't think that any well designed service can provide the same key to multiple clients (yes, we know that some services do that, but they are just jokes for gullible people, not real services). I asked this question of multiple providers and the majority wouldn't even answer it or they weren't truthful about it. However, Nord did verify that it uses shared certs.

The business correlations between Tesonet, ProtonVPN and NordVPN have been already proved a long ago, see this thread. In the meantime new food for mind suggesting that even the technical management is the same came out. ProtonVPN and NordVPN client software were both affected by the same critical vulnerability. When a patch was attempted, a new bug was entered which did not fix the vulnerability. The new bug is a consequence of the same, identical error and wrong considerations. The fact that both Nord and Proton applications AND the patches for both applications were all flawed in the identical way shows that Proton and Nord are managed by the same technicians in my opinion. Since the bugged patches were released when the critical vulnerabilities had not been disclosed publicly, you can even rule out that one party copied the patch of the other (not to mention that it's all closed source). Since Nord is owned by Tesonet, a close relationship between Proton and Tesonet exists too (actually, as an additional confirmation, the Android ProtonVPN application has been signed by Tesonet since years ago). https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html

Hello! The situation is not what you describe, since, according to the article we linked: 1) the CEO of Tesonet, the CEO of ProtonVPN and the CEO of CloudVPN are all the same one person. 2) CloudVPN is not a payment processor. It uses PayPal to collect subscriptions from NordVPN. It's not that you pay to NordVPN via a payment processor called "CloudVPN", you pay to CloudVPN via some payment processor (PayPal for example). In such transactions CloudVPN is not the payment processor, it is the final beneficiary of your payments. To allow such payments via a web site interaction with PayPal, PayPal wants that the beneficiary is the web site owner. Additionally, the developer of NordVPN application in the Google Play Store is CloudVPN. The developer of ProtonVPN application in the Google Play Store is Tesonet. So you know that: - CloudVPN is not a payment processor in the transaction phase, but the beneficiary of the payment - CloudVPN signs the application(s) of NordVPN (therefore it has full access to Google Play Store keys of NordVPN) - Tesonet signs the application(s) of ProtonVPN (therefore it has full access to Google Play Store keys of ProtonVPN) - the CEO of Tesonet, CloudVPN and ProtonVPN is the same person - CloudVPN introduced itself to PayPal as the web server owner of NordVPN This is a matter of trust, and when trust is involved, a lack of transparency should trigger a red alert. This is plainly incorrect even under a purely technical aspect. With Wireshark etc. you can only see that your packets go to or come from the VPN server. You have absolutely no idea of what happens once they are there, outside of your control. As an additional side note, please keep in mind that data mining does not necessarily involves inspection of the traffic content, which is rather trivial and obvious (another trivial consideration: otherwise end-to-end encryption would have meant death of intermediary data mining worldwide ). Kind regards

Just in case you need some different source and start your own document checking and verification, the following article might be a start: http://vpnscam.com/nordvpn-protonvpn-proton-mail-owned-by-tesonet-ceo-darius-bereika/ Kind regards

No fairy tales. Just facts. NordVPN openly admits tesonet helps them with payment processing. CloudVPN INC handles all NordVPN payments and is registered in the US: https://ibb.co/cKchDo They registered in the US to get cheap cc processing fees. Notice on the link who the president is. Maybe you are unaware but NordVPN was born in Lithuania and never left: https://web.archive.org/web/20121202094755/http://www.nordvpn.com:80/ (Notice the only two translations available) Yes, Tesonet owns or operates thousands of companies and some of these are involved in big data collection and mining. The problem here is not entirely Tesonet. The problem is NordVPN is being dishonest and making an effort to hide something. Have you heard of MONKEYROCKET? If not, you should look into it. If you don't know exactly who is behind your VPN you should assume the worst.

Hello! It's unclear what sources for what info (because the OP posted a lot of stuff to be pondered) but the fact that Tesonet operates NordVPN can be easily verified. Start from here then go to the official register sources: https://news.ycombinator.com/item?id=17258203 Tesonet operates NordVPN and has strict business relations with ProtonVPN; Tesonet also signs the ProtonVPN Android application certificate. Tesonet core business includes data mining according to their web site. Kind regards