We have successfully completed our migration to RAM-only VPN infrastructure - Mullvad VPN - eviltoast
  • t0m5k1@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Teddy Sagi > Kape Tech > PIA, Cyber Ghost and ZenMate.

    As someone who works in enterprise ISP tech space I always keep the bigger picture in mind, especially with the latest “tech Fads”, VPNs are really easy to sell, especially when you already have other companies and even bigger shell companies.

    Take the following scenario (it might be true it might also be conjecture):

    person1 owns 2 shell companies that are big names in tech.

    shell 1 starts out as a an ISP and soon grows to be a network transit provider.*

    shell 2 starts out as a cyber sec company.

    shell 1 get’s really big and becomes a tier 1 provider that sells transit to BBC and is now peering with the likes of Cogent, Lumen/CenturyLink and others.

    shell 2 get so big it branches out into VPN carrier tech and purchases a well used VPN company that also stands out as having a no logging policy.*

    shell 1 starts providing seriously detailed analytics to it peers on a subscription basis with discounts to peers that repeatedly hit the 95th percentile on billing cycles, all the peers love being able to see detailed info of the traffic flowing over their transit relationships.*

    Shell 2 also purchases another company that deals with adware and advert injection tech.

    later shell 2 becomes so financially liquid it is now breaking out in to gambling and lucrative AIM ventures.

    In the scenario above I’ve marked points with a * that should be red flags to VPN users BUT they have something obvious when laid out in this manner that a user of a VPN would not know. That is that even though the VPN is sold as no-logging the wider company still gets your data as all the traffic is flowing over the wider network owned by shell 1 that you have no idea of the relationship between them.

    All traffic/data can be monetised and ultimately with decent visibility of all comprising parts tied back to you or your account, VPNs are good but just be aware of forced perspective, look beyond T&C’s, look at the company and who owns it and what else they own.

    You all got a hint at this with pirate bay, the feds couldn’t take 'em down so the went to the DC provider and the network transit providers, you should do the same if you value your trust and data so much that you need a VPN for every connection.

    Finally, with or without a VPN, Your IP is only used for 20% of the connection(10% at the start and 10% to the final endpoint), when your data/traffic flows over provider networks it becomes an AS number, a layer tag and even a colour, all of these interchange until it becomes an IP again, hits a website and for the most part all of that is accounted for and can be connected to you.