Discussion in 'privacy technology' started by jaypeecee, Jun 19, 2017.
Ah Just found this:
June 4, 2017 at 8:10 pm
Damn, I missed the significance of this!
The protonmail account on HN has claimed that PIA cooperates with the Chinese government. And that this accounts for the fact that the GFW doesn't block PIA as thoroughly as other VPN services.
This is wild!
Edit: So, we have ProtonMail claiming that PIA works for the Chinese. And PIA claiming that ProtonVPN and NordVPN are linked to evil Tesonet. It's been years since we've seen this much drama in the VPN world. I'm sure that some of you remember.
But you know, for those of us who use nested VPN chains, and don't care so much about Chinese intelligence, it would actually a good thing if PIA were working for the Chinese. Because that would arguably mean they're less likely to be working for the NSA and friends.
For clarification: Proton's statement made at HN regarding cooperation with the Chinese government included the proviso––"We're not ready to name names at this point, but you're actually correct....". That response could be considered to be sloppily made, and thought to be meant as a strategic implication (wink,wink), but nonetheless there was no direct naming. Have they made other statements that were direct accusations? Dunno.
I've found no objective evidence to support PIA's claims about either Proton or Nord*. We emailed Nord, included the relevant HN link and asked the obvious. Nord said they were aware of the charges made by their competitor (they threw no mud in return). They firmly deny the Tesonet ownership charge and deny that they have any association with Proton.
They did say that they have a business relationship with Tesonet.
(Also see @mirimir's post #44 on Tesonet.)
Nord closed their email with the offer to answer any and all further questions on this or any other matter.
[Overall, I agree with @elapsed 's take on this (final line in post #46).
And, this drama is an opportunity for potential and existing customers to learn a bit about the character of those with whom business could be or is done.]
* Disclosure: I have and people close to me do use NordVPN. We have no relationship with them other than being faceless, personally unknown to Nord, customers.
OK, so both ProtonVPN and NordVPN admittedly work with Tesonet. But I do agree that it's inaccurate (or at least speculative) to characterize Tesonet as a "data mining company". Maybe they're just an enterprise-level VPN provider. So customers use them for competitive research, which could involve data mining.
Still, I wonder what Tesonet does for ProtonVPN and NordVPN. ProtonVPN said that they helped them setup their office in Lithuania, but chose not to use Tesonet servers, and went with Leaseweb. But I wonder if NordVPN uses Tesonet servers. And if Tesonet provides tech support to both. I may well take a look at the server issues
And no, I haven't seen anything more on ProtonMail's claim the PIA works with a TLA. I do think that it's pretty clear from the HN thread that ProtonMail confirmed said TLA to be Chinese. I can't imagine why he'd leave that impression, if he meant instead the NSA
A brief update regarding ongoing DDoS incidents
July 18, 2018
I'm using both Mail and VPN. I have to say that the VPN has some issues, but the mail-part is great!
You can encrypt emails with a password that you give the recipient in a different way. Then he gets a mail with a link to the message. He can decrypt the message on his end and read it or download the file - for a limited amount of time. After that time limit is over, the message will no longer be readable. You can set the time limit yourself.
This is even available for Free users! Genius!
But yea, I hope they figure the DDoS attacks out. :/
Introducing Address Verification and Full PGP Support
July 25, 2018
It was down yesterday - is it a frequent thing or quite the opposite?
For me it was a first
It started to go down just after midnight for me for a week or so.
Maybe they're still getting DDoSed?
Other postings about Proton/Nord/Tesonet/CloudVPN by posters and by an AirVPN Staff member(s) named *Staff* at AirVPN’s forum here:
I don’t know that there’s any new info but thought that AirVPN’s involvement was newsworthy, worthwhile added information for current or future VPN purchasers.
The VPN marketplace is (technologically speaking) icky.
So the developing argument seems to be that Tesonet aka Cloud VPN operates several VPNs, and not just NordVPN and ProtonVPN.
And seriously, there are a lot of VPNs.
In particular, the latest top pick on many review sites is ExpressVPN. It has marketed itself very heavily. There are numerous related URLs, either run by itself or affiliates. And they've arguably grown too fast, given reasonable assumptions about funding, staff and other resources. So maybe Tesonet?
I assume you saw these? https://webcache.googleusercontent....ing-company-tesonet &cd=2&hl=en&ct=clnk&gl=us
This one looks very interesting but I don't have a PACER account... https://dockets.justia.com/docket/texas/txedce/2:2018cv00299/183621
Yes, I'd read the first one. But that was before it got removed. So thanks for the cache link. I saved a copy.
About the second one, I've no Pacer account either. I wonder who Luminati Networks is, and what patent Tesonet might be infringing. And anyway, I didn't think that Texas Eastern District Court was still a magnet for patent trolls.
Edit: Damn, I'd forgotten who Luminati Networks is. They're the folks who sell access to Hola users' ISP uplinks. I didn't think that Tesonet was doing that.
Been awhile since I've chimed in. NordVPN sticks out to me as one to be wary of - due to one red flag: their advertising.
They are advertising on even network television in the USA, all over cable, they are everywhere.
Network television advertising is very expensive and somebody has to be paying for this.
Big bucks behind Nord's advertising. The question is - whose is it? Big red flag for me.
maybe not so accurate but could it be certain intergalactic aliens?
Or any of a number of governments. Take your pick. I have a favorite though.
Isn't the important thing to assume a likely government, then chain VPNs with governments which have uncooperative attitudes to each other?
The other aspect being that your own jurisdiction and their allies have a way of being able to lock you up or extradite you, even if that's only false positives or being awkward, it will be painful.
That's a reasonable strategy. But you never know until the fit hits the shan
Absolutely! Hope you're doing well these days.
Thanks, and same for you
If Protonmail wanted to gather major points with its users they would allow us to upload our own self created keyset. I am not saying there is a problem only that I feel MUCH safer user a key that I personally generated locally. At that point a compromise becomes much more difficult since the attack surface is my local machine.
I've re-read all these Tesonet articles. BTW mirimir, some of articles are still available so not sure why archive were used. Maybe at that time they're unavailable? But there're some diff btwn them (edition).
So far explanation given by Andy, bartbutler, and Proton account in HN appears to be roughly reasonable. I confirmed each fact one by one if possible. E.g. we can confirm the building of Lithuanian address is indeed large facility shared by many org by Google map tho not sure if it's really 50-60.
One Reddit guy claims "contradiction" but I don't see such many contradiction. E.g. he said Andy's comment
contradicts, but clearly he confuses infrastructure to combat DDoS in the event w/ that of VPN (in that time ProtonVPN didn't exist). He also said
contradicts, in this case it's true if you ignore "might", but it seems it was just a mistake ( Andy corrected it) and anyway as Andy said, IP is open info so everyone can confirm if it's true.
VPNscam guy seems to be motivated by good intention, but I can't hide question to his technical knowledge and/or reasonable thinking. It appears he doesn't understand APK singing. APK signing key is not the private key in usual sense. Everyone can make it and it only provides integrity, so one reddit poster's simile of MAC has a point. Then he claimed Proton contradicts themselves again and again in the HN thread, saying
But where the "no links" statement? I searched in Wayback machine to see if there's any deleted comments I missed, but no finding. What he said is more than exaggeration if he says what nobody said as being said. Correct me if I'm wrong.
Given the suspicion thrown to them are based on such broken logic, it's understandable Proton took this not being worth making dedicated blog post to clear things up. But I personally want more clarification. E.g. What is the "Cyber Alliance, UAB" and how it is related to ProtonVPN? What potential access those 3rd parties can have? Have you contemplated the possibility some of them might be malicious? Are you sure saving user credential to Switzerland head is enough to protect all customer data?
Disclaimer: I use ProtonMail for unimportant things but haven't used ProtonVPN and won't at least soon. I have no motivation to defend them. I just wanna know truth.
Maybe you already know, but now PM supports importing your private key.
@142395 - Thanks for the careful reading I do agree that some of the criticism is iffy. But what mainly concerns me has been ProtonMail/ProtonVPN's dismissive attitude. Perhaps some of the criticisms are too off-the-wall to warrant responses. And it's generally dangerous to let opponents set the agenda, and get drawn into responding to all criticisms. Because it makes you look defensive. But on the other hand, ignoring criticisms can seem evasive. So it's a hard problem.
I was also grossed out by both sides in the PIA-vs-Proton debate on HN. As I recall, there are some deleted comments that archive.org didn't get. Maybe I have some personally archived versions. I'll take a look, later.
Separate names with a comma.