Nord VPN

Discussion in 'privacy technology' started by Circuit, Apr 26, 2018.

  1. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Does it live up to the hype that they claim on TV?

    My opinion, junk if they ad on tv, like pc-matic.
     
    Last edited: Apr 26, 2018
  2. guest

    guest Guest

  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,273
    Location:
    Slovenia
    Inside a VPN service: How NordVPN conducts the business of Internet privacy
    https://www.zdnet.com/article/insid...pn-conducts-the-business-of-internet-privacy/
     
  4. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    475
    Location:
    USA
    I used NordVpn for awhile, until I found that it bypasses (ignores) Windows firewall rules I have created. This was a "kill the app" moment for me. I switched to Mullvad which is super.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,323
    Location:
    U.S.A.
    Yes. VPN use is a classical example of privacy vs. security.

    Many still don't fully understand that a VPN in essence creates a secure tunnel connection between the VPN servers and the end device. As such, any local device firewall and its corresponding rules are bypassed. When you use a VPN you are 100% reliant upon the VPN in determination of the safety of network communication arriving at your device.

    The primary purpose of VPN communication was to secure Wi-Fi communication as noted in this CNET article:
    https://www.cnet.com/news/how-what3words-pinpoints-every-spot-on-earth-for-better-navigation-q-a/
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Huh? It ignores Windows Firewall rules? Did you specifically create rules for the new VPN tunnel network?
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    That's not exactly true. It's not that the firewall is ignored. It's just that any existing rules on the LAN interface will be ignored. Because, except for the connection with the VPN server, all traffic is now using the VPN tunnel network. And if you want rules on that, you must create them.
     
  8. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    475
    Location:
    USA
    Yes. I was rather shocked to find things connecting out that had a WF block rule. Emailed Nord support and got this response:

    "This is an expected behavior because our while you are connecting through VPN, it is setting our own firewall rules to avoid any possible security leaks."

    So I tried Perfect Privacy which is nice but expensive. Then Mullvad which is really good and now has many more servers. Mullvad (and PP) honors my WF rules.

    Also, Nord uses virtual servers but Mullvad uses physical servers. Not sure of the difference but from my research physical is better?
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Did your WF block rules apply only to (for example) home networks? If the VPN tunnel got created as a public network, those WF block rules wouldn't apply to it.
    Hmmm. That might just reflect how their client modifies WF. Maybe Mullvad and PP use their own firewalls, and don't mess with WF. Or maybe they just tweak WF more delicately. It'd be interesting to hear whether AirVPN and IVPN clients honor your WF rules.
    It's always more secure to use dedicated/physical servers, instead of VPS. But it's also a lot more expensive. That's why VPN services that use only dedicated/physical servers tend to have less locations. Logging everything in VPS is trivial for hosting providers. But logging network traffic for dedicated/physical servers is also trivial for hosting providers. That includes IP addresses of users and destination Internet sites, and any content that's not end-to-end encrypted (that is, not HTTPS or TLS). But some aspects of user traffic would be much harder to log from dedicated/physical servers. Data modification would also be lots harder.
     
  10. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    475
    Location:
    USA
    No, the rules were for all types of access. I use WFC to create rules. The first time I really noticed this behavior from Nord was when I clicked on the Windows Store (Windows 10) and was connected. Looked at my rules and my block rule was still in place. Turned Nord off and rule worked (Store blocked), Nord back on and rule ineffective. Started watching with TCPview and none of my block rules were being enforced with Nord.
    PP did some strange things to the firewall rules, but it did uphold my block rules. Mullvad acts as though it completely honors the Windows firewall and the allow/block rules I have created with WFC.
    This. NordVPN is relatively inexpensive. PP is very expensive and Mullvad about in the middle. Never tried Air or IVPN, I am quite happy with Mullvad and am not looking for more adventures in VPN land :)
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,323
    Location:
    U.S.A.
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,323
    Location:
    U.S.A.
    As far as firewall bypass via a VPN connection, its primarily in regards to your router's firewall. Most routers have a feature called "VPN Pass Through" that applies to IPSec, PPTP and L2TP network traffic. In essence, a tunnel is created to allow all such traffic to flow in and out of the router unimpeded. This means router security features such as NAT and statefull inspection along with any existing firewall rules are not being applied. In essence, your router is functioning in bridged mode.

    Since your router's firewall and its additional security features are not longer functional, you primary defense against network born external threats are disabled. Again, you are 100% reliant on your VPN provider for this protection.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, of course, the perimeter router/firewall must allow the VPN connection. All it can do is allow or block. Because the VPN connection is encrypted.

    But there should also be a firewall on whatever device is running the VPN client. If you're using pfSense VMs, you create rules there. If you're running the VPN client in your machine or VM, you create firewall rules there. In Linux, iptables. Or in Windows, the built-in firewall. Most importantly, you generally allow only input that's part of established connections. Unless you open ports for servers. You block malformed packets. And you may allow output only for some apps. For example, if you're using Tor, you allow only traffic from the Tor process.

    So no, you are not "100% reliant on your VPN provider for this protection". It's your machine, and you get to say.
     
  14. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,377
    Location:
    Member state of European Union
    Yes, for extra security it is best to have 2 VMs and host OS (or 3 VMs). One for VPN client, second for OS actually used behind VPN. Host OS is routing and firewalling traffic between first and second VM.
    Provided you have some more money to spend on devices: 1st router as VPN client, second as router and firewall and there you connect end-points.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, hardware is best. You can do it all with VMs. But there's always the risk of guest-to-host breakouts. Sometimes I split nested VPN chains across two host machines. The end of the chain and workspace VM are isolated. So a guest-to-host breakout can't take down everything. And my VM hosts are all old, bought used. Just maxed with RAM and updated with SSDs. So hardware isolation doesn't cost all that much.
     
  16. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Unlike you (and everyone else here?) I read the article in #3

    I realize you were in a rush to promote your favourite VPN provider (perhaps you work for them?) but try not make stuff up on a security forum.
     
  17. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    475
    Location:
    USA
    Nope never read it. Published yesterday, really? That's a nice statement about the servers, glad to see it.

    Sure, I like Mullvad and would recommend them. NordVPN, not with windows 10 because of the Windows firewall issue.
     
  18. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Your post was a direct response to it..... The article was #3 and your response was #4. #2 was over 2 months ago =P
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Sure, they say that they "rent dedicated, bare-metal servers from carefully selected server providers". But they don't say that they rent "4,205 servers in 62 countries". And it's a certainty that, if they did, they'd be charging a lot more than a few USD per month.

    If they really are using dedicated servers, I'm betting that those servers have numerous IP addresses, which use routing tricks to geolocate in those 62 countries. It's not hard to test for that. You just ping each server IP from numerous places, using such services as https://ping.pe/ and https://asm.ca.com/en/ping.php [0]

    0) https://www.ivpn.net/privacy-guides/how-to-verify-physical-locations-of-internet-servers
     
  20. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,322

    Yep. There is a reason the top 5 services via the ratings "we" here have given earned their positions. Standing among our serious privacy and security advocates is not handed out without examination. Lots of services just stamp VPN on their "contraption" and casual users feel all protected and secure. Quite a mistake if you operate in a world where you need what you think you are getting (but you aren't really).
     
  21. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,885
    Location:
    Stockholm Sweden
    I used NordVPN for a year (until february this year) But just for the sake of it (and I am a nerd) I ended subscription to try another, PrivateVPN.
    NordVPN is quite nice with a decent price. I found it keeping most of what it promised. I payed by bitcoin. I have a 300/100 MBit cable at home, I had 200Mbit or more down and at least 50Mbit up every time I checked. Never crawled. They have alot of servers in most of the countries.
    The mobile app worked nicely abroad on vacation in my phone (France, Great Brittain and South Africa) Not a glitch, perfect on airports. It has some nice features like double VPN. Didnt try the P2P feature though.

    But, worked so and so with US Netflix (I live in Sweden). Got the connection but it took a long time to load the page and so did loading movies and the quality shifted often and on some occasion the signal was lost. Not very happy about that. I noticed that my new VPN is much more reliable and much more consistent when it came to good picture quality, and loaded the login and movies faster. But if Netflix is not the deal breaker i can recommend it.
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Supposedly. If they're really dedicated servers, that seems very unlikely. Because of how much it would cost.
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    37,142
    NordVPN Responds to Privacy Sensitive Allegations
    August 30, 2018
    https://torrentfreak.com/nordvpn-responds-to-privacy-sensitive-allegations-180830/
     
  24. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    599
    Trusting in someone , or anyone , for that matter for your online privacy is not a good idea. Just assume everything you do, at all times, is not private. I mean the only use, I mean the only use, for a VPN , is to have automatic HTTPS protection for all your internet connections. But since most websites that you send confidential info to a server and from your computer and ISP already have https enabled, why bother with a VPN? The only other reason to use a VPN is to access content online, that you couldn't otherwise access in your country, but if something is already being censored by your government, wouldn't that imply it is already illegal? And therefore not something you should be prying yourself in?
     
  25. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,891
    Location:
    Location Unknown
    Every single post I've read today from you (17) has been negative. Why talk if you have nothing of substance to add?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.