I don’t know much about Nord’s quality as a service, but I know that they really spearheaded the effort to spread misinformation on how Internet security works (claiming that a VPN would protect the information you enter into a website when HTTPS already does that) via YouTube ad reads. That alone is enough to make me swear off ever using them.
Audits don’t mean shit IMO, mullvad got raided by Swedish police and the police were allowed to see the logs and stated there’s no logs on the servers.
I’m under the impression https can be defeated by a man-in-the-middle attack if you’re not paying attention. Haven’t looked into it recently to be sure if that’s still the case or a solved issue, though. But that was one reason to use a VPN while on untrusted wifi, supposedly.
if you are using http yes, any modern website uses https, in most cases vpn will at least prevent dns hijacking (since unecrypted dns is still the default)
I think I was thinking of situations where the wifi owner redirects you to their impersonation site with their own cert, but a normal browser will pop up a big warning about that. Also if the site properly uses HSTS and you’ve been there on that machine before, then you’re protected from being directed to a http impersonation site. A VPN will protect you from both (assuming the VPN us trustworthy), but if you’re savvy you don’t need it. But then the type of person who needs the kind of simplified explanation for “why VPN” that you get in ads is not savvy.
I don’t know much about Nord’s quality as a service, but I know that they really spearheaded the effort to spread misinformation on how Internet security works (claiming that a VPN would protect the information you enter into a website when HTTPS already does that) via YouTube ad reads. That alone is enough to make me swear off ever using them.
Also they’re spending just wayyyyy too much on advertising for my taste.
Lots of VPNs are actually owned by one company, like Nordvpn and surfshark are both owned by Nord security, lemme find the list…
Urgh. I use Mullvad, it’s just 5€ per month and so far works great. I hope there’s nothing bad I don’t know about it. lol
Mullvad complies to all legal requests!!
Which doesn’t matter since they’re properly setup for there to be nothing law enforcement can get out of them.
The only true and tested nolog VPN provider ever.
I thought PIA had ownership issues but had also been audited the same way?
Audits don’t mean shit IMO, mullvad got raided by Swedish police and the police were allowed to see the logs and stated there’s no logs on the servers.
PIA has been through that multiple times, too: https://torrentfreak.com/private-internet-access-no-logging-claims-proven-true-again-in-court-180606/
They are the only VPN company with a clean record but personally only VPN I would trust is onion, garlic etc. kind of networks.
How do you define “with a clean record”?
I’m under the impression https can be defeated by a man-in-the-middle attack if you’re not paying attention. Haven’t looked into it recently to be sure if that’s still the case or a solved issue, though. But that was one reason to use a VPN while on untrusted wifi, supposedly.
if you are using http yes, any modern website uses https, in most cases vpn will at least prevent dns hijacking (since unecrypted dns is still the default)
No, I’m definitely talking about https. Could be this is no longer a thing tho, I need to look it up.
afaik there is some metadata leak with https unless you use ECH which most websites do not support
I think I was thinking of situations where the wifi owner redirects you to their impersonation site with their own cert, but a normal browser will pop up a big warning about that. Also if the site properly uses HSTS and you’ve been there on that machine before, then you’re protected from being directed to a http impersonation site. A VPN will protect you from both (assuming the VPN us trustworthy), but if you’re savvy you don’t need it. But then the type of person who needs the kind of simplified explanation for “why VPN” that you get in ads is not savvy.