VPN Transparency Project

Tag: hostuniversal

  • Mullvad

    Mullvad

    Mullvad is a small but mighty VPN provider that offers incredible speeds along with security and performance that stacks up with the best VPNs. Mullvad VPN is fast, great for torrenting, and excellent at keeping you safe online. It uses AES-256 encryption, OpenVPN and WireGuard protocols, multi-hop, and a dependable kill switch. However, Mullvad prioritizes internet privacy over entertainment. Despite its excellent privacy and security offering, the VPN is terrible when it comes to unblocking streaming services.

    But when you are using Mullvad VPN, who’s networks are you really using? After my testing I concluded that Mullvad uses 48% M247, 15% 31173, 11% Tzulo, 8% DataPacket, 7% 100TB, 3% xTom, and the remaining servers use Blix, QuadraNet, and Intergrid.

    Looking at the chart above, you can see that Mullvad VPN has effectively surrendered a significant degree of control over their VPN network to the British authorities. This means that M247 and DataPacket may be required by the courts to monitor, censor, or eliminate certain nodes. The UK is notorious for mandating that internet service providers keep records of every website visited by a user for a year. Furthermore, the country has proposed that social media and ISPs block posts containing “legal but harmful content.” Additionally, the so-called independent regulator Ofcom, which is not truly independent, has the power to censor anything it deems to be misinformation or disinformation, much like China and Russia.

    Either the government or Ofcom could easily categorize M247 and DataPacket as ISPs, rather than web hosts. This would result in the enforcement of censorship on their global networks or a 10% global turnover fine. M247 provides internet services to UK-based businesses, making it an obvious candidate for ISP classification. DataPacket, on the other hand, could potentially be classified as offering an internet service due to their active advertising to VPN providers, although this is a weaker argument.

    App Privacy

    Other Security Features

    • Kill Switch â€” A kill switch acts as your last line of defense when your VPN connection unexpectedly drops. Mullvad has a built-in kill switch that can never be disabled, but it’s only available on its desktop apps. I tested it by trying to load a page when changing servers on my laptop, and it said my connection was cut off.
    • Split Tunneling â€” Split tunneling allows you to use your VPN connection and local network at the same time. The advantage is that you can use local apps while bypassing geoblocks on your browser. Mullvad only enables split tunneling on its Android and Linux apps, and are currently building a Windows version. When I tried it on my Android smartphone, I could use my local banking app while watching US Netflix through the encrypted VPN tunnel. If you’re not using Android or Linux, then you can configure your routes on your OpenVPN or WireGuard protocol to enable split tunneling.
    • Double VPN â€” Mullvad’s Bridge servers are a version of Double VPN or MultiHop. This is when your internet traffic gets redirected through 2 VPN servers instead of just 1 for extra security. It can also help you bypass firewalls on restricted networks. You can easily toggle Bridge on or off in settings. I was impressed that I didn’t notice any decrease in speed when I used them — usually, the extra encryption layers reduce your speeds. However, you can’t use Bridge servers on mobile devices, which was disappointing.
    • Tor compatibility â€” You can configure your OpenVPN connection to use the Tor network through Mullvad. Once the configuration is done, then you’ll need to configure your Tor browser to connect to Mullvad using the Shadowsocks proxy. This means that you can only connect to the Tor network through the Tor browser by using Mullvad as the exit node. Luckily, there are instructions available for this.

  • Surfshark

    Surfshark

    Surfshark VPN is one of the most popular VPN services in 2022. Its competitive price and unlimited simultaneous connections make it a very attractive VPN option for all kinds of users. But does this VPN live up to give the actual value for money that it claims? Surfshark also offers thousands of servers worldwide, excellent connection speeds, and next-gen AES encryption. However, users have been questioning its jurisdiction and whether it’s as private as showcased.

    Surfshark offers some really useful features like SmartDNS, the fast WireGuard protocol, P2P-optimized servers, and provides a selection of easy-to-use intuitive apps and platforms.

    So, when you’re connected to Surfshark – who’s servers are you really using? After completing my testing I have concluded that Surfshark uses 20% their own servers, 17% CDNext, 17% M247, 14% CDN77, 13% Host Royale, and the remaining few are Host Universal, Clouvider, and Hydra Communications.

    Surfshark Network Overview

    M247
    CDNext
    CDN77
    Host Royale
  • ProtonVPN

    ProtonVPN

    ProtonVPN is a virtual private network (VPN) service provided by Proton Technologies AG, the company behind the email service ProtonMail. ProtonVPN was created to provide a secure, private, and censorship-free internet connection to people all over the world. It encrypts your internet connection and hides your IP address, making it difficult for hackers, ISPs, and governments to track your online activity. ProtonVPN is available on various platforms, including Windows, macOS, Linux, Android, and iOS. It offers a variety of subscription plans to suit different needs, including a free plan with limited features.

    What services are available when you’re connected to ProtonVPN?

    Nothing is more frustrating than connecting to your VPN, heading over to your favorite streaming service… Only to find out your connection is blocked. Unfortunately, it’s a never ending cat and mouse game. We decided to test our experience using ProtonVPN servers based in the United States as well as a few random foreign countries. Note: Registering an account while connected to a VPN may be blocked entirely, the tests below reflect establish a connection from an account that’s already logged in (to simulate someone traveling).

    ServiceBlocked / Restricted
    Amazon PrimeLimited; some IP ranges are blocked
    NetflixAccessible
    SpotifyAccessible
    PandoraLimited; some IP ranges are blocked
    YouTube MusicAccessible
    HuluAccessible
    Disney+Accessible
    Google SearchMay encounter CAPTCHA
    ChatGPTLimited; some IP ranges are blocked
    YouTubeAccessible

    When you are connected to ProtonVPN, who’s servers are you really using? I tested over 50 ProtonVPN servers and found that 36% use M247, 27% use Datacamp Limited, 10% use Datacamp Limited UK, 8% use Estnoc Global, 5% use FDC Servers, 5% use GSL Networks, and the remaining servers use Packet Exchange, and Intergrid. In a recent AMA on reddit, ProtonVPN stated the reason they utilize M247 so heavily is due to cost efficiency and being able to support the freemium model:

    Comment
    byu/protonvpn from discussion
    inIAmA

    ProtonVPN Network Overview

    Stealth Protocol vs WireGuard

    WireGuard and ProtonVPN’s Stealth protocol are both designed to provide security for internet users, but they have different features and levels of security.

    In terms of security, WireGuard uses the latest encryption standards, including the ChaCha20 encryption algorithm and the Poly1305 message authentication code (MAC). These encryption standards are considered to be highly secure and provide a high level of protection for users’ online activities.

    ProtonVPN’s Stealth protocol, on the other hand, uses the Secure Sockets Layer (SSL) encryption, which is commonly used to secure connections to websites. It also uses obfuscation techniques to make it appear as if you are accessing a secured website, rather than connecting to a VPN server. This makes it difficult for firewalls and censorship systems to detect and block your VPN connection.

    In terms of performance, WireGuard is generally faster than ProtonVPN’s Stealth protocol, as the latter adds an extra layer of encryption and obfuscation that can slow down the connection.

    In conclusion, both WireGuard and ProtonVPN’s Stealth protocol provide a high level of security, but they approach security in different ways. WireGuard focuses on fast and efficient encryption, while ProtonVPN’s Stealth VPN provides an extra layer of obfuscation to help users bypass firewalls and censorship systems. The choice between the two will depend on the specific security needs and requirements of the user.

    Audits

    ProtonVPN has undergone several independent audits to verify the security and privacy of its service. In 2018, ProtonVPN commissioned Cure53, a leading cybersecurity firm based in Berlin, Germany, to perform a security audit of its infrastructure and client software. The audit found that ProtonVPN’s security practices were in line with industry standards, and it did not identify any major security vulnerabilities.

    In 2020, ProtonVPN commissioned the independent cybersecurity firm X41 D-Sec to perform a comprehensive security assessment of its infrastructure and client software. The assessment found that ProtonVPN’s security practices were “exemplary” and that the company had “a clear commitment to the security and privacy of their users.”

    ProtonVPN has also undergone a transparency report audit by the firm KPMG, which verified that the company does not collect or store any personal information or metadata about its users.

    Overall, the independent audits of ProtonVPN have found that the service is secure and privacy-protective.

    Related Posts

  • NordVPN

    NordVPN

    NordVPN is a Virtual Private Network (VPN) service provider that was founded in 2012 by four childhood friends in Panama. The company is now headquartered in Cyprus, with offices in the United States, the United Kingdom, and Lithuania. NordVPN is one of the most well-known VPNs in the market, and this is due to their extensive advertising on various platforms, including YouTube. NordVPN’s ads feature catchy taglines and famous personalities, making them one of the most recognizable VPN brands in the market.

    But just because NordVPN is based in Panama, that doesn’t mean their servers are. After testing around 6,700 servers used by NordVPN, I concluded that NordVPN servers predominantly use Datacamp Limited, M247, Clouvider, and Hydra Communications. It is worth noting that NordVPN does own and operate about 10% of their servers which are operated under the business name Tefincom.

    NordVPN Privacy Policy

    The privacy policy and terms of service are one key way a VPN provider can put their money where their mouth is. Afterall, a service can make whatever claims they want, but the truth lies in their policies. NordVPN has one of the worst privacy policies and acceptable use policies I’ve ever seen. First, in their ToS they stipulate that you are not to use NordVPN for anything that that they as a company would find inappropriate or offensive.

    • communicate, transmit, store, make available, share anything that is illegal, abusive, harassing, or otherwise objectionable (objectionable means anything which interferes with the rights of Nord, its users, or other third parties, or causes conditions that are dangerous, hazardous, and detrimental to others, or anything that most users and/or Nord would find to be offensive or inappropriate);

    Further, it goes on to suggest that using their service to bypass georestrictions is also against their ToS:

    • attempt to circumvent any technological measure and/or arrangement implemented by Nord and/or its licensors, or by the owner of the resource or the source of the material that the technological measure protects;

    • violate general ethical or moral norms, good customs, and fair conduct norms;

    Their privacy policy isn’t much better. It states that they will retain your billing information for ten years, and even worse, will retain your data if they receive a court order or subpoena:

    (ii) Nord also may retain information associated with you (e.g., payments data) in order to fulfill its obligations as required by applicable laws, regulations, court orders, subpoenas, or other legal processes for archival purposes.

    Lack of transparency

    One of the most well-known players in the VPN industry, has faced its fair share of controversy over the past few years. While it maintains a significant user base and performs admirably in various audits, numerous concerns have emerged about the company’s privacy practices, integrity, and security.

    One of the most glaring concerns revolves around a data breach that occurred in 2019. An attacker managed to gain access to a server by exploiting an insecure remote management system left by the data center provider. This incident, which went undisclosed by NordVPN until highlighted by a third party, is a clear violation of trust, raising valid concerns over the VPN provider’s transparency.

    Moreover, NordVPN’s relationship with Tesonet, a data-mining, analytics, SEO, and targeted marketing company, has been under scrutiny. Despite vehement initial denials, NordVPN finally admitted to this association, only to downplay its relevance. This admission further exacerbates concerns over user privacy, considering Tesonet’s activities.

    Adding fuel to the fire, NordVPN has been discovered to be based out of Lithuania, a country with mandatory data retention laws. This revelation contradicts the company’s claim of being registered in Panama, a known privacy-friendly jurisdiction, thus eroding trust.

    NordVPN’s partnership with Hola VPN, which was involved in forming a data mining botnet, and its alleged theft of technology from Hola VPN further draws into question the company’s ethics. It’s important to note that Hola VPN has been widely criticized for its own practices, which makes its association with NordVPN disconcerting.

    Several troubling practices have also surfaced relating to NordVPN’s marketing and sales techniques. The company has been accused of engaging in price discrimination, making it difficult for users to cancel auto-renewal, and reducing features for those who cancel auto-renewal. There are also reports of NordVPN sharing data with Facebook and leaking sensitive customer data.

    Adding to these controversies, NordVPN has been accused of blackmailing competitor TorGuard and has faced criticism from a UK-based watchdog for misleading marketing. It also reportedly sent cease-and-desist copyright claims to Njalla, further tarnishing its reputation.

    NordVPN’s wide-ranging sponsorship deals, which include football teams and numerous YouTubers, have also been called into question. Many believe these partnerships are incentivised by high affiliate commissions, which may be influencing the integrity of VPN reviews and recommendations.

    Despite the series of security audits that NordVPN has undergone, these revelations and practices suggest that trust and transparency are far from guaranteed. It’s crucial for users to conduct their due diligence and weigh the potential risks before choosing a VPN provider. The issues surrounding NordVPN serve as a sobering reminder that not all VPNs deliver on their promises of privacy and security.

    NordVPN, Surfshark, Denial

    NordVPN’s credibility was further strained when it was discovered that the company had ties to Surfshark, another popular VPN service. This discovery was unexpected and raised concerns given Surfshark’s track record.

    Surfshark has its share of controversies, which include system-level changes that persisted even after uninstallation, exposing user IPs and making them vulnerable. The company’s TrustDNS app has been implicated in data collection for advertising and marketing purposes. There’s also the issue of weak security, including the installation of risky root certificates on user devices.

    The link between NordVPN and Surfshark was initially and extensively denied by both entities. However, they eventually acknowledged their relationship, adding another layer to NordVPN’s complicated narrative. The merger between these two was officially announced, which startled users who were relying on these services for anonymity and security.

    These revelations not only shed light on NordVPN and Surfshark’s questionable practices but also underscore the need for users to question the transparency of VPN services. It’s essential to keep in mind that the practices of these companies can directly impact user privacy and security. Therefore, users must stay informed about the operations of their chosen VPN services.

    In the end, the core of the VPN business relies on trust, and the denial and eventual admission of the connection between NordVPN and Surfshark is a blatant breach of that trust. It highlights the need for vigilance and constant scrutiny of companies that promise to protect our digital rights and freedom.

    Related Posts