Andrew999

Level 22
Verified
It is called Limitless VPN it is supposed to use your computer as a Bitcoin miner and use some of your computer's resources to make bitcoins to pay for the servers and services instead of paying for it. It looks very good for you people out there who don't like to use free VPNs because you say there is no such thing as a free VPN how do they make money? Here is a link on more detail on it.

I am on the waiting list at the moment to try it out. Please tell me what you think of it in the comments below. :)
 

Mr.Wave

Level 17
virustotal comes up with this site as clean :

VirusTotal

however , here is very odd / disturbing fact on their site :
How We Make Money

We borrow a little bit of your powerful computer's processing power to do some work. Completely Anonymous and ZERO access to your Personal Information.
we borrow your a little bit of your computer's computational power to work to solve these problems and equations. In turn - we use the rewards from mining to power our operations.

The only time that we do this process is when you use the VPN. Once you turn it off, shut down your computer or disconnect from the internet, we return all your processing power to you.


Your computer joins the network as a miner - and only used when you're using our VPN. The process is completely anonymized - you leave no identifying information, so don't worry, your selfies are safe!


it makes you wonder what else they got up their sleeves....best to stay away from this!!




 

Bleak

Level 3
Verified
This (fake) service should be avoided or ignored for many reasons I've found:
  • Most linking does not exist, examples: Tools, Social media links, Products links, the way of choosing not to add their "Incoming soon" on "VPN for Mac and Windows" unlike Android and iOS. Lol.
  • On their "Pricing" page, somehow their VPN is now called "EncryptedVPN".
  • More serious is that anyone can walk through their website list of files and folders, currently all folder that are on the website are:
Code:
/mail/    200    OK
/icons/    403    Forbidden
/cgi-bin/    200    OK
/application/    200    OK
/data/    200    OK
/css/    200    OK
/contrib/    200    OK
/img/    200    OK
/dashboard/    500    Internal Server Error
/js/    200    OK
Example: goto limitlessvpn[dot]com/data
  • Registering Page is just fake, any data you type there has no effect other than returning to URL not even encrypted. see:
That was my input in the registration page, you can input any kind of data there.

  • Copy&Pasted Privacy Policy which generates a self-conflict situation, see:
**Special**

nice lazy copy-paste.
--------
From their Privacy Policy:

nice wording btw.
-------
From "Pricing" page:

-------
From "How we make money" page:

At this moment of typing this, I'm not entirely sure what are they up to, or trying to do.
My first opinion on this that they are probably trying to launch a botnet, which is possible that because of the way they're trying to build some hype to gather some users and actually use them as zombies under the "cover" of "bitcoin mining". The latter could still be a possibility too.
 

Andrew999

Level 22
Verified
This (fake) service should be avoided or ignored for many reasons I've found:
  • Most linking does not exist, examples: Tools, Social media links, Products links, the way of choosing not to add their "Incoming soon" on "VPN for Mac and Windows" unlike Android and iOS. Lol.
  • On their "Pricing" page, somehow their VPN is now called "EncryptedVPN".
  • More serious is that anyone can walk through their website list of files and folders, currently all folder that are on the website are:
Code:
/mail/    200    OK
/icons/    403    Forbidden
/cgi-bin/    200    OK
/application/    200    OK
/data/    200    OK
/css/    200    OK
/contrib/    200    OK
/img/    200    OK
/dashboard/    500    Internal Server Error
/js/    200    OK
Example: goto limitlessvpn[dot]com/data
  • Registering Page is just fake, any data you type there has no effect other than returning to URL not even encrypted. see:
That was my input in the registration page, you can input any kind of data there.

  • Copy&Pasted Privacy Policy which generates a self-conflict situation, see:
**Special**

nice lazy copy-paste.
--------
From their Privacy Policy:

nice wording btw.
-------
From "Pricing" page:

-------
From "How we make money" page:

At this moment of typing this, I'm not entirely sure what are they up to, or trying to do.
My first opinion on this that they are probably trying to launch a botnet, which is possible that because of the way they're trying to build some hype to gather some users and actually use them as zombies under the "cover" of "bitcoin mining". The latter could still be a possibility too.
Thanks for that, very interesting analysis. I guess I changed my mind about trying out this product at-least for now.
 

Andrew999

Level 22
Verified
There's nothing to try, it's just a site with text on it. Users can't even interact with any function on the site (giving orders and receiving data/info), and that's a good thing. :)
Well you have to put your email down and they will send a email to you when your turn is ready or something in the queue. But I won't be using this product once they send me an email I changed my mind even if it says it is 'safe'
 
  • Like
Reactions: mlnevese

LimitlessVPN

New Member
Hello fellow security experts and privacy enthusiasts! Someone on our team ran across this thread and sent to me to review, and we wanted to take some time to address all the concerns & questions you may have, all of which are extremely valid!

Just a brief about us, we’re a small team of 5, and LimitlessVPN has been our pet project for almost a year now that we work on outside of our day jobs. The reason (albeit probably not a good one) there’s a lot of work to be done on the website, is that we worked to get and validate if there was an actual demand for the software before we invested time and infrastructure to build it out.

Over the course of the last several months, we’ve definitely received a tons of feedback and positive responses to the service and have been focused with our heads down designing and developing the product. The first version will be only on Windows, and then MacOS, followed by Linux and mobile thereafter.

We’ve read and reviewed all your comments and wanted to address them below:

Which VPN provider are they using?

We’re building out our own VPN, based off OpenVPN source code. That’s the only way we’d be able to ensure that there’s no compromises to our users. This will require our own physical infrastructure that we’ve been working on building out as well. So unfortunately, this means that there won’t be multiple locations that will be immediately be available.

How we Make Money

While other providers may opt to be a little opaque with their operations, we chose deliberately to be transparent. There are web services that allow you to use your web browser to do cloud cryptocurrency miners, and we’re similar to that. Our messaging is meant to explain the process to the general public, which is often times not to the satisfaction of people with domain expertise, we get that. When you use our VPN, it turns on background processes that performs cryptocurrency mining. When you turn off our VPN, it turns those processes off. That’s it. Nothing up our sleeves. We’re just trying to build a product that we wish existed that we would use ourselves.

Broken Links on Website

As mentioned above, we’ve been working on both software and hardware side, so we’ve neglected our website a bit. Sorry if it causes any confusions.

Pricing Page

There’s one mention of EncryptedVPN, which was what we were initially going to call it, before deciding to go with LimitlessVPN. Guess we missed that one! Again, sorry for any confusions.

Crawling through Website

Thanks for that catch, fixing it! We had to migrate our website once due to a server issue and didn’t resolve that, ended up borrowing a team member’s hosting for the interim. We didn’t want to collect any information outside of Email addresses because that is the only information (we think) that’s necessary to communicate with our users securely and use as an ID. When we open up our Beta, we’ll send our users an Access Code via Email that they’d use to activate the VPN along with their email address. Nothing else will be needed.

In Regards to Specific Terms of Agreement

We aren’t a team of lawyers, just a group of people trying to make the Internet a bit more safe for everyday people. We’ve made changes to the terms based on the primary concerns that was addressed:

  • We only collect email addresses as a form of communication and authentication for software usage. No passwords, no other ID.

  • We do not share your email or any other form of data, unless mandated by law. We have our own internal marketing team, and do not intend on sharing it with any outside party.

  • Sorry for the lazy copypaste. If there’s any more concerning points, feel free to send us an email. We always appreciate an extra pair of eyes.

Zombie Botnet

I’m sure this is might be a legitimate concern, given the scandals that might involve other VPN networks. We have zero intentions of this. To make sure that no other hands can muddle into our network, we own the servers, network, and have access to a privately secured space.

We are planning to submit our application to audit to get a Trusted Microsoft Certificate. (I believe that’s what it’s called). Unfortunately without open-sourcing our codebase, we don’t know of a better solution for this. At the end of the day, we’re trying to build a VPN that we would want our friends and family to use. We’re not in this to get rich, just to provide a better way for people to not have to pay for security that they should have.

We can’t be everywhere all the time, so if you have any concerns, please feel free to shoot us an email at hello@limitlessvpn.com - we’d love to get ideas, feedback, and advice from you guys.

At the end of the day, we just ultimately want people to stay safe and secure online. There’s dozens of options out there that fulfill this objective, so check us out, check them out, and make an informed decision. Thanks for all the hard work you all do to keep everyone safe online, it goes unappreciated sometimes, but we know how hard security is.

Here’s a few cool things we’re working on that hasn’t been revealed anywhere:

- 20 gbps network
- We own the servers, network and have a private secured space
- No blocking of p2p services
- Unlimited Devices (each one will just need a separate activation code)
- Unlimited Bandwidth (as long as it's not abused)

A few more things are in the works as well, some of which we’ll reveal via email to our users in the coming month. Hope we were able to address some of your concerns!