jetman

Level 7
Verified
VPN services have become very propular in recent years and I know that many posters on this forum use them.

However, what do we really know about people and organisations behind the commercial VPNs ? Can we really trust them with our data ? Do they keep their promises and who is checking ?

It has been speculated (on some other forums) that the security services of some countries may be behind some of these companies. Chinese and Israeli intelligence services are commonly mentioned, although I don't think there is any real evidence of this.

Furthermore, I do notice that some VPN providers are not very clear about their ownership. Take for example SurfShark, which is a VPN service that gets generally good reviews and is becoming popular. If you look around their website you see very little verifiable information about who they actually are. And why should we believe what they say anyway ? I take SurfShark as one example but there are many others that are equally elusive.

Has there been any detailed research into this issue ? How much of a concern is this ?

I am beginning to think that some of the better VPNs might be those run by established security companies (F-Secure Freedome for example). Whilst we don't know what they are doing with our data either, at least we have a better idea about who we are dealing with.
 

plat1098

Level 22
Verified
If I was in the market, I would read the Terms of the vpn more closely and not skim over or hit the "Agree" button willy-nilly.

I am leery of anything that touts itself as the second coming in privacy and security plus: it's"free." I mean, come on. :rolleyes: Free or paid, if I was getting this, I would search the provider and check if any negative comments somewhere. It sounds great but is there a catch somewhere? Is there throttling at a certain point?

My isp at one time offered a vpn, but if you read farther down, in the Terms, in tiny letters, it disclosed that it gathered all kinds of browser info, as well as machine-related info. It also disclosed that it would turn over said info to law authorities at its "discretion."

I don't use a vpn and never have. But, as others have already pointed out, if mobile on a public hotspot, it's prob. a good idea. There are many fish in the sea. If you're still questioning a provider, you're prob. not going to get a clear answer. So, I would move on.
 

SpiderWeb

Level 3
1. Well what we know is there have been many cases where companies and law enforcement wanted VPN data and the VPN didn't have any data or refused to.
Meanwhile we know that every ISP will happily hand over your information for copyright and law enforcement reasons and even sell it to marketing companies without prior knowledge.

2. I think it's unhealthy to look at it like "can VPNs be trusted". That's like saying can people be trusted. It depends on an individual by individual basis. Some VPNs are true to their missions. Some VPNs log and snitch. Some VPNs try their best but they have little control over 3rd party servers. Some VPNs are malware criminals use. Some VPNs are government honeypots. We need to do our due diligence and research who can be trusted instead of dismissing everyone. My point is, if VPNs cannot be trusted, someone smart using that VPN would have blown the whistle already. The big VPNs can't afford to lie to you about their services. If VPNs were honeypots betraying their customers we would hear stories about it everywhere but we don't.

3. Your regular Internet connection gets routed through many points and hops regardless of whether you use a VPN or not and you don't have control over any of those hops other than your VPN. In the end nobody can see what exactly you are doing as long as you use HTTPS and a DNS-based ad/tracker blocker. Preferably something like Windscribe's ROBERT or NordVPN's CyberSec.
 

plat1098

Level 22
Verified
The big VPNs can't afford to lie to you about their services.

No, but they don't have to emblazon any potential turn-off info in huge letters on their sites, either. If you're very picky about your security and privacy, maybe try to force yourself to read the Terms and search around before clicking "Accept." This is such a lucrative thing to these companies because people are so paranoid in general. I said this in my earlier post already. Be a smart shopper, that's all.

I looked at Avast's SecureLine webpage just now. Would I install this, even though it's a big-name in Antivirus? No, I would not. It could be pure and clean but there are other fish in the sea without skeletons (that we know of).

No one really knows what happens at those hops and "exit nodes" and you can't be a fly on the wall at anyone's HQ. You're not getting a product you can physically inspect. So OP was right to voice these concerns.

We need to do our due diligence and research who can be trusted instead of dismissing everyone.

I agree.

Off-topic: at first I thought that was a skunk in your avatar but those are black feathers, right?
 

show-Zi

Level 26
Verified
I feel that the phrase 'VPN is an effective security measure' has grown too large.
It is a name that indicates a route map, and whether or not the train you actually board is safe is another matter. What you really should read this thread is the general public who are implementing it under the name VPN.
 

jetman

Level 7
Verified
Tip: Do your own research.

It is surprisingly difficult to do so. Especially where a VPN service provides little verifiable information about who they are and where they are physically based. All we know about SurfShark, for example, is that the company is registered in the British Virgin Islands. Who owns the company and where the staff are based is not disclosed. So they could be anybody, anywhere ! I see no way of checking.

Contrast that with F-Secure Freedome who we know for sure they are based in Finland with identifiable staff. Because of this, when they state what they log and don't log I am inclined to believe them. Furthermore, they would be unlikely to do anything unethical with my personal data. So I would prefer to use a company like this rather than trust an unknown entity.

I think its a serious issue which is often overlooked. I'm not a criminal so I don't really care if a VPN provider is in a 5 eyes country. What I am more concerned about is criminals and unethical businesses abusing my data.

I just like to know who I am entrusting with my information.
 

plat1098

Level 22
Verified
Who owns the company and where the staff are based is not disclosed. So they could be anybody, anywhere ! I see no way of checking.

It looks like a dead end, then. It might be by design. Like I said before, there are many fish. If you're not satisfied with the fruits of your labor, you can always move on. (y)

If it's free, it merits even more investigation. Smells funny for a service like this. What's the catch?
 

FireHammer

Level 4
It looks like a dead end, then. It might be by design. Like I said before, there are many fish. If you're not satisfied with the fruits of your labor, you can always move on. (y)

If it's free, it merits even more investigation. Smells funny for a service like this. What's the catch?
Hi, @
Your response is an example of doing your own research. People should form their own opinions based on their time spent looking up about the products and services etc.
Hi,@Spawn I will do just that.
 
  • Like
Reactions: Nevi and roger_m

Cortex

Level 23
Verified
A VPN owned by your AV does have advantages as they already know your browsing habits anyway - I feel some of the smaller VPN's have a lot to lose if they proved untrustworthy as their entire business model is based on trust - But no way of knowing who does what though.
 

jetman

Level 7
Verified
So just for a bit of fun I asked the same question to SurfShark customer service....


Thank you for your letter.


Surfshark Ltd. is owned by private shareholders who chose not to disclose their private information to the public as it has not been legally required. As long as we are determined to invest time and effort in developing smart solutions which can overcome the restrictions, the private shareholders of Surfshark Ltd. seek to exercise their right to privacy and remain undisclosed. This is a measure of risk management to secure the sustainability of Surfshark as a service, protect our customers and employees.

We have both inhouse and outsourced Customer Support teams working from several countries globally, such as Germany, US, India and Lithuania. This is done to provide quality 24/7 support taking into account global time differences.

As for the trust, that we don't have information about ownership - it's a widespread approach in the VPN industry, but we agree that it might not be the best practice. That's why we take steps to ensure our trustworthiness.

We have been independently tested and approved by German IT security institute AV-Test. Also, we keep on getting awards that substantiate the legitimacy of our solutions. The most recent one is CyberSecurity Breakthrough Award (not announced yet) for the Best Mobile VPN Solution of the Year. In addition to this, we are active members and supporters of NGOs such as Electronic Frontier Foundation and Internet Society.

One cannot become a member of such organizations without being transparent. However, such matters are guarded by Non Disclosure Agreement with these organizations.

Let us know if you have any other questions!
 

plat1098

Level 22
Verified
I'm curious: does this correspondence by Surfshark Ltd make you or anyone more or less inclined to try the service?

It does in fact suggest a dead end insofar as further illumination on the company. Would anyone be OK with going ahead and installing this vpn anyway?

Thanks for pursuing and then updating with this info. :whistle::coffee:🍛
 

blackice

Level 28
Verified
I'm curious: does this correspondence by Surfshark Ltd make you or anyone more or less inclined to try the service?

It does in fact suggest a dead end insofar as further illumination on the company. Would anyone be OK with going ahead and installing this vpn anyway?

Thanks for pursuing and then updating with this info. :whistle::coffee:🍛
It’s the same response Nord gives. “Hey there, we are so private we have no one to hold accountable if we screw you over, or evidence to show we aren’t just run by your government, have a nice day.”

Hard pass
 

Cortex

Level 23
Verified
As time goes by I'm becoming less inclined to use a VPN continually, maybe just for times when I need more privacy, SurfSharks reply makes me less inclined to use a VPN? Managed 20 years without one - I was looking around at VPN's over the last couple of weeks & many including Nord have a red Exposed greeting at the top of their page as if not using a VPN or theirs puts you at major risk, it doesn't & those are scare tactics

SurfShark greets you with Unprotected again in red along with your IP & your ISP/&location on their main page, I would think to worry a person? - Not becoming of any decent company but much like much of the computer security industry?
 
Last edited:

show-Zi

Level 26
Verified
As time goes by I'm becoming less inclined to use a VPN continually, maybe just for times when I need more privacy, SurfSharks reply makes me less inclined to use a VPN? Managed 20 years without one - I was looking around at VPN's over the last couple of weeks & many including Nord have a red Exposed greeting at the top of their page as if not using a VPN or theirs puts you at major risk, it doesn't & those are scare tactics

SurfShark greets you with Unprotected again in red along with your IP & your ISP/&location on their main page, I would think to worry a person? - Not becoming of any decent company but much like much of the computer security industry?
The technique of over-informing of danger is similar to the relationship between corona and mask.
 
  • Like
Reactions: roger_m
Top