Top VPN Provider Accused of Sharing Customer Traffic With Online Advertisers (bleepingcomputer.com) 55
Catalin Cimpanu, reporting for BleepingComputer: On Monday, the Center for Democracy & Technology (CDT) -- a US-based privacy group -- filed a complaint with the US Federal Trade Commission (FTC) accusing one of today's largest VPN providers of deceptive trade practices. In a 14-page complaint, the CDT accuses AnchorFree -- the company behind the Hotspot Shield VPN -- of breaking promises it made to its users by sharing their private web traffic with online advertisers for the purpose of improving the ads shown to its users. In its complaint to the FTC, the CDT is not accusing Anchor Free of secretly injecting ads, as users are well aware of this practice, but of not respecting promises made to its customers. More specifically, the CDT says that AnchorFree does not respect a pledge made in marketing materials that it won't track or sell customer information.
Re: (Score:2)
I'm a capitalist, Libertarians are capitalists. Carl Menger, Ludwig von Mises, Hayek, Rand, Rothbard, Friedman were all capitalists and ALL would disagree. That is not how capitalism works. Try reading several of the above authors instead of remaining ignorant.
Re: (Score:2)
Re: (Score:2)
So, no. This is not how capitalism works. Why don't you actually read (or in the case of Milton Friedman watch) what capitalists say about business and how to grow it as opposed to thinking that straw man a
Re: Trump 2020 (Score:2)
Again, is anyone surprised? (Score:5, Interesting)
Your VPN provider has access to your traffic. If anyone aside from you or the party you're communicating with has access to your traffic, your communications are not secure -- even if that "anyone" uses the acronym "VPN".
Re: (Score:2)
Yes, there are different sets of needs to be sure. I'm more like you in my needs, but I don't trust third party VPN providers to help because they are themselves likely to engage in the sorts of spying that I'm trying to avoid. Still, better to have one spy than hundreds, I suppose, so it's not without value.
I take a different compromise: I run my own VPN server and use it for internet (and LAN) access when I'm not at home. That way, I only have to engage in mitigation in one place.
But my needs don't includ
Re: (Score:3)
Also, if you use TOR, a lot of sites make you identify yourself in some other way before you can use them, which defeats the purpose.
Well, in fairness, that entirely depends on what you're using Tor for. If your purpose is to keep your identity a secret from the entity you're communicating with, then yes -- identifying yourself to them is counterproductive.
If, however, your purpose is to foil third parties who want to glean information from your communication, identifying yourself to the endpoint you're intending to talk to doesn't impact that at all.
Re: (Score:1)
There is middle ground between "secure" and "not secure". You'll never stop the most determined, so all you can do is try. Well, except in your case, you just give up without a fight.
Re: (Score:2)
Are you saying you've never heard of the Schrodinger's fetus thought experiment?
Re: (Score:1)
Your VPN provider has access to your traffic. If anyone aside from you or the party you're communicating with has access to your traffic, your communications are not secure -- even if that "anyone" uses the acronym "VPN".
You need to understand that there is no longer any money to be made in creating solutions for the 1% of internet users that still give a shit about security and anonymity.
That's not even taking into account governments who vehemently despise anonymous communications.
You want secure communications? Open your wallet.
Re:Again, is anyone surprised? (Score:5, Insightful)
Open my wallet? I have no problems paying for things. The issue is -- where can I find a service that I can trust, paid or not? I submit that I can't. Not to say they don't exist, but that it's impossible to tell who they are.
Re: (Score:3, Insightful)
Open my wallet? I have no problems paying for things. The issue is -- where can I find a service that I can trust, paid or not? I submit that I can't. Not to say they don't exist, but that it's impossible to tell who they are.
Yes, it's impossible. That much is true. But the larger problem is you represent the fraction of a percent who still cares. The other 99.999% of society doesn't give a shit about privacy, so you will never find a viable solution for security.
There is no longer any money in privacy. Therefore, there is no justified reason for anyone to provide it. No matter how you feel about that, it is true.
roll your own VPN (Score:2)
1. Rent VPS (Virtual Private Server) running linux. From my vendor, I get 2TB of data transfer per month for less than $5.00.
2. Set up OpenVPN [openvpn.net] on remote CentOS linux server.
3. Install OpenVPN on my laptop. Verify against DNS leakage [dnsleaktest.com].
That process took about 15 minutes to set up and it's pretty straightforward. Security may be additionally enhanced by locating the remote VPS in another country, though your performan
Re: (Score:2)
Yeah, I've been running my own VPN for about a decade now -- pretty similar to your setup, except I don't rent a host, I run it on my own set of servers at home.
I'm still exposed to my ISP, of course. Also, this isn't a solution that the average person can really do.
Re: (Score:2)
Yes, I do. Do you?
Re: (Score:2)
That would help to obscure the traffic source, but the contents of the traffic would still be visible to VPN #2.
For my purposes, I care more about obscuring the contents of my traffic than about obscuring the location of the endpoints.
If I need tighter security than that, then I'll use Tor.
But, as with all security mechanisms, you can't have perfect security no matter what you do. So everyone has to decide for themselves how much makes sense and just call it good.
For me, that means running my own VPN that c
Solution (Score:1)
Re: (Score:1)
Bitcoin is not a good tool for this. The payment is not anonymous, and the fact that *a transaction occurred* cannot be forgotten.
A better option would be to pay for a VPN with cash.
Re:Again, is anyone surprised? (Score:4, Interesting)
The only way we'll have any real privacy on the Internet ever will be when there is a combination of strict privacy laws with stiff penalties for violating them, and 100% encryption on all traffic, including DNS lookups. Don't hold your breath waiting for it, there's too much money on the table, every Internet-related company with skin in the game would fight tooth and nail to prevent it from ever happening. As-is if you want any modicum of privacy you may as well start formulating an exit strategy for the Internet, and learn to get along without it in the long run, in this game the only way to win is to not play.
Re: (Score:2)
"Open your wallet", he says, LOL. That won't work either. Everyone is going to LIE TO YOUR FACE about their so-called 'privacy policy', and even if they don't? Someone upstream of them will be doing the spying anyway. The best you can do is use Tor, cross your fingers that some criminals aren't compromising your exit node to either steal your identity or infect your computer with something, and make the hard choice between not being able to use all those websites that don't work because you're on Tor, or accessing them 'in the clear' and knowing that your very personally identifiable traffic is being logged by your ISP. Then if that wasn't bad enough, most people are still using Windows, so never mind ISPs spying on you, your own computer is already spying on you. The only way we'll have any real privacy on the Internet ever will be when there is a combination of strict privacy laws with stiff penalties for violating them, and 100% encryption on all traffic, including DNS lookups. Don't hold your breath waiting for it, there's too much money on the table, every Internet-related company with skin in the game would fight tooth and nail to prevent it from ever happening. As-is if you want any modicum of privacy you may as well start formulating an exit strategy for the Internet, and learn to get along without it in the long run, in this game the only way to win is to not play.
I would assume you are one of the rare humans who is actually intelligent enough to come to the conclusion that the only way to "win" is not to play. You are correct in that statement. The only way to communicate securely is to not use the internet to do it, so communication now comes at a cost.
The statement regarding opening your wallet was addressing the generation of social media narcissists who demand everything for free. This is the same generation who no longer gives a flying fuck about security
Re: (Score:2)
TANSTAAFL
Re: (Score:2)
They'll have to learn the hard way, I guess.
TANSTAAFL
History dictates stupidity wouldn't have it any other way.
Re: (Score:1)
The only way we'll have any real privacy on the Internet ever will be when there is a combination of strict privacy laws with stiff penalties for violating them, (...).
That would be good, but I doubt it will happen.
We should push for it, though.
(...) and 100% encryption on all traffic, including DNS lookups. Don't hold your breath waiting for it, there's too much money on the table, every Internet-related company with skin in the game would fight tooth and nail to prevent it from ever happening.
There is a solution for this, albeit not a popular one (yet).
It is called Cjdns: https://en.wikipedia.org/wiki/... [wikipedia.org]
A networking protocol (and a reference network called Hyperboria) using encrypted IPv6 where your address is also your public key. It can be run over the traditional network.
If you care about privacy and security you can make your website available over Cjdns.
Re:Again, is anyone surprised? (Score:5, Interesting)
Yep, I interviewed at another company, it came out about halfway through that the reason why they're profitable is that they provide a free VPN service, then monitor mobile app traffic over the VPN to get aggregate use stats on various top 1000 apps and then sell that usage info. The world's largest investment banks are buying up this data to determine if they want to buy or sell stocks like Snapchat, etc.
Re: Again, is anyone surprised? (Score:2)
Very insightful, thanks for pointing that out. I wonder if Facebook has considered using your business plan? It seems like a sound business idea, rather than just giving away expensive services for free at a cost to your business. Great idea!
Re: (Score:2)
How much would anyone really be able to see that still has a much value as the http years?
Re: (Score:2)
HTTPS only covers web traffic. Most of the traffic I generate is not web-based.
Good News Everyone! (Score:2)
I'm shocked. Shocked!
Well, not that shocked.
How else are they supposed to make money? (Score:3)
selling t-shirts and coffee cups?
Re: (Score:1)
There is this thing called money. You can exchange it for goods and services. I'm surprised you haven't heard of it.
Re: (Score:3)
selling t-shirts and coffee cups?
Yes. Seems to work for OpenBSD.
Re: (Score:2)
selling t-shirts and coffee cups?
How about selling the VPN access itself. Anyone who trusts a freebie VPN provider is naïve at best, an idiot at worst.
Re: (Score:2)
these is mostly for cheapo people who don't want to buy stuff. no way you can sell it for the real price it costs to run it. Not like the upstream bandwidth is free
Re: (Score:2)
Agreed.
I would agree with your statement even more if you removed the word "freebie" from it.
I would be more shocked (Score:3)
If most of the VPN providers aren't selling customer / traffic data.
You know what they say... (Score:3)
...if you aren't paying for it, you're not the customer. If you aren't the customer, you're the product.
At least, I'm assuming this wasn't a paid service...
Re: (Score:3)
They charge for the service.
Re: (Score:3)
For reference:
https://www.bestvpn.com/hotspo... [bestvpn.com]
Stick with a legitimate paid company, I use airvpn and have a referal in my signature. I've also had good luck with piavpn.
Re:You know what they say... (Score:5, Interesting)
That statement is obsolete, since you're often the product even when you are paying for it.
from the article: But an inherent issue is (Score:2)
Slashdeal VPN!!! (Score:1)
Anyone else notice this is one of the VPN's constantly advertised on slashdot? Glad to see slashdot is interested in promoting shady services.