Insecure VPN

This might be of interest to people using VPN:

https://vpnpro.com/blog/hidden-vpn-o...-23-companies/

There's a PDF download there, with an embedded
image of charts from their research into who owns
VPN services. It turns out many are Chinese.

It wasn't easy to find this. Several sites had stories
with indirect links to vpnpro**. So I just went to vpnpro.com
and looked around. They don't explain it at their site, but
do offer the download. I selected the image in the PDF,
copied into Paint Shop Pro, and ended up with actual,
readable data.

** I've never seen this before. Links at slashdot and
computerweekly (which, as usual, didn't actually have
the story but were only reporting that there was a story)
were going to proofpoint.com, along with encoded ID
data, rather than going to vpnpro.com.

Frank Slootweg wrote:

VanguardLH wrote:
[...]
I think Hola, for their free service tier, stole bandwidth from those
hosts with their client to help speed up via parallelization of routing
their premium (paid) customers. The freeloaders didn't know they were
supporting the paying users.

You mean *stupid*/*lazy*/whatever 'freeloaders', who couldn't be
bothered to read what they agreed to.

No, I mean freeloaders that were NEVER INFORMED about the VPN provider
stealing some of their bandwidth by using the VPN client in a botnet to
provide mesh networking to the paying customers (who somehow got higher
bandwidth than the freeloaders). When Hola appeared and for a long
time, they never divulged their bandwidth stealing scheme. Then when
they got caught, they euphemized the "feature" by applying anal grease
in calling it a community bandwidth sharing plan.

More incorrect bias. They are already quite clear on (for example)
their Google Play page and their homepage. Both of these point to their
FAQ, which is very clear and specific for those who can be bothered to
read.

How long have you been Hola? Not long, for sure. They amended their
ways but only after getting caught. I'm not talking about how they now
document their free tier. I'm talking about what they did. Burglary is
still theft but not so AFTER telling the customer of your home cleanup
service that you'll "acquire" some of their goods on your visits.

Bottom line: No "obfuscate", nor "stealing".

Bottom line: YES THEY DID until caught.

https://www.theverge.com/2015/5/29/8...sers-bandwidth

'Nice' piece of sensational journalism! :-( I hope people actually
read beyond the - no doubt intentionally - misleading headline.

Denying history is only viable to those who write it and hope others
don't investigate.

Hola .. they do not have their own network.

Their network is their botnet of clients.

WeChat: no privacy. WhatsApp: privacy, but ads are coming. Upons
further reading, Google's push of RCS is also geared towards ad
content delivery: they'll let advertizers use all those nice
features to push content at users. Just keeps getting worse and
worse.

"There's a cost to "free""! :-)

That's why the GDPR is forcing these providers to declare the cost,
which is just another extension of ever increasing open disclosure
(which meant overt disclosure, not buried where difficult to find or
doesn't even exist). The VPNs thought/think they're excluded.

VanguardLH wrote:
Frank Slootweg wrote:

VanguardLH wrote:
[...]
I think Hola, for their free service tier, stole bandwidth from those
hosts with their client to help speed up via parallelization of routing
their premium (paid) customers. The freeloaders didn't know they were
supporting the paying users.

You mean *stupid*/*lazy*/whatever 'freeloaders', who couldn't be
bothered to read what they agreed to.

No, I mean freeloaders that were NEVER INFORMED about the VPN provider
stealing some of their bandwidth by using the VPN client in a botnet to
provide mesh networking to the paying customers (who somehow got higher
bandwidth than the freeloaders). When Hola appeared and for a long
time, they never divulged their bandwidth stealing scheme. Then when
they got caught, they euphemized the "feature" by applying anal grease
in calling it a community bandwidth sharing plan.

More incorrect bias. They are already quite clear on (for example)
their Google Play page and their homepage. Both of these point to their
FAQ, which is very clear and specific for those who can be bothered to
read.

How long have you been Hola? Not long, for sure.

I just checked: At least three and a half years. IMO rather a long
time ago to still complain about it. No wonder your (TheVerge) reference
was from even longer ago. (OTOH, I'm still whining about Google's
broken-by-design Android update mechanism, so who am I to criticize
others on these kind of things! :-))

They amended their
ways but only after getting caught. I'm not talking about how they now
document their free tier. I'm talking about what they did. Burglary is
still theft but not so AFTER telling the customer of your home cleanup
service that you'll "acquire" some of their goods on your visits.

Bottom line: No "obfuscate", nor "stealing".

Bottom line: YES THEY DID until caught.

https://www.theverge.com/2015/5/29/8...sers-bandwidth

'Nice' piece of sensational journalism! :-( I hope people actually
read beyond the - no doubt intentionally - misleading headline.

Denying history is only viable to those who write it and hope others
don't investigate.

I read the headline ("Popular Chrome extension Hola sold users'
bandwidth for botnets") as an accusation that Hola sold users' bandwith
for the botnet that was used in the DoS attacks. I.e. that it was Hola's
*intent* that its network was used for DoS attacks. "Toyota sold vehicle
to run down pedestrian.". Anyway it's lots of water under the bridge.

Hola .. they do not have their own network.

Their network is their botnet of clients.

I know. You snipped the context, which was:

Those "free" services still cost them money for all those
resources, so you are the commodity being sold to recompense them
for their costs. In using their service, you become their saleable
product.

Which implied the Hola network "cost them money for all those
resources", but in Hola's case, the network does not "cost them money",
at least not for "all those resources".

WeChat: no privacy. WhatsApp: privacy, but ads are coming. Upons
further reading, Google's push of RCS is also geared towards ad
content delivery: they'll let advertizers use all those nice
features to push content at users. Just keeps getting worse and
worse.

"There's a cost to "free""! :-)

That's why the GDPR is forcing these providers to declare the cost,
which is just another extension of ever increasing open disclosure
(which meant overt disclosure, not buried where difficult to find or
doesn't even exist). The VPNs thought/think they're excluded.

Frank Slootweg wrote:

VanguardLH wrote:

Those "free" services still cost them money for all those
resources, so you are the commodity being sold to recompense them
for their costs. In using their service, you become their saleable
product.

Which implied the Hola network "cost them money for all those
resources", but in Hola's case, the network does not "cost them
money", at least not for "all those resources".

Although Hola was mentioned earlier, that was a generalized statement
and not solely against just Hola.