Popular VPN Service NordVPN Says it Was Hacked 44
NordVPN, a virtual private network provider that promises to "protect your privacy online," has confirmed it was hacked. From a report: The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private keys exposed, potentially allowing anyone to spin out their own servers imitating NordVPN. For its part, NordVPN has claimed a "zero logs" policy. "We don't track, collect, or share your private data," the company says. But the breach is likely to cause alarm that hackers may have been in a position to access some user data. NordVPN told TechCrunch that one of its datacenters was accessed in March 2018. "One of the datacenters in Finland we are renting our servers from was accessed with no authorization," said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server -- which had been active for about a month -- by exploiting an insecure remote management system left by the datacenter provider, which NordVPN said it was unaware that such a system existed.
Now hear this... (Score:5, Insightful)
by exploiting an insecure remote management system left by the datacenter provider, which NordVPN said it was unaware that such a system existed.
This is the main problem with "everything cloud". It's literally someone else's box. And that person, company or corporation may just have it's own agenda. Data's the new money.
Tor vs. VPN (Score:2)
This is the main problem with "everything cloud". It's literally someone else's box. And that person, company or corporation may just have it's own agenda.
At least Tor is designed in a way where you don't need to trust any individual "someone". Any box along the chain could be actually malicious, as long the *same* malicious actor doesn't "simultaneously" control *all* of the node of your circuit, they won't de-anonymise you easily.
Versus VPN where it is only as secure and anonymous as the "someone else" who is in charge with the "box".
I've never understood why people are all into VPNs instead of Tor. Perhaps the percieved ease of setting up ?
Re: (Score:3)
The problem with Tor is it's now assumed that most people using it are probably criminals. Which is why I think any well-meaning person running a Tor endpoint in this day and age is begging for trouble.
Re: (Score:2)
https://www.techdirt.com/articles/20160406/08211234116/law-enforcement-raids-another-tor-exit-node-because-it-still-believes-ip-address-is-person.shtml
https://www.theregister.co.uk/2012/12/10/tor_admin/
https://www.vice.com/en_us/article/5394ax/the-operators
Pick your battles. Running a Tor node for some idealistic purpose is not a good idea, and hasn't been for quite some time
Tor *EXIT NODE* is trouble (Score:2)
Running a tor exit node on a whim from a home connection without much though is begging for trouble.
Running a tor relay node or bridge usually safe -- except within a couple totalitarian countries where tor is considered illegal.
Running exit nodes safely is possible, but requires following specific procedure [torproject.org] to avoid your home getting raided.
Basically boils down to:
- keep it completely separated from anything else (so if clueless law enforcement seize it, they only seize a single server)
- ^- thus usually
Re: (Score:3)
VPNs have been hard sold as a privacy and anonymity tool by companies trying to make a buck.
Attention everybody: VPNs do not protect your privacy or anonymity because that is not their purpose. VPNs are a way to provide a secure link over the Internet and nothing more. The "no-log" VPNs basically admit this. The implicit assumption in advertising a "no-log" VPN for privacy and anonymity means that if they did logging, your privacy and anonymity will be compromised.
I have no idea why this dumb idea has gotte
Re: (Score:2)
TOR was designed for those in oppressive governments. It was to give those people a way to reach out to the rest of the world and let them know what's happening, and a way for those to get info to help themselves. The reason so many people don't just jump on the TOR network is because it's terribly slow.
Re: (Score:2)
I've never understood why people are all into VPNs instead of Tor. Perhaps the percieved ease of setting up ?
For downloading music and movies, which is what most people use personal VPNs for, it's adequate to keep you from getting nastygrams from the MPAA/RIAA shakedown racket or your ISP. They can also be useful for getting around geoblocking.
Tor is not really designed for the bandwidth requirements of bittorrent or streaming, and for security the Tor folks themselves recommend against it as well.
https://blog.torproject.org/bi... [torproject.org]
movies (Score:2)
For downloading music and movies, which is what most people use personal VPNs for, it's adequate to keep you from getting nastygrams from the MPAA/RIAA shakedown racket or your ISP.
...as long as you trust your VPN to not log for real.
A VPN is just one gag-order/hack/whatever away from leaking your data.
Yes, I know VPN companies try to get incorporated in places with lower probability, but the chances aren't absolute zero.
A VPN companie is still a single point of failure.
They can also be useful for getting around geoblocking.
Tor too, traffic always looks like coming from the exit node.
There's even a convenient option to specify *which* country you would like to use exit nodes from.
There are countless other methods: SSH-proxying, for exampl
Re: (Score:2)
...as long as you trust your VPN to not log for real.
A VPN is just one gag-order/hack/whatever away from leaking your data.
Nothing is risk free, a VPN is simply added protection. The likelihood of the MPAA getting anything usable in court is tiny, and experience bears this out. For more high risk activities obviously the bar is much higher.
A VPN companie is still a single point of failure.
So is your ISP. Whether you trust a VPN provider more or less than your ISP is a personal decision.
There's even a convenient option to specify *which* country you would like to use exit nodes from.
If you don't have the bandwidth to stream, that is of limited utility.
Don't get me wrong, I like and use Tor, and I also recommend multi layered security. I just don't think it is the first
Re: (Score:2)
I've never understood why people are all into VPNs instead of Tor. Perhaps the percieved ease of setting up ?
Speed. Try streaming an HD video movie over Tor.
Re: (Score:2)
I've never understood why people are all into VPNs instead of Tor
Tor is painfully slow.
VPN's are NOT safe (Score:5, Insightful)
Re:VPN's are NOT safe (Score:4, Informative)
Because that's the nr. 1 thing they highlight in their marketing. NordVPN especially has been pushing ads and sponsoring channels on Youtube really heavily for the past year, and their ad on Youtube I've seen several times begins with 'Someone's watching, now they're not... NordVPN secures your connection with military grade encryption...' and so on and so forth. Some of the collaborations I've seen them do with Youtube-channels specifically make mention of data leaks and so on. Literally the first thing you see if you google NordVpn is 'NordVPN - Protect your online privacy', followed by 'Make sure there's only one person watching your online activities: you.'
There are only 2 main reasons why people buy these services:
1. Being able to watch geolocked content on streaming sites (probably the most common reason)
2. "Safety/privacy"
Re:VPN's are NOT safe (Score:4, Interesting)
Re: (Score:3)
You know your ISP is logging you. You pay your VPN provider not to log you. That doesn't mean they don't, but it is safer than the not using one at all. Of course it's not as safe as using your own VPN (provided you're competent), but using your own does come with the potentially awkward side effect that you can't say you've got zillions of clients and no logs to say which one did the bad thing.
Re: (Score:2)
Re: (Score:3)
Because the only traffic your ISP sees is traffic to the VPN, which is encrypted. The ISP can't see anything inside the encrypted tunnel, just as they can't sniff out and record your credit card when you buy something online over SSL.
They only know you're "talking" to the VPN node, but what you're "saying" and where you're going from there is hidden.
Re: (Score:2)
Re: (Score:2)
Not everything through your ISP is encrypted. In particular, even if your final data layer is fully encrypted, the layers below that are necessarily still going to expose who you're talking to and other metadata. If you're visiting a few social networks and buying stuff on Amazon, that's probably no big deal. If you're visiting the support site for a certain medical condition, or a site all about growing cannabis and that's illegal in your country, or sites associated with certain political parties/views, o
Re:VPN's are NOT safe (Score:4, Informative)
The VPN obscures what you're connected to.
Suppose you're in the habit of visiting furryerotica.com, but would rather that information not be up for public auction. Your ISP and the furries are almost certainly tracking your visit and selling the information to the highest bidder. If you impose a VPN in the middle, the ISP sees you visiting the VPN, and the furries see you coming from the VPN, but there's this black hole in the middle.
If the VPN is selling your data then you're not really any further behind. If they're not, then you're ahead. Since they have a direct financial incentive not to sell your data, unlike most ISPs and free-for-use web sites, they might possibly be less likely to do so.
Re: (Score:2)
Right. But A. I would imagine that you really have no way of knowing if a VPN is selling your data. Unless I'm explicitly signing a contract that says otherwise, I'd assume that my data is being sold. And B. wouldn't VPN's be goldmines for people wanting to steal data or blackmail people, or whatever shitty thing they can think to do?
I think that trying to bypass your ISP for a VPN that yo
Re: (Score:2)
Sure. From NordVPN's terms of service:
They guarantee that not only do they not sell your data, they don't collect it in the first place. You should absolutely not trust a VPN that doesn't guarantee that.
Your ISP, on the other hand, semi-regulated or not, absolutely log
Re: (Score:2)
Not just your ISP, but anyone that you connect to can see your 'home' IP. Depending on where you live, this can narrow your location down to a few hundred people (in a city) to a few dozen people (in the country) and with a bit of sleuthing, anyone could likely get your home address just from your IP, especially someone with resources.
With a VPN service, all the website sees is a random IP from a random location (depending on how you configured the setup). It's interesting to note that your bank tracks your
Re: (Score:2)
Source: https://nordvpn.com/ [nordvpn.com]
That is how they advertise and sell their product/service. If you click on "See All Features" you'll find
Re: (Score:1)
You can't trust your ISP either, so using a VPN you can't trust is no worse. At least your connection's IP address is hidden and it's harder for advertisers to track you that way.
I wonder if this is an issue with Intel Management Engine? Sounds kinda like it from the description.
Re: VPN's are NOT safe (Score:2)
For some, a public VPN is a great way to simply hide in plain sight. Sure, websites can still collect telemetry data to uniquely identify you, but you've made it much more difficult for your ISP, their interconnects, a network admin of a public WiFi hotspot, etc. to track you since the data coming out of the VPN's end tunnel is too noisy to be useful for anything other than a simple page counter. Granted, that's not how they're advertised and for us competent in the arts, we know the only "secure" way a VPN
Re: (Score:3)
Frankly I don't care if my VPN is watching the traffic I route through them. What I care about is that the MPAA/RIAA and my ISP aren't.
This serves to prevent my ISP from shaping my traffic or throttling/blocking things they dislike, and makes sure I don't get hit with a 5 billion dollar lawsuit for downloading a 10 dollar movie.
It also makes switching my external IP address because of geoblocking bullshit far simpler.
Anything that needs proper security I'll do through a combination of TOR, TAILS, wardriving
Re: (Score:2)
They're not a safety measure. They're a privacy measure so that you can't get tracked by IP address by places like google and forum moderators.
Re: (Score:2)
VPNs would be one part of a comprehensive privacy system, and it's all relative. Would I rather have my data flowing through an ISP that I can't really choose or a trustworthy VPN that I can switch? If I'm traveling, or using public wifi, then I'm probably better off piping my data through a VPN than doing without. Would I trust that the VPN completely resolved my privacy concerns? Nope.
Re: (Score:1)
How can anyone create a VPN that they own? Do you run a remote server from which you can emerge onto the internet, a server that is not paid for by you and cannot be traced back to you?
Just in case the answer is "yes," how would you expect everyone else to do this? Not to mention that if you have only one exit point to choose from, it would be pretty easy to track you. VPN or no, the ISP (and everyone else) can see what IP your traffic goes to (your VPN server). That can be traced, ge
Re: (Score:2)
> All a VPN accomplishes is piping all of your data through a central point, that you hope you can trust.
Or, in many users' cases all they care about is piping that data to a central point in a whole other legal jurisdiction with some hazy level of hassle for someone in the users' jurisdictions to correlate. Generally speaking it's not about making your actions 100% hidden, it's about making your actions 100x harder to sort out than the guy using Bittorrent on his own cable modem, as the MPAA/RIAA/whoe
Re: (Score:2)
I thought that one big usage model was getting access to geo-restricted content. For example, making Netflix think you are in the USA.
NordVPN say that their service is not intended to bypass copyright restrictions, but most of these VPN services move their outbound IP address around whenever they get blocked by Netflix.
Re: (Score:2)
I trust a good no logging VPN who's soles existence is not not log over say Comcast or Google.
A no logging VPN provider doesn't secure you, and by itself doesn't make you anonymous, but if say you setup the VPN, created a logging w/ some website with topics that can get you into legal trouble(or embarrassing) and never cross the accounts, you are hidden enough.
But we all know most have it for torrenting(you'd think vpn providers would have inter changes with each other for this) However I'm sure many also u
Department of Irony (Score:5, Funny)
Re: (Score:2)
All publicity is good publicity!
That tells you how detached from reality marketing is.
WTF TechCrunch (Score:1)
Re: (Score:2)
Is slashdot using VPN too? (Score:2)
Attempt to access this Slashdot story had
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at admin@slashdot.org to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log."
And then when I was able to I couldn't post.... till now.
BTW, as this is true, its also supposed to be humor
Equifax IT Crowd (Score:2)
Good job, TC (Score:1)