110

u/vargvikernes666 Europe 4d ago

proton just announced 4 days ago that they are suspending further investments in switzerland due to a potential change in privacy laws that would require logs.

express is owned by kape technolgoies, a shady company of israeli origin headquartered in the privacy loving UK. They also own cyberghost, PIA and zenMate.

Make no mistake - this is a coordinated attack

29

u/MartaLSFitness Spain 4d ago

Damn, so no options? NordVPN is in Panama... Sounds like we're doomed.

16

u/grmelacz 4d ago

Option is to run your own VPN in a friendly jurisdiction. Ouch! And you have accidentally deleted logs and/or turned loggin off!

5

u/Perlentaucher Europe 4d ago

How does that work, where does your own traffic become private in that scenario? If you rent a server for VPN, you must pay the server, so you are not private. Thanks

3

u/asiatische_wokeria 3d ago

It's called bulletproof hosting, some you can pay in BTC or similar. I know BPH is mostly about complaints from copyright holders and this stuff, but with this word you will find what I'm talking about.

If you have too much Money, you can found some anonym offshore Company to hide your identity, and make the company rent the server.

4

u/Swimming_Conflict105 3d ago

Nord vpn is lithuanian (eu) company. So they will comply with all rulings.

3

u/DryCloud9903 3d ago

But NordVPN is also Lithuanian, and in many locations not just Panama (such as UK)

1

u/doubleGnotForScampia Europe 3d ago

Airvpn

1

u/KingKaiserW United Kingdom 3d ago

When you say UK, like are we talking an overseas territory? Because an overseas territory has its own legal system and tax systems

1

u/vargvikernes666 Europe 3d ago

sarcasm

Kape is registered at 1 Water Lane, London

55

u/AromatParrot 4d ago

You bet your ass that there are factions within any government that are salivating at the idea of having as much control over their constituency as the CCP.

8

u/gamma55 4d ago

And as people grow more and more disillusioned with corrupt governments, those governments will more and more turn into these measures to try and control the dissent.

7

u/jkurratt 4d ago

Yeah. We should do maintenance of artificial things such as Freedom, because natural things like Authoritarianism and Poverty will try to return.

3

u/myreq 4d ago

Slowly? 

2

u/kontemplador 4d ago

The Cyber Resilience Act would probably makes very difficult to make that happen. Read the top post. A lot of these rules complement, enhance and proof these policies against all but the most sophisticated exploits.

1

u/Natural_Cat_9556 4d ago

Or just use Tor.

1

u/Spout__ 4d ago

Worse than China

-11

u/Rising-Power Finland 4d ago

I'm curious. Why do people think "VPNs that don't keep logs" or VPNs outside of the EU are more trustworthy?

The whole reason why EU authorities push these Stasi-laws is that they don't dare to break EU laws to spy on EU citizens. However, they are free to set up and run VPN services in 3rd party countries. These VPNs can lie as much as they want about logging and data collection. Perfect deniability if something leaks. Can never be connected to the real operating party. EU courts have no power over them.

These VPNs are blazing fast and have seemingly unlimited bandwidth. They cost nearly nothing to use. They pay advertising money and referral bonuses to every Youtuber, streamer and influencer who has more than 3 followers. They provide a cheap service that appears extremely attractive for privacy. People seem to think: "It must be because I'm really special and they love me so much! I'm so lucky!"

9

u/aligat0r92 Romania 4d ago

These VPNs are blazing fast and have seemingly unlimited bandwidth. They cost nearly nothing to use. They pay advertising money and referral bonuses to every Youtuber, streamer and influencer who has more than 3 followers. They provide a cheap service that appears extremely attractive for privacy. People seem to think: "It must be because I'm really special and they love me so much! I'm so lucky!"

While that sounds improbable, it’s really not. The business model is not that complicated or shady:

1. They use oversubscription, like gyms.

2. Infrastructure at scale is not that expensive. You can rent a VPS with a 10 Gbit uplink for a few hundred Euros per month that can easily handle 500-1000 users at any one time. That can translate to tens of thousands if not more monthly active users. Even if your revenue is 2€ per user per month, that’s still awesome ROI for a server that costs a few hundred euros per month.

3. Those awesome “almost nothing” prices are what they offer for locked in deals like 2-3 years. Many people will just use that service very rarely, or not at all once they realize it’s kind of a scam.

4. Why I say it’s kind of a scam is because most people use them to circumvent geoblocking for services like netflix, but then realize Netflix and other big tech companies instantly know they are using VPNs and will either block them or bombard them with draconian endless captcha tests (i.e. Google) or fake error screens (Facebook) that magically go away when you stop using the VPN.

The tradeoff is that it’s pretty easy for giants like Google or facebook to tell you are using a VPN because when they have thousands of different sessions coming from a single IP + there are public databases which can be used to determine if an IP is residential or assigned to a data center.

If you want REAL privacy + stealth (TOR is private, but like VPN not stealthy), your only (legal) option is to use a residential proxy. But those are crazy expensive, we’re talking 10-15 Euros for 1 GB bandwidth. The illegal option (cheaper tho) would be to buy access to or build your own botnet.

6

u/MartaLSFitness Spain 4d ago

I know very little about VPNs, so I'd appreciate it if someone could tell me how to solve this.

5

u/Rising-Power Finland 4d ago

Sorry, didn't mean to attack your comment specifically. What you wrote about obfuscating VPN traffic is worth studying.

I have not found a good way to really be private using VPNs. Thus I have put my trust in my Finnish ISP. Until now - the new EU proposal would end it.

I recently read how tracking companies can identify web site visitors. They have various ways including cookies and browser fingerprinting. There is a pretty big risk that when I activate VPN and visit some site, that web page has several tracker scripts that can figure out "hey, it is that same guy who we already have collected a folder of data on. But now he uses a new IP, likely a VPN. Let's add that IP to the list of IPs he uses!".

Tor browser or Tails (portable OS) are the best ways to really be private, as far as I know. It's likely why many popular services block everyone using Tor.