Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See

I know some of you use VPNs.

2 Likes

Yeah, dont believe that no-log shit. Also, didnt someone on the other forum recently mention UFO VPN for their no-log approach?

Edit: @willie in case you signed up with UFO you may wanna watch out :slight_smile:

Maybe it’s this.

" It all came to light this week after Comparitech’s Bob Diachenko spotted 894GB of records in an unsecured Elasticsearch cluster that belonged to UFO VPN."

1 Like

Ouch.

Different source:

https://www.derstandard.at/story/2000118860178/1-2-tb-an-nutzerdaten-von-angeblich-nicht-mitloggenden-vpn

1 Like

I mean…you get what you pay for? :stuck_out_tongue: PIA have always been solid in my use, and have been proven to keep no logs.

3 Likes

Same for KeepSolid

seems all 7VPNs from the same company! Never buy VPN, just buy VPS and built shadowsocks on my own VPS…

There are solid VPN providers out there, though. For the most part I only use VPNs to unblock Flix etc though.

I actually briefly worked for a VPN company in Germany. I was not part of the Devops team so I don’t know the exact details, but I do know that the police would come by with some frequency and the company never had anything to give them. If there was any logging the police were never fast enough to get it. So in some cases it’s correct.

2 Likes

I was lucky enough to get one of the Windscribe lifetimes. Although it’s in a Five Eyes country it worked better than anything I had prior shelled out cash for, like NordVPN which I think was since hacked or given data to the feds or something. The creator and newsletters have a funny sense of humor which I enjoy as well :slight_smile: The lifetime suits me well as I use it only for unblocking things or on dodgy public wifi.

If you don’t already know about it, I can recommend https://thatoneprivacysite.net/ for in depth VPN reviews. For the record my old workplace doesn’t score too great there over Windscribe despite the situation I described. Mullvad consistently ranks as one the best on there, so if you’re privacy oriented give that a try.

Thanks for your thorough reply. In fact, I also have Windscribe LTD (and some others). I also know thatprivacysite :stuck_out_tongue: Anyway, while some VPN services have a more secure setup than others I’d be especially cautious with free vpns.

NordVPN has been proven to not keep logs at all. One of their servers was accessed due to an insecure management interface which they were unaware of, but even still there wouldn’t have been any information to obtain from the server.

Aside from Nord VPN, the following have all either proven that they keep no logs, or have shown that they don’t via audits:

Also, fun fact: One of Nord VPN’s servers are hosted by @Clouvider :stuck_out_tongue:

5 Likes

Aye, but to clarify, the incident with IPMI was not with us :slight_smile:

4 Likes

KeepSolid has been tested like PIA?

I don’t think they have had an audit, if that’s what you mean. They have been solid though and I don’t run any critical data through them. Only use them for streaming, or DL some stuff. I only meant they were solid for me, not that they were proven not to have logs. Sorry, if I misphrased that. That being said, I don’t mind if a provider keeps some logs as I don’t run anything critical through them, again. I rather have them say they keep logs and line out which ones than say “no logs” and then there’s a big surprise package. Going with that I think Keepsolid are pretty upfront about it their logging policy :slight_smile: KeepSolid VPN Unlimited® – Best No-log VPN | Zero-log VPN Meaning

1 Like

Please don’t trust free VPNs. They have to make money somehow, and they’re seeing all your internet traffic, so it’d be surprising if they didn’t monetize that data.

… why do people keep doing this?

If you have a database, secure it. DO NOT make it publicly accessible. Please. Make it only accessible over a private network or VPN (…you’d think that the developers of a VPN system would understand this, lol).

If it really must be internet-facing, use something like client certificates for authentication, as that’ll give you mutual authentication. Or at the very least, a username and password (over TLS so someone can’t just sniff the credentials in transit).

I have my own DNS servers using PowerDNS and MySQL replication. The MySQL servers are only accessible over a VPN between the DNS servers. Strange to think that something I use for my little personal projects is more secure than something that’s apparently an actually serious product. :thinking:

2 Likes

I totally agree, but personally I also have a hard time trusting any VPN.

1 Like

You’re right about the logs - it was just the hack: https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

But that did confirm that they keep no logs.

How about Moz VPN, do they keep logs ? Anyone tried it ?