
Many free mobile VPN apps are based in China or have Chinese ownership - wglb
https://www.zdnet.com/article/many-free-mobile-vpn-apps-are-based-in-china-or-have-chinese-ownership/
======
DyslexicAtheist
VPN just shifts the trust from your ISP to the VPN company.

It doesn't matter where they're based. If you pay with a credit card under
your real name the burden of risk is always on you and if the company has
agreements with whichever jurisdiction you are in then they will collaborate
with LE.

that said, trust is fickle: The ultimate example of why not to put trust in
companies was WoSign/StartCom.

WoSign acquired Startcom because they were a trusted fresh player with a still
untarnished name and available cheaply (also thanks to Eddy Nigg and his
investor Wes Kussmaul who both saw no conflict of interest and indeed claimed
in public Eddy didn't know who the buyer actually was until it was too late).

When somebody shows up with a fat cheque and tells your VPN company that
Christmas came early, and that they're being bought out, then you have no
reason to continue to trust or? Yet people do continue to trust (see the N.N.
Taleb Turkey problem). People then are forgetting their trust assumption
actually doesn't hold when main mode of growth for the company is M&A and not
product development & innovation.

When trust is just a commodity that can be acquired and resold willy-nilly by
some people with enough cash, then the product/service is automatically snake-
oil (no matter if the crypto and the implementation of the software is 100%
rock solid and was written by gods).

For VPN's a good rule is to choose a neutral company that has very little in
common with you. If you are doing shit in Iran don't use an Iranian VPN
company. likewise if you do shit in Russia then US/UK VPN should be safer than
a VPN located in Cyprus.

If you do "shit" against Turkey, with a VPN in Australia while you are based
in Taiwan that's 3 jurisdictions and much better than doing shit against
Turkey connecting from Australia with your VPN based in Australia.

Finally it is best not to do shit, but sometimes doing shit is the only way
crimes by governments and those in power can be exposed.

~~~
projectramo
I thought the VPN protects me from US tech firms scooping up my data. Private
browsing + VPN means each session looks like a new person and they can’t tie
my browsing back to me (pretty innocent browsing but still).

Edit: right?

~~~
Kaveren
Not quite. Try using Panopticlick [0] for an overview of how your browser can
be tracked. Less unique is better. There's also sometimes new methods
discovered to track users, but that's not something you would usually care
about.

Firefox has good settings you can set in about:config [1].

If you don't have WebRTC disabled, there's a good chance a service can get
your public IP address directly.

[0] [https://panopticlick.eff.org/](https://panopticlick.eff.org/) [1]
[https://www.privacytools.io/#about_config](https://www.privacytools.io/#about_config)

------
forkLding
Likely the reason why a lot of VPN apps are Chinese is because there is an
actual demand for VPN usage in China. You then multiply that with the
population size (19% of the world is Chinese or roughly 1 in 5 people in this
world) and you will have a massive market to grow for local Chinese VPN
developers and for them to prosper.

The article author sounds surprised but it is quite logical if you think about
it.

~~~
jobigoud
How do these VPN bypass the Great Firewall if they are in China?

~~~
klipt
Some are based in e.g. Hong Kong which is in China but separately
administered. (E.g. Chinese residents in Hong Kong are allowed dual
citizenship while mainland Chinese are not.)

------
jen_h
Heck, many free mobile VPN apps don't even encrypt your traffic. An analysis
of VPN apps on Android done back in 2016 found 84% leaked IPv6, 66% leaked
DNS, 38% contained malware...and 18% didn't even encrypt anything...

Study is two years old, but I doubt it's gotten any better. (Source, PDF:
[https://research.csiro.au/ng/wp-
content/uploads/sites/106/20...](https://research.csiro.au/ng/wp-
content/uploads/sites/106/2016/08/paper-1.pdf))

------
duxup
Is there any reason to trust a free VPN service?

At least with a paid service I might think that my money ... could be enough
to sustain the company. At least it could be.

I would assume a free service would have to be selling your information just
as a matter of policy / economics.

~~~
nly
You could extend the argument on price though.

You can easily pay an ISP $50/mo for broadband, so why should you trust a paid
VPN that will handle all your traffic for only $5-8/mo on top? Is the
difference all infrastructural costs? What about those cheap $3/mo VPNs? Where
do you draw the line?

~~~
Simon_says
I presume the majority of that difference is because there's a healthy market
for VPNs with practically no barrier to entry, whereas your ISP is a monopoly
usually, or a duopoly if you're lucky.

~~~
danieldk
Not outside the US. E.g., in our apartment, we can subscribe to fiber, cable,
and DSL. On fiber and DSL, there are many ISPs to pick from. However, the
prices are still similar to the US (you just get a lot more bandwidth for the
same price).

I think it is more that the costs of running an ISP are much higher, you do
not only need peering, but the networks including the last mile need to be put
in the ground and maintained. Plus, in to some extend, people in areas with
high-density populations subsidize expansion into lower-density areas.

The VPN market is really different. In principle anyone could start a VPN
using just a VPS (it wouldn't be the best, but many VPNs are terrible anyway).

~~~
craftyguy
I'm pretty sure you and GP are saying the exact same thing.

------
userbinator
I'm not surprised, because the Chinese also have the most need for a VPN.
Contrary to the article I think them "trying to keep a low profile" is not a
bad sign at all, and you shouldn't really need to worry about privacy if
you're using end-to-end encryption through the VPN.

~~~
tehlike
Except if the phone itself contains an exploit.

~~~
echevil
Privacy is not a big concern for the Chinese based VPN services. It’s useful
for both accessing websites blocked inside China, and also Chinese content
blocked outside China

------
tehlike
Almost all of the utility apps (battery cleaners, ram optimizers etc) are
owned by chinese, and they are a bigger threat than vpn services. They have a
huge footprint of devices outside of china, and have a lot of permissions
granted

~~~
echevil
Yeah, I wouldn’t be surprised at all. VPN is useful in both direction. There
are quite some Chinese content not accessible outside China.

~~~
kakaorka
Can you mention an example of Chinese content that’s not accessible?

~~~
yorwba
Various streaming services prevent access to their site from non-Chinese IPs
because they don't have distribution rights for other countries.

------
kristofferR
What's the best free peer-to-peer VPN?

Not a VPN that supports P2P filesharing, but a VPN where the users are the
"servers", like Hola used to be before it started sucking (can't even select
country now without paying).

~~~
Kaveren
I wouldn't recommend using one. P2P VPNs are great for people to commit crimes
with, so unless every time your VPN is off, you want to be solving reCAPTCHAs
all day, and not be able to make a purchase online, I would avoid it.

P2P VPNs don't offer much in the way of privacy, decentralization is only
better in theory here. For unblocking services, many normal VPNs can do this
fine as well.

------
User23
The odds of a Chinese homed VPN provider not sharing logs with the Party
asymptotically approach zero as time and user count increase.

~~~
majia
Providing vpn services is almost illegal in china. The party doesnt ask for
logs; it shuts down vpn services and punishes the providers. So the odds of
vpn provider sharing logs with the government is ironically low.

~~~
netsharc
Well... if "dissidents" use VPN that you ("Chinese government") can't monitor,
what's one easy way to continue monitoring them?

Yes, offer them free VPN, what good is encryption if you're connected to a
server they own/have influence over?

~~~
majia
The party doesn’t need to offer them free vpn. Instead, it figures out what
vpn services they are using and shuts them down. It goes as far as using
machine learning to detect vpn traffic.

I guess this is more effective because dissents is a very small subset of vpn
users, and application layer encryption makes it hard to extract much
information even if you can monitor vpn traffic.

------
Taniwha
My guess is that the once ubiquitous Chinese VPN companies one found ads for
everywhere in China have been driven out of the local market leaving people
with gear and no customers, moving to courting offshore (from China) customers
is the obvious move for these guys

------
aham_34
Free startup idea : Create a VPN service using lambda or some function as
service and sell it.

------
thanosnose
This should be the HN motto:

"If you aren't paying for it, you are the product".

Also, VPN isn't a magic cure for the disease of privacy violation. You are
just choosing to trust the people running the VPN service over the people
running your ISP. Should you trust a VPN company more than your ISP? I really
can't say, but VPN isn't a magic fix.

~~~
h4waii
Sorry, but this is just not true at all. There are thousands of open (and
closed) source projects, software, and services that do not fall under this
silly statement.

Does it mean that if you do pay for a product, that you still can't "be the
product"?

Blanket statements shouldn't be anyone's motto.

------
cauldron
If they install root certificate then all your date is naked, not sure if they
do tho.

But either way, you give away DNS log, http data, and possibly forced
affiliate link when shopping online.

------
supergirl
and?

