
VPN owners: 97 VPN products run by 23 companies - SubiculumCode
https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/
======
Traster
People should take this list with a serious health warning. Firstly, a lot of
this is just 'internet sleuth'ing and innuendo. Plenty of companies want to
operate multiple services to be able to use different marketing and
differentiation strategies. Secondly, the fact that the site is funded by
affiliate links to a coupole of the big VPN services should really ring alarm
bells. I trust we all learned from the Mattress review debacles? [1]

Thirdly, the companies who are funding this site through affiliate links,
despite not being investigated in this article are arguably more worth of some
serious suspicion. For example: NordVPN, one of their "Top VPN providers" is
run by the same guy who runs a Lithuanian data harvesting company[2], but
don't worry, lots of websites who make money from affiliate links to NordVPN
(Sign up Now! 75% off when you use the code "SCAM" at checkout!)

Now, maybe I'm being cynical - but I suspect if NordVPN weren't lining the
pockets of all these referral websites their reviews of NordVPN would involve
a lot more of the faux concern they show about other VPN companies in this hit
piece, rather than the credulous write-ups about how it's totally not a
problem that this shifty Panamanian company has suspicious links to data
harvesters.

[1]:[https://www.fastcompany.com/3065928/sleepopolis-casper-
blogg...](https://www.fastcompany.com/3065928/sleepopolis-casper-bloggers-
lawsuits-underside-of-the-mattress-wars)

[2]:[https://www.vpnmentor.com/blog/is-nordvpn-operated-by-
tesone...](https://www.vpnmentor.com/blog/is-nordvpn-operated-by-tesonet/)

~~~
emerongi
I know someone making tens of thousands a month from shilling VPNs. They have
site where they "review" and "rate" VPNs.

The reality is that the customers of those products barely understand them and
are buying into the BS of "stay anonymous" and "be private online". It's an
easy market, especially considering you don't even need to develop the VPN
software, just run instances on some cloud/VPS provider and do a ton of
marketing.

The person doing the shilling is marketing himself as a "privacy & crypto
expert" and having a masters degree in cybersecurity, reality is dude barely
graduated high school. He actually works for a friend of his who runs a whole
variety of these sites and is about to clear $10M+ this year alone.

What I've learned from this is that if you Google for some popular product,
the first 5 pages are going to be SEO-optimized shilling sites. Just skip to
page 10.

~~~
dorgo
> What I've learned from this is that if you Google for some popular product,
> the first 5 pages are going to be SEO-optimized shilling sites. Just skip to
> page 10.

Is a less SEO-optimized site less likely to be a scam?

~~~
goldenkey
Yes, because knowledge isn't SEO-optimized by default. It takes time to do so.
And time is money. And 99% of the time, those who are willing to spend a lot
of time to get on the first page of Google are doing it to gain money, not to
spread knowledge.

~~~
i_cant_speel
I don't disagree with your main point, but spreading knowledge and making
money aren't mutually exclusive.

------
krn
This post is almost surely funded by affiliate commissions paid by ExpressVPN,
NordVPN, and Astrill VPN, all of which are listed as "Top VPN providers"
before the article even begins. Therefore, there are some serious omissions[1]
in this list.

[1] [https://i0.wp.com/vpnscam.com/wp-
content/uploads/2018/08/201...](https://i0.wp.com/vpnscam.com/wp-
content/uploads/2018/08/2018-08-24-09_09_14-Window.png)

~~~
icelancer
Probably. So what? Doesn't make the facts of the article any less true. Just
need to do research on those three companies as well independently if you want
to know more.

~~~
grepthisab
It's important to know where one's information is coming from, even if that
information is "technically" accurate. Mere facts can be misleading through
context, and it's important to know where biases are.

------
mirimir
None of these are seriously privacy-centric VPNs. I was very pleased to not
see any of my old favorites (AirVPN, IVPN, Mullvad and PIA).

Although it's not easy to find them on their site, I believe that the
[https://cure53.de/](https://cure53.de/) vulnerability assessments are more
interesting. Google "vpn site:cure53.de".

~~~
dpacmittal
Mullvad is great! They don't require email, and they accept crypto for
payment.

~~~
Fnoord
And together with AzireVPN one of the few working with WireGuard!

~~~
mirimir
Also IVPN, and they posted about issues with using WireGuard in privacy-
friendly ways: [https://www.ivpn.net/knowledgebase/254/Using-WireGuard-
for-P...](https://www.ivpn.net/knowledgebase/254/Using-WireGuard-for-Privacy-
Protection.html)

------
duxup
Nearly as disturbing as the number of people who tell me they use free VPNs.

It is a bit mind boggling that folks are concerned about something and use a
VPN...but choose a free one...

~~~
tmh88j
> Nearly as disturbing as the number of people who tell me they use free VPNs.

This is absolutely not an apples to apples comparison, but why is it
outrageous to believe there couldn't be a free VPN that focuses on privacy
when there are search engines like Duckduckgo and browsers like Firefox that
are completely free and are pro-privacy? I haven't done the research, so
consider it a rhetorical question.

~~~
pcr0
A browser is just an application with some minimal services provided such as
sync, extensions hosting, auto-updates.

A VPN on the other hand consists of an application and usually unmetered usage
of the company's bandwidth, which costs money.

~~~
tmh88j
Maybe "browser" was too specific. Replace that with an "organization" and
that's Mozilla. They make firefox, but they're more than just an application,
they're a group of applications developers that are pro privacy.

~~~
debaserab2
So what organization with that kind of credibility is offering a free vpn?

If Mozilla did, it probably would get the kind of attention and focus you’re
suggesting. I just don’t see a lot of companies with a similar vision as
Mozilla that are successful.

~~~
ubercow13
Cloudflare is going to offer a free VPN

~~~
andreareina
The marginal cost to Cloudflare for the extra engineering, compute, and
bandwidth is lower than it would be for many other organizations, and it's
good marketing for the things they actually make money on.

~~~
SXX
Actually it's provide them much more than just marketing. They'll be only one
company to know detailed information about client connection quality, they'll
able to optimize routes for their CDN even more. It's crucial competitive edge
for their primary service.

~~~
petronio
That's a really good point, they'll be able to place VPN endpoints near their
CDN endpoints and minimize additional latency, while still knowing the
client's original IP for filtering, analytics, and providing geography based
views. There's value added for both the VPN users and Cloudflare clients.

------
yardstick
Tinfoil hats aside, it wouldn’t surprise me one bit if the NSA and other
intelligence agencies around the world operated VPN service providers as a way
to spy on users.

~~~
GordonS
If the Snowden affair showed anything, it's that the tinfoil hat wearers were
right all along - you'd have been ridiculed if you'd suggested just about
anything from the Snowden files.

~~~
IshKebab
I still think the NSA employs Linux devs so they can deliberately insert
flaws. Why would they not? It would be very easy. But every time I mention it
people reply "But but many eyes! They'd get caught!"

~~~
mercora
I want to point out that they could similarly hire someone working at
microsoft, or get someone up for a position there, to do this and it would be
at least as hard to detect...

~~~
anxman
Large companies like Microsoft assume that there are advanced persistent
threats that are willing to place HUMINT inside of their companies. The
companies have dedicated internal teamd focused on detecting them.

For example, Twitter recently fired someone that was leaking information on
dissidents to a foreign government.

~~~
lostlogin
I wonder if they would do that if the leak was to their own government.

------
guaka
Not sure if it really helps when making a choice but here's an extensive
overview of 185 VPN services over 30+ factors:
[https://thatoneprivacysite.net/#simple-vpn-
comparison](https://thatoneprivacysite.net/#simple-vpn-comparison)

~~~
nurettin
The point is not to make a choice but to be informed about how the industry is
somehow tied together in interesting ways. I would also add that many of these
VPN services turn your machine into a drone where you knowingly or unknowingly
enter into a contract so that they can sell your bandwidth to paying customers
to provide them with randomized IP pools so that they can scrape amazon and
alibaba.

~~~
atmosx
Interesting. Given that scraping Amazon is illegal, shouldn't these companies
pinpointed and sued?

~~~
grepthisab
It's not illegal, it's against their TOS, bug difference. In any case, if
there's money to be made, you'll find even more reputable entities will
operate at the margins of ethics and legality. In any case, probably more cost
effective to come up with a technical solution rather than suing every pop up
scraper of Amazon. Or just sue the VPN provider itself?

~~~
atmosx
I was talking about the VPN provider of course.

~~~
nurettin
Not sure about VPNs, but data centers usually harbor their own RBL services to
blackmail you to stop doing whatever you are doing as soon as you put their
network under stress or continually visit a certain domain/ip range (or get
hacked and be used as a drone to DDOS some website)

------
jen729w
ExpressVPN are on a podcast advertising spree, so I thought I’d give them a
look. I tried to pay using Bitcoin and got a generic “There was an error”
error.

And when I say generic, I mean ‘I recognise the Semantic UI React default
error block’ generic.

I used their live chat support. “Is this normal,” I asked. “No,” I was told.

I tried again a day later. Same.

I tried them on Twitter. Nothing.

So, it seems that ExpressVPN have a good marketing budget and little else. I
shan’t be bothering to try again.

~~~
ru999gol
> So, it seems that ExpressVPN have a good marketing budget and little else.

you don't happen to work for any one of the competition do you? anyhow I have
been very happy with them, their servers tend to be pretty fast. So add that
positive anecdote to his negative anecdote, how useless.

~~~
jen729w
I do not.

------
auslander
My research into VPNs led me to a strange thing: VPN Gate [0]. It is community
run VPN servers, by University of Tsukuba, Japan (6953 Public VPN Relay
Servers) with free public access, Username: 'vpn', Password: 'vpn'. Still
trying to grasp what it is :)

[0] [https://www.vpngate.net/en/](https://www.vpngate.net/en/)

~~~
Renaud
It looks interesting and probably without gotcha, but it’s rather naive as it
seems to rely on volunteers to act as relay/exit node.

I wonder how many ran into trouble due to dubious anonymous traffic exiting
their IP...

~~~
auslander
Why naive? What is wrong relying on volunteers? Goal is to hide your traffic
from ISP and your real IP from internet. Volunteer's VPN do just fine :)

> dubious anonymous traffic

price of freedom from corps and govs.

~~~
Renaud
Naive in the sense that they only address issues such as blocking LAN networks
and email spam traffic and there is zero mention of what happens when someone
anonymously abuse the service.

The volunteer effort is laudable and quite refreshing but can a VPN relying on
volunteers be ignorant of the risks those volunteers incur when they open
their connection to anonymous traffic?

I understand that this is an issue that every VPN has to face but there should
at least be some mention of how that particular VPN service handles law
enforcement and abuse requests, or do they expect the volunteers to face the
consequences?

Maybe I’m missing that point and it’s clarified somewhere?

------
novaleaf
Private Internet Access (PIA) doesn't seem to be mentioned in the article nor
HN posts.

I think that must be good then. I've been a happy PIA customer for about 5
years. They probably arn't the fastest (I get aprox 3.5mbit/sec on them) but
so far none of the mud slung against them sticks.

There's a lot of shady shit in the VPN industry, so glad they are above it.

~~~
typenil
I used PIA for a long time, but at some point it seemed like every single site
I visited triggered that Cloudflare protection page that forces you to fill
out Google Recaptcha before proceeding.

Hopefully that's not the case now.

~~~
hellofunk
I haven't seen a Cloudflare page in ages and I use them often. I honestly
cannot recall the last time when browsing the web I saw a Cloudflare page,
with any ISP or VPN.

~~~
novaleaf
i also never see cloudflare problems.

however some sites refuse to do business with you if you are on a vpn
(craigslist, BoA, etc) probably due to abuse from the same IP

------
_nalply
This list seems to be incomplete. NordVPN is not included.

~~~
Youden
Can you elaborate, preferably with evidence?

~~~
NetOpWibby
Do you see Nord in the list?

~~~
pujjad
"For our analysis, we only included parent companies that own or operate more
than one VPN product."

------
joyjoyjoy
Comparison of VPNs

[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

I made bad experience with NordVPN based on reliability but they gave my my
money back after 3 months with no questions asked.

Astrill is good but pricey. Astill will work in countries that try to block
VPNs. CON: Astrill leaks DNS like a mother...er. I can get it under controll
with ufw

ufw default deny outgoing && ufw allow out on tun0 && ufw allow out on tun0 to
[IP of your DNS] port 53

You may want to use Softether instead of OpenVPN or the provided client of
your VPN. I am only awar of two VPNs that provide Softether access:

[https://www.rapidvpn.com/setup-vpn-softether-
ubuntu](https://www.rapidvpn.com/setup-vpn-softether-ubuntu)

[https://proxy.sh/panel/knowledgebase/1893/Securely-
connect-t...](https://proxy.sh/panel/knowledgebase/1893/Securely-connect-to-
Proxysh-VPN-network-through-SoftEther-VPN.html)

------
INTPenis
A bit misleading to me because I read products as softwares but dismissed it
because I knew there weren't 97 VPN softwares on the market.

This should say 97 VPN services instead. Just nitpicking but it did made me
look twice.

This type of development is not unusual. Web hosting companies have been
buying each other up since the 90s.

~~~
ehsankia
I do think it's still true that the VPN market is teeming, even if a lot of
the smaller services are owned by the same company. I keep seeing ads for
ExpressVPN and NordVPN everywhere these days, some of these really trying to
sell the idea that you can't ever browse the web without VPN. It seems like
they're having a lot of success and growing very quickly these days, hence all
these duplicate ones too.

------
MindTooth
I usually (maybe I should not) use this source[1] for my choosing.

[1]: [https://torrentfreak.com/which-vpn-services-keep-you-
anonymo...](https://torrentfreak.com/which-vpn-services-keep-you-anonymous-
in-2019/)

------
spassbold23
That is why the future is with decentralized vpns, where the blockchain is
used to bring sellers and buyers of bandwidth together.

Projects like mysterium.network, sentinel.co, privatix.io,...

------
JustSomeNobody
I use a vpn for certain traffic, but I treat it more of just one more layer of
BS someone has to jump through to see what I’m doing and so maybe they’ll pick
an easier someone to watch. I don’t have to run faster than the bear...

------
dfee
I’ll say what I’ve said before: making a VPN purchase is non-trivial.

The best I’ve been able to do was use Mozilla as a proxy (because I trust
‘em), and thus bought ProtonVPN (which admittedly has been imperfect).

~~~
jammygit
Imperfect how?

~~~
dfee
Well when the VPN disconnected on the old Mac version, apparently it continue
to let traffic through. I think they’ve corrected that now.

------
peterwwillis
I hope nobody tells them about the products at the grocery store...

------
nathan-io
[https://github.com/angristan/openvpn-
install](https://github.com/angristan/openvpn-install)

------
kerng
This analysis seems to be missing the big VPN players. What's the point of a
half hearted analysis?

------
EastSmith
Why would I need a VPN for browsing if all my traffic is https and I use HTTPS
DNS?

~~~
ru999gol
Your ISP could still see the servers you connect to and how much data is
transferred, they don't need to look in any packets to know you browse YouTube
or PornHub, and when, and for how long.

But its also about hiding your identity from the sites you visit (dependent on
how well your browser protects your privacy).

~~~
broth
Your ISP is only going to see the IPs of the VPN nodes, times you connect, and
the bandwidth used but not what sites you are browsing.

~~~
amaccuish
Their reply was in response to "Why would I need a VPN for browsing if all my
traffic is https and I use HTTPS DNS?"

------
legionof7
How safe is it to setup a VPN (via Wireguard or something) with AWS?

~~~
harshreality
Safe? Against what?

\- Preventing websites from seeing your true IP? (you'll want to disable
webrtc as well[1].) Mostly yes.

\- preventing your ISP from spying on your traffic? (allowing Amazon to spy on
your traffic in exchange...) Yes.

\- Avoiding risk of legal threats if you engage in copyright infringement?
Mostly no. They can subpoena Amazon instead of your ISP, and your
lightsail/EC2 ip isn't shared.

Routing through a vpn, whether it's a commercial one or through AWS, linode,
digitalocean, etc. will get you blocked on far more sites, because it's more
difficult to identify individual clients, and there's more fraud and bot
activity on any kind of vps or vpn netblock than there is on typical
residential netblocks.

[1] [https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-
from-l...](https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-from-leaking-
local-IP-address)

~~~
mrunseen
I live in Turkey and I got myself Wireguard set-up with wireguard+lightsail. I
can say I got same trouble as no-VPN. For example I cant view profiles on
Twitter when im on VPN.

btw Turkey is notorious for blocking sites, Youtube got blocked for months,
Wikipedia is still blocked today..

~~~
lostlogin
Do people talk about the blocks and why they are there? It’s such a crude
tool, but presumably it works as it’s done in way too many places.

------
mancuso5
Can anyone recommend some really privacy-focused VPNs?

~~~
broth
You should really do some due diligence on finding the right VPN for your
needs.

I recommend you read this [https://thatoneprivacysite.net/choosing-the-best-
vpn-for-you...](https://thatoneprivacysite.net/choosing-the-best-vpn-for-you/)

------
arkadiyt
Here's the research they're summarizing (never linked directly in the
computerweekly article): [https://vpnpro.com/blog/hidden-vpn-owners-
unveiled-97-vpns-2...](https://vpnpro.com/blog/hidden-vpn-owners-
unveiled-97-vpns-23-companies/)

~~~
dang
Ok, we changed to that from
[https://www.computerweekly.com/news/252466203/Top-VPNs-
secre...](https://www.computerweekly.com/news/252466203/Top-VPNs-secretly-
owned-by-Chinese-firms). Thanks!

------
Kaveren
if a VPN is right for your use case, ProtonVPN is the best possible solution
if you want a moderate degree of herd anonymity from endpoints you visit. if
you don't care about that, run your own VPN.

those are the only two answers. ProtonVPN is the only VPN company to own any
of their own hardware (they own one physical data center in Switzerland).
"SecureCore" = route through switzerland data center to destination country,
also useful. CEO is a public figure. free service is surprisingly good.
company is ideological.

could it all be fake? yes, but it is far less likely than any other company's
VPN service to be. if there's one VPN in the world that would go lavabit, it'd
be them.

as others have said vpnpro.com and any VPN review websites are all
untrustworthy and paid off by VPN companies.

