
When Proxies Lie: Verifying Locations of Proxies with Active Geolocation (2018) [pdf] - tptacek
https://conferences.sigcomm.org/imc/2018/papers/imc18-final122.pdf
======
wglb
So if the VPN providers are not entirely honest about where their servers
actually are, what about their other claims, such as no logging?

~~~
mirimir
They can submit to independent audit. ExpressVPN and IVPN have been audited by
Cure53.[0,1]

0) [https://www.expressvpn.com/blog/browser-extension-audit-
and-...](https://www.expressvpn.com/blog/browser-extension-audit-and-open-
sourcing/)

1) [https://www.ivpn.net/blog/ivpn-no-logging-claim-verified-
by-...](https://www.ivpn.net/blog/ivpn-no-logging-claim-verified-by-
independent-audit)

~~~
jtl999
Devils advocate. A VPN provider competent enough could make it appear they
_aren 't_ logging during the time of an audit and then go "back to normal"
afterwards.

~~~
mirimir
True, but I've known Nick Pestell (IVPN CEO) for several years, and am
confident about his integrity.

------
nerdbaggy
I would be interested to see on the ones that don’t match the continent to see
a traceroute on them. While it’s far from accurate I have had good success at
geolocating IPs based on rdns of transit/ISPs

------
steve19
Very interesting. I always assume VPN providers are dishonest at best and
hostile at worst.

Does anyone know which VPN/proxy provider is the one labeled "A" (with claimed
proxies in almost every country)?

~~~
mirimir
I played with this approach last year.[0] HMA was the worst. At most half of
their servers could possibly be where claimed. So they could well be "A".

0) [https://www.ivpn.net/privacy-guides/how-to-verify-
physical-l...](https://www.ivpn.net/privacy-guides/how-to-verify-physical-
locations-of-internet-servers)

~~~
steve19
It must be HMA. They list two servers in the Vatican. No chance they have two
servers in the Vatican.

~~~
duskwuff
Pitcairn Island is even more of a tipoff. The nation's Internet access is
provided through a 5 Mbps satellite link, and the electricity shuts off at 10
PM. [1] There's no way a company has colocated a VPN server there.

[1]:
[http://visitpitcairn.pn/already_booked/](http://visitpitcairn.pn/already_booked/)

------
samanthachase
We’ve stressed the importance of using a no-log VPN service countless times
here at Cogipas. If a VPN provider logs your data, it creates a vulnerability
that could later come back to bite you. Unfortunately, while most VPN
providers claim they don’t log, it’s not always true. That’s why these
independent audits are so valuable in establishing which services can be
trusted. Here is a list of VPNs that have been audited multiple times and are
true to their words.

Nord VPN Private VPN Ivacy VPN Ghost VPN

