
Is NordVPN a Honeypot? - dudube
http://vpnscam.com/is-nordvpn-a-honeypot/
======
dagenix
A corporate VPN makes sense.

Using an untrusted VPN to do something like tunnel an HTTPS connection to get
around geo-blocking makes sense.

Using a paid VPN to protect ones privacy, has never made any sense to me. The
vast majority of those companies I've seen are sketchy as can be. A VPN is
just about perfectly situated to track users - possibly better than even the
ISP since the VPN provider doesn't have to contend with a NAT device obscuring
the number of actual users. Combine that opportunity, with the fact that many
VPN providers have minimal name recognition - in case of bad press, spend $10
on a new domain name - and are competing on price with what appear must be
small margins. What would really surprise me would be a report that proved
that the vast majority of paid VPN providers aren't up to some funny business.
Yet, someone VPNs have a reputation of being a mechanism to protect privacy.

~~~
gruez
>Combine that opportunity, with the fact that many VPN providers have minimal
name recognition - in case of bad press, spend $10 on a new domain name

meanwhile, if comcast/spectrum is injecting ads or monetizing your browsing
history, you have no recourse. what are you going to do, switch ISPs?

~~~
jsoc815
The problem here is a lack of critical mass. IME, most people don't care about
any of this. I recently tried to explain to my classmates why "free" apps are
typically not free; they basically got mad @ me for doing so. And this, is
generally _factored into a business model_ by anyone slightly scrupulous.

So, and I've not done this myself (yet), the options are: lower your standards
to those of the unwashed masses; or 2) become the service provider yourself
(hopefully w/ a group of like-minded individuals).

Of course, #2 will be somewhat difficult because there's a lot behind-the-
scenes non-technical stuff that goes into 1) forming and sustaining a company;
and 2) bringing a thriving product to market.

That said, you could try to fork #2, and instead of bringing your solution to
the broad market, roll fight-club style and hope that obscurity guarantees its
security/functionality. This, truthfully, is probably the best and most
feasible option for the avg. person/people. (Sadly)

------
AdmiralAsshat
I think his evidence for being a honeypot is speculative at best. The more
likely explanation is that it's simply a mediocre VPN service bolstered by
fake reviews and marketing money. Snake oil is so much cheaper to produce than
something actually nefarious.

~~~
jsoc815
While you are correct that the "evidence" is speculative, I've long thought
that the seemingly coordinated push to get avg. people to use VPNs was
suspicious. Additionally, when I articles and comments rationalizing why one
company is better than another, I see a lot of holes in what's said. For
example, people don't seem to understand that registering (basing) a company
in one place _doesn 't preclude it from operating elsewhere_.

Another thing, most people, including me, don't know who the owners and
operators of these companies are. I see lots of comments about wanting to
avoid gov't surveillance and the like, but w/o knowing the deets on the owners
and operators, people could be just making the surveillance easier; same is to
be said for those trying to avoid giving the data to their ISP (maybe the ISP
owns all or a stake in one's VPN).

So, I think that RR's advice in one of his/her articles about avoiding all of
them is probably fair, although considered impractical for the average person
@ this point.

~~~
dagenix
Genuinely curious - how is it hard to avoid a VPN? Can't you just not use one?

~~~
jsoc815
Well, to clarify, I'm referring to RR's advice not to use any of the consumer-
level services. And since, as far as I know, they are all fee-based 'tools', I
don't see why one can't not use them.

As always, I'm happy to have someone correct any flaws in either of my posts
here.

------
gruez
>Here is a honeypot VPN would do. Does NordVPN Meet Every Checkpoint?

>Need a BIG Company to Back it Up

I'm not sure why that's a requisite for a honeypot. Why contract a company to
do it rather than doing it in-house? It's one more loose end to take care of
and one more source for leaks.

> “Fake” Product Consumers Want

> Invest Into Product to make Good Honeypot

it's consistent with the fact it's a honeypot, but it's also equally
consistent with the fact that it's a business that wants to grow by any means
necessary. besides, I'm seeing plenty of nordvpn advertisements on mainstream
youtube channels, and according to this article, CNN. if nordvpn is a
honeypot, who is their audience? you're probably going to end up with 90%
squeaky clean people (in terms of online activity), and 10% weed buyers.

>Use “Security” Features to Gather Data

this is nonsensical as well. why go about this in a detectable way (kill
switch failing all the time), when you can passively monitor the connection
(very easy to make it 100% undetectable), then follow up using parallel
construction?

------
LeoPanthera
They get a fairly crappy review, including being awarded the "Shady" badge, at
"That One Privacy Site", which I have trusted for years.

[https://thatoneprivacysite.net/2016/09/03/nordvpn-
review/](https://thatoneprivacysite.net/2016/09/03/nordvpn-review/)

------
pmoriarty
I wish there were some independent organizations, with the trust and respect
that organizations like the EFF and ACLU have earned, that would regularly
audit services like VPNs, Duck Duck Go, FastMail, and ProtonMail to make sure
that they're really respecting privacy.

~~~
LeoPanthera
For VPN and email, I really like "that one privacy site":
[https://thatoneprivacysite.net/](https://thatoneprivacysite.net/)

~~~
BrandoElFollito
No PIA review/mention, though. They are a big provider.

I used to be on NordVPN but after two years they went south. Very happy with
PIA today (I just need to appear in another country, so no fancy or serious
(personal safety) needs)

~~~
LeoPanthera
No PIA review, but they do appear on the comparison chart.
[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

~~~
BrandoElFollito
Thanks, I missed that big list.

There was also a guy who compiled a very comprehensive list of VPNs (with
plenty of interesting information) but I cannot locate it right now (I
remember it was in a Google Spreadsheets document)

~~~
LeoPanthera
That’s the same guy!

~~~
BrandoElFollito
Ah, cool then, thanks! I liked his work a lot and his data helped me to choose
my first VPN (which, incidentally, was NordVPN)

------
gspetr
This Jobs' quote makes sense, but I don't think it is applicable in the sense
that the article used it for, as it's nowhere near monopoly:

“When you have a monopoly on the market, it’s not the product people that make
the company make more money. It’s the sales and marketing people that get
promoted, and they end up running the company. The product people get driven
out of the decisions, and the company forgets what it means to make great
products. The people running these companies have no conception of a good
product between a bad product. They have no feeling in their hearts for
wanting to help the customers.”

------
nerdbaggy
I’ve seen the same advertising uptick in the Dashlane Password Manager. But
looking at google trends may just be me
[https://trends.google.com/trends/explore?date=today%205-y&q=...](https://trends.google.com/trends/explore?date=today%205-y&q=Dashlane,Nordvpn)

------
tomasmik
I'm actually going to work on the NordVPN project in a month or so.

As far as I know and from what I've seen I can tell you that its a legit
company with legit products and is only aiming to do good. It was started by
two friends, without any investors and to this day it still is absolutely
independent and run by the same two guys

------
gefh
What a content free pile of speculation.

