Hacker News new | past | comments | ask | show | jobs | submit login

Everyone in Vilnius, Lithuania knows, that both, NordVPN and ProtonVPN, are being developed here by the people related to Tesonet, which has been recently sued in Texas Eastern District Court for the patent infringement in "Large-scale web data extraction products and services with residential proxy network ( https://oxylabs.io/ )"[1] by Luminati Networks, an Israeli data mining company behind HolaVPN[2].

The section from the "About" page of Tesonet (26 Apr 2018)[3], which was suddenly removed in June 2018 after the connection between ProtonVPN and Tesonet was made public by the co-founder of PIA[4]:

"For the latest project, Tesonet is working together with an international brand from Switzerland to create a security product that helps users protect their network traffic. As part of this technical partnership, we are collaborating on datacenter and network infrastructure that can easily supply 10 Gbps worth of bandwidth to users around the world. The product is developed using the latest authentication encryption methods and the best practices in the security world."

As late as September 2018, NordVPN and ProtonVPN still become affected by the same extremely rare Windows security bugs at the same time[5], even though the CTO of ProtonMail claimed here on Hacker News, that they used Tesonet, a data mining company, for developing ProtonVPN, a free VPN service, only as "an office space provider"[6].

[1] http://litigation.maxval-ip.com/Litigation/DetailView?CaseID...

[2] http://fortune.com/2015/05/29/hola-luminati-vpn/

[3] https://web.archive.org/web/20180426161609/https://tesonet.c...

[4] https://news.ycombinator.com/item?id=17258203

[5] https://www.pcmag.com/news/363619/protonvpn-and-nordvpn-bugs...

[6] https://news.ycombinator.com/item?id=17258538

Proton team here. Regarding this claim:

> Everyone in Vilnius, Lithuania knows, that both, NordVPN and ProtonVPN, are being developed here by the people related to Tesonet

This is not true. Proton has staff in Geneva, Zurich, Skopje, Vilnius, and San Francisco. Years ago, we did sublease office space from Tesonet (one of the biggest IT firms in Vilnius) as alleged above, but there is no connection today.

ProtonVPN is fully developed (and owned) by Proton Technologies AG, the Swiss company that also operates ProtonMail. This can be verified in the Swiss commercial registry, which also lists all our directors: http://ge.ch/hrcintapp/externalCompanyReport.action?companyO...

1 only shows Tesonet being sued and does not prove that both Nord and Proton services are being developed by Tesonet people, and even if they were Tesonet-adjacent people, further proof would be needed to link these services directly to Tesonet the entity. 2 is contingent on 1.

3 and 4 are the only things I can see with any weight to them, yet they were brought up by a competitor (red flag), and vague enough not to be considered "evidence".

5 and 6 prove absolutely nothing. Both of these products use OpenVPN, which is what the vulnerability was in.

The vulnerability has nothing to do with Tesonet and I have not seen proof otherwise. Presumably other VPN services that also use OpenVPN could have encountered the same vulnerabilities. What makes you think that both having the same bug, because they use the same open-source system, is any kind of "proof"?

It's interesting how one can seem to provide a huge body of quotes and evidence for something- yet the majority of it easily deflates when viewed directly. We're gonna need more than this, much more. I'm not willing to 100% disbelieve you or dismiss your concerns outright- but if you're trying to convince people, this is a pretty weak effort.

You've made these claims before, you say ProtonMail's response is inadequate- could you elaborate on why? I thought it was relatively thorough and convincing, but am willing to see any holes poked in it

What PIA co-founder proved in June 2018 on Hacker News[1], and what happened after:

- ProtonVPN UAB lists Tesonet's CEO as a director [after: the company's name was changed multiple times in 2 months, and the director's name was hidden from the public view]

- ProtonVPN UAB is operated from Tesonet's HQ in Vilnius, Lithuania [after: the company's address was changed to a co-working space's located a few streets away, which doesn't require to relocate to use it]

- ProtonVPN UAB uses previous Tesonet's technical employees [after: still true]

- ProtonVPN uses IP address blocks that belong to Tesonet [after: these IP address blocks were assigned to ProtonVPN]

- ProtonVPN Android mobile app was signed by Tesonet [after: still true]

The ProtonMail's response on reddit was modified multiple times and locked, to prevent people from picking the holes in the narrative.

[1] https://news.ycombinator.com/item?id=17258203 ["showdead" must be enabled in settings to see the entire thread]

These points are either incorrect or already debunked here: https://www.reddit.com/r/ProtonVPN/comments/8ww4h2/protonvpn...

There are even photos from Mozilla's visit to Proton HQ in Geneva: https://www.instagram.com/p/BpR7ungAi6Y/

Proton does have an office in Vilnius (one of 6 offices globally), but the bulk of our staff works in our two Swiss offices.

Why didn't you invite Mozilla to the real office in Vilnius, Lithuania where ProtonVPN was actually being developed?

Because the senior team members who developed the ProtonVPN partnership with Mozilla were all in our Geneva HQ, because that's where we're actually based...

Could you post some pictures from your office in Vilnius, Lithuania, where ProtonVPN UAB with 19 technical(?) employees is currently based? Are they still working from Tesonet's HQ, just like they did in 2017, and for the most of 2018?

Is Tesonet's CEO still the director of ProtonVPN UAB, more than 2 years after the incorporation in July 2016? I can no longer check it myself, because the public record is now hidden. But it was still true in June 2018.

And how do you feel about partnering on a free VPN service with a company, which has been sued for multiple patent infringements in "Large-scale web data extraction products and services with residential proxy network" by the founders of another free VPN service, HolaVPN, who have publicly admitted to using it for exactly that?

You can find Proton's response to these false allegations here: https://www.reddit.com/r/ProtonVPN/comments/8ww4h2/protonvpn...

> false allegations

These are nothing but facts backed by sources anyone can verify by himself.

Why is there an article about Hola in there?

To show that Luminati Networks, which sued Tesonet for patent infringements, has publicly admitted using HolaVPN as a residential proxy network for data mining operations.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact