Hacker News new | past | comments | ask | show | jobs | submit login
[flagged] Problems that forced me to leave ProtonVPN for Mullvad (kevinhq.com)
37 points by kevinhq 28 days ago | hide | past | web | favorite | 68 comments

I guess it depends on what you're using your VPN for, but I prefer to run my own VPN on a vps. I use vultr and pay $5/mo. I also get to host a collabra server for my nextcloud setup on the same server so it just makes economic sense to use a vps rather than paying $5/mo (or more) to just get a VPN and also not have control of my data.

There is a slight problem with this strategy if you are running a VPN to avoid tracking, as you have a static exit IP in your name which only you use.

VPN providers usually have multiple IP and often many users coming from the same one.

The problem with this is that it quickly gets expensive when you have more than a little traffic. Most VPS up to 5$/month only include 1 TB, so if you need more than that you have to pay more.

Are you guys vpn’ing on your phones too? Do you just use the built in vpn connection profiles? I’m having trouble getting mine to stay connected to a plain old IPSec tunnel running on my raspberry pi and thinking I probably need a special client for “always on” to work.

On iOS the only way I found for “always on” to work well was with the IKE protocol using the built-in VPN client. I set up a cheap Vultr VM and used this:


One caveat: Reconnects worked poorly until I disabled the iptables rate limiting the script imposes.

Outside of that, it’s worked really well. I pointed the VM’s DNS at Adguard so I get some good filtering as part of it.

I'm trying wireguard at the moment for the always on feature. Setup was absurdly easy.

Cool. When I set my VPN up, Wireguard didn’t do iOS yet, but I’m interested in it. Please post back to this thread with a short experience report, if you wouldn’t mind. :-)

So far it's been really good. It's very good at staying on all the time and it was really easy to setup. Right now it's running on a raspberry pi but since I took down my ipsec vpn container, my ram/temp/cpu usage has gone down quite a bit.

I still need to spend a minute configuring things like dynamic dns in case my IP changes but I'm really impressed right now.

Thanks! Just ordered an Rpi4 for home routing duties, I’ll give it a try there first.

Btw, I also highly recommend a case cooling case for the rpi4. I got the aluminum one at https://flirc.tv but I think anything like it will do. It dropped the idle temperature by quite a bit. I think it went from ~75ish to about 45

Good call. Those are pretty cases.

I saw some tests indicating open+fan really dropped temps vs closed+fan so I ordered one of these: https://www.amazon.com/dp/B01LXSMY1N

I'd be curious to see what the idle temperatures land on.

I use Wireguard on both mobile and laptop, setting it up is easy and fast (with my Ansible playbook it's just play then get configs).

Wireguard is its own protocol separate from IPSec or l2tp right?

Do you have a puppet or bash script for that process?

How about an ansible script? https://github.com/StreisandEffect/streisand

I think algo is considered to be the best solution for this: https://github.com/trailofbits/algo

Agreed - I consider it more of a general purpose VPN (and what I use personally). Streisand is more opinionated, in ways that folks that use Proton services might find appealing.

I maintain this script: https://github.com/Nyr/openvpn-install

It's a simple bash script which just gets the job done fast, without dependencies or too much trouble.

It's just openvpn. If you dislike their app,use vanilla openvpn!

As far as instability..yeah it's unstable on the free version because you only get to access highly saturated free access servers.

With the paid plan on proton I see disconnects every othet day or so (random servers).

I use the free tier as well but I have it automated to where I force a reconnect if destinations are unreachable.

I believe proton uses Nord's infrastructure to some capacity?

But yeah,not fair at all to compare a free plan with a paid one. Even if they charge 1€/mo,those users are supporting the servers they use. With free,it's unlimited number of users that saturate a free server so you should expect less quality.

Care to share your force reconnect script? I'm sure many would appreciate it.

I don't wish to associate this HN account with my github profile. But I think it makes a good project to help you learn a new language.

Yes, NordVPN and ProtonVPN are both owned by Tesonet and runs office in Vilnius, Lithuania.

I used the visionary plan from ProtonVPN and ProtonMail. I personally have found it exceedingly good. I still augment it with my own VPN (easy enough to setup). I do experience slowdowns at peak times, but I also tend to break 30Mb/s speeds - can’t complain

> I feel it’s getting slower and slower

> I am not sure if the problem is on ProtonVPN side or my ISP side

I may be missing something... but I feel this is a terrible article, not based on any facts/solid research, but based on random experiences caused by "who knows what".

You're correct, it's an uninformative article by a non-expert just shilling for Mullvad. Just flag it and ignore.

Flagging this. The VPN industry is full of companies competing against each other using underhanded social media tactics, astroturfing, bots, sock puppets, etc.

This is clearly one of them, just a shill for Mullvad by a likely astroturfing or affiliate blogger who is "not an expert in VPN".

There is zero reason why this should be on the HN frontpage.

I don't use ProtonVPN, but damn... The author starts off his article with "I feel (sic!) it’s getting slower and slower.". Well, what do you mean? Can't you measure the speeds? Are we supposed to take your word for it? Even if he is right about protonVPN getting slower, that's no way of starting off an article...

On the second paragraph the author writes "Not only slower, but it also keeps disconnecting".. So, the author is sure that protonVPN is actually getting slower... But I thought he said he simply _felt_ like it was getting slower. Feelings are now equivalent to certainty, apparently.

Overall, not a good article, I'm sorry to say.

You're correct, and probably getting downvoted by bots or Mullvad voting rings. Just flag the article and move on.

NordVPN has seemingly slowed down as of late too. Though there are so many nodes that who knows what’s going on and how prevalent.

Previously when connected, my line would go down to 50+ Mbps: perfectly reasonable. Now, I test and it is sub 2 Mbps.

It's weird how, as popular as VPNs are, competing on UX - and not just some cute mascotts and assets - is still not a huge priority.

There's always trade-offs to be made for now it seems. And Mullvad doesn't have mobile support yet.

Makes you wonder what's gonna happen when Cloudflare's Warp is out of closed beta.

Back in the day, every videocard manufacturer released their own drivers. Diamond, Canopus, BFG, etc, they all took the baseline GPU drivers and added their custom branding. This meant that after Nvidia released a new driver, it could take weeks before Diamond put it up on their website. You missed out on bugfixes and optimizations for new games. So everybody just used Nvidia's drivers, and eventually all the various companies stopped doing it entirely.

Mobile VPN apps are in the same spot. They all use the same backends; OpenVPN, IKEv2, and/or Wireguard. Everybody's time would be best spent making _those_ apps better. The OpenVPN iOS app has a particularly poor UX.

For example on iOS you use the iOS NEVPNManager API for setting up an IKEv2 VPN connection, if this is updated in an iOS release and you use it in your VPN app, your app will be "updated" too. So in this sense it's not comparable with videocard drivers from back in the day.

That's true, IKEv2 is natively supported. OpenVPN and wireguard aren't, and most of the paid services use OpenVPN right now.

Was it a long time since you tried Mullvad? They revamped their UX making it easier to use not that long ago. And I use Mullvad on my phone following their instructions how to do so. This makes your post a bit confusing.

No mobile app.

But they don't need any additional mobile app, It's as simple as installing wireguard and scanning the QR code from the website and it just works.

Thad like saying Netflix doesn't have Internet support because they haven't created their own web browser. It's just a confusing thing to say.

How difficult is it to download and open a .ovpn file?

Mullvad has mobile support with WireGuard.

That's what I'm trying to do with WifiMask VPN, the apps are an important piece of the puzzle to make VPN as simple and clear to use as possible for the normal user. For now there's an app for macOS and iOS. A simple on/off button is the center of the design, with not too much bells and whistles. The focus is ease, security, stability and speed.

The big issue with VPN UX for me are all the ways that you can end up accidentally disabling your VPN, because it's not clear under which conditions it shuts down, is closed, or is temporarily inactive, which isn't good enough if you need 100% uptime for full protection.

Killswitches are the probably the easiest way to deal with it, because it will also alert users to when something is misbehaving, but it obviously doesn't work for general use cases so better UX is needed beyond the protective design.

With my WifiMask apps it's the case as long as the on/off switch is turned on, the VPN will either be connected or try to connect, as long as there is no connection the kill switch will do it's work, prevent data leaking and the app will show what's going on. Only manually turning off the switch will disable the VPN and any data leaking protections. I can still do some improvements here and there to show more information on what's going on, so this is useful feedback to me, thanks.

> And Mullvad doesn't have mobile support yet.

You mean (I think) it doesn't have it's own native app. Connecting to Mullvad's VPN works fine on Android using OVPN (as do many of the VPN providers).

Sent via LineageOS using Mullvad :P

Is anyone else bothered by the appropriation of the vpn term for setviced providing access to the public Web without confidentiality? There should be a new name for this.

Can I ask VPN users here what you use it for? I've personally never found a good use case...

Avoid the legal problems that come with torrenting.

Spoof my location.

Avoid giving trackers my IP address.

Avoid ISP throttling.

Hopefully my VPN doesn't log. At least my ISP can't log. I'm not concerned about state-level actors, just commercial ones.

In the past I used it for torrenting. Nowadays because it adds a layer of privacy from companies and governments. I trust my government now but I don't have to trust my future government. I am pretty sure I don't do anything illegally, but a future government might not think so.

Like in the UK when they wanted to ban porn (I think?). Something harmless today (legally speaking) can become an issue in the future.

The UK's Age Verification changes (not 'porn ban') has been delayed by another 6 months following some admin screw-up related to informing the EU. It's not really a very good example since it won't be illegal (for the consumer).

Yeah I wasn't sure as I'm not from the UK. So I added the "I think" :P

Are we sure VPNs don't log / turn logs over to federal authority figures if pressed?

Empirically, PIA has no logs to give (per multiple warrants now).

no, though that may constitute fraud depending on the jurisdiction. this is why some VPNs are based in certain countries, such as ProtonVPN in Switzerland. obviously they have to comply with a valid legal request, but depending on the data retention laws in the jurisdiction, there may be nothing to give over.

some VPNs definitely lie about logging, maybe most of them. ProtonVPN is one of the least likely ones to do so given their transparency relative to other VPN companies, their ProtonMail service, their infrastructure, and their founder.

upstream logging is still possible, and protonvpn is the only VPN service I know of with any of its own infrastructure. it has one datacenter in switzerland and you can use it as a proxy to some of its third party operated endpoints in other countries.

I was in France in May for the next to the last episode of Game of Thrones. Even though I pay for an HBO subscription, they still wouldn't let me watch it until I VPN'd into my nyc based server.

Primarily to avoid snooping when using various wifi hotspots out and about in the world and when using roaming data.

In addition to that, I don't trust my current or any of the previous governments, and I likely won't trust any future governments. I also don't trust any ISP in my country further than I can throw them, due to government-mandated logging. My workplace does mandatory MITM proxying and logs everything, I'm working on getting around that.

Avoiding throttling is huge. Is streaming video mysteriously garbage despite having 100 Mb/s? Connect to a VPN and watch the issues disappear.

Protecting my privacy while browsing at work and on unsecured networks like coffeehouse wifi and when traveling. I have a gigabit connection at home so I just run wireguard locally. Works great.

Also many mobile plans throttle video to 480p, a VPN bypasses that.

To complement the list above, use a private vpn, hosted at home, to access devices and services which are only accessable from home, while being on a remote location. I use it to access my server environment.

We build our own WireGuard VPN servers to SSH to other servers. Aside from that, I personally use it to avoid ISP throttling and spoof my location, as @RandomBacon said.

I use protonmail so VPN comes as part of the package. I use it at all times with my phone and when I'm away from home with my notebook.

I installed pi hole on my algo VPN, so that I could remove ads from my Android phone without needing to root it.

You can also use the DNS66 Android app for that without root.

Public wifi access.

I know people on it on Linux. They said it was pretty fast. They haven't griped about it any. It's possible the user's ISP or the Proton client software is causing it. It also might depend on which servers they use given more outages might happen in specific parts of the world vs others.

following statement on ProtonVPN web site may give a clue:

Free Package "Speed: Medium"

PIA doesn't work with Google search on some nodes anymore.

If you use it for privacy, might as well use DDG instead of Google to add another layer :p

I use it for privacy for other stuff, but use it system wide so it screws up my regular searches that I don't need that level of privacy for.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact