In 2016, Proton created its own subsidiary, and these people are now employed by Proton. But for this historical reason, the ProtonVPN keystore on Android still lists Tesonet as the organization name, even though it is fully controlled by Proton.

None of this is "debunking"; these are just the facts. You can make of them what you will, but you should be honest about what actually happened when you talk about it.

Now that I launched a verifiable VPN, they are once again sending legal threats [1].

[1] https://vp.net/l/en-US/blog/Verified-Privacy-vs-Trust

From what I can tell, Tesonet seems like a very patriotic group (as much as a corporation can be personified at all), and genuinely puts resources, both human and financial, towards raising up the local communities.

It's interesting to me that Tesonet has concentrated the most popular VPNs under one roof and is involved in so many companies that could be described as "dual-use" (white hat/black hat) such as residential/mobile proxies, ai-powered scraping, etc. It tells me that Tesonet has a very sharp understanding of gray-hat landscapes. It does seem like their portfolio could be leveraged as a valuable asset to any powerful interest, regardless if they are benevolent or malicious or misguided.

I mentioned Tesonet's stance towards Ukraine because Lithuania has a number of wealthy ex-soviet/Russian citizens and business-owners with differing politics, and wanted to clarify that for any readers who might wonder.

Additionally, I've always been very impressed with Estonia's digital infrastructure and Ukrainian software engineering - not just JetBrains but also other vendors that I've worked with personally. Seems like there are a lot of highly skilled people concentrated in your region.

Painting "armed invasion" as "Russian presence" is like calling "stabbing someone in an alley" a "medical procedure".

We get it; you love Mother Russia.

> The Republican-led Senate Intelligence Committee investigation released their report in five volumes between July 2019 and August 2020. The committee concluded that the intelligence community assessment alleging Russian interference was "coherent and well-constructed", and that the assessment was "proper", learning from analysts that there was "no politically motivated pressure to reach specific conclusions".[11][12] The report found that the Russian government had engaged in an "extensive campaign" to sabotage the election in favor of Trump, which included assistance from some of Trump's own advisers.

Unfortunately in the world we live in no single jurisdiction is good enough anymore, laws can always change and Chat Control can be re-proposed over and over again.

Luckily, an MPR like Obscura with hops across different jurisdictions (Obscura in US, and Mullvad in EU) give you a much better scenario than just being in one jurisdiction.

> it would be great if you prioritized accepting Monero as payment

Definitely prioritized, one of our engineers is working on it right now.

> Also, how much control do we have over the features Mullvad offers (e.g. DAITA, quantum resistance, DNS filters, IPv6, integration with Mullvad Browser)?

We're limited by the Partner API that Mullvad offers right now, but we'll be looking into many of these soon. For example, we're implementing DNS filtering as we speak!

Unfortunately, because we don't identify users we cannot offer a free tier (since that would allow anyone to use it freely indefinitely).

However, you can always just top-up for 1 month to see how it works for you! Would love to hear your experience.

For now. The surveillance apparatus must feed from time to time.

Don't use the embed link from above, use this one: https://kumu.io/Windscribe/vpn-relationships

Source: I am a Proton VPN employee.

Hi everybody, this is Andy here. I'm one of the original researchers from CERN behind ProtonMail and ProtonVPN. There's some false info out there about ProtonVPN, and these stories were first fabricated by Private Internet Access, a competitor who has been feeling pressure from ProtonVPN lately.

The stories are false, but we have always been very open with the community, so I would like to provide some background anyways. As many of you know, Proton has many partners (Radware, F5 Networks, Equinix, Radix, Farice, LeaseWeb, Dell, Supermicro, etc). Tesonet Lithuania is indeed a partner within our long list of partners, but it's a huge stretch to claim ProtonVPN is run by Tesonet.

We first met Tesonet back in 2015 when they offered to provide us with internet infrastructure (we received many offers after the infamous 2015 DDoS attacks - we never bought infrastructure from Tesonet). During this period, Google was suppressing ProtonMail in search results, and we were financially suffering. To address this challenge, we needed to hire staff outside of Switzerland where costs are lower. This is how our Skopje, Prague, and Vilnius offices got started.

Prague happened because two of ProtonMail's early hires from CERN were Czech. Skopje and Vilnius happened because we knew local partners there (it would not have been possible to source local candidates, handle HR and payroll, understand local regulations, etc, without outside assistance). We worked with Radix (Macedonia) and Tesonet (Lithuania) to accomplish this. Tesonet in particular was selected since they are one of Lithuania's largest tech companies (and we already knew them).

While our early hires in both Vilnius and Skopje were always working fully for Proton, they were formally employed by our local partners because we did not have a local entity that could employ them. In the early days of Proton, this was not an uncommon arrangement since our team is spread across over 10 countries.

In mid-2016, Google finally halted the suppression of ProtonMail in search results and we experienced strong growth. This gave us the resources to create our own corporate entities in Macedonia and Lithuania, and we engaged Radix and Tesonet to do this. We used the same legal address and nominee directors as our local partners because we still did not have our own office yet. For contractual reasons, these moves took some time. For example, ProtonLabs Skopje, our newest entity, only moved in November 2017.

For historical reasons, some connections to our past local partners remain. Some of the IPs we use in ProtonVPN's global network might be acquired or leased from Radix (we have never, and do not currently use IPs from Tesonet - most IPs are from LeaseWeb or are our own IPs). Similarly, the ProtonVPN Android keystore mistakenly lists Tesonet as the organization name, since our Android developer was at that time formally employed through Tesonet. Due to the way the Android Play store works, this keystore can unfortunately never be changed, but it remains under our sole control.

The entities we use today in Skopje and Vilnius are both subsidiaries of our corporate entities in Switzerland. While we no longer employ team members through third parties (except for in the United States where don't do direct employment), we do continue to share expertise and work on projects together with various partners. For example, our two new Swiss datacenters are being built together with Radix in order to share some of the fixed costs.

Going forward, we will need to continue working with partners around the world as we grow (unless you're Google, you can't do everything yourself). This is not the first time one of our partnerships has been inaccurately portrayed (the other incident is so ridiculous I'm not going to mention it here). The truth however, is less interesting than the conspiracy theories might have you believe.

--------

Further comments on the smear campaign against us:

    The false allegations were originally spread by US-based VPN provider, Private Internet Access (PIA), who also happens to be a major competitor. We think it says a lot about them to be engaged in shady marketing tactics.

    ProtonVPN/ProtonMail does not, and has never used any IPs or servers from Tesonet (this can be publicly verified)

    Proton does not share any employees (or company directors) with Tesonet. This is also a verifiable fact.

    Proton has not used Tesonet for HR since 2016.

    There is little actual evidence that Tesonet does data-mining (in any case we have never used infrastructure from them).

    Proton has many suppliers (Dell, Juniper, Radware, etc). If you dig enough, you can find dirt on all of them and create a false narrative. We do business with other tech companies - this is not a secret or abnormal.

I wouldn't hand my intelligence secrets to people who resented being forced to be there; or to mouthy people I thought might blab about it after the end of their service; or to people with an anti-authority streak or at risk of a Snowden-style attack of conscience about civil liberties.

I would select for people with a deep love of their country; and a sense of loyalty that would extend well beyond the end of their service. The rest I'd send elsewhere - plenty of other units need tech folks, that drone/radio/printer isn't going to fix itself.

Yes. Mandatory military service is still military service. It's still following government orders at an impressionable age in a culture that deliberately inculcates a mentality of following orders even when they go against your every human instinct. It still means working for an organisation that knows its job is killing people, even if you're not the one pulling the trigger yourself. And Israeli military intelligence specifically has a long history of keeping supposedly retired civilians on as sleeper agents who infiltrate supposedly neutral companies.

(Does that mean this guy specifically is definitely one of them? Of course not. But to anyone with reason to be using a VPN at all it's probably too much of a risk)

This is the whole issue. No one can question what Israel is doing for fear of anti semitimtism.

If everyone is "anti-semitic" then you allow real antisemitism to foster unabated.

https://news.ycombinator.com/item?id=45496427

Firefox supports per-container (and as such per-tab) SOCKS proxies, which I find really useful.

So useful, in fact, that I've come full circle and I am now running a userspace Wireguard to SOCKS proxy [1] in order to have that convenience for a VPN which does not have any host I could SSH to.

[1] https://github.com/whyvl/wireproxy

Are there any cloud providers who don’t charge for network egress?

The only advantage of professional VPN is the ability to use obfuscation, so to bypass VPN restrictions in countries like Egypt or others.

A Bavarian man captioned an image of Robert Habeck (the vice chancellor of Germany at the time) with "Schwachkopf Professional" - "Professional Idiot". It was styled after the Schwarzkopf ad campaign. For this, Habeck filed a criminal complaint "to stop hate crime" against the man and the man's apartment was searched by the police and a tablet confiscated. Oh, and he was arrested over it as well. [0]

(The man was also accused of posting some nazi imagery earlier in the year, but the order to search his house seems to be related only to the insult. [1])

Imagine if you could be arrested for calling your (vice) president an idiot.

[0] https://www.dw.com/en/germany-greens-habeck-presses-charges-...

[1] https://www.tagesspiegel.de/politik/falschaussage-im-fall-sc... (it's in German)

Your ISP will need to comply with local laws and regulations, and you'll have some recourse if broken. A third-party VPN operating in an overseas jurisdiction could be doing anything with your data.

Perhaps we use the same word to describe them because initially they did use the same technologies, but they have branched out ever since? Maybe IPSec would be a common tech used. But the algorithms are not the same anymore since they serve different purposes (Personal privacy vs corporate/sysadmin security)

In the corporate world VPNs were usually a lower level abstraction security mechanism or a redundant security mechanism to either complement application layer_security, or to hot-patch modern security unto legacy LAN systems. VPN encryption is usually provided by the local router. Common algorithms are IPSec/IKev2.

In the personal privacy world, we are talking about a proxy that hides identification such as IP addresses, and pools connections to provide privacy. The actual encryption is not the main security mechanism even, as it only covers the transit between consumer to proxy, leaving (a potentially longer transit) between the proxy to the actual destination.

In terms of purpose and architecture it's closer to bitcoin tumblers, or Tor or Freenet, or money laundering placement. The fact that they call it VPNs seems to me more of a marketing scheme or political play to avoid association with all of the above, than an actual technical or academical description. If someone were to analyse these technologies, I'm sure a neutral or critical approach would avoid uncritically calling them VPNs in the same way that research is published not about Viagra, but on Sildenafil.

If you can prove that an ISP can inspect packets, it would be major news.

For what exactly? All sites are HTTPS now anyway, so the only thing you're leaking is the hostnames / IPs you visit. I don't exactly see how the whole "hotel WIFI" thing is relevant at all, except as a dishonest marketing strategy by VPN salesmen

Is this common?

That logic is questionable given how poorly "spying on public wifi users" scales. You either need to put a bunch of eavesdropping radios in a bunch of public places or somehow convince a bunch of small businesses to use your "free wifi" solution. Even if you do have access, it's hard to monetize the data, given that nearly every device does MAC randomization (so you can't track across different SSIDs) and iOS/windows rotates mac addresses for open/public networks. OTOH setting up metadata capture on a commercial VPN service is pretty straightforward, because you control all the servers.

Express VPN, NordVPN and Surfshark belong to another category of software than the VPNs used by companies.

Some differences are:

1- One is used by consumers, the other is used by businesses.

2- One protects communications to a client-controlled Local area network. The other protects communications with third party services.

3- One provides encryption, the other provides anonymization.

If someone also accidentally downloads a TB of movies and music on the way to the latest Mint upgrade, oops.

What in particular concerns me is the lack of any type of registration seemingly anywhere. I don't mind if a privacy focused VPN said they don't register at all in any country and stated the reasons as to why, but this company seems to have lied.

"The Seychelles kind of belong to the 'non-aligned' group of countries, and maintains decent relations with Russia, India, China and so on. They also advocate for a diminished US presence in the Indian Ocean. On the other hand, they're a member of the british Commonwealth and only got independence in 1976."

Seychelles is a great place to register for a privacy focused service but I agree with you that being a member state of the British commonwealth is concerning. Could you possibly recommend any place that would be better to register such as service?

"Trust.Zone sure looks fishy but I can't tell from this whether they are surveillance for the UK, traffic to hide in for russian authorities and cyber crime groups or something else entirely. I'd avoid them unless I was already into grey or directly criminal activities and already had layers of protection and indirection in place."

It gives the worst vibes possible for a supposed security service.

Trust.Zone offers a free trial which I signed up for to test with a disposable VM. This is where I learned how they keep user credentials and other major privacy issues, such as the logging I mentioned in my last comment. The support also sent a very questionable reply to a ticket where they wanted to do screen sharing and run an arbitrary script on my server to "diagnose" the issue.

This was during the 2022 WC though, so maybe Proton is better nowadays.

Although I have never needed it myself, which in that case Mullvad might be better since they require minimal registration details.

[1]: https://mullvad.net/en/blog/removing-the-support-for-forward...

[2]: https://protonvpn.com/support/port-forwarding

No issues so far.

I feel like it's Nord who's trying to be Proton but worse, no? Nord had just the VPN until recently, unlike Proton which was already trying to build an ecosystem (although they did speed up the new product drops significantly in the past few years). And unlike Nord, at least Proton actually has proper zero-access encryption and stuff, and they seem to know what they're talking about rather than just relying on influencer marketing.

And I was on Proton for 3y, until the CEO were backing Trump and Vance on Reddit and other places. Their port forwarding was also painful as well, but it worked.

Cancelled. PIA does the port forwarding nicely and stabily. No jank scripts to run every 60 seconds.

Now evidently PIA is a bunch of scum capitalists. But in reality, who isn't?

Mullvad? But they killed port forwarding for "abuse".

…except approximate content sizes and timing patterns.

https://mullvad.net/en/help/partnerships-and-resellers