the only important bit is that it is made clear whenever a given country falls under some category that allows things such as traffic analysis and cataloging.
it's actually often times preferrable to lie about the server location for lower latency access geo-blocked content, particulary when accessing US geo-restricted content in europe.
if you want true privacy you have to use special tools that not only obfuscate the true origin, but also bounce your traffic around (which most of these vpns provide as an option)
Why do you want to use a VPN?
- Privacy
- Anonymity (hint: don't!)
- unblock geolocation
- torrents
- GFC
The last point is the hardest.
They checked where the VPN exit nodes are physically located. A lot of them are only setting a country in the whois data for the IP, but do not actually put the exit node in that country.
Most of the "problem" countries are tiny places. Monaco, Andorra etc. It might be tough to rent a server there. And your list of clients should be minimal.
It's not only small countries either, it affects much of Latin America, including Brazil (PIA's servers were in Miami for BR as well last time I checked). I've occasionally seen it also affect US states where e.g. Massachusetts would be served from Trenton, NJ.
It would (unless the blockers use this company's database I guess):
> The IP registry data also says “Country X” — because the provider self-declared it that way.
That could be good or bad depending on what you're using the VPN for. E.g. if you only care about evading stupid local laws like the UK's recent Think of the Children Act, then it's actually great because you can convince websites you're in Mauritius while actually getting London data centre speeds.
But if you want to legally be sending your traffic from another country then it's less great because you actually aren't. To be honest I can't really think of many situations where this would really make a difference since the exit point of your network traffic doesn't really matter legally. E.g. if a Chinese person insults their dear leader from a VPN exit node in the UK, the Chinese authorities are going to sentence them to just as much slavery as if they did it from a local exit point.
I’ve been paying for Mullvad with Monero for years. Love it
I think you can still mail them cash?
IMO the coolest privacy option they have is to literally mail them an envelope full of cash with just your account's cash payment ID.
Wow, you must be using the VPN for some seriously shady stuff.
You may be denied entry to certain establishments, but some of the bouncers don't block all masks and if you're persistent with changing your mask (Tor or VPN exit node), there's a good chance you'll get in. CTRL+SHIFT+L works on Tor Browser to change your circuit. The linked article blocks Tor, but after pressing CTRL+SHIFT+L a few times, I was able to read it.
For the sites that don't let me view them via Tor, I can install FoxyProxy and try some IPs from the free public lists. Lots of sites that block Tor don't block these IPs, although it's a bit of a pain. Another option is to load an archived version of the site on archive.org or archive.md (or .is or the various different TLDs it uses).
As for HN - it sometimes gives a "Sorry." if you try to access a certain comment directly, but after a few tries it works. This account was created over Tor and I've only accessed it through Tor. I think my first comment was dead and someone vouched for it, but now my comments appear instantly.
I've heard that banking sites don't work over Tor, but I haven't had a need to use Tor for banking, as the bank already knows who I am pretty well.
Most of the big social media sites don't allow Tor, but if I wanted to create a fake account, I'd most likely buy a residential proxy.
So it's not that bad, considering what you get from Tor (and with some VPNs, depending on your threat model) - no tracking, anonymity and so on.
It accomplishes 2 things:
* I'm not tracked as much. Less data points for the companies to gobble up.
* More Tor users lead to better anonymity for everyone as it's easier to blend in - you won't be the only one wearing a mask at the club every weekend.
I got used to the latency. It's not that bad. Some sites load instantly, others take 1-2 seconds. A few take a while.
Sites from one regional hosting provider in my country just don't load at all. I get "Server not found". I'm not sure how that works - are they blackholing an ASN or using something else with BGP?
The main issue for me is not the latency, though, but the CAPTCHAs and 403's (HTTP Forbidden). If I were to search for a recipe, for example, I'd open 5-10 of the results in new tabs (with the middle mouse button; idk why people use CTRL+click), then close the ones with "Attention Required" or "Forbidden" so I'm left with 3-5 usable sites. That way I always have something to read. When I open a few sites one after the other, at least one will usually load instantly.
I haven't used Tor without Whonix on Qubes OS for a while, so I'm not sure if the latency is different on a standard OS with just Tor Browser installed. My workflow is that I use disposable VMs for different things I do. Right now I have a VM with HN and a few links I've opened from it and another VM with other research I started earlier today that I plan on finishing a bit later. When I'm done with my HN session, I'll close this VM, which will destroy it. For me this compartmentalization is good not only for security and privacy, but for productivity, as well.
If VPN usage becomes the norm, sites will have to give in eventually.
Socks5 proxy addresses can be found here: https://mullvad.net/en/servers
You need to prefix them with 'socks://'.
The ideal world is one where everyone is using Tor. They can only discriminate against you if you're different from others. The idea behind Tor is to make everyone look like the same user. The anonymity set must be maximized for that to work.
It takes time for sites to realize the danger, especially with mobile users where fiddling with a VPN is often more hassle than its worth and its just left always on. It's often a good idea to impersonate a mobile user agent for this reason as some sites (or perhaps cloudflare?) started treating them differently. The impersonation needs to be done well (SSL and HTTP fingerprints should also match mobile).
Usually, the more expensive the VPN offering the better the reputation of their IP's. Avoid VPNs that have any kind of free tier like the plague.
> Mullvad ... security and privacy _very_ seriously. Not surprised to see them shine here.
? TFA reflects on dishonest marketing on part of public VPN providers more than privacy / security.
That said, VPNs don't add much security, though, they are useful for geo unblocking content and (at some level) anti-censorship. In my experience, the mainstream public VPNs don't really match up to dedicated censorship-resistant networks run by Psiphon, Lantern, Tor (and possibly others).
Seems like there are VPNs, and then there are VPNs.
I love that I can pay directly with a crypto wallet and have true anonymity.
> We accept the following currencies: EUR, USD, GBP, SEK, NOK, CHF, CAD, AUD, NZD.
Not a bad way to get rid of some spare currency lying about that you’ll incur a fee to localize anyway.
All the VPN providers I've used let you select the endpoint from a dropdown menu. I'm not using a VPN to make it appear I'm in Russia, I'm using it as one of many tools to help further my browsing privacy.
My endpoint is one of 2 major cities that are close to me. Could I pick some random 3rd world country? Sure! That isn't the goal. The goal is to prevent my mostly static IP address from being tied to sites I use every day.
EDIT:
Small point of clarification:
All the VPN providers I use have custom or 3rd party software that allows you to select a location for the VPN. All of the VPN providers I've used also select the location with the lowest ping times as a default. I suspect most folks are just sticking with the defaults. I certainly haven't strayed outside the US/EU for any of my attempts. I have occasionally selected an EU location for specific sites not available in the US, where I live, but beyond that?
I mostly use it to avoid exposing my IP address too, but if I knew my VPN was comfortable with a little light fraud, I'd be concerned about what else they're comfortable with.
I'm not discounting you at ALL, I'm simply stating that the majority of traffic originate from these countries. Most of these folks just want to hide their IP address for various reasons. Privacy, Piracy, etc. Most don't care if it's in the next largest city, they just don't want it to appear to come from them.
Folks in countries like yours will likely pick endpoints to bypass the government. Folks up to nefarious stuff like cracking web sites, social media influencing, etc. will likely pick the target country more carefully. Anyone else? Whatever is the default.
I recognize this is a hard concept to understand for folks on this site, but the average joe signing up for a VPN doesn't even remotely understand what they are doing and why. They were pitched an idea as a way to solve privacy issues, block ads, etc. and they signed up for it. The software suggested a low latency link, and they went with the default.
The ads for a lot of VPN providers literally use scare tactics to sell the masses on the idea.
Really this is the answer to half of the comments on this thread.
Turn off your VPN?
Yeah like... physics. If you're getting sub-millisecond ping times from London you aren't talking to Mauritius.
The speed of light in fiber which probably covers most of the distance is also even slower due to refraction (about 2/3).
It just can't be outside England, just one 0.4ms RTT as seen here is enough to be certain that the server is less then 120 km away from London (or wherever their probe was, they don't actually say, just the UK).
RTT from a known vantage point gives an absolute maximum distance, and if that maximum distance is too short then that absolutely is enough to ascertain that a server is not in the country it claims to be.
Let's say you're a global VPN provider and you want to reduce as much traffic as possible. A user accesses the entry point of your service to access a website that's blocked in their country. For the benefit of this thought experiment, let's say the content is static/easily cacheable or because the user is testing multiple times, that dynamic content becomes cached. Could this play into the results presented in this article? Again, I know I'm moving goalposts here, but I'm just trying to be critical of how the author arrived at their conclusion.
I would easily pay €30 a month for a VPN in my home country that uses a residential IP and isn't noticeable. I am aware that those exist, but 99% of them are shady.
For residential IPs you can't even pay per month like normal VPNs, normally they charge per GB, usually over $2 usd per GB.
They likely charge per GB because these residential connections are generally slow and limited compared to datacenter connections. Doesn't help that they're often located in third world countries.
And I can get a semi-anonymous cable internet connection too (if your line is “hot”, you could sign up with any address… not sure if it has to be under the same node or just the same city). Would be difficult, but not impossible, to track down which residence the shadow connection is coming from.
I'd say, anything heavy and random, use the general VPN and the rest use an rpi at your parents' home.
I can't get into work from a non-US IP, but I can Tailscale back to my house and it works just fine. I even gave my in-laws (who live several states away) an AppleTV box running TS just to have another endpoint if for some reason the power goes out at my house while I'm gone (rare, but happens).
If you're picking a country so you can access a Netflix show that geolimits to that country, but Netflix is also using this same faulty list... then you still get to watch your show.
If you're picking a country for latency reasons, you're still getting a real location "close enough". Plus latency is affected by tons of things such as VPN server saturation, so exact geography isn't always what matters most anyways.
And if your main interest is privacy from your ISP or local WiFi network, then any location will do.
I'm trying to think if there's ever a legal reason why e.g. a political dissident would need to control the precise country their traffic exited from, but I'm struggling. If you need to make sure a particular government can't de-anonymize your traffic, it seems like the legal domicile of the VPN provider is what matters most, and whether the government you're worried about has subpoena power over them. Not where the exit node is.
Am I missing anything?
I mean, obviously truth in advertising is important. I'm just wondering if there's any actual harm here, or if this is ultimately nothing more than a curiosity.
The routers don’t care about where the provider says the IP comes from. If the packet travels through the router, it gets processed. So it very much matters if you do things that are legal in one country, but might not be in another. You know, one of the main reasons for using VPNs.
But so "if you do things that are legal in one country, but might not be in another" is what I'm specifically asking about. Ultimately, legality is determined by the laws that apply to you, not the country your packets come out of. So I'm asking for a specific example.
And I already said, that if a site is attempting to determine permissions based on the country, it's doing so via the same list. E.g. when the country is actually Greenland, but you think it's the UK, and Netflix also thinks it's the UK. Which is why I'm saying, at the end of the day, is there any real consequence here? If both sender and receiver think it's the UK, what does it matter if it's actually Greenland?
Take someone from Russia, Iran, wherever, trying to access information they aren't allowed to access, or sharing information they aren't allowed to share. They think they're connected to a neighboring country, but in reality are exiting from their own country. Therefore, the traffic gets analyzed and they fall out a window.
Imagine Snowden sharing information about the NSA while using a VPN that actually exited from the US. Things might have developed differently.
Yes, it won't matter for most services. But as soon as states or ISPs are involved, you're fucked if you get it wrong.
The case I can think of most accessible would be anything that streams copywriten video.
And if I do it for privacy, the actual exit location seems very relevant. Even if I trust the VPN provider to keep my data safe (which for the record I wouldn't with the majority of this list), I still have to consider what happens to the data on either end of the VPN connection. I'm willing to bet money that any VPN data exiting in London is monitored by GCHQ, while an exit in Russia probably wouldn't be in direct view of NSA and GCHQ
You’d be shocked at the number of people in regulated industries that thinks a VPN inherently makes them more secure. If you think your traffic exits in the US and it exits in Canada — or really anywhere that isn’t the US — that can cause problems with compliance, and possibly data domicile promises made to clients and regulators.
At minimum, not being able to rely on the provider that you are routing your client’s data through is a big deal.
To use an example, 74.118.126.204 claims to be a Somalian IP address, but ipinfo.io identifies it as being from London based on latency. Compare `curl ipinfo.io/74.118.126.204/json` vs `curl ipwhois.app/json/74.118.126.204` to see. If that IP ignored pings and added latency to all outgoing packets, I wonder if that would stymie ipinfo's ability to identify its true origin.
[IPinfo] pings an IP address from multiple servers across the world and identify the location of the IP address through a process called multilateration. Pinging an IP address from one server gives us one dimension of location information meaning that based on certain parameters the IP address could be in any place within a certain radius on the globe. Then as we ping that IP from our other servers, the location information becomes more precise. After enough pings, we have a very precise IP location information that almost reaches zip code level precision with a high degree of accuracy. Currently, we have more than 600 probe servers across the world and it is expanding.
If they added latency to all packets then London would still have the lowest latency.
There is however an interesting question about how VPNs should be considered from a geolocation perspective.
Should they record where the exit server is located, or the country claimed by the VPN (even if this is a “virtual” location)? In my view there is useful information in where the user wanted to be located in the latter case, which you lose if you only ever report the location of servers.
(disclaimer: I run a competing service. we currently provide the VPN reported locations because the majority of our customers expect it to work that way, as well as clearly flagging them as VPNs)
HotGarbage•3h ago
If an ISP wants to help their users avoid geoblocking via https://www.rfc-editor.org/rfc/rfc8805.html more power to them.
londons_explore•2h ago
raggi•2h ago
kalaksi•2h ago
sgjohnson•1h ago
If that had happened, IPv4 would likely already could be regarded as a relic of the past.
kortilla•38m ago
dustywusty•2h ago
Geographic IP information is one of our best tools to defend against those outcomes, and if anything it should be better.
HotGarbage•1h ago
dustywusty•1h ago
kortilla•37m ago
AnthonyMouse•43m ago
Is there some specific way we can get the laws like this to be gone? They're obviously useless (witness this very thread of people describing ways for anyone to get around them) and threatening people with destruction for not doing something asinine isn't the sort of thing any decent government should be doing.
boredatoms•44m ago