-
Hi Vykintas, thank you for answering.
First of all, I want to reiterate that I purposefully used the word "allegedly" because I have no proof. I only have a smoking gun https://archive.is/bQo0O .
Second of all, I want to explain that it is very difficult to verify any of your points.
> you can easily [...] look through the code. As you can see majority of it is open source.
Yes. This is correct, but at the time of writing this comment, the source has been made available only 1 hour ago. https://github.com/NordSecurity/nordvpn-linux
The whole thing is one giant "Initial commit" of what looks like millions of lines of code. Auditing this code will take months for single motivated person. There is little to no comments. "Just read the code" is difficult in this context. Also routing traffic through the client can be done just with 2 lines of code enabling kernel ip forwarding, and another line of code adding a nft/iptable rule to nat traffic from NordVPN to the outside world. This is looking for a needle in a haystack if this is obfuscated.
> you can easily check it using Wireshark
This is also not that easy. If, as alleged, Oxylabs resells millions of NordVPN IPs to thousands of Oxylabs customers, you only have 1/1000 chance to be the botnet of the day. So you would need to be running Wireshark the one day out of 2½ year to see the traffic going through with Wireshark.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
If you're up to trying something new, we've built a technology to replace consumer privacy VPNs: https://safing.io/spn/
Technical summary of the SPN (Safing Privacy Network):
- A Privacy Network aimed at use cases "between" VPN and Tor.
- Uses onion encryption over multiple hops just like Tor.
- Routes are chosen to cover most distance within the network to increase privacy.
- Exits are chosen near the destination server. This automatically geo-unblocks in many cases.
- Exclude apps and domains/entities from using SPN.
- Change routing algorithm and focus per app.
- Nodes are hosted by Safing (company behind Portmaster) and the community.
- Speeds are pretty decent (>100MBit/s).
-
Thanks for providing additional information to readers. However, this is not entirely correct. Let me clarify:
- Community nodes are used to diversify server ownership and strengthen the privacy of connections.
- Community nodes may technically act as entry, middle and/or exit nodes.
- Community nodes will never be used for unencrypted connections, only for encrypted connections. We are thinking about a concept of trusted partners, which will also be allowed to handle unencrypted connections - but this is currently not the case.
- We publish advisories [0], which are automatically applied by all clients. This gives us the ability to quickly react to changing situations. Currently, community nodes _are_ being selected as exit nodes, but not as entry nodes.
I hope this cleared things up. I am happy to go into more detail.
[0] https://github.com/safing/intel-data/blob/master/spn/main-in...