NordVPN Gets Caught Stealth Editing Its Warrant Canary Blog Post

Back in 2017, NordVPN published a blog post that also serves as a warrant canary. It updates the post daily to say something like,

As of 2022-01-22, we:

* Have NOT received any National Security letters;
* Have NOT received any gag orders;
* Have NOT received any warrants from any government organization.

While updating the warrant canary section of the blog post to assure users, it was also apparently stealth editing the claims for its service.

In the original 2017 blog post, NordVPN claimed,

NordVPN operates under the jurisdiction of Panama and will not comply with requests from foreign governments and law enforcement agencies

On January 19, 2022, however, NordVPN updated that to read,

NordVPN operates under the jurisdiction of Panama and will only comply with requests from foreign governments and law enforcement agencies if these requests are delivered according to laws and regulations.

First, NordVPN’s 2017 claim that it wouldn’t honor requests from foreign governments and law enforcement agencies was laughable on its face, and the company had to know that its claim was nonsense.

Second, its new explanation of when it is required to comply with requests from foreign governments and law enforcement agencies is still ridiculously vague.

Finally, NordVPN chose to quietly update a 2017 blog post rather than be transparent about its obligations under Panamanian law.

When VPN companies show you who they are, believe them.

You Probably Need a VPN

Vice recently ran an article with the attention-grabbing headline, You Probably Don’t Need a VPN. The main problem with the article is that it confusingly conflates several separate issues.

The objections to using a VPN boil down to:

  1. It doesn’t really matter if your Internet access provider (ISP, etc.) see what sites you are connecting to because the actual connections themselves are encrypted. All ISPs can collect these days is metadata about who you connect to and when.

    The objection that the only thing Internet access providers can collect is essentially browser history metadata seems absurd given how much we know about the value of that metadata. Many ISPs turn around and sell that metadata about their customers precisely because it has value.

    I have little trust or faith in the Internet access providers that I use in the United States. There are essentially zero legal protection for consumers at the moment for how ISPs can use and sell that data. Even if there were, these providers themselves typically employ bottom of the barrel security practices (looking at you Breach-Mobile), and such data will likely be stolen if not sold at some point.

  2. There are a lot of lousy VPN companies, many of which represent a potentially bigger data risk than your local Internet access provider.

There are a lot of lousy companies, period. The one cool trick that changes everything here is not to pick a terrible VPN company.

Pretty much the only VPN I recommend to ordinary people these days is ProtonVPN. Their basic $4/month plan will likely meet most people’s needs. Their VPN client is well-designed, and I trust their no-logs policy.

The other VPN I recommend is AirVPN, but not for casual users. In my opinion, if you want to do a lot of high-speed torrenting, AirVPN is the best option out there. Let’s just say in the last ten years, I’ve yet to receive a DMCA notice and leave it at that.

Techlore VPN Toolkit

Techlore’s VPN Toolkit is an excellent, crowd-sourced guide to VPN services.

The site rates VPNs across dozens of criteria and lets users quickly filter down to the VPN that would best meet their needs.

The site even features a “DIY Review Tool” that lets you create your own personal ranking chart if you happen to be knowledgeable about VPNs.

Just an all-around excellent site and a good example of how to really do a thorough website for a niche topic.

FreePN

FreePN is “the only completely free, fast, secure, anonymous, unlimited-bandwidth VPN. It’s also open-source.”

Still in beta, FreePN is an attempt to build an anonymous peer-to-peer VPN.

In short, FreePN is functionally a peer-to-peer VPN network. The FreePN organization itself only runs a coordinating server to help make connections between peers possible. Each user on our network also functions as a VPN server themselves for someone else on the network.

FreePN uses special ‘leaky-bucket’ algorithms so that you should never notice a negative impact on your own Internet speed while using FreePN. Using FreePN is just as fast (if not faster) than using any other paid VPN service available today.

ProtonVPN Makes All Its Apps Open Source

ProtonVPN recently announced it was making all its VPN applications open source and simultaneously releasing security audits of its various VPN applications.

We’re happy to be the first VPN provider to open source apps on all platforms (Windows, macOS, Android, and iOS) and undergo an independent security audit. Transparency, ethics, and security are at the core of the Internet we want to build and the reason why we built ProtonVPN in the first place.

. . .

Making all of our applications open source is therefore a natural next step. As former CERN scientists, publication and peer review are a core part of our ethos. We are also publishing the results of independent security audits covering all of our software.

Cloudflare Announces Warp VPN

Back when Cloudflare released its 1.1.1.1 secure DNS application for mobile devices, I wondered what the point was, since (at least on Android) users needed to disable any VPNs they were using in order to use the 1.1.1.1 application. Who is the audience for secure DNS minus a VPN?

This week, Cloudflare closed that gap by announcing Warp, a free VPN (with premium options to follow) that will eventually be rolled into the 1.1.1.1 mobile app.

From Cloudflare’s press release,

Technically, Warp is a VPN. However, we think the market for VPNs as it’s been imagined to date is severely limited. Imagine trying to convince a non-technical friend that they should install an app that will slow down their Internet and drain their battery so they can be a bit more secure. Good luck.

. . .

We built Warp because we’ve had those conversations with our loved ones too and they’ve not gone well. So we knew that we had to start with turning the weaknesses of other VPN solutions into strengths. Under the covers, Warp acts as a VPN. But now in the 1.1.1.1 App, if users decide to enable Warp, instead of just DNS queries being secured and optimized, all Internet traffic is secured and optimized. In other words, Warp is the VPN for people who don’t know what V.P.N. stands for.

. . .

Security is table stakes. What really distinguishes Warp is performance and reliability. While other VPNs slow down the Internet, Warp incorporates all the work that the team from Neumob has done to improve mobile Internet performance. We’ve built Warp around a UDP-based protocol that is optimized for the mobile Internet. We also leveraged Cloudflare’s massive global network, allowing Warp to connect with servers within milliseconds of most the world’s Internet users. With our network’s direct peering connections and uncongested paths we can deliver a great experience around the world. Our tests have shown that Warp will often significantly increase Internet performance. Generally, the worse your network connection the better Warp should make your performance.

. . .

Finally, we knew that if we really wanted Warp to be something that all our less-technical friends would use, then price couldn’t be a barrier to adoption. The basic version of Warp is included as an option with the 1.1.1.1 App for free.

We’re also working on a premium version of Warp — which we call Warp+ — that will be even faster by utilizing Cloudflare’s virtual private backbone and Argo technology. We will charge a low monthly fee for those people, like many of you reading this blog, who want even more speed. The cost of Warp+ will likely vary by region, priced in a way that ensures the fastest possible mobile experience is affordable to as many people as possible.

Users can sign up from the 1.1.1.1 app to be on a waitlist that they’ll move up as the VPN rolls out. I’m currently at #340921, so it may be awhile before I get to use it.

This is certainly an exciting development, but I assume that just as Cloudflare highlights some of the problems with traditional VPNs in its press release, there are some things that traditional VPNs are probably better for than Warp. For example, my suspicions are that Cloudflare isn’t going to be a big fan of people using their VPN for torrenting.