Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Beyond Bullshit: VPN industry rebirth long past due...

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar

Topic Author
Pattern_Juggled
Posts: 1493
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Beyond Bullshit: VPN industry rebirth long past due...

Postby Pattern_Juggled » Wed Mar 27, 2013 1:06 pm

A few days back, I came across this tweet from @MattBlaze. It doesn't say anything that security professionals aren't already supposed to know, but it got me thinking nevertheless...



This is not a controversial statement, in other words. No system is perfect - there's only a baseline, and then improvement. And improvement comes from honest assessments of how a system is performing: you can't improve something if you don't know it needs improvement. All pretty obvious statements - indeed, they're close to being platitudes.

And yet...

In the "VPN industry," which I've observed from a close range since back in 2006, this is so far from the norm as to be an almost mythical ideal. In this "industry" (I'll drop the "scare quotes" now; point being that an industry implies a degree of cohesion and meta-organization, which the VPN world basically lacks entirely), there's a surfeit of hype and unfounded claims and random insertions of sounds-good text into just-written websites for newly-created companies.

I know personally of examples where text written in one company's website or promotional materials has been cribbed verbatim and pasted into other company usage - with no concomitant change in, you know, the actual operations underlying the business! The most classic example of this is how "no logging" went from something revolutionary in the industry, to something that's now a me-too claim made by basically everyone. And yet, how many of those companies actually don't log? Just this week, I became aware of one company who - whilst at the same time proclaiming a no-logging policy in public, loudly so - was admitting in email correspondence that they have logs and can thus track down anyone "abusing" their network, no problem. And that's just one example of many.

So, yeah... this industry is rife with bullshit, hype, and overblown security claims that simply don't stand up under inspection. Applebaum has made these criticisms in a recent paper, and the sad truth is that he's entirely right about that. Selling snake-oil bullshit has become a de facto best practice in the VPN industry. It's a race to the bottom: each company tends to push that envelope just a little bit more: overpromising, underdelivering, overhyping... and the ones that do that best get more attention from the press, more customers, more (short-term) success, and thus put pressure on others to play along.

That's how, in the short term, the bullshiters get ahead of the game. Hype, and underinvestment in real technology, and - yes - gutter attacks against other legitimate VPN providers are the tools of the bullshitters and those tools are very much in play.

But is this good for the VPN industry, let alone the actual customers themselves? Obviously not! With each iteration of the "scummier-than-thou" approach to the business taken by prominent VPN companies, the world of prospective customers discounts further and further anything said by anybody in the industry: it becomes like buying from a used care salesman: you expect her to lie, it's just a given. That's where the VPN industry is going, and it's going there steadily and consistently.

What gets lost in this is genuine innovation, amongst other things. Let me ask the readers this: name one - ONE - genuine innovation in the VPN industry in the past three years. How about it? I can't think of one. How fucking pathetic is that, seriously! What other industry - let alone technology industry - comes up with basically zero innovations over the span of THREE YEARS' TIME?

And this is happening in the context of a world where threats to privacy and security online are increasing at an increasing rate: accelerating, geometric increase... all but asymptotic. From governments and dragnet mass surveillance to organized ID theft and banking creds theft groups - it's all getting harder, faster, scarier, sharper. This is not a standstill target; no, this is a situation where the world - and the market - is changing and evolving like crazy. But the VPN industry? It's still recycling the same shit that companies like Cryptocloud first pioneered back in 2007... six fucking years ago. Pathetic.

Yes, that's directly tied to the tweet which started this article. The VPN industry is incapable of admitting problems, either as an industry or as individual companies. Thin-skinned kids react like spoiled brats when someone makes a constructive critique of anything relating to their cash cows, err, fancy hi-tech VPN businesses. Nobody is willing to accept criticism - let alone actively seek it out. Code isn't audited; fuck, code isn't even released. Fuck... nobody even asks that code be released. You can see my point.

That's got to change. Simply put, it's got to change. If it doesn't, the VPN industry is going to be left behind as the world moves forward. Alternative projects will catch up the usability gap (like Tor), and customers will ditch paid VPN services as if they were Betamax VCRs in an era of torrent swarms. All these kids getting "rich" by overhyping me-too VPN models will have to go back to real jobs. The boom will turn to bust - because of lost, permanently burned trust from customers. It's happened to other industries before; there's no law that says an industry will exist forever. Anyone remember paid screensavers from the 1990s? Berkeley Systems? The buggywhips of today...

Someone in this industry is going to step forward and start behaving like true professionals: actively seeking critique from other security pros, actively improving operations, actively publishing code and network specs, actively deploying genuine service breakthroughs... just like "real" companies do in real industries. Whoever does that will be savaged by competitors, and likely will be cold-shouldered by "journalists" who like the existing setup where choosing a VPN service is basically a popularity contest refereed by whatever blog is popular this year.

But some journalists will see what's going on, and report on it. Some other companies in the industry will step up and show leadership. And, of course, customers will know: they'll know who is legit and who is full of shit. They always do... eventually.

If this post sounds a bit like a broadside against the status quo, and also a premonition of some pending announcements... good! It is. Both. I'm just some random academic-in-exile dude who's been around the industry long enough to see it evolve, but is far enough removed to be able to call bullshit when it's knee-deep and growing. And I have, and I am.

Time for the next chapter in the "VPN industry" - where network security companies grow up, and take a leadership role in protecting people all over the world from bad things online. The demand is there: enormous, and growing. What's missing is professionalism, and competence, and integrity. And everyone knows it.

So that's how I react to the flaws in the industry: I react with honestly, and with a genuine desire to be part of dramatic positive change. Things aren't good right now, and they have to get better. Acknowledging that is the first big step towards making it so.

Let's make it so...
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
[email protected]ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
Pattern_Juggled
Posts: 1493
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: Beyond Bullshit: VPN industry rebirth long past due...

Postby Pattern_Juggled » Fri Apr 05, 2013 12:27 pm

A comment, posted in response to an article at vpnservicereview.net entitled "List Of The Best Torrent Friendly VPN Service Providers" - which includes several VPN providers that are, well... not exactly shining paragons of network security, let alone proven defenders of filesharing customers in the face of media industry pressure.


Indeed, including Hide My Ass on a list such as this veers perilously close to self-parody, does it not? They're great protection... except when they sell you out and off to prison you go for your hactivist work (no subpoena required - they rolled over without even bothering to ask for one). And then they get all weepy and apologetic? Please, make it stop:

viewtopic.php?f=17&t=92

Ah, and then there's Torguard. Don't be tricked into thinking they have anything to do with Tor - the actual Tor Project, that is. They don't; they just stole then name. Also: don't you dare transmit, um, "adult content" over their network or they'll snitch you out. Oh and you better not transmit any "audio or video downloads" on their VPN unless "you are the writer and copyright owner of the resources or you have a right to distribute the materials." Which I am sure is something every torrenting customer can say with confidence... right?

But wait, there's more! Torguard says these anti-customer handicaps are "actively and strictly enforced" - sort of hard to imagine how that's done if they don't actively log (and monitor) customer activity on their "private" network, isn't it? These are all verbatim quotes from their Terms of Service page - check it out, it's a good read. Indeed, reading the ToS for any service provider is pretty much a Good Idea.

viewtopic.php?f=17&t=2378

The VPN "industry" is currently filled with hype and hot air. Enough is enough. Customers deserve better than snitchware like Hide My Ass, ToS/logging fiascoes like Torguard, and the generic stampede of me-too johnny-come-lately tagalongs who wilt under pressure and can't carry themselves with professionalism as security industry participants (for example: Torguard has yet to reply when called out on their ToS problems in public - not very confidence inspiring, when they hide under the table rather than speaking up like real pros).

Substantive companies focus on genuine issues of network security that directly impact customer safety and network reliability. Wispy newcomers just copy/paste text from industry veterans, spend their time coming up with cute logos, resort to hand-waving about magical (nonexistent) super-secret technologies, and dodge hard-hitting criticism from qualified security industry professionals like Jacob Applebaum.

It's time for a rebirth of the "VPN industry," a return to a place where customers had real confidence that their service provider would go to the mat to protect them - no matter what. Why bother with VPN service if you don't know it'll be there when you need it?

viewtopic.php?f=17&t=2750
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
[email protected]ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: Beyond Bullshit: VPN industry rebirth long past due...

Postby cryptostorm_support » Fri Apr 05, 2013 1:38 pm

im half tempted to make my own site dedicated to vpn reviews....

and i agree alot of them are a joke, they all list only VPN providers who have high payout aff programs, and just recycle the same material, even the best of them renounce all objectivity and sell out.

thats one thing i can say i have never done, i never recommended something i didnt feel strongly about or at the very least my users convinced me they feel strongly about it.
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: [email protected]
live chat support: #cryptostorm

User avatar

Topic Author
Pattern_Juggled
Posts: 1493
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: Beyond Bullshit: VPN industry rebirth long past due...

Postby Pattern_Juggled » Sat Apr 06, 2013 12:04 am

Pattern_Juggled wrote:A comment, posted in response to an article at vpnservicereview.net entitled "List Of The Best Torrent Friendly VPN Service Providers" - which includes several VPN providers that are, well... not exactly shining paragons of network security, let alone proven defenders of filesharing customers in the face of media industry pressure.


Proper respect for the folks at vpnservicereview.net for pushing the above comment out of the moderation queue, and into public view. I had a sense this review site is something more than the usual scammy, less-than-honest affiliate linkfarm - and it's good to see that sense proved true, so far:

...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
[email protected]ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Rider
Posts: 97
Joined: Tue Jan 01, 2013 11:21 pm
Contact:

Re: Beyond Bullshit: VPN industry rebirth long past due...

Postby Rider » Sun Apr 07, 2013 7:21 pm

Cryptocloud_support wrote:im half tempted to make my own site dedicated to vpn reviews....

and i agree alot of them are a joke, they all list only VPN providers who have high payout aff programs, and just recycle the same material, even the best of them renounce all objectivity and sell out.

thats one thing i can say i have never done, i never recommended something i didnt feel strongly about or at the very least my users convinced me they feel strongly about it.

Do it :p www.oursvstheirsvpn.com But it is sad that they do run their own sites. At the end of the day it's all marketing to bring more business that's why we see lots of bullshit. It's not like old days where you open up a business and without advertising, marketing and what not and you are guaranteed business regardless of anything. As there was not much competition and when there was some competition, everyone played fare.
In today's world, it's all about competition, popularity and that can only be done via all this bullshit. It's sad and the thing is nobody wants to play fare anymore, its all about lies, faking, etc...and for what? Money? Popularity?

User avatar

Topic Author
Pattern_Juggled
Posts: 1493
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: Beyond Bullshit: VPN industry rebirth long past due...

Postby Pattern_Juggled » Tue Apr 09, 2013 3:54 pm

...a review site to review the VPN review sites: meta review!

metavpnreview.com - I bet it's available.

No idea how many people would actually want to follow it closely, but damn it'd be interesting to do. Track who is promoting what VPN businesses, what sites seem to carry fake reviews, what sites are doing a good job and providing honest feedback, and so on.

Tempting... :think:
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
[email protected]ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 3 guests

Login