Not sure if I’m able to post links as a new user, so I won’t risk it but Azire VPN and Malwarebytes’ new blog posts state that AzireVPN has now been acquired by Malwarebytes.
This year we have also seen the acquisition of OVPN by Pango. Now AzireVPN has been acquired by Malwarebytes. I think we will see a continuing trend of small “privacy friendly” VPN providers being bought out. While provider’s like Mullvad will continue to grow more and more into the mainstream (which is a good thing). Mullvad’s future is definitely secure, but I wonder what the case is for providers like IVPN? For people that chain VPN providers, IVPN is very useful because it is very privacy friendly like Mullvad, but for the vast majority of users who use a single vpn, what is the incentive to use IVPN or other small privacy friendly providers over a provider like Mullvad, which also comes with the upside of integration with their Browser.
VPN Providers like Proton have a free plan, and many other products, so they no doubt have a long lasting future but I worry for IVPN.
Interesting, currently Malwarebytes uses the Mullvad network for their VPN.
Malwarebytes
Malwarebytes has partnered with Mullvad in order to utilize our global network of VPN servers for its own VPN application, Malwarebytes Privacy, since October 2019.
Wonder if they will move away from the Mullvad partnership because of this.
Looks like AzireVPN wasn’t a good “privacy” VPN some of us may have thought. Such a shame since they were one of the few providers worth considering along with the ones recommended here.
IVPN doesn’t physically own any of the servers they use. They shouldn’t even be recommended here for that reason alone. As long as some other provider is controlling IVPN’s servers, nothing else matters. But regardless, the fact remains that VPN providers cannot respect your privacy.
Mullvad only owns 166 servers in 9 countries. Proton only owns some servers in Iceland, Switzerland, and Sweden.
You also fail to elaborate on how renting servers is a problem, why a provider would ever do anything malicious, and how much of a risk something like this is.
VPN providers generally have servers in many countries worldwide, including privacy-hostile countries like the 14-eyes. It doesn’t matter which country a VPN is based in if they have servers in China or the US.
And it doesn’t matter if they claim not to log because their service providers probably do, and unless VPNs are audited all the time, we can only assume that they must be logging. It’s more secure if a VPN provider owns their servers.
VPNs can’t effectively hide your traffic from your ISP and other adversaries because they’re vulnerable to traffic analysis, allowing adversaries to determine the websites you visit despite the encryption. More likely than not, both your ISP and VPN provider can see the websites you’re visiting.
And while a VPN does hide your IP address, it doesn’t matter as not only are there many other ways to track people such as fingerprinting, but almost all modern browsers can detect your real location anyways so websites don’t even need your IP address to know where you live.
As for why a provider would ever do anything malicious, why would they NOT do anything malicious? If it’s possible for a provider to log you, then I have to assume they are.
IVPN is either the most honest VPN provider out there, or the biggest liar in the VPN industry. Since they don’t have complete control over all their servers, I must assume the latter is correct.
But privacy services in general are all flawed in that you’re just shifting trust to another provider instead of preventing data from being collected to begin with.
There is a lot to unpack in what you said and I wont go over all of it but, I think most of it boils down, to FUD, logical fallacies, and lack of research. I will respond to a few things you said in the hopes you will take some time to research.
Where the VPN provider operates out of can make a difference. For example, AirVPN, which is an Italian based provider, does not provide service to Italian residents due to the laws in their country.
There are a host of thing reputable VPNs can do to mitigate what can be done to a physical server in any given country. Plus not all places that a VPN lists are where the servers is located physically.
If you were to look at any of the VPN providers PG recommends they are audited regularly and all have servers they own that you can choose to use if you believe that
I don’t think anyone, including reputable VPN providers, are saying they are a perfect solution.
I would end with pointing out a lot of what your saying is full of statements like “probably” and “assume” because most of what your saying is based on conjecture.
I’ll quickly address the part of your claims which @Parish2555 did not address.
It is true that traffic analysis is a concern and it is being addressed by providers like Mullvad with their new DAITA feature. That being said your statement here is factually incorrect. When using a VPN, an encrypted tunnel is created to the VPN provider beyond the TLS encryption that is standard for HTTPS connections. This means that your ISP is not able to see the IP addresses or any other information from the websites you visit, only that you are connected to a VPN provider.
Privacy is not all-or-nothing, and there are absolutely privacy services which minimise the data collected / store it in a secure manner (E2EE).
You still have to trust the provider that they aren’t collecting data and that their E2EE isn’t backdoored. Privacy can only be achieved when the user self-hosts and controls E2EE themselves.
The only safe assumption is that every VPN provider and their service providers log, including Mullvad, ProtonVPN, and IVPN. VPNs are snake oil.
Multi-hop is coming to Mullvad. A warrant canary is a bit useless if you have RAM servers, have no personak data on users, and are in a jurisdiction where there are no secret court orders.
Plus, seizures can happen, as happened to Mullvad, which promptly reported it. But LE couldn’t get anything of it.
I agree Mullvad should publish a transparency report though. And IVPN has more options.
Anyway, this doesn’t mean one shouldn’t use IVPN. All VPN recommended in privacyguides.org/en/vpn are great and each have their pros and cons.
Would you use different encryption algorithms for key exchange, TLS, etc.? Unless the answer is yes, and the algorithms you use are widely supported (stuff like ECH still isn’t), it doesn’t make a difference between the encryption used. Either it is all backdoored (it isn’t), or it is all similarly safe.
Maybe for some threat models (I can’t imagine where), but in that case self hosting also wouldn’t help. In fact, using Tor might be your only option, and even then it is dangerous.
VPNs are tools, which suit some situations, and don’t suit others. An entire segment of technologies cannot be called snake oil just because it isn’t in your use case.
IVPN’s been around for close to 15 years, and it’s not in our plans to entertain acquisition offers. We have stable finances and ample savings to weather any prolonged market downturns (not forecasting that). We are very prudent with our decisions, financial or otherwise and make decisions with the goal of keeping IVPN running for another decade, and beyond.