Looking for VPN services that are not based in the West

One factor that PG ignores that I feel is quite relevant specifically for VPN usage is jurisdiction in relation to your residence.

On a global scale we know that there is a faction of Western countries (including but not limited to 14 Eyes) that share data with each other. If you live in the West and use a VPN whose jurisdiction is in the West, you therefore may be at greater risk of de-anonymisation and subsequent prosecution than if you were using a VPN based outside of the West.

I know the argument goes “but Swedish and Swiss privacy laws are really good!” but the fact of the matter is these Western countries cooperate way too much with each other on many levels so I don’t trust that their intelligence agencies aren’t doing some data-sharing, and 14 Eyes documentation implies there was some already even back then.

Your threat model may be different and that’s fine. I’d still like to hear your suggestions for VPN services that are based in non-Western countries, ideally ones that are hostile to the West like China and Russia.

The VPNs recommended here are trustless. Nothing is collected if you make the account and pay for it in thr roght way for them to do anything about it.

Your concern is really is unwarrented here.

If you think you are safer from Russia or China more than the VPNs recommended by PG - good luck with that! But you’re objectively wrong in thinking so if that’s what you really do.

VPNs don’t quite give you anonymity.

All your assumptions and thinking and understanding are wrong in this post. Please read up on it more to learn better and correct information about what’s what and how and why.

Well no, you always have to trust the vpn provider with everything you connect through it.

Not how I meant it and how how and what that word means in the privacy context.

Except that countries sharing data with each other makes traffic analysis possible, making it much simpler to identify you.

That’s true, pseudonymity is more accurate. It still remains the case that this privacy is void in the case of traffic analysis between 14 Eyes and more partners.

There is no data that exists for them to collect, store, and share. For example: Mullvad servers are RAM based. What you’re saying doesn’t make sense. At best ISP can try to fingerprint you. But with Mullvad’s DAITA feature, they can’t do anything.

What a silly statement and belief.

If you believe Mullvad’s DAITA is sufficient to defend against traffic analysis by multinational intelligence networks then feel free to put your trust in it and enjoy it.

I won’t be replying to your remarks any more though as you are not contributing any suggestions relevant to the topic.

Just trying to address the question. The ones geopolitically close to what you are looking could be iVPN (Gilbratar and already recommended by PG) or Adguard (Cyprus, previously Russia).

I tend to use Amnezia, whose developers are from Russia. Unsure where they run their business from (wouldn’t be surprised if it’s from Dubai).

RAM based servers don’t mean much when Mullvad employees can SSH into it and have admin access.

“Can’t do anything” is a stretch, but you’re right that DAITA is a valid defence against some forms of traffic correlation attacks.

This can’t be taken for granted. At least one VPN provider PG recommends maintains account identifiable data to prevent abuse.

And VPN providers, depending on their jurisdiction, may have to KYC paying users.

Since you bring up Mullvad:

… in some situations we might process your personal data if you, for example, are making payments by a bank wire, PayPal, Swish, Stripe

… If you choose a payment method where you are providing your personal data to Mullvad, such as PayPal, we will process and protect your information according to the GDPR and other applicable legislations.

“protect your information according to … applicable legislations” is a euphemism for “you’re at the mercy of Swedish laws”, which is OP’s point, and to their credit, Mullvad is honest enough on this:

The data must be kept for the statutory retention period described in applicable local laws such as the Swedish Accounting Act (some information must be stored for seven years from the end of the fiscal year).

Besides, Mullvad’s email support (going by MX records / mirror) is all Google, so that’s there, too.

Fair points.

I also implied that if you pay the right way (cash and XMR), they don’t or can’t store anything about you that they don’t have.

Also, the service has been audited. And I also commented only thinking about VPNs recommended here since those are the only ones worth using in my opinion.

Hence the recommendation is only to use the ones suggested here, no? It has to be one of the reasons.

But we are digressing from the point and info in the OPs post. What they are saying and claiming is not accurate.

In the end, it comes down to trust you have - no matter if the VPN you choose is open sourced and audited or not. I don’t get why one would not use VPNs suggested on PG based on their criterion and threshold set for evaluation of the tool.

I want to hate on The West too sometimes, but think about it. VPNs are inventions of the west. All the core competencies of running one that you can actually trust are developed and started in the west. The rest are pretty much copy cats and while there may be some exceptions, they are at some point had significant contacts and influenced by the west. So will you even trust them? Do we have an actual option? Lets have a look by region:

Americas:

• North America - Don’t look here. This is the Big Bad of The West never mind that they pretty much invented and the “N” of the VPN
• Central America - Mexico? They are a neighbor of the Big Bad and pretty much their partner in a lot of things. Also are the governments here trustworthy? I don’t think anyone else have significant infrastructure here.
• South America
  • Argentina? A lot of Germans went there after WW2 aren’t they “tainted”? There could be VPNs there that we could trust, but I don’t know one without searching.
  • Brazil? Can you trust their government not to snoop on your data?

Europe

• The original West - Western Europe. There is nothing to trust here for you. Nevermind that the internet formally started here via CERN with help from France and UK.
• Eastern Europe (lets include Russia here) - the talent and infrastructure is here but again, can you trust their government not to snoop on your data? I guess you can try to look for service providers here.
  • Is Russia part of “The West”? - too paranoid with their neighbors and are shall look and snoop at your data just in case you are a allied to the “bad neighbor”. доверяй, но проверяй (trust but verify) is their proverb after all.
• Northern Europe - Very much allied to the Western Europe because of Eastern Europe
• Turkey/Turkije - Dont bother, they’re part of NATO. Still technically part of the West. Also I think they’re more Middle Eastern culturally but hey…

Asia

• Middle East - the joke is, this should be Western Asia and you still shouldn’t trust it because the dystopia is very much also within here.
  • The developed ones like Saudi and UAE have governments that are too powerful and are ruling class pretty much above the law. Objectively, the recent-ish Veritasium video about SS7 had a story that involved one of the royalties here.
  • The less developed ones don’t have the talent and infrastructure for a trustworthy one.
  • Israel - lol HQ of NSO and Mossad. Hard Nope.
• North Asia - I dont have opinion her. I am not aware of any VPN companies here. I dont know if they have the infrastructure for a good VPN. Competency? I have no idea. Worth a look here?
• South Asia - This is pretty much just India as the rest may not have the infrastructure for a good VPN. Can you trust the government? Probably, probably not? Does it feel like the Dystopia has already crept in? You can probably have a look here if you think India isn’t too bad.
• Southeast Asia there is one real player here: Singapore. But they were a British colony and are closely tied to The West. But curious enough, culturally they are more like the Chinese and some of their infrastructure should have Chinese tech in them, because they are cheap. Could be worth a look?
  • Thailand, Vietnam and Malaysia - No idea if they are actually good. The infrastructure should be better than the rest of the region.
  • The rest are a joke infrastructure due to geography I should know I live in one of them.
• East Asia
  • This is like the European situation Japan and South Korea are allied to The West They probably have the best internet infrastructure in all of Asia, but again, Allied to the West.
  • China - That other Big Brother, against the Western Big Brother. Hard Nope.
  • North Korea - do you really want to connect to NK?

Oceania

• Australia and New Zealand - part of the West, dont be fooled by the location.
• The rest is pretty much Ocean as the name suggest. Sorry, Federated States of Micronesia. You likely don’t have the infrastructure for a good VPN by virtue of being in the middle of nowhere, but who knows?

Africa

• Not gonna lie, I have no Idea. The northern part might have infrastructure by virtue of being close to the Mediterranean. Trustworthy government? I’ve no idea.
• Central Africa - Didn’t Facebook and China invest infrastructure here?
• South Africa - Also no idea. I’m still thinking Part of the West but I could be wrong.

In summary/TLDR:

Go try to look for providers in South America (Argentina? Brazil?), Eastern Europe (???), North Asia (???), South Asia (India?), Southeast Asia (Singapore? Thailand? Vietnam? and Malaysia?) and Africa (???).

Additional insights:

• Language barrier is the initial entry barrier. Its hard to sign up for one in a foreign language that you cant read. You could probably use AI to translate.

• You have to vet the country’s government trustworthiness up to the risk that you want to take. Some governments may be more honest than others. Some of them might be interested in looking around at what you have.

• You can rent your VPS and roll your own VPN but that actually needs knowledge and technical know how - not for the uninitiated.

• Always remember that whatever the country VPN you get, it is still answerable to its own government. The smaller the government, the likelier it is to be bullied into submission by larger governments due to its treaties.

By rolling your own vpn which only a few people use, you’d lose the benefit of blending into a crowd

Welcome to the forum, and thanks for the post, but it does matter, since you would NEVER want to use a VPN based in China, for example, due to obvious reasons. So consequently one should be cautious, since there’s a lot of disinformation with regards to VPNs.

@Alvah.Lind64, if it’s fine, could you explain why this is part of your criteria?

(Apologizes if I don’t answer you quickly, since I’m quite a busy student .)

AFAIK, no VPN exists that is truly privacy respecting like ProtonVPN, Mullvad VPN, IVPN, and Windscribe VPN; the only provider I can think of that fits (some of) your criteria is IVPN, but it fails mostly for your requirements.

ALL VPN services still operational in China are not private and insecure, they are allowed by Chinese Authorities because they proactively help CCP to log and scan all traffics.

That is why Chinese citizens rent VPS outside China and self host with v2ray and what not, sometime with roaming SIM cards.

I get where you’re coming from, but there are a couple things to consider:

1. There may be fewer options for picking jurisdictions which have better-than-average privacy and censorship laws outside of “the west”.

2. If you’re concerned with the 14+ eyes intelligence agencies identifying you, using a measly VPN service is unlikely to be much help. You may have better luck with Mixnets like Tor, but if you’re being targeted by such powerful adversaries there’s really nothing you can do that’d provide a good chance at anonymity.

If you’re still set on using a VPN, perhaps Switzerland’s ProtonVPN or Gibraltar’s IVPN are preferable to Sweden’s Mullvad. I’m not sure about Gibraltar but Switzerland definitely seems to lean towards the “the west” and has worked with American intelligence before, but they may be less “entangled” or cooperative with them as they try to maintain some semblance of neutrality. You can research for other VPN services but if any were as good as the PG-recommended options, they’d probably already be recommended. In any case, it ultimately shouldn’t matter too much for the reasons I discussed above.

Swiss privacy laws mean they can’t request VPN provider logging of user data.

This is it. Swiss isn’t part of 14 Eyes.

China has one of the worst privacy rules (that is the gov can basically ask for anything) and all VPNs are subject to gov approvals (since they are technically banned.

I don’t know about Russian privacy laws but they have censorship, meaning you wouldn’t be able to access Youtube and many other western site.

What do you suggest OP to do? Use NordVPN?

Our support emails are now moving to self-hosted and Mullvad-owned hardware.

From now on, our Support Team can be reached at a new email address: support@mullvadvpn.net

Emails sent to the old address: support@mullvad.net, will still continue to function until we announce the shut-down of that email address.

You are looking up their old email address. Actual MX records.

Don’t you find it weird running a service in Russia to bypass Russia’s ISP blocks and clearly advertise it on their Homepage?

Free VPN to bypass blockings in Russia, Iran, Kyrgyzstan, Myanmar and Turkey

The link you provided is irrelevant, you could post about something about VPN services with direct CCP ties or whatever other than some reports about Tencent having CCP “employees”, do you think big tech in U.S doesn’t have any? The problem is if you are doing some activities that west may not like, wouldn’t that spark their rivals into your activities to see what you do (it depends on what you are doing of course) I can’t advice against or with using countries that are hostile west. It all depends on what you seem to find safest for you based on actual analysis or research.

You can see here their reason. I recommend OP to just use Mullvad DAITA, this is the best you can do.