Proposal to add the following criteria for VPN services
Minimum to Qualify: Physical ownership of more than a few of their servers Best Case: Physical ownership of all their servers
Reasoning: VPN providers that own their own servers instead of relying on shared infrastructure are less vulnerable to physical attacks. Owning servers also mitigates the risk of a third-party hosting provider logging data or enabling a MiTM.
In 2019 NordVPN suffered a catastrophic hack which they handled poorly. Several other providers were also believed to be hacked at the same time.
It’s also believed several other VPN providers may have been breached around the same time. Similar records posted online — and seen by TechCrunch — suggest that TorGuard and VikingVPN may have also been compromised.
As of now, Mullvad owns 170 of their servers. The rest are dedicated rented servers. ProtonVPN owns their secure core servers. IVPN does not own any of their servers and would have to be removed.
Alternative proposal in case this doesn’t get approved: Make physical ownership of servers a best-case requirement, add caveats to IVPN, then rerank the VPNs as follows: Mullvad, then ProtonVPN, then IVPN.
Mullvad would have to be removed under these criteria (an overwhelming majority of their servers are not owned by them) which would be quite absurd, as they are the gold standard of VPNs and AFAIK the only major provider which has had their no-log policy proven in court.
Ownership of servers does not even provide significant benefit unless you also own the datacenter they are housed in (a pipe dream for a VPN provider). If you don’t, you are trusting a third party (the datacenter operator) with the physical security of the servers either way.
No they wouldn’t, because 170 servers is enough to where you could change servers without overusing any and the load would be distributed across all those servers. IVPN is the only currently recommended VPN that would have to be removed.
AzireVPN (not recommended due to being owned by Malwarebytes) owns all of their servers and the datacenter.
We also placed our Secure Core servers in high-security data centers to ensure strong physical security. Proton VPN infrastructure in Sweden is housed in an underground data center, while our Iceland servers are on a former military base. Furthermore, Secure Core servers are wholly owned and provisioned by us (shipped on-site directly from our offices). Finally, Secure Core servers are connected to the Internet using our own dedicated network with IP addresses that are owned and operated by our own Local Internet Registry (LIR).
Mullvad also has physical control over the servers they own.
If this is true why don’t Mullvad exclusively use owned servers then? It’s because they can’t actually handle all their customers’ load with servers they own, and certainly not with all the locations they make available. They don’t own any servers outside Europe, last I checked. This seems to be a very arbitrary line, and I personally would definitely not consider it a “significant” amount of their servers.
And? This reads like an ad for Azire, you haven’t actually justified why this should be a criteria, you just keep pointing at Azire and saying “well they do it, so we should require everyone to do it”.
If you have a legitimate concern which server ownership addresses that is not made moot by the fact you’re trusting the datacenter operator either way, please explain it.
Having physical control over your servers and securing and installing their hardware mitigates the risk of having to trust outside providers. I literally said AzireVPN wasn’t recommended, but they are right about owning servers.
Also, Mullvad isn’t the only major provider to have had their no-log policy proven in court. OVPN had theirs proven before they sold out to Pango.
That’s fair, but I don’t know if that’s still relevant considering the acquisition. I don’t know if Pango would change OVPN’s stance towards logging, but being new management it easily could have.
Physical ownership does not mean having physical control over the servers or installing it yourself, and leasing the servers does not mean a lack of physical control.
Plenty of colo providers will take hardware you own, rack it, set it up for you, and tell you how to connect to an IPMI after. You are still trusting a third party regardless of who “owns” the hardware. All ownership really means is who claims it as an asset on their balance sheet. Beyond that it’s just marketing for people who don’t know how datacenters work.
You don’t seem to understand. Mullvad and ProtonVPN have physical control over the servers they own and secured them. Hosting providers never have direct access to the operating system or software running on those servers. The more control the provider has over their servers, the better.
That may be true, but it has nothing to do with ownership, so it seems the criteria you care about would more accurately be “physical control over servers”.
If the servers are in a datacenter you don’t own/operate, another party inherently has physical access to them and some level of trust is always required in them not using that access.
This seems like an unnecessary criteria. What I mean is what is the benefit of this additional restriction? Can you provide an example of a provider that meets current requirements but not this one, that would have a good chance of being recommended and isn’t?
All of our VPN servers run from RAM, with no persistent storage. They are all either owned by us or dedicated servers that we rent. We have physical control over the servers that we own.
Hosting providers never have direct access to the operating system or the software running on the server itself.
Physically owning your servers is more secure because no outside party should be able to access or control the server (and even if they did, the provider would know exactly who has access) and it gives the provider full control over the security of their servers making it easier to secure their hardware.
Dropping IVPN wouldn’t be a huge loss because there’s already two other providers that meet all the criteria including a partially-owned network of servers and basically everything IVPN does right, Mullvad does just as well if not better.
The problem with Proton is that you if you select the secure core option you are stuck with 2 hops, if you want to stay on 1 hop only you can’t easily chose a owned server.