Hey! So a few months ago I did some research on netflow data collection and monetization (such as what’s done by Team Cymru - https://www.team-cymru.com/).
They’ve been featured in a bunch of places, but I thought there wasn’t really a “centralized“ place collecting info on what they were doing and who was using them, which is why I wrote it down: GitHub - beescuit/netflow-data: Collection of publicly available resources related to the collection, sale, and implications of netflow data. · GitHub .
An interesting finding that I had was that multiple big privacy-focused VPNs were potentially providing netflow data to Cymru through a hosting provider called Tzulo. At the moment, their biggest clients seem to be Mullvad and Windscribe.
According to Mullvad’s website, 22% of their global servers (127 out of 582) are hosted by Tzulo.
I ended up reaching out to them in March last year regarding this. The only provider that did care was Windscribe, which ran an investigation and found out that Tzulo was indeed sharing data with Team Cymru through their upstream provider Sharktech. I’ve posted their raw response to me on twitter: https://x.com/beescoitu/status/2035237706394145151.
Not sure what do do with this info, but I guess it’s a fun fact. Remember to use multi-hop and potentially DAITA if you care about your privacy.
