In Australia Express VN and some other VPN's provide upto 100% cashback. I just dont understand what the business model is, if they make the VPN free. Are they selling user data or making a loss in the first year in the hopes that the user will start paying from the second year.
I would guess it’s a little from column a and a little from column b. First it’s easier to retain a customer esp when you do bonuses for signing up for a year, customer gets used to the VPN, forget the renewal comes round, then instead of shopping around get auto committed to another year with their current provider (Some UK ISPs would also use this tactic, auto renewing 12/18 month contracts so unless you cancelled within a certain window you were stuck with a buyout payment to swap providers, thankfully the industry got slapped down about the practice and I don’t believe any provider does this any more. Sure if you call up and get a reduced price they will tie you into a contract, but if you simply forget you get put into a rolling 30 day contract.)
Second you can get some very useful data monitoring at the network level and not keeping “user logs” for example how often are people from country X connecting to country Y to visit plane ticket sites or like Facebooks VPN to predict what the next hip new thing was so they could get in early. No need to log what each user is doing, just “look” at the network traffic patterns in and out of their servers.
Also there does seem to be fuck tons of money being thrown about when it comes to VPN (look how many YT sponsorships there are as an example)
This is a decent summary of some of the possible dirty dealings VPN companies are doing to make money: https://www.techuseful.com/hola-vpn-and-nordvpn-partners-in-.... Not sure how much of what was in the article was eventually proven to be true, but it does highlight a few possibilities.
In short, they can either spy on your browsing history and sell your data or they can hijack your bandwidth and resell it to shady people and you inevitably become part of some botnet.
Makes sense. If you're a junior player in the ad-serving space you can currently only observe the browsing habits of surfers accessing pages on which you have ads. Even on those pages, the trend is for the browser vendors to make this harder and harder.
Get 3 million VPN users through your funnel and you get eyes on all of their browsing habits... valuable data you can funnel in to serving better ads.
People using VPNs are also probably the people using adblock and are harder to market to.
Okie dokie. Was already going to cancel ExpressVPN and go for NordVPN on account of NordVPN supporting Wireguard, this just forced that to happen sooner.
I choose a VPN service specifically because I do not want to run my own VPN service.
Doing all the right things of making it fault-resilient and robust in the face of attack, etc… are all the sorts of things I don’t want to have to do for a home-built system. If I wanted to do that, I’d go start my own VPN company and sell that service to others.
And so you are suggesting someone trust Amazon instead? Ok....
Mullvad has, so far, managed to keep a rather clean reputation and have been leading the pack on the technical side for quite a while. They were the first major provider to support wireguard, they make it easy to pay them via all sorts of anonymous methods (including just sending cash in an envelope), and so far all info I have been able to discover shows that they are actually running and controlling their hardware in every location where the make that claim. Maybe there are better options, but among the major providers they seem to net out at the top of most lists created by people interested in privacy. As a supporting data point, the Firefox VPN is basically fronting Mullvad so if you think the Mozilla people did their due diligence homework you may consider that an additional point in Mullvad's favour.
> are you suggesting someone trust Amazon instead?
It depends on your threat model. But at some point you need to trust someone. I believe Amazon have more to lose by getting caught monitoring egress traffic than VPN operators who’ve been caught doing precisely that.
You are treating Amazon as an individual but VPN providers as a class. Cloud services have leaked data due to poor design and configuration, leaked secrets through low level hacks on shared hosting infrastructure, and routinely comply with warrants for the FiveEyes countries in which they are located. I would suggest OP not take my word for it or the word of any particular VPN provider, do some research and see what others have to say about Mullvad and privacy.
Amazon has nothing to lose by providing the RIAA with your instance netflow data and avoiding the legal costs alone would make it worth their while. Amazon has already built an interface to this data in CloudWatch Logs to show you that they are keeping the data, so why would you presume they would lose any reputation by providing this information to a third-party upon the presentation of a valid court order?
You can effectively choose to either have Amazon (or some other CSP) or your VPN provider as your ISP. Both are technically capable, and can therefore be compelled by court order, to provide network traffic logs. But given how many stories there have been here on HN about zero-log VPN providers caught keeping logs, and how simple it is to install WireGuard I don’t see the benefit in using a VPN provider.
