I was having a problem with my VPN provider this morning, and it came to me as a revelation, that providing VPN must be a pretty tough business, and also that maybe the fact that we (users) don’t understand (or choose to ignore) intricacies of that business makes us get less privacy, worse service than we need:
Most VPN providers charge $5-10 per month, give or take. This is probably not a bad deal if you have thousands of customers and all works smoothly every time. But when you service many customers at once, every glitch gets a storm of support requests. My VPN provider had a glitch which was its own fault, however it took the customer service rep probably an hour of work to figure out, and likely more, because he likely had to ask manager, another fellow employee, etc. Company literally spent a couple months of income from me to resolve my problem. I would imagine companies have to cut some corners as far as support goes, considering how costly it could be.
Public image: when I had my problem, I was pissed off. It literally ruined my morning. I was ready to go on reddit and blast it on every subreddit I could get to. Luckily, the problem got fixed, but if I did it, could have cost them a few customers, likely more than just a few. So, you got to balance between support and smoothing stuff up with really pissed off individuals like me
I would imagine, pressure from music and film mafia to unmask the customers is immense. But at the same time, the VPN provider which reveals customer is likely to ruin its image, and not get any new customers, like EVER. Because user trust is their capital, which could be lost in a second. At the same time, I’m wondering how do the companies cope with pressure from MPAA/RIAA? It’s probably mind boggling. I am pretty certain, these guys can and will play dirty. So, I guess my question is, whether VPN companies may quetly cooperate with these folks without admitting it publicly, or maybe cut the corners some other ways?
Most VPN proviers advertise unlimited data transfer. Does traffic cost become a real issue for some client who take advantage of that? I would imagine, it could be!
In general, what tips could be given to selecting a good VPN provider, and by “good” i mean: 1) privacy-respecting and ethical, 2) technically sound/stable, 3) financially stable?
We charge more than that, but our business model is different from most VPN providers. We have certified staff and pay for external security audits, and we also spend substantially more on network resources than most of our competitors.
PR is a serious issue and the larger companies have ample resources to use both legal and illegal means to stomp out their competition. There are a lot of growing pains you go through as the VPNs on top throw everything and the kitchen sink at you to try to derail / bankrupt your company.
If the VPN is structurally set up the correct way, the copyright psychos have no legal authority over a VPN. It takes legal resources and the proper network topology to acheive that goal. If VPNs were quietly working with copyright agencies, you would hear about it very quickly from angry users. It happens here regularly with some of the less private VPNs.
It’s a wash. Our business model is set up to absorb so much data usage per customer on average. Some are way over, and some are way under, but it all evens out. Although I will say this, high quality bandwidth is expensive. No VPN that is charging $3 a month can remain profitable and also run a 12 carrier mix of T1 providers, that is unless they are cramming so many users through the lines that the speeds are terrible, despite the high end network.
5.1. Look at their privacy policy. See if they mention logging or data retention. On ethics, see if they have affiliate programs, there is where a lot of the fake reviews and black-hat marketing crap comes from. Furthermore, see if their service works with the Open-Source openvpn client. A lot of VPN services have closed-source clients and some of them only work with the open-source client with reduced settings or missing features.
5.2. This one is hard, because you will never get a fair review of any VPN on a forum like here, and the web is littered with fake “review” websites that are just there to farm affiliate cash. There are paid shills everywhere, and there’s a large measure of “Playstation vs Xbox” fanboyism to boot. My best advice is to look at the other criteria, select a few VPNs you might like, and try them each out to see which one you like best.
5.3. See how long the VPN has been around, and how seriously they take things like security. Most of the VPNs that have had financial problems have been related to security breaches.
It’s tricky enough running a service for legitimate users… but spammers + scammers + hackers make it even harder!
We tried to organise a meetup of all the decent VPN providers to discuss these issues and responsible ways of dealing with them. We contacted everyone on TorrentFreaks 2014 list… but only Mullvad and iVPN.net were keen and only a few others were interested. Shame.
Customer support is the #1 issue that a good VPN needs to get right. We try to reduce the amount of support by having good software, setup guides, FAQs and automated responses to common issues… and we try to be there on LiveChat and quickly answering tickets if customers do have issues. We spend more time helping customers with their issues than fixing problems with our VPN and I’m sure it’s the same for most VPN providers.
We simply offer a 100% no questions asked refund to any customers that are unhappy. As a result you can find 1000+ reviews of blackVPN which are mostly positive.
The MPAA/RIAA have never asked us to unmask a customer. We try to reduce the amount of DMCA’s we get by banning P2P/bittorrent on our USA + UK servers. Law enforcement is a bigger headache to worry about… but somehow some big VPN providers still get 5 star reviews even though it’s public knowledge they gave up at least one of their customers due to a court order or just voluntarily.
With thousands of customers spread over multiple timezones it becomes less of an issue.
In regards to 5 - Whatever you do, don’t go for a U.S-based provider, as they are subject to draconian anti-terrorism legislation. This is relevant because even though U.S-based services are not required to log data, they can be compelled to not just do this, but also to keep quiet about it lest they themselves go to jail for aiding/abetting terrorism/whatever the government agencies threaten them with, thanks to the Patriot Act extension signed by president Obama.
TL;DR - Don’t go for an American VPN provider if you actually care about privacy and ethics.
are you saying this as somebody who works in this business, or just restating what’s generally known? This is not a sarcastic question, I’m genuinely interested. The reason being is that obviously majority of traffic is likely some sort of torrents. It’s hardly a justification for issuing nat security letters. If that’s routinely done on wholesale VPN traffic, it does not sound plausible to me that this never leaked out as part of Snowden revelations.
I disagree with that. Overseas VPN’s are subject to the U.S. policies also, they just have different tactics available to them.
They don’t have to use legal means to acquire the desired information. They can send a Seal Team to your house, abduct your entire family, threaten to kill them unless you turn over the information they want.
I think you’re engaging in wishful thinking; It would be great if this was guaranteed to work, but it’s not; there’s no legal precedent. Think about it like this: These people reside in the same grey areas from which the concept of a warrant canary arose. They know this shit. The argument is that the state can’t force you to update a page, and that it’s unethical and wildly over-reaching for them to force you to do so or assume bad intent upon you failing to update it. Fine, but they can easily get around this by not making YOU update the canary, but taking it upon themselves to do it. They’re not limited to warrants, either.
If you can refute something I said, do it. Right now it just seems like your mockery is an attempt to reduce your own cognitive dissonance because you’ve chosen an American one. If you’re gonna reply, stop this strawman crap and read my conversation with VikingVPN admin here in this thread. Otherwise just don’t.
I did. He was right. You were wrong. You made a fool out of your self. I love the part when you say they will just update the warrant canaries themselves. I don’t think you get how a warrant canarie works.
You don’t know if they can, but let’s assume they can’t for the sake of argument. What stops them from showing up at the door of those two people responsible for access to the warrant canary at VikingVPN.com and threatening them with the relevant piece of the Patriot Act?
He acknowledged what I said when he admitted that they were ready to spend time in jail after I told him they don’t get the opportunity to challenge it legally; that is a tacit admission, a very basic one that you somehow failed to spot.
If you can actually tell me how I misrepresented the ninth court of appeals situation with the staying of the order or anything else, say it. Put up or shut up. I’ve backed up what I’ve said in relation to the Patriot Act and the aforementioned, whereas you’ve resorted to mockery and “Nuh-uh” as witnessed in your latest post. I don’t get where you’re coming from with the part about me not understanding warrant canaries stuff, either. Nothing prevents the NSA from gaining access to it and routinely updating or not updating it depending on which type it is if they’ve been given administrative access to the website by the court order. It’s obvious that you’re just deluding yourself because you don’t want to face the fact that (your) American VPN’s legal gymnastics are, quite frankly, irrelevant in the face of the Patriot Act and the NSA.