WebProNews

Tag: ExpressVPN

  • VPN Providers Abandon India Amid Privacy Crackdown

    VPN Providers Abandon India Amid Privacy Crackdown

    As expected, India’s new privacy regulations are leading to a mass exodus of VPN providers.

    India introduced legislation to force VPN providers to capture and collect customer data, defeating the very purpose of why many use VPN services. Many companies threatened to leave the country if the legislation passed, and they are now following through, according to Wired.

    “As digital privacy and security advocates, we are concerned about the possible effect this regulation may have on not only our users but people’s data in general,” says a NordVPN spokesperson. “From what it seems, the amount of stored private information will be drastically increased throughout hundreds or maybe thousands of different companies.” She adds that similar regulations have been “typically introduced by authoritarian governments in order to gain more control over their citizens.”

    Despite India having the highest VPN adoption rate last year, or perhaps because of it, the government began moving to force VPN providers to collect customer data. The government has tried to reassure the industry and its citizens that it would only take advantage of that data collection on a case-by-case basis. Many are not convinced, however, given India’s history of surveilling activists, critics, and political rivals.

    “VPNs by nature can be a privacy advancing tool and can be capable of protecting information security in multiple ways, being used by individuals and companies to secure confidential information,” says Tejasi Panjiar, Internet Freedom Foundation associate policy counsel. “They also help secure digital rights under the constitution, especially for journalists and whistleblowers, because the nature of information that’s transferred over VPNs is primarily encrypted, which allows them not only to secure confidential information but also to safeguard their own identity, protecting them from surveillance and censorship.”

    NordVPN, ExpressVPN, and Surfshark have all taken steps to remove their servers from India while still providing ways for Indian customers to connect to their VPN services.

  • India Blinks, Extends Deadline for VPN Rules by Three Months

    India Blinks, Extends Deadline for VPN Rules by Three Months

    India has pushed back the deadline for new rules governing VPNs by three months amid an uproar that has seen some providers leave the country.

    India’s Computer Emergency Response Team (CERT-in) was set to enforce new rules that would require VPN providers to maintain information and records on their customers, including full names, contact info, reason for using a VPN, dates when they used it, and much more. According to TechCrunch, India has decided to delay the implementation of the rules for three months until September 25.

    VPNs have been working to respond to the new rules. ExpressVPN and NordVPN made the decision to shut down their servers in-country, while other VPN providers threatened to do the same. Both companies would still provide services to the market, but customers in India would need to connect via servers outside the country. Other providers are still trying to determine the best path forward for them and their customers.

    Cybersecurity experts around the globe have denounced the regulation, saying it would severely weaken privacy and security for the Indian market. It remains to be seen if India will back down permanently or if this is just a temporary reprieve.

  • ExpressVPN Removes Its Servers From India

    ExpressVPN Removes Its Servers From India

    ExpressVPN has removed its servers from India in response to legislation that requires VPNs to track and log a significant amount of user data.

    India recently passed the Cyber Security Directions legislation, requiring VPN providers to log customer names, IP addresses, email address, financial transactions, and more. The government has taken a hard line, insisting VPN providers must play ball or leave the country. ExpressVPN is opting for the latter choice, announcing it is shutting down its servers in the country.

    ExpressVPN announced its course of action in a blog post, saying it was a “very straightforward decision to remove” its servers from India. At the same time, the company plans to continue supporting its Indian customers.

    “Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India,” the company writes. “These ‘virtual’ India servers will instead be physically located in Singapore and the UK.

    “In terms of the user experience, there is minimal difference. For anyone wanting to connect to an Indian server, simply select the VPN server location ‘India (via Singapore)’ or ‘India (via UK).’”

    By giving Indian users the ability to use servers outside the country, ExpressVPN can provide the privacy and security its users expect while remaining outside the reach of India’s new law. The company makes it clear it has no intention of ever complying with Cyber Security Directions.

    ExpressVPN refuses to participate in the Indian government’s attempts to limit internet freedom. As a company focused on protecting privacy and freedom of expression online, we will continue to fight to keep users connected to the open and free internet with privacy and security, no matter where they are located.

  • VPN Providers May Be Forced to Pull Out of India

    VPN Providers May Be Forced to Pull Out of India

    VPN providers may be forced to pull out of the Indian market over a new law that undermines the privacy VPNs offer.

    India passed the Cyber Security Directions, a directive that requires VPN providers to keep records of customer names, IP addresses, email address, financial transactions, and more for a period of five years. India has now signaled there will be no tolerance for companies that refuse to comply, according to TechCrunch.

    Numerous companies have expressed concern over the laws, especially VPN providers that specifically guarantee anonymity. Many, such as Mullvad, NordVPN, ExpressVPN, ProtonVPN, and others guarantee their customers a service that doesn’t track them or keep the kind of logs the Indian government wants.

    “The new Indian VPN regulations are an assault on privacy and threaten to put citizens under a microscope of surveillance. We remain committed to our no-logs policy,” said ProtonVPN.

    Rajeev Chandrasekhar, the junior IT minister of India, told TechCrunch that VPN providers who conceal who uses their services “will have to pull out.”

    The only services exempted are corporate and enterprise VPNs. The new directive goes into effect for everyone else in June.

  • ExpressVPN Offering One-Time $100,000 Bug Bounty

    ExpressVPN Offering One-Time $100,000 Bug Bounty

    ExpressVPN is offering a one-time, $100,000 reward to anyone who can hack its servers.

    ExpressVPN is one of the leading VPN services on the market, and is consistently recommended by many reviewers. Like a lot of companies in the tech industry, ExpressVPN offers bug bounties as a way of encouraging white hat hackers and security researchers to find bugs and report them, before they can be exploited by bad actors.

    The company is now offering a major incentive, in the form of $100,000, specifically for proof of “unauthorized access to a VPN server or remote code execution,” or vulnerabilities “that result in leaking the real IP addresses of clients or the ability to monitor user traffic.”

    Obviously, the company will require proof of the exploit, in order to pay the bounty.

    In order to qualify to claim this bounty, we will require proof of impact to our user’s privacy. This will require demonstration of unauthorized access, remote code execution, IP address leakage, or the ability to monitor unencrypted (non-VPN encrypted) user traffic.

    It’s a safe bet security researchers will be eager to take a shot at ExpressVPN’s services, with that much money at stake.

  • New York Times: ‘Stop Paying for a VPN’

    New York Times: ‘Stop Paying for a VPN’

    Writing for the New York Times, Brian X. Chen makes the case that it’s time to stop paying for VPNs.

    Virtual private networks (VPN) are popular tools people use to protect their privacy online. Theoretically, a VPN masks a person’s activity by routing their traffic through the VPN’s network. As a result, it’s much more difficult for third parties to track a person’s movement online. The individual’s ISP can’t see what websites they’re visiting, and the websites can’t easily track their activity.

    Unfortunately, the world of VPNs can be among the most mysterious and opaque in the software industry. Many companies’ ownership is obscured, making it difficult for customers to have any real sense of accountability. Still others engage in activities and practices that are questionable at best — such as ExpressVPN knowingly hiring a former US intelligence operative that worked as a hacker-for-hire for the United Arab Emirates.

    Even worse, as Chen points out, a number of high-profile and popular VPN services have been purchased by shady companies. Kape Technologies is one such company, and has been accused of developing malware by Google and the University of California. Unfortunately, Kape has bought CyberGhost VPN, Zenmate and ExpressVPN, the latter a service that routinely receives high scores and recommendations from a slew of publications.

    Chen makes the case that the current state of the web, where the vast majority of websites are using HTTPS, makes VPNs unnecessary for most users. In addition, for Apple users, iCloud Private Relay is specifically designed to provide a layer privacy, although it doesn’t truly compete with a VPN.

    As Chen points out, there are some situations where a VPN is useful, specifically when a user needs to mask their location in order to access certain content.

    All-in-all, Chen’s piece is a thought-provoking look at an industry that, while once invaluable, may no longer be meeting the vast majority of its users’ needs.

  • ExpressVPN Linked to UAE Spy Ring, Company’s Integrity in Question

    ExpressVPN Linked to UAE Spy Ring, Company’s Integrity in Question

    ExpressVPN may be one of the most popular VPN options available, but some are calling for users to abandon it as its integrity is now in question.

    The US intelligence community was rocked by accusations that former operatives had turned mercenary-for-hire, working for the UAE to surveil the regime’s critics. Code-named “Project Raven,” the operatives’ efforts were not restricted within the UAE. Instead, Project Raven included surveillance of the regime’s critics around the world, including the US. The targets included activist and journalists.

    This revelation has roped in ExpressVPN, as one of those former intelligence operatives working as part of Project Raven included the company’s Chief Information Officer, Daniel Gericke. Some concluded that ExpressVPN was not aware of Gericke’s past when they hired him, but the company has said they were aware of that past — and hired him anyway.

    The news has not gone over well with the company’s critics or customers. In fact, Gizmodo has gone so far as to say customers should look for other options.

    ExpressVPN acknowledged how much it knew about Gericke’s past in a statement:

    When we hired Daniel in December 2019, we knew his background: 20 years in cybersecurity, first with the U.S. military and various government contractors, then with a U.S. company providing counter-terrorism intelligence services to the U.S. and its ally, the U.A.E., and finally with a U.A.E. company doing the same work. We did not know the details of any classified activities, nor of any investigation prior to its resolution this month.

    The investigation ExpressVPN mentions is one led by US prosecutors. A deal was reached in which the defendants, including Gericke, were able to avoid jail time in exchange for fines, cooperation and certain employment restrictions.

    ExpressVPN goes on to explain why it hired Gericke:

    To do that job effectively—to do it, as we believe, better than anyone else in our industry—requires harnessing all the firepower of our adversaries. The best goalkeepers are the ones trained by the best strikers. Someone steeped and seasoned in offense, as Daniel is, can offer insights into defense that are difficult, if not impossible, to come by elsewhere. That’s why there is a well-established precedent of companies in cybersecurity hiring talent from military or intelligence backgrounds.

    The company says its decision ultimately paid off:

    Since Daniel joined us, he has performed exactly the function that we hired him to do: He has consistently and continuously strengthened and reinforced the systems that allow us to deliver privacy and security to millions of people.

    Even if ExpressVPN was not aware of an active investigation into Gericke, it’s hard to imagine the company couldn’t see potential issues if they were aware of his past as they say they were.

  • Mozilla Expands VPN to Mac and Linux – Testing Included

    Mozilla Expands VPN to Mac and Linux – Testing Included

    Mozilla has been looking to expand its services and products beyond its Firefox web browser in an effort to diversify its profits. One of those endeavors is its VPN service that started life as a Firefox extension, before transitioning to a closed beta and then a publicly available service.

    The initial releases, however, only supported Windows, Android and iOS. The company has now expanded its support to include macOS and Linux, rounding out support for every major platform.

    Mozilla VPN currently offers service in the US, the UK, Canada, New Zealand, Singapore and Malaysia. This makes its focus far more narrow than competing services, such as ExpressVPN, although Mozilla says more countries will be added.

    Mozilla promises it doesn’t log network activity and doesn’t restrict bandwidth. Like many of its competitors, Mozilla VPN can be run on five different devices from a single account.

    The company has claimed that its service is faster than rivals because it uses less code. In our testing, however, those claims seem highly subjective, based on the selected VPN server.

    For example, starting with an internet connection that averages 35 to 40 Mbps, we connected to Mozilla VPN using the three closest available locations. Two of the locations yielded speeds ranging from 0.37 to 0.44 Mbps. The third location, Chicago, yielded speeds of 32 and 33 Mbps.

    Mozilla VPN Speed Tests
    Mozilla VPN Speed Tests

    While not comprehensive, our brief testing shows Mozilla still has some work to do before it rivals ExpressVPN, widely considered the fastest service available.

    Nonetheless, with Mozilla’s well-established reputation for protecting user privacy, their entry into the market is a welcome one.