I'm not surprised, given that I received 140% cashback(!) on their 2 year plan a while ago. Unless the hope is that most users forget to cancel before it renews, I'm assuming that I'm paying with my personal information.
It still does the trick for accessing bank and other websites from abroad (that somehow consider a VPN IP more trustworthy than a residential ISP in a Western European country, but that's a different story), but I wouldn't use it for anything sensitive.
I also definitely wouldn't run their client locally, and their Wireguard configurations are annoyingly only valid for 15 minutes after creation. (Weirdly, there doesn't seem to be any limitation on IKEv2.)
Sophira · 44m ago
Given what you said about not using it for anything sensitive, I'm assuming you're not actually logging into your bank... right?
lxgr · 27m ago
Everything is TLS-encrypted anyway these days, so the primary concern is metadata privacy.
When it comes to that, I trust VPN providers about as much as ISPs (i.e. absolutely not).
[2] I work for VP.NET and can answer any questions regarding the technology as well!
IlikeKitties · 2h ago
I strongly suggest that you use something like Network Namespaces through Vopono[0] or Gluetun[1] if you use a commercial VPN for "privacy" or "security" aka torrenting and shitposting. Relying on these clients is always a gamble and if your software (Browser, Torrentclient, etc.) cannot know you public IP only the internal IP of the VPN you are also safe against some exploits and misconfigurations a desktop client won't protect you against.
Wouldn't blocking IPv6 and using a kill-switch prevent leaking?
IlikeKitties · 1h ago
No, not in all cases. Imagine your Browser gets 0-dayed and just send all IPs it sees to an endpoint.
nikanj · 1h ago
I strongly suggest you disable ipv6, as nothing will break by disabling it but many things break with it enabled.
lxgr · 53m ago
That's not true anymore.
IPv6 allows for more direct connections for services like VoIP or Tailscale, since UDP hole punching between two firewalled public IPv6 addresses usually just works, but doesn't between two clients both behind a "port-restricted cone" or "symmetric" NAT.
As a result, connections have to be relayed, which increases latency and is just outright infeasible for some non-profit services that don't have a budget for relaying everyone's traffic.
Anecdotally, I've also heard that you can get better routing via IPv6 on IPv4-via-NAT-only providers these days, as the provider's CG-NAT might be topologically farther away than the IPv6 server you're connecting to.
indigo945 · 1h ago
Alternatively, disable ipv4. The same statement holds true.
ZiiS · 1h ago
Unfortunately this is not true, loads of cool techy stuff (Sentry, GitHub) etc still don't work properly on IPv6, less techy stuff really didn't care at all.
ta1243 · 1h ago
Lots of things will break if you disable ipv4, including my work provided zscaler windows laptop (and not break in the good way where it fails open when you block traffic to zscaler nodes on your router)
Very little will break if you disable ipv6
denkmoon · 3m ago
Enterprise malware not doing v6 properly hardly counts, it’s a good day for them when they don’t just bsod your entire network.
https://blog.thea.codes/nordvpn-wireguard-namespaces/
[1] https://cyberinsider.com/vpn-logs-lies/
[1] https://www.makeuseof.com/worst-vpns-you-shouldnt-trust/
It still does the trick for accessing bank and other websites from abroad (that somehow consider a VPN IP more trustworthy than a residential ISP in a Western European country, but that's a different story), but I wouldn't use it for anything sensitive.
I also definitely wouldn't run their client locally, and their Wireguard configurations are annoyingly only valid for 15 minutes after creation. (Weirdly, there doesn't seem to be any limitation on IKEv2.)
When it comes to that, I trust VPN providers about as much as ISPs (i.e. absolutely not).
[1] https://vp.net/l/en-US/blog/Don%27t-Trust-Verify
[2] I work for VP.NET and can answer any questions regarding the technology as well!
[0] https://github.com/jamesmcm/vopono [1] https://github.com/qdm12/gluetun
IPv6 allows for more direct connections for services like VoIP or Tailscale, since UDP hole punching between two firewalled public IPv6 addresses usually just works, but doesn't between two clients both behind a "port-restricted cone" or "symmetric" NAT.
As a result, connections have to be relayed, which increases latency and is just outright infeasible for some non-profit services that don't have a budget for relaying everyone's traffic.
Anecdotally, I've also heard that you can get better routing via IPv6 on IPv4-via-NAT-only providers these days, as the provider's CG-NAT might be topologically farther away than the IPv6 server you're connecting to.
Very little will break if you disable ipv6