How Is NordVPN Unblocking Disney+?
https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30
Interesting way used to catch them, using the Akamai header.
Only thing left from the article would be a portscan proving that a big percentage of the listed hosts are webcams, home routers and other insecure IoT stuff. They use a backconnect to route traffic trough compromised hosts, this is common practice in the VPN industry.
I'm of course biased, but think twice before supporting with your wallet this kind of scum.
Tagged:
Comments
If what is written in that article is true, isn't this pretty much highly illegal for NordVPN to do?
I've only used a few commercial VPNs, and only stick with PIA now, and I've never seen any popular commercial VPN do this.
ExtraVM
Depends on how they gain access to the proxies. If the users (who serve as relays) agreed to run the proxies on their computer, it's probably not illegal.
However, if they use compromised machines.... that's a whole another thing.
SkylonHost.com High Bandwidth European Cloud KVM | AS202297
Yeah, it's mostly illegal and there is a whole industry constructed around the lack of public knowledge about the practice:
https://medium.com/@xianghangmi/resident-evil-understanding-residential-ip-proxy-as-a-dark-service-dea9010a0e29
The only "legal" service of this kind would be Hola/Luminati since they kind of ask permission from their users, as far as I am aware.
This backconnect technique is exactly the same which has been used by carders for decades, but now there are "legal looking" services providing this for geoblocking bypass, bots buying concert tickets and limited edition sneakers, scraping... that kind of stuff.
OpenVPN installer | WireGuard installer
Yeah, I'm talking if they end up mostly being compromised IoT devices, that would be really bad since large commercial services would be fueling it.
ExtraVM
The second link I provided shows context on the number of positively identified IoT devices (nearly 50%). You can't just identify every device, but gives a good idea of what is going on.
OpenVPN installer | WireGuard installer
Damn. I regularly use a VPN. Is there a way to check if my network is being (ab)used in this way?
It's pronounced hacker.
Generally speaking it isn't being abused from your VPN usage, except if you are using Hola, then yes.
They source those hosts from other places, your VPN provider isn't using you as a host. A different question is if you can trust them.
OpenVPN installer | WireGuard installer
Oh, I get it. I'm an idiot. Still not cool. I use AirVPN. I like their philosophy in general, I certainly hope they're not stooping to this level of assholisness.
It's pronounced hacker.
Very concerning, thanks for the share.
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
Yikes
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
Eyebrow raised
This should be popcorn material soon.
maybe PIA and Ivacy do the same?
I was confused why they needed the Akamai header thing instead of just going to whatismyipaddress.com or similar.
Do these VPNs route your traffic via different IPs depending on the traffic destination? If so, even that is a bit shady and unexpected.
root@notty
P0rnhub got Into VPNs With VPNhub
Just dropping this here.
THIS is something I am going to read in detail with interest, this could be a huge deal if it gets blown open by the popular media.
Someone link the Linus Tech Tips forum to here to read about it
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
https://torrentfreak.com/private-internet-access-to-be-acquired-by-kape/
These are actually pretty serious allegations, albeit coming from an unknown Medium author. I'd like to see some kind of independent verification before we jump to conclusions.
Perhaps someone who has NordVPN can try out the curl command in the article and report back?
root@notty
I'm def not renewing PIA after them being acquired recently.
Gonna try my luck running own VPN
Take a look in to the NAT world, between me, @mikho and @cam you have the choice of around 16 locations world wide.
I suppose it depends on what you use them for.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Not to brag, but I got 14-15 locations on my own
https://clients.mrvm.net
ok about 20 then.
MR.VPN coming soon?
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Yeah think I have some of your 256mbs.
Might post something elaborate in technical section at a later stage, but getting some blog stuff up and running is priority
Well, not so shady in itself.
Imagine I want to connect to a server in The Netherlands for my normal activities, but also want to watch US Netflix. They will provide the NL connection and redirect some Netflix traffic to the US residential backconnect.
They will always try to route as little traffic as possible through the backconnects because it is slow and expensive, only whatever is needed to pass the geo checks.
Of course that would be good (and easy to do) but I have no doubt. There is not any other way to access this kind of residential-restricted services, you can't rent a server anywhere, a real residential connection is needed and you need lots of them because otherwise they would be banned and of course they are slow and unreliable.
Maybe you already know, but maybe try combining this:
https://talk.lowendspirit.com/discussion/186/inception-hosting-black-friday-servers-from-2-33-p-year-30-discounts
With this:
https://github.com/Nyr/openvpn-install
Lots of people will give assistance here if you need help figuring things out.
OpenVPN installer | WireGuard installer
Amazingly it seems there are patents covering these "methods" for obtaining the IP addresses. Maybe not be quite as bad as IoT botnets, but still extremely dodgy. I'll be thinking twice the next time I download a "free app".
https://cdn-resprivacy.pressidium.com/wp-content/uploads/2018/08/Luminati-Networks-LTD-vs-UAB-Tesonet.pdf
(Edit: this is not NordVPN's patent. It seems Tesonet the defendant is allegedly linked to Nord)
root@notty
Yeah I would just throw a VPN on a LES " @AnthonySmith @mikho " or @cam box. In my testing they have been reliable and they do the job for so little money!
A classic act done with a shell company.
That's not uncommon, particularly with VPNs that advertise unblocking content located in different countries as one of their features. For example, some VPNs let you watch American Netflix, BBC (UK), and ABC iView (Australia), all without having to switch to a different VPN endpoint to change the country. In cases like that they tend to configure their routing tables so that particular IP ranges are routed differently - Traffic destined for Australian services will be routed via Australia, etc.
Daniel15 | https://d.sb/. List of all my VPSes: https://d.sb/servers
dnstools.ws - DNS lookups, pings, and traceroutes from 30 locations worldwide.
So breaking this down in to super simple terms, if all the IOT things were to universally patch their shit, the VPN providers employing this tactic are dead?
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Interesting that they figured this out using an Akamai header that it's generally considered best-practice to block access to for security reasons.
I haven't seen any proof that they are actually using compromised IoT devices. Most likely that they get access via dubious "free" apps that unwitting consumers have installed - see the quote from the legal document I posted above. Still pretty dodgy mind you.
root@notty