VPN Shame

A Compiled List of VPN Services That Have Been Caught Logging, Lying or Hacked

NameCheap VPN is Wrapped Up in IPVanish Logging Scandal — 17/12/2018

NameCheap VPN is Wrapped Up in IPVanish Logging Scandal

NameCheap, the Domain Name Registrar, has recently started a VPN service. It is a full fledged effort to enter the space, with strange unicorns and all.

It has the usual marketing claims of being private, fast and secure, but one thing caught my attention immediately. They have a large network of “40 locations and 1000+ servers.” Rolling out that kind of infrastructure takes a while. Not only do you have to design and implement your VPN services, but you have to work with and vet 40 different datacenters. Unless of course you don’t do any of that and just resell someone else’s VPN service…

Now, before we go deeper, I like NameCheap as a brand. They do a lot of privacy activism work that is admirable including working with the EFF, fighting for Net Neutrality, fighting to keep domain registrations private, etc.

NameCheap has partnered with IPVanish, who develops their apps and provides the network. They share the same servers and use the exact same technology. This means that if a person gets a NameCheap VPN subscription, they are really getting IPVanish and that’s a problem. IPVanish was caught logging their information after claiming that it was a no log service. After a violation of trust this large, no company should be working with them, especially if they take privacy and security seriously.

Because we are all about proof, let’s do some digging:

A Reddit user noticed some curious similarities between the IPVanish and NameCheap VPN website, showing that they both refer back to the same parent website.

This lengthens the list of IPVanish connected brands to VPNHub (PornHub VPN), Overplay.net, Unblock.us, Encrypt.me, and StrongVPN.

You should not, ever, trust brands that have outed (and lied to) their users before.

VPNHub is Tangled in the IPVanish and HighWinds Logging Scandal — 09/07/2018

VPNHub is Tangled in the IPVanish and HighWinds Logging Scandal

PornHub’s new business venture, VPNHub, is caught up in the IPVanish logging scandal, and the parent company aids building the censorship systems that VPNhub is trying to sell you!

When looking at the IPVanish situation and relating what companies are caught up in this anti-privacy scandal, we need to look for specific company names. IPVanish, its parent company StackPath, and the line of company acquisitions that led to StackPath. IPVanish was owned by a parent company, HighWinds, who also acquired a company who has hosting and routing resources called BandCon. Recently, all of these involved companies were acquired by StackPath.

So we have BandCon = IPVanish = HighWinds = StackPath.

VPNHub launched their new service a couple of months ago, and there’s a shiny looking app that seems simple to use and looks very flashy.

The only problem is that when you take a look under the hood, the app is connected to companies that log, and even further, the company has serious ethical conflicts of interest.

The process of verifying the connection to IPVanish is simple. You sign on to the service, select a location, and then Google “my ip” to see the exit IP address that the VPN server has.

You can then look up this IP to see whose network it belongs to with a simple Google search:

They are using Bandcon/HighWinds/StackPath servers.

Ethical concerns:

The primary marketing for the VPNHub service is the connection to the PornHub brand. The VPN is advertised as a way to circumvent blocks on porn or other content. That sounds like a match made in heaven until you realize that the parent company of PornHub (MindGeek) actually designed the porn censorship system that is in place. The company is selling both the lock and the key, and profiting from both, all the while potentially logging and collecting data while you’re on their VPN service through HighWinds/StackPath.

According to the VPNHub privacy policy at the time of this writing:

“We do not track user activities outside of our Applications, nor do we track the browsing activities of users who are logged into our VPN service.

Appatomic does not collect or log any traffic or use of its Applications or Services.”

This claim is interesting, considering they are using a companies’ servers that are specifically known to log user data, with court cases showing this activity directly.

If IPVanish can’t be trusted, neither can any other company that is using the same infrastructure. The fact that they are aiding censorship efforts for profit, while selling the method to circumvent them for profit is against everything privacy activism stands for.