I'm having a hard time understanding how this affects their customers. I understand a key was stolen from a Finnish server, and that the key expired last year (but still had a window between when...
I'm having a hard time understanding how this affects their customers. I understand a key was stolen from a Finnish server, and that the key expired last year (but still had a window between when it was hacked and when it expired that it was legit), but am not sure how that translates into what may have been compromised/what may have happened to me.
I don't really use my VPN that much except for when I'm mobile and am connecting to my bank, or pirating the Batman animated series... and Dating Naked, the dumbest reality show ever... and still got a cease & desist from Comcast.
Does this essentially mean somebody now knows I've watched Dating Naked? Because congrats.
Well for one they got the TLS key for the NordVPN website meaning that your https connection for that 7(?) month window could've been compromised. Aka anyone with access to your internet...
Exemplary
Well for one they got the TLS key for the NordVPN website meaning that your https connection for that 7(?) month window could've been compromised. Aka anyone with access to your internet connection from your ISP, government, or someone spoofing your WiFi connection next door or with a public WiFi connection could possibly put up a fake NordVPN website, getting whatever data you enter in there from logins to potentially private keys for proxies. AKA your account could very easily have been pwned without you or Nord ever knowing.
Secondly the way they got this and 2 other keys I'm not sure what are used for is they had !!!!root access!!!! to a NordVPN server meaning they could have stolen many other, much more vital private keys. At this point it's speculation but it's equivalent to someone being able to break into your house, and in your house you have a bunch of keys because you're a security manager of some sort. Now you might have seen some copies of just 3 keys online, but this tells you someone got into your house and made copy of your keys, meaning they had access to all your keys to make copies. You could see how this could be detrimental if your entire business is based off of security.
Finally one could argue this wasn't NordVPN's fault. Sure they had no control over the remote management software that was installed on their server, but they found out about the jack, and basically just sat there for 7 months telling no one, and doing virtually nothing about it. The whole thing with a VPN is you have to be able to trust them, because if you can't, then why even bother getting them. That's why some people don't like VPNs to secure there data/connection as it's a single point of trust. Now that it's been shown that they obviously can't be trusted to be transparent or do anything regarding security breaches, how do we know we can trust them to not keep logs of our data? Or to even simply encrypt it without a 3rd party also having access and being able to decrypt it with/without NordVPN knowing?
I was pretty close to buying a NordVPN subscription until this but like you said, how do we know we can trust them not to keep logs? I'm thinking I'll wait until the Black Friday sales and pull...
I was pretty close to buying a NordVPN subscription until this but like you said, how do we know we can trust them not to keep logs?
I'm thinking I'll wait until the Black Friday sales and pull the trigger on a ProtonMail/ProtonVPN subscription.
Personally I would recommend PIA. Many people have issue that it's based in the US, which I admit would be bad except they are the only VPN to have been shown in court that they don't keep user...
Personally I would recommend PIA. Many people have issue that it's based in the US, which I admit would be bad except they are the only VPN to have been shown in court that they don't keep user logs. This is of course the #1 thing you want a VPN to do and it's the only one out there that has been proven to do so, which is why I use it. Though here's a great rundown of all VPNs link
Why do anything? It just makes me feel slightly more secure. I think I got mine on a deal/they had like a 3-years-for-the-price-of-one and I just wanted to try it out, and it was after there was a...
Why do anything?
It just makes me feel slightly more secure. I think I got mine on a deal/they had like a 3-years-for-the-price-of-one and I just wanted to try it out, and it was after there was a ruling that my ISP can sell my data to third parties, so I was in a kind of "fuck you" mood at the time and thought a VPN would suffice, but it obviously doesn't if they knew me well enough to send the cease & desist.
To watch Dating Naked and pirate Batmanimated shows, based on their answer lol EDIT: I'm not trying to be sassy or rude, fyi. I'm just sarcastically reiterating what they said, as it looks like...
To watch Dating Naked and pirate Batmanimated shows, based on their answer lol
EDIT: I'm not trying to be sassy or rude, fyi. I'm just sarcastically reiterating what they said, as it looks like they watch shows not local to their country and download things they shouldn't be downloading from a legal perspective.
I'm having a hard time understanding how this affects their customers. I understand a key was stolen from a Finnish server, and that the key expired last year (but still had a window between when it was hacked and when it expired that it was legit), but am not sure how that translates into what may have been compromised/what may have happened to me.
I don't really use my VPN that much except for when I'm mobile and am connecting to my bank, or pirating the Batman animated series... and Dating Naked, the dumbest reality show ever... and still got a cease & desist from Comcast.
Does this essentially mean somebody now knows I've watched Dating Naked? Because congrats.
Well for one they got the TLS key for the NordVPN website meaning that your https connection for that 7(?) month window could've been compromised. Aka anyone with access to your internet connection from your ISP, government, or someone spoofing your WiFi connection next door or with a public WiFi connection could possibly put up a fake NordVPN website, getting whatever data you enter in there from logins to potentially private keys for proxies. AKA your account could very easily have been pwned without you or Nord ever knowing.
Secondly the way they got this and 2 other keys I'm not sure what are used for is they had !!!!root access!!!! to a NordVPN server meaning they could have stolen many other, much more vital private keys. At this point it's speculation but it's equivalent to someone being able to break into your house, and in your house you have a bunch of keys because you're a security manager of some sort. Now you might have seen some copies of just 3 keys online, but this tells you someone got into your house and made copy of your keys, meaning they had access to all your keys to make copies. You could see how this could be detrimental if your entire business is based off of security.
Finally one could argue this wasn't NordVPN's fault. Sure they had no control over the remote management software that was installed on their server, but they found out about the jack, and basically just sat there for 7 months telling no one, and doing virtually nothing about it. The whole thing with a VPN is you have to be able to trust them, because if you can't, then why even bother getting them. That's why some people don't like VPNs to secure there data/connection as it's a single point of trust. Now that it's been shown that they obviously can't be trusted to be transparent or do anything regarding security breaches, how do we know we can trust them to not keep logs of our data? Or to even simply encrypt it without a 3rd party also having access and being able to decrypt it with/without NordVPN knowing?
I was pretty close to buying a NordVPN subscription until this but like you said, how do we know we can trust them not to keep logs?
I'm thinking I'll wait until the Black Friday sales and pull the trigger on a ProtonMail/ProtonVPN subscription.
Personally I would recommend PIA. Many people have issue that it's based in the US, which I admit would be bad except they are the only VPN to have been shown in court that they don't keep user logs. This is of course the #1 thing you want a VPN to do and it's the only one out there that has been proven to do so, which is why I use it. Though here's a great rundown of all VPNs link
Why do you even use a VPN?
Why do anything?
It just makes me feel slightly more secure. I think I got mine on a deal/they had like a 3-years-for-the-price-of-one and I just wanted to try it out, and it was after there was a ruling that my ISP can sell my data to third parties, so I was in a kind of "fuck you" mood at the time and thought a VPN would suffice, but it obviously doesn't if they knew me well enough to send the cease & desist.
To watch Dating Naked and pirate Batmanimated shows, based on their answer lol
EDIT: I'm not trying to be sassy or rude, fyi. I'm just sarcastically reiterating what they said, as it looks like they watch shows not local to their country and download things they shouldn't be downloading from a legal perspective.