Any VPNs comparable to IVPN and Mullvad by privacy, but also have port forwarding?

German The Jackal@pawb.social to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.com – 106 points –

Since IVPN and Mullvad are both phasing out port forwarding, are there any alternatives? I am not looking for something like NordVPN which is a privacy nightmare. AirVPN is also not private enough considering I’ve seen reports online of ISPs sending out DMCA letters of gold to its users.

80

I switched to protonvpn recently and it seems pretty good, I was getting a lot of websites blocking me when I was using PIA and that seems to not be a problem with proton.

Personally I don't trust Proton. I know I'm paranoid, but can't be too sure about anything these days. To my knowledge MV and IVPN are the only ones with a nice privacy reputation. Shame they are cutting port forwarding

Proton only started logging his IP after they were legally forced to do so, just like any other law abiding company would have to do.

Proton offers an onion site of Protonmail which the activist should have been using since he allegedly committed

theft and property damage, crimes - the latter two - that enable surveillance

this is a case of user error and bad opsec, not a company bending over backwards to share their users information. If you're going to do things that are likely going to get you arrested, no matter how noble the cause, make sure you have excellent OpSec

To add to that, email and vpn are different. It's easy to force logging of a specific email address when forced to by law, but doing that based on vpn ip address only is more problematic

and iirc Proton took the Swiss government to court after that and won a case reclassifying email legally so that they can't be forced to disclose IPs like that again in the future

Can’t they just log your account? You have to have an account with Proton to use their VPN. They can absolutely log your activity such as logging in, when you connected/disconnected, to which servers, and, more importantly, where from exactly (your original IP address)

Proton doesn't keep logs by default unless legally forced to.

Law enforcement would have to know the email account to make them log it. If they know the email account you're using with ProtonVPN then thats user error and bad OpSec.

In the example you linked, if law enforcement didn't know the guys email address then they couldn't have forced Proton to log his IP.

Bad opsec? It’s a bad VPN if it needs an email at all. Look at what IVPN does, they don’t even have a requirement for emails to register. I’m pretty sure Mullvad just recently was raided by authorities seize whatever they want they said, won’t find any user data they said. And they didn’t. Also proton redirects or used to redirect from onion to clearnet when you signed in. It simply isn’t up to par with IVPN and Mullvad. What’s the point of a VPN where a government can just request them to leak your data? No matter how, AT ALL! What constitutes a big enough crime for them? What if next day it’s downloading Frozen II.mkv?

Proton requires an email because they offer a free tier, without some way of regulating users their servers would be overrun with bots and spam...

The difference between what recently happened with Mullvad and what happened in the article you linked about Proton is that with Mullvad they were looking for general user data for VPN usage, not a specific persons email account like with Proton.

If a copyright holder or law enforcement is in a torrent swarm and logs all of the IP addresses of the seeders of Frozen II and then goes looking for the users of those IPs then ProtonVPN and Mullvad VPN would have the same response - No logs, no idea

Sure, not having to register with an email with Mullvad and IVPN is great but they're not offering port forwarding any more so we recommended ProtonVPN and you said you didn't trust them because they followed the law, if Mullvad or IVPN offered email services then they would have to do the same thing Proton did.

If you make a ProtonVPN account with the sole purpose of torrenting then all you have to do is not publicise your Proton email along with the fact that you're torrenting and then nobody can really do anything about that because law enforcement can't go to Proton like they did with that guy because they don't know the account linked to you.

I didn't hear about the onion issues, but again unless Proton was specifically told to log specific users IPs then even if they were redirected, their IPs wouldn't have been logged in those instances.

Its still user error, he must have publicised his Proton account, law enforcement found out about it and his IP was logged under Swiss law, thats user error. Its crappy that thats law but if you're going to do things like that then you should know how to protect yourself properly

Even worse:

The identity and location of the activist was already known to the French authorities (they had already been evicted once before for squatting, and the nature of squatting means that their location is known).

So they were probably not using a VPN to connect to Proton Mail, which was the specific target, since e-mail and VPN providers were treated differently under Swiss law until Proton and Threema fought the government on this issue. Tutanota had a similar issue. If you're gonna rely on these services to break their jurisdiction's laws, you should be covering your own ass with bulletproof opsec, because businesses with millions of accounts are not gonna shut down and burn evidence in order to protect one user. In the Proton case, the activist apparently connected to a known Proton Mail account with no VPN or Tor; in the Tutanota case, only e-mails that were not end-to-end encrypted would pose at risk

ProtonVPN

Personally I don't trust Proton. I know I’m paranoid, but can’t be too sure about anything these days. To my knowledge MV and IVPN are the only ones with a nice privacy reputation. Shame they are cutting port forwarding

I think it's worth reading Proton's response on this and also worth noting Proton recently won Swiss court ruling (as in they paid for the lawyers and brought the case up et al.) that should help make it so proton isn't legally obligated by the Swiss government to do such things again.

You can also avoid what happened here by using the TOR endpoint Proton provides to login to their services.

It's refreshing being on Lemmy and being able to see a good discussion on vps with (unlike reddit) no bot comment spam and no users engaging in paid shilling.

What about Windscribe? They seem to have port forwarding available.

Privacy is so atrocious that their damn private key was compromised

But they fixed the issue, and documented on why it happened and how it got fixed on their blog. Pretty transparent to me.

Yeah, they fixed things and owned up to it, best you can do when you fuck things up: https://blog.windscribe.com/ukrainian-server-seizure-a-commentary-and-state-of-the-industry-e71e8d205b26/. I feel like people give them too much shit for this, just like with that Proton climate activist case

Agreed. Though Proton was barely affected since everyone started to dickride them for all their other services. Unfair treatment, but that's what the privacy community does nowadays 🤷

I suspect ProtonVPN will remove port forwarding soon enough. Mullvad had valid concerns with removing port forwarding, and I expect the industry to agree. I'm not sure what the answer to this problem is.

They literally just launched portforwarding on proton vpn this year

Hi, check this comment. It seems like it will be able to work without the concerns that Mullvad has had. I suppose in theory the bad actors can use a synchronized scheme like this as well - if they realize that, ProtonVPN may still end up with the same amount of problems and need to shut it down.

Some people here are saying i2p may be the future https://lemmy.dbzer0.com/post/259433 Sounds like Qbittorrent is planning to provide i2p support too. So hopefully port forwarding won't matter as much for future releases.

The main issue with I have with how the current i2p implementation works is that it essentially creates a walled garden in the torrent network, as i2p users can't seed out to non-i2p users, they can only leech from them. I feel like that would needlessly split the network, which relies on having as many people as possible seeding. Frankly I don't know if its even possible to work around that, but I'll need to see how it plays out. Also, there needs to be at least one person with a port forwarded on any given torrent. utp only peers cannot seed independently, from my understanding.

I think i2p or something similar where people can run a router and provide bandwidth to the network and help hide what other users are downloading (which is how i2p works but its not super fast sadly)

I saw someone say that Proton implemented their port forwarding in a different way than Mullvad that negates a lot of the issues that caused them to axe it

Hi, I looked into this and from what I can gather, ProtonVPN gives out temporary ports for port forwarding. I'm not 100% how long these ports are leased for, but as long as you run a script like this to move your torrent client's port around to match ProtonVPN's, I can see how this would work. It's not perfect, but it's workable. I wonder if Mullvad will implement something like this to achieve parity.

Yeah that sounds right. I use Proton and the ports are randomly assigned when you connect. I just manually put the port in qbittorrent each time, it's not too much trouble.

AirVPN! Been a customer for 7-8 years.

Edit: I see AirVPN was mentioned by op in its post. Regarding it being “not private enough” and reports of users receiving DMCA notices: I highly doubt these reports are correct, and even it they were, I don’t think it would be the fault of AirVPN. From a technical perspective AirVPN is excellent. They offer every feature you can imagine and allow you to work with native WireGuard, OpenVPN or their own client.

But this technical freedom might lead to some misconfigurations out there, like DNS leaking due to not enforcing changes to resolv.conf etc. if you’re not that technical, use their official client.

Big fan of Air. The owner is a cool guy, they support privacy orgs, and the VPN itself is great.

Is AirVPN out of the question? They’ve still got port forwarding

No public audits - I don't trust. Italy is also not exactly a privacy (and personal rights) haven.

Would you consider server seizures by LE with no data found to be valid proof of no logging? If so there are a couple VPNs I know which you would probably like.

Sure, shoot. I’ll research anything. Just that everything so far has either been a privacy disaster or “oh don’t worry they only leak your entire data when you break the law! it’s your bad opsec!”

Some lesser known ones :

  • Perfect-privacy, they have had 2 or 3 server seizures in the past and 0 information was found on them. It is a little pricy at $13 a month, but I do believe they stand up to their promises.
  • Cryptostorm, they are very transparent on their forums (which you can only access on an onion service) aswell as their blogs. Iirc $6 a month and $16 per 3 months.
  • nVpn, pretty sure they've have a server seizure with 0 information found, but when you buy this you can only get one server, huge downside imo.

All of them have port-forwarding, only Perfect-privacy is missing wireguard, which is a downside if you have 1gbit fibre. Lmk if you got questions!

how exactly do you trust a company because of an audit that they dont log? they can easily just turn off logs for when they are going to be there then turn them back on afterwards

IVPN is getting rid of forwards!? Shit I just bought a year worth after mullavad stopped their port forward.

You keep ports until September (forgot the date). I would recommend looking at Blackhat/scene VPNs if you want port-forwarding and a low chance of them disappearing.

Torguard supports port forwarding. I'm not sure how it ranks in privacy though.

I bought 2 years from them a while ago but was required to:

  1. enter an email
  2. use my address to purchase

Good product though. Horrible SOCKS5 proxies though, almost 90% downtime. Not to foremention the horrible support from the admins - the normal support was amazing though.

Really up to you if you want the compromises, though there are better VPNs for privacy out there.

AzireVPN added port forwarding, it’s also sweden based but lags the audits

I moved from mullvad to ivpn and now again on the lookout. I guess i2p is “the future” but right now I’m not sure how that works with private trackers.

Whilst you can still torrent without port forwarding I don’t think seeding works right?

Seeding still works without port forwarding but uploading your owns torrents is not possible

You also can't be the only seeder on a torrent for the same reason.

Good to know. I am on a private tracker that requires it so will test proton vpn. If they remove it then I guess I just leave the tracker. 🙁

Which one is that? Any I have seen just requires to seed with no mention of port forwarding.

Without port forwarding your tracker will show you as disconnected and not give you credit.

1 more...

That's not entirely true- you can upload your own, but you can only seed to users that do have port forwarding. On many trackers, that initial seed is all going to seed boxes with an autograb script enabled anyway, and those do have port forwarding.

1 more...

maybe have ID you can put into a client to send when your downloading? or maybe just private trackers fade away out of relevancy?

There are other alternatives, mainly Blackhat/scene VPNs which have server raids multiple times because of very illegal shit being done by the users, which I doubt will remove port-forwarding simply because of DMCA lol...

1 more...

PIA have port forwarding.

I know they’ve been one of the top recommendations from TF for years.