Yeah...
After all of their recent security issues and their lackadaisical response, I am never going to subscribe to NordVPN. It's not like they don't have a bunch of competition.
A vulnerability in NordVPN's payments platform allowed anyone to view users' payment information and email addresses, a startling HackerOne entry has revealed. By simply sending an HTTP POST request without any authentication at all to join.nordvpn.com one could read off users' email addresses, payment method and URL, currency …
Still happy with Nord and their client is one of the slickest out there. But more importantly, thanks to their TV advertising campaigns they are now a household name that will be quite rightly subjected to this kind of scrutiny. I'll take that in preference over any smaller, lesser known VPN provider whose security is still hiding in the shadows.
If my account was compromised here then some lucky hacker has in their hands my false name, disposable email address (disposed) and a Bitpay/bitcoin payment receipt. #opsec
Being subject to scrutiny is good.
Failing at even the most basic secure development practices is not. This one violates at least two of the OWASP Top 10. How did it get into production? Hell, how did it come out of Development? Why are they letting developers who clearly haven't been trained in the most prominent security issues in their domain produce code in the first place?
Have one of these for the very apt choice of article image!
https://nordvpn.com/blog/nordlynx-protocol-wireguard/
They claim to have implemented wireguard in a safe way : by making your system run the NordLynx binary, with root permission and going against everything what wireguard is made for...
The quote :
"However, it’s not all as great as it sounds. There’s been a lot of buzz about WireGuard lately. The protocol is still under heavy development, and it’s far from perfection. Yes, WireGuard can promise better connection speeds already, but its capabilities to keep users anonymous fall behind. "
Said by deceptive, misleading rogue company... They just need to pay third party website to spam of fake good review/comment, (they are legion on Google) .
Damn them.
I'm just curious.. If NordVPN is such a hoax and dangerous place, where are the safe alternatives? I wonder.
For all us normal people who needs some privacy and security I dont worry. The premium VPNs do what they should. If your'e planning to blow up the White House, it may be you should not use the net at all.
In Trump land, the world of conspiracies, there's another decease spreading. Paranoia. The chinese are lurking in the background, trying to get ya! (Tik Tok, Huawei..) I would be more concerned about the NSA or the way the more and more polarized americans select their information from medias with a political agenda. Dangerous future..