From his telegram
I will be releasing a torrent file that should be spread to as many people as possible. Please only use torrent if you absolutely know what you are doing. It is possible to dox yourself with torrents if you don’t correctly setup your security.
edit: Don’t stay up late waiting for this torrent, it is still being prepared and needs hours to complete.
If one person holds an important file, that person is an easy target. If a million people hold an important file, the file becomes an impenetrable shield for all.
The key term was “Good VPN”.
NordVPN is a good vpn to many and they were knocked over, kept logs they said they didn’t, and those were exposed to a non-disclosed state actor - all while Nord kept their mouths shut and refused to disclose for months as they didn’t know how long they had been knocked over & that reality broke their entire business model.
If you want to explore there are quite a few free VPNs. VanwaTech that acts as the CDN for 8Kun provides a free VPN.
Edit: also do not use any VPNs in Europe. GDPR requires them to log
NordVPN had a single server that was compromised due to the people running the farm leaving on a remote access system that Nord wasn't even aware of, let alone was responsible for. Read more here.
They have an intact warrant canary: https://nordvpn.com/security-efforts/
They also have passed multiple third-parties' no-log audits to confirm that they don't keep any logs.
So unless you have some evidence of this state actor getting logs (that aren't kept?), I'll have to disregard your post.
As with anything "free," if you aren't paying for it, you are the product.
I work for a high level employer.
Nord never told the truth.
I hope some folks in the field can back me up on containment protocols via PR.
I personally call it the NDA Container
Edit: Nord -> Tesonet:
TorGuard Residential VPN NordVPN CloudVPN ProtonVPN VyprVPN Hotspot Shield UltraVPN ZenMate TunnelBear PrivateVPN
I implore you to look deeper at this as there are quite a few indications. Du Sprechst Asus Deautsche gekannst?
https://www.kuketz-blog.de/android-nordvpn-uebermittelt-e-mail-adresse-an-tracking-anbieter/
Can prob translate that. Essentially Tesonet is involved in HFT and also providing services. Nord does fun things like include 3rdParty software unabated within their own apps and Infrastructure. This is a huge no no. It’s asking for risk.
In regards to the state actors:
What I can tell you is that CVE-2017-12542 was used.
In my circles this was a big deal as we were not used to seeing an ARM firmware spoopy.
https://www.synacktiv.com/en/publications/rce-vulnerability-in-hp-ilo.html
So again NordVPN claimed a web interface was “left open” by a DC Contractor and “one” host was affected.
In legalese this means “we got exploited and we are going to hide behind host without clarifying what we mean by host ( ambiguous legal term )”
Now what was specifically interesting was a fuck ton of shills popped up when Nord disclosed and blamed this all on Dell.
It had zero to do with Dell. Why the blame?
Cuz it was a 8 year old HP exploit.
If you have your salt - State Actors AGGRESSIVELY collect exploits like heart bleed, keep them private, and use them for as long as possible.
I find it hard to believe HP either didn’t know or was cooperating. Firms the size of HP have squads of researchers locally and on contract beating the shit out of these firmwares. Higher the deployment rate the higher the audit as the risk factor is in parity.
Any sauce on ExpressVPN?
They’re actually known for not just providing a solid VPN - but being dragged into various National Court Cases where prosecutors actually seize their servers and confirm, openly, no logging & extremely secure practices.
That’s not common. I wouldn’t be worried about them. Using them as a daily driver isn’t a bad idea.
$100.00/annual seems a bit steep - with articles like https://www.expressvpn.com/internet-privacy/delete-online-accounts/ I wouldn’t mind paying it just to get solid businesses out there. I dig companies like ExpressVPN that practice good John Perry Barlow-esque educational takes.
I second y000danon and I remember Nord tripping over their own feet covering up their mess when this happened. If you are still using them, I would cease immediately and look for a new provider stat.
Sage advice. I would generally avoid USA-based ones as well, especially in this current political climate.
Agreed.
Honestly staying online these days is wild as the content is getting harder to come by in terms of quality research.
I am actually using a method that dumps data all over so my isp has to pick through shit tons of crap data ( which is also encrypted ) to see real packets of actual use. Idea is:
Maybe they can still see what I am doing? Fine. They’re going to earn it.
I have no bandwidth limit
That claim is tested exhaustively. I push ~3TB a month which half of is literally /dev/urandom piped over a socket 😂
All the data coming into the house originates on an entry path —-VLAN—-> House
Like I said they see immense amounts of data that, to them, is uniform encrypted data
to me I know what’s real and /dev/null the rest
to them? “WTF is this Jack hole doing?!” They call me and it’s “I work w a fuck ton of AutoCad. Sorreh.”
👍👍👍