The Nord VPN hack
Nord VPN has verified that it was compromised in March 2018. VPNs have been making money hand over fist with deceptive marketing practices, as they basically advertise that they are a one stop shop for all of your online safety needs, and that's just not true. It's kind of like owning a house. You can't just put a lock on your front door and call it good. It depends on the neighborhood you live in, how often you're home, if you trust your neighbors, etc. You'll want to have several layers of security, and you never want to be the worst, or best house in the neighborhood. You always want to be somewhere in the middle to avoid being targeted. I could go on about physical security all day, but I won't because this isn't about that.
So how VPNs work in that they rent servers all over the world, and those servers create a tunnel between you and that server that basically makes it hard for your ISP to see. It also makes it hard for your router to see, so that makes it a good choice if you're on an unsecured router say at a coffee shop or hotel. Now that means that you're going to have to trust your VPN provider more than your ISP, so there's always a trade off. One good thing is that most VPNs take cryptocurrency, so if you really don't want to be tracked, you can go the crypto route. That's on you.
I chose to subscribe to Nord personally a few years back. I'm going into cybersecurity, so I figured a VPN is probably a good thing to have. I was choosing between two, Nord and Express. Express is a bit more expressive, but tends to have a bit quicker connection. Both are outside the five eyes, and Nord was cheaper, so I went with it. Always pay for your VPNs.
Now, the reason why the Nord hack seems like it's not that big of a deal, it was in Finland on a rented server, with an asymmetric key, so it's not like it could have been used indefinitely. I personally don't connect to Finland. What's the big deal? Well, it was more than a year and a half ago. I know it can take a while to figure out if a company even has been compromised, but Nord said they found out about it "a few months ago". You need to let people know about that shit. That's just unacceptable. Additionally, if the service is touting itself as your one stop shop for all your safety needs online, step up your game, and actually be secure. Don't be gross. It's a serious violation of the trust of people who know better, and especially those that don't.
TechCrunch has a great article on the entire thing for anyone who is interested. Tom Scott also has an incredible video about VPNs, and he even wrote a more honest commercial about them. I don't agree with everything he said in the video, especially because intercepting network traffic at a coffee shop is still a very real threat, but overall, it's very well done.
This is just a really short overview of my thoughts because I could talk about this stuff for hours, but I've seen people's eyes glaze over when I start talking VPNs, online safety, securing your house, etc.
- 3
9 Comments
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Join the herd!Sign in
Already have an account? Sign in here.
Sign In Now