I'm not surprised, given that I received 140% cashback(!) on their 2 year plan a while ago. Unless the hope is that most users forget to cancel before it renews, I'm assuming that I'm paying with my personal information.
It still does the trick for accessing bank and other websites from abroad (that somehow consider a VPN IP more trustworthy than a residential ISP in a Western European country, but that's a different story), but I wouldn't use it for anything sensitive.
I also definitely wouldn't run their client locally, and their Wireguard configurations are annoyingly only valid for 15 minutes after creation. (Weirdly, there doesn't seem to be any limitation on IKEv2.)
Sophira 30 minutes ago [-]
Given what you said about not using it for anything sensitive, I'm assuming you're not actually logging into your bank... right?
lxgr 13 minutes ago [-]
Everything is TLS-encrypted anyway these days, so the primary concern is metadata privacy.
When it comes to that, I trust VPN providers about as much as ISPs (i.e. absolutely not).
IlikeKitties 2 hours ago [-]
I strongly suggest that you use something like Network Namespaces through Vopono[0] or Gluetun[1] if you use a commercial VPN for "privacy" or "security" aka torrenting and shitposting. Relying on these clients is always a gamble and if your software (Browser, Torrentclient, etc.) cannot know you public IP only the internal IP of the VPN you are also safe against some exploits and misconfigurations a desktop client won't protect you against.
Wouldn't blocking IPv6 and using a kill-switch prevent leaking?
IlikeKitties 1 hours ago [-]
No, not in all cases. Imagine your Browser gets 0-dayed and just send all IPs it sees to an endpoint.
nikanj 2 hours ago [-]
I strongly suggest you disable ipv6, as nothing will break by disabling it but many things break with it enabled.
lxgr 39 minutes ago [-]
That's not true anymore.
IPv6 allows for more direct connections for services like VoIP or Tailscale, since UDP hole punching between two firewalled public IPv6 addresses usually just works, but doesn't between two clients both behind a "port-restricted cone" or "symmetric" NAT.
As a result, connections have to be relayed, which increases latency and is just outright infeasible for some non-profit services that don't have a budget for relaying everyone's traffic.
Anecdotally, I've also heard that you can get better routing via IPv6 on IPv4-via-NAT-only providers these days, as the provider's CG-NAT might be topologically farther away than the IPv6 server you're connecting to.
indigo945 2 hours ago [-]
Alternatively, disable ipv4. The same statement holds true.
ZiiS 1 hours ago [-]
Unfortunately this is not true, loads of cool techy stuff (Sentry, GitHub) etc still don't work properly on IPv6, less techy stuff really didn't care at all.
ta1243 1 hours ago [-]
Lots of things will break if you disable ipv4, including my work provided zscaler windows laptop (and not break in the good way where it fails open when you block traffic to zscaler nodes on your router)
https://blog.thea.codes/nordvpn-wireguard-namespaces/
[1] https://www.makeuseof.com/worst-vpns-you-shouldnt-trust/
It still does the trick for accessing bank and other websites from abroad (that somehow consider a VPN IP more trustworthy than a residential ISP in a Western European country, but that's a different story), but I wouldn't use it for anything sensitive.
I also definitely wouldn't run their client locally, and their Wireguard configurations are annoyingly only valid for 15 minutes after creation. (Weirdly, there doesn't seem to be any limitation on IKEv2.)
When it comes to that, I trust VPN providers about as much as ISPs (i.e. absolutely not).
[0] https://github.com/jamesmcm/vopono [1] https://github.com/qdm12/gluetun
IPv6 allows for more direct connections for services like VoIP or Tailscale, since UDP hole punching between two firewalled public IPv6 addresses usually just works, but doesn't between two clients both behind a "port-restricted cone" or "symmetric" NAT.
As a result, connections have to be relayed, which increases latency and is just outright infeasible for some non-profit services that don't have a budget for relaying everyone's traffic.
Anecdotally, I've also heard that you can get better routing via IPv6 on IPv4-via-NAT-only providers these days, as the provider's CG-NAT might be topologically farther away than the IPv6 server you're connecting to.
Very little will break if you disable ipv6