Mullvad is who I decided on after this story came to light. I used that one privacy guys website Excel sheet comparison thing plus personal recommendations.

https://thatoneprivacysite.net/

Wow that onboarding process was slick. Why aren't sites always this easy to sign up for?!

Because most people want some way to reset their password if they forget it.

There is no password, and if you forgot your account number it can possibly be recovered: https://mullvad.net/en/help/lost-account/

Gave them a try for a month. Very easy to set up with WireGuard.

One thing I liked about PIA’s app is the kill switch function that prevents internet connection if you’re not on the vpn. Does that happen by default when I have wireguard enabled?

I use this in a place I don’t trust and need to make sure it doesn’t accidentally connect “raw”.

Another nice PIA feature is the ability to check server speed. Any way to know which of mullvad’s servers is the best bet?

With Mullvad there's the wireguard configuration generator that works with wg-quick and one of the options is to have it set up an iptables rule to make sure that if the wireguard tunnel goes down it won't leak untill you actually call wg-quick down mullvad-xyz.

Their ios support isn’t great.

I’m using ExpressVPN and while they cost more (as much as 3 times as these budget services) they so far seem to offer a fast product.

You can also sign up with crypto currency if you want.

I use Mullvad with OpenVPN on iOS with no issues at all. What issues have you experienced?

You could try it with the wireguard client for ios. Just download the config files from their site.

I've used Mullvad on iOS with OpenVPN and Wireguard with no issues.

> You can also sign up with crypto currency if you want.

But can you renew with Bitcoin etc?

There is no difference between singing up and renewing. It's just a balance on some anonymous account number.

Have you tried it recently?

Mullvad accepts Bitcoin and Bitcoin Cash, FYI.

Yes.

I see no cryptocurrency option for renewal.

https://keybase.pub/mirimir/ExpressVPN.png

I believe there's been a bit of confusion, and they were talking about Mullvad.

Ah. Thanks.

But I do recall, in the past, renewing ExpressVPN with Bitcoin.

They also support WireGuard, which is why I use them.

What is it that you believe that PIA is doing or is likely to do, that you believe this service is not/will not be doing?

Given Kape's past history, I'm skeptical that PIA will be able to maintain their current levels of privacy regarding data mining and logging. I'm willing to give PIA the benefit of the doubt and accept that they believe they'll be able to do so, but as is the case in mergers like these, sometimes you simply lose that battle with your new corporate partner. My fear is that they end up doing the same level of shady activity as NordVPN [1] [2] or worse. The fact that Kape paid off PIA's $32.1m debt as part of the deal leads me to believe they'll be looking for more creative ways to monetize the service in the future. Since PIA was in debt, it doesn't sound like maintaining the current service as is would be profitable.

Mullvad's policies and account creation process demonstrate an awareness and commitment to privacy as a number one priority. Yes, at the end of the day, none of us really knows what a VPN service is doing on the back end, but the fact that they have detailed public information about their operations, as well as additional privacy options such as paying with cash/crypto, is a good sign. Other little things, such as supporting WireGuard and running their own Bitcoin nodes instead of relying on third party services for crypto payments, are also good signs that their team has above average technical chops compared to other providers.

[1] https://medium.com/@derek./how-is-nordvpn-unblocking-disney-...

[2] https://news.ycombinator.com/item?id=21664692

Outsider here, no dog in this race. Never used a VPN, never really knew much about PIA until the recent merger, but very invested in privacy enhancing technologies. Here's a piece of feedback from that perspective:

I think the critical thing you're missing here is that it doesn't matter if Kape is trustworthy, it matters whether people see it as trustworthy. And you're not in a position to change the latter, no matter how much you talk about the former, because you have a conflict of interest.

The other thing is, you need to be able to explain the merger.

If PIA wasn't profitable, the merger looks bad, because that means that Kape is going to find other ways to monetize it.

If PIA was profitable, the merger is just confusing as heck, because why screw up a good thing? And confusion is bad, because people want security from a VPN. Not the computer kind, the emotional kind. Big upheavals like mergers throw that out the window, so you need to manage that transition very, very carefully.

You're not doing that, so far.

First, I'd like to thank you for your participation in this thread. As a long time PIA customer (until recently), I trusted (and still continue to trust) the current staff. All of my hesitation is with Kape and I truly hope at the end of the day they don't end up steamrolling you.

That being said, if the company was profitable, why even entertain this merger? I simply don't see how getting into bed with a company with such a sordid past is worth it if you were able to make it on your own.

My guess is to partially cash out. According to the doc, the two founders each got about 26m cash and 21m equity in Kape, while PIA only had 14m EBITDA per year and 31m debt. So it's certainly a nice cash windfall for the founders.

This. It seems to be exactly so the founders could cash out.

Thanks for looking it up. This was exactly what I thought.

I don’t know anything about the industry, but my guess is that being a big VPN company puts a target on your back. Everyone pretends they care enough about privacy to use a VPN, but the vast majority of users commingle environments and identities to the point that, IMO, they can be tracked across VPNs.

VPNs are mainly for piracy and it’s only a matter of time until big media takes a shot at suing someone. No one wants to be that someone, so selling to anyone becomes attractive. I doubt there’s a lineup to buy a company who’s main talent is under assessing risk.

sorry I dont click pdfs from companies I dont trust.

Why do you have the belief that the government in the country that the VPN provider is operating is not logging everything that goes into or out of the provider (with or without the provider's knowledge)?

It seems pretty plain to me; Mullvad's website even has the relevant section on Swedish legislation that requires it for national defense.

I just don't see how trust in a provider has any bearing whatsoever on the privacy of the connection they provide; they can't do anything whatsoever to stop (or even detect) governments from logging all of the data that comes into or out of their networks.

Using a VPN is only one piece of maintaining privacy online. It doesn't eliminate the need for end-to-end encryption when dealing with material you wouldn't want third parties to have access to.

If you're using end-to-end encryption, it doesn't matter that your traffic is being monitored (I mean, that's an oversimplification, as the presence of large amounts of encrypted traffic is notable in itself, but that's outside the scope of this comment).

A VPN is useful in settings where you're dealing with a malicious ISP (for instance, ones that hijack unencrypted HTTP sessions to inject their own HTML) or any untrustworthy third party network. Do I trust my VPN provider more than my ISP? Yes. Do I trust my VPN provider unconditionally? No. That's what end-to-end encryption is for.

Next to be what? Hacked? Taken over? Become evil?

Yes.