![]() If you're curious you can search Google^H^H^H^H^H^HDuckDuckGo for some good info. If you're the cautious type-and you probably are if you're paying for a commercial VPN-you can't make good security choices without doing some rudimentary threat modeling. In the case of a commercial VPN provider this means either using additional layers of security (like Tor) or not sending any data over the VPN which you would not want your provider to see. Assume that any single security measure will fail at some point and act accordingly. (Remember, we're assuming they are evil but rational.) So they either remove the malicious code or they neuter it so we don't notice a change.įor me, none of the bad-actor scenarios pass the Occam's razor test but they bring up an important principle in infosec: Defense in depth.ĭon't place all your security eggs in one basket. What then? Surely they don't leave the injected code in place. Since we're looking at pessimistic scenarios we'll assume Nord chooses to lie. What happens when we bring it to Nord's attention? Either they choose to be honest and admit something fishy is going on or they lie to cover it up. What about option (b)? In this case the sketchy-looking traffic is unintentional. Is there some scenario where Nord's best option as a bad actor is to contact sketchy-looking domains? If they want to spy on something else on an endpoint, why not just the send the purloined data directly to their own servers? Communicating only with their own network would be a whole lot less likely to attract attention. What might that look like? If Nord wanted to spy on our internet traffic, can't they just watch the traffic we send through their servers? No additional connections are necessary. ![]() It pushes all the right buttons in key areas of security, privacy and speed yet offers it all at hard-to-beat long. ![]() Nord's client software has somehow been compromised. NordVPN is a frighteningly strong contender. ![]() We'll assume for the sake of discussion that either:ī. We will pretend Nord is a bad actor albeit a rational, self-interested one.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |