I'm not sure if this is proper reaction. NordVPN wasn't hacked. A hosting provider who provides servers for many VPN providers was hacked. That NordVPN discloses this means they are more trustworthy not less.
I'm dubious how much privacy VPN providers actually provide. It means placing unwarranted trust in the VPN provider. But also, as this incident shows, it means unwarranted trust in the the companies who provide servers to the VPN provider.
VPN providers, as a rule, don't own their own servers. Instead, they rent servers at various "hosting" providers around the world. These hosting providers have complete physical access to the box, and can secretly monitor everything on the box if they want using physical access.
There is a persistent rumor the NSA does exactly this sort of thing, that they routinely get secret physical access to servers at hosting sites around the world. On one hand, it's a conspiracy theory. On the other hand, if I were running the NSA, I'd make sure they did this.
Worse yet, many hosting providers have logical access to boxes. For example, they provide "terminal services" to the box that gets a root prompt, across a serial port. This mean cheaper support, as a customer can get access to the box even when they've screwed things up.
As a hosting customer, I regularly screw things up so bad that i have to call them up and ask them to restore the box for me. Remote serial, or better yet, remote KVM (keyboard, video, mouse, USB) means I can get to the box without contacting their support.
A VPN provider could setup their own data center where they physically control their boxes, but they could only do so for 1 or 2 locations. But they want servers in every major country, meaning they need these remote hosting services.
One reason for VPNs is privacy. Another reason is to escape per-country copyright restrictions. If you are a Japanese expat living in the United States and want to watch Japanese Netflix, then you need to VPN back to Japan to do so.
Thus, VPN companies don't have a single physically controlled data center, they instead of have servers spread around the world in lots of data centers, from a wide variety of different hosting companies, each with different security problems.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Pumpkin' Spice Rob 🎃

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!