u/RecordingSingle9064

The Canadian government is looking to make VPNs collect your metadata and Proton is not on board with collecting any of that for them. In addition, this is a big story and thus far is not getting nearly as much coverage as the last time a VPN was shut down.

In response to the Canadian government's proposed legislation to require VPNs to log their current members' metadata (Bill C-22), Proton VPN has taken a very strong stand; they will not log any user activity and they expect to have the same level of protection as all VPNs have around the world regardless of location or laws. Both NordVPN and Windscribe have also come out very strongly against Bill C-22.

Proton’s comments on the proposed legislation were also considered "unusually serious" in light of what one would think a corporate response to be"there is no possibility in this universe in which Proton VPN would give up its no-logging policy".

This is important to note because Windscribe, as a company based in Canada, may find it necessary to change their jurisdiction, comply with Canadian law or cease to operate altogether since there is no longer reliable protection in Canada for the no-logs policy.

Additionally, if Canada passes Bill C-22 it sets a precedent for the other Four Eyes governments (the UK, Australia, New Zealand, and the US.) to legally require logging of VPN usage in their respective countries. They are all looking closely at Canada as an example of how to proceed with planning their own legislation for requiring the logging of information through hi-tech devices.

The irony is Canada has always been slightly better on privacy than the US but still deep inside the Five Eyes intelligence sharing network. this bill would make that tension impossible to ignore.

Proton's Swiss jurisdiction suddenly looks even smarter than usual.

The Canadian government is looking to make VPNs collect your metadata and Proton is not on board with collecting any of that for them. In addition, this is a big story and thus far is not getting nearly as much coverage as the last time a VPN was shut down.

In response to the Canadian government's proposed legislation to require VPNs to log their current members' metadata (Bill C-22), Proton VPN has taken a very strong stand; they will not log any user activity and they expect to have the same level of protection as all VPNs have around the world regardless of location or laws. Both NordVPN and Windscribe have also come out very strongly against Bill C-22.

Proton’s comments on the proposed legislation were also considered "unusually serious" in light of what one would think a corporate response to be"there is no possibility in this universe in which Proton VPN would give up its no-logging policy".

This is important to note because Windscribe, as a company based in Canada, may find it necessary to change their jurisdiction, comply with Canadian law or cease to operate altogether since there is no longer reliable protection in Canada for the no-logs policy.

Additionally, if Canada passes Bill C-22 it sets a precedent for the other Four Eyes governments (the UK, Australia, New Zealand, and the US.) to legally require logging of VPN usage in their respective countries. They are all looking closely at Canada as an example of how to proceed with planning their own legislation for requiring the logging of information through hi-tech devices.

The irony is Canada has always been slightly better on privacy than the US but still deep inside the Five Eyes intelligence sharing network. this bill would make that tension impossible to ignore.

Proton's Swiss jurisdiction suddenly looks even smarter than usual.

An interesting development in the Russia VPN controversy followed a posting today by the Digital Development Minister of Russia, indicating that the Ministry of Digital Development will not be implementing any new VAT charges for mobile Internet customers who access international data using VPNs.

As of May 1, any mobile Internet customer exceeding 15 gigabytes of international data traffic within a month was to be charged, and as previously stated, this will no longer happen during 2018.

A number of 400+ VPN sites were blocked by that country's government, nearly collapsing the banking system as part of a crackdown. The same government has also publicly stated that it would not be possible to ban VPNs, while at the same time seeing an increase of 9.2 million Russian customers downloading VPN products in a single month.

Therefore, with the recent decision to stop pursuing charges against VPN users, we conclude that there have been a number of ways in which the Russian government has tried to discourage VPN use, to date, only to fail in some way both economically and technically.

The 65 million Russians that connect through Telegram, daily, are not going anywhere and neither are VPNs.

Surfshark just released a data privacy report on the most popular travel apps in Asia and the numbers are quite frightening even by 2026 standards.

According to their study, the most popular travel apps in Asia are "real data hoarders" – collecting data such as precise location information, contacts, financial data, browsing history, and other information, sometimes without any apparent reason for doing so PC Risk.

What really frustrates me here is how we go crazy worrying about the right choice of a VPN provider to protect us, running audits, checking jurisdictions, discussing RAM only servers, etc.

And yet, the very application you used to book that hotel room last month has got your passport number, credit card details, home address, travel history, device identifier data, and perhaps even biometric data from the face recognition scan you performed when checking into the hotel room.

Most people do zero of these things including me until recently.

This week, а signifiсant revеlаtiоn emergеd that hаs truly bеen оne оf the mоst grаtifying piеces I've еnсоuntеrеd this year. After enduring mоnths оf Rоskоmnadzоr's effоrts tо оbstruсt оver 400 VPN sеrvices, impоsing chargеs оn internatiоnal VPN usage, cоmpelling platfоrms tо sever cоnnеctiоns with VPN users, аnd inаdvertently disrupting the Russiаn bаnking system, а sеniоr оfficiаl in Russia has nоw оpenly aсknоwlеdgеd that еnfоrсing a VPN ban is technicаlly unfeasiblе withоut соmpletely dismantling the natiоn's internet framеwоrk.

Take а mоmеnt tо absоrb thаt. Thеy invеstеd yeаrs аnd likely billiоns dеvelоping оnе оf the mоst advanced internet сеnsоrship systеms glоbаlly. Thеy resоrtеd tо blоcking, thrоttling, impоsing finеs, and еnасting legislatiоn. Rеmarkаbly, during this сrackdоwn, Russian VPN dоwnlоads surged tо 9.2 milliоn in just оne mоnth. Thеir ultimatе realizatiоn is thаt, in fact, they cаnnоt сarry this оut.

The undеrlying reasоn is rather technical, but it essentially cоmes dоwn tо the fact that cоntеmpоrary оbfusсatеd VPN traffic, suсh аs AmnеziaWG, NоrdWhisper, аnd Prоtоn's Stealth prоtосоl, is truly indistinguishablе frоm stаndard HTTPS trаffiс at an infrаstruсturаl lеvel. Tо blоck it wоuld nеcеssitаte blоcking evеrything еlsе.

This situаtiоn sеrvеs as an eхtraоrdinarily cоstly lessоn in whаt this cоmmunity has bеen affirming fоr yeаrs. Oссаsiоnаlly, the gооd guys dо соmе оut оn tоp.

They announced this week that post-quantum encryption is coming to all major app-supported platforms, integrated directly into NordLynx.

quick explainer for the uninitiated: post-quantum encryption (PQE) isn't about protecting you from threats today. it's about protecting your data from threats 5-10 years from now when quantum computers become powerful enough to crack current RSA and ECC encryption.

the real threat is something called "harvest now, decrypt later", intelligence agencies and sophisticated attackers are already capturing and storing encrypted VPN traffic right now, banking on being able to decrypt it retroactively once quantum computing matures. any traffic you send today without PQE is potentially sitting in a vault somewhere.

Nord's implementation bakes it into NordLynx which is smart WireGuard-based, already the fastest protocol in their stack, now with quantum resistance on top.

for comparison: ExpressVPN has PQE on Lightway. Surfshark and Proton are still working on it. Mullvad has had it on WireGuard since 2023 and barely mentioned it because that's just how Mullvad operates.

the gap between "VPNs that take the quantum threat seriously" and "VPNs that don't" is slowly becoming a real differentiator. paying attention to it now before it becomes mainstream is worth your time.

Norton VPN just launched what they're describing as a multi-tunnel VPN built specifically for AI agents. not for humans.

the idea is that when you're running local AI tools, coding assistants, or agentic workflows that need to make external API calls, those calls are completely unprotected. your AI agent is essentially phoning home to various endpoints in plaintext, leaking what services you're using, what you're building, potentially what data you're feeding it

Norton's product creates dedicated encrypted tunnels per AI process rather than tunneling all your traffic together. each agent gets its own isolated tunnel

honestly the use case is more real than it sounds. if you're running Cursor, Claude, Copilot, or any local LLM with tool use those tools are making a lot of outbound connections you probably haven't thought about

whether Norton executes this well is a separate question. their track record on VPN has been mixed. but the concept of "VPN for AI agents" is going to become a real product category and Norton just claimed the first mover flag

weird timeline we're in

Following up on the Iran internet blackout thing because this detail is too good not to share

a number of Starlink satellite receivers have been smuggled into Iran, allowing users to bypass ALL restrictions by connecting directly to SpaceX satellites completely outside Iran's national internet infrastructure.

think about that for a second. the Iranian government spent years and billions building one of the world's most sophisticated internet censorship systems. deep packet inspection, protocol blocking, shutdown infrastructure, the whole thing

and Elon Musk's satellite dish, hidden under someone's roof in Tehran, just bypasses the entire thing by going directly to space

no VPN needed. no obfuscation protocol. no AmneziaWG. just... a dish pointed at the sky

obviously it's dangerous to own one over there. obviously the government knows this is happening. but the fact that it works at all is genuinely mind-bending from a technical standpoint

the censorship arms race in 2026 has officially entered orbit

literally

Nord just turned 14 and i've been going down a rabbit hole on how much this company has changed and it's kind of a wild story

in 2012 NordVPN launched with a handful of servers, a barely functional client, and basically zero brand recognition. they were one of maybe 50 VPN providers all doing roughly the same thing

fast forward to today:

2026 alone has brought a complete mobile app redesign with an interactive full-screen map, global scam call protection rolling out across platforms, another no-logs audit, post-quantum cryptography upgrades in the pipeline, and NordWhisper obfuscation protocol continuing to develop

they now own NordPass, NordLocker, NordLayer, NordStellar, have 400+ patents, a partnership with CrowdStrike, and are celebrating their birthday by giving away Amazon gift cards with new subscriptions which is the most "we have money now" energy possible

the funniest part of all this is they still get dunked on constantly in this sub. the "nord is compromised/too commercial/sold out" takes never really went away even as they kept shipping audits and expanding the product

14 years. from a Lithuanian startup to a global cybersecurity empire

genuinely one of the weirder corporate glow-ups in tech

so we covered SB73 when it dropped, Utah becoming the first US state to legally target VPN use for age verification bypass. went live May 6th. seemed like a big deal

it lasted 8 days

Utah has agreed to not enforce the VPN law until September 3rd, 2026 after Aylo the parent company of Pornhub challenged the law in court.

so the entire thing got immediately frozen by a lawsuit from a porn company. i genuinely could not write this if i tried

but here's the part worth actually paying attention to beyond the obvious jokes: September 3rd is not that far away. this isn't dead, it's just paused. and the legal arguments being made here will probably set the template for every similar law that comes after it, in Utah, in the 24 other states with age verification laws, and eventually in Europe

the EFF is involved. the constitutional questions around VPN restrictions are going to get answered in a real courtroom for the first time ever

that's actually significant regardless of which side you're on

also Citrix just dropped a patch for CVE-2025-6543, a CVSS 9.2 vulnerability in NetScaler Gateway affecting VPN virtual servers. if your company runs Citrix ADC and hasn't patched yet, close this tab and go do that first. seriously

okay so everyone knows Mullvad accepts cash payments mailed in an envelope which is already unhinged in the best way

but there's a smaller provider called IVPN that's been quietly operating since 2009 and their payment setup is something else entirely

they accept: cash, Bitcoin, Monero, and PayPal. that's it. no credit cards. deliberately.

the Monero thing specifically is interesting from a privacy nerd perspective, Bitcoin transactions are pseudonymous but traceable on a public blockchain. Monero was built from the ground up to be untraceable. ring signatures, stealth addresses, the whole thing. paying for your VPN with Monero is about as close to anonymous as a financial transaction can get in 2026

on top of that: no email required to sign up. you get an account ID, that's it. no username. no personal info. nothing

they're audited, WireGuard support, RAM-only servers, and their client is fully open source

the funny part: they have like zero marketing presence. no YouTube sponsors, no Reddit ads, no countdown timer deals. their website looks like it was designed by someone who actively dislikes attention

which is kind of perfect for a privacy company actually

tiny team, zero drama, 17 years of operation. respect

so if you've been following the news today it's getting pretty serious. ceasefire proposals being called "garbage," UAE actively striking Iranian targets, Trump hinting at military escalation. the Strait of Hormuz situation is genuinely unpredictable right now

here's what i keep thinking about though the internet angle

Iran has one of the most sophisticated domestic internet shutdown infrastructures on the planet. they built it specifically for moments like this. and every time they activate it, it becomes a live benchmark for how well obfuscated VPN protocols actually hold up under real adversarial conditions

AmneziaWG, Proton's Stealth protocol, NordWhisper these tools don't get tested in a lab. they get tested when a government flips the switch on 85 million people's internet access during a military crisis

what's different in 2026 vs 2022: way more Iranians have these tools pre-installed. there's a whole underground ecosystem of shared configs and mirror download sites specifically because they've been through this before

i'm not trying to make a geopolitical situation into a VPN take. people are dealing with genuinely scary stuff right now. but from a pure privacy tech standpoint, what happens in Iran over the next few weeks will tell us a lot about where the censorship-circumvention arms race actually stands

okay so here's something that's been bugging me for a while

every VPN review site obsesses over download speeds. "we got 950 Mbps on NordVPN!" cool. but you know what they almost never test properly? latency under load. specifically what happens to your ping when the VPN server you're connected to has 3,000 other users on it simultaneously

here's the thing nobody tells you: most commercial VPN providers massively oversell their server capacity. that 950 Mbps benchmark was probably run at 2am on a Tuesday with zero competing traffic. try it at 8pm on a Friday when half of Europe is streaming

Mullvad is the only major provider that publishes real-time server load data so you can actually see how busy a server is before connecting. everyone else just gives you a green checkmark and hopes you don't notice the latency creeping from 12ms to 340ms

the reason this matters way more than raw speed: you could have gigabit throughput but if latency spikes during a VoIP call, a gaming session, or a video conference, it's basically unusable

so next time you're picking a server, stop defaulting to the "recommended" one. check actual load. pick something at under 30% capacity

the difference is genuinely night and day and it took me embarrassingly long to figure this out

okay so this one's been on my radar for a while and i think it deserves way more attention than it gets in this sub

NymVPN just celebrated its first anniversary and their approach to privacy is genuinely different from every other VPN out there. like architecturally different, not just marketing different

regular VPNs encrypt your traffic and hide your IP. that's it. NymVPN routes your traffic through a mixnet a network that bundles your packets with other users' packets, shuffles them, adds random delays, and sends them out in a completely different order

why does this matter? because even with a normal VPN, a sophisticated observer watching both ends of the connection can do traffic analysis matching timing patterns to figure out who's talking to who even without breaking the encryption. it's called correlation attacks and it's how state-level adversaries actually deanonymize VPN users

the mixnet makes that basically impossible. there's no timing pattern to correlate anymore

the catch: it's slower than WireGuard. adding random delays does that. and the client is still pretty rough around the edges

but the fact that a consumer-facing mixnet VPN exists and just completed its first year is genuinely wild from a cryptography nerd perspective. tor has been doing this for years but NymVPN is packaging it as something normal people can actually install

it's not ready to replace Proton or Mullvad for everyday use yet. but keep your eye on it

so if you've been following the US-Iran situation this weekend you already know things escalated fast. naval clashes in the Strait of Hormuz, strikes on ships, Trump posting memes of sunken warships. it's a lot.

but here's the angle nobody in mainstream media is covering: inside Iran right now, VPN downloads are spiking in real time

we've seen this pattern before. every time Iran faces a major crisis, protests, election chaos, international conflict, the government's first instinct is to throttle or shut down the internet. they did it in 2019. they did it in 2022. and the playbook hasn't changed

what HAS changed is that Iranian citizens are way more prepared now. after years of shutdowns, a huge portion of the population already has VPNs pre-installed and ready to go. AmneziaWG, that obfuscated WireGuard fork we covered a few weeks ago was basically built for exactly this scenario

the other thing worth noting: Proton VPN historically spikes 1000%+ in Iran during crackdowns. their servers are probably getting hammered right now

i genuinely don't know how the geopolitics play out. but from a pure VPN lens, this is exactly why tools like Secure Core and obfuscated protocols exist. not for netflix. for this.