Comments by "XSportSeeker" (@XSpImmaLion) on "The cost of shilling VPN companies is your reputation." video.

  1. To be fair with YouTubers, something that Dave said on his video... lots of people rely on these sponsorships for their livelihood. Particularly for tech YouTubers and science channels, or for specific Internet related content, there isn't much else out there unfortunately. Which is why I don't go too hard on them, nor trust their sponsors too much. xD Which does not excuse them when cases like this one happens, obviously, but it's kind of a harsh outlook on things. VPNs are a particularly bad problem to go around. There isn't a set amount of scrutiny that will ever be able to tell you how reliable the service is. Not for NordVPN or any VPN out there. You could demand all sorts of things to happen before you accept sponsoring it, it still wouldn't tell you much. Not even if you were specifically a security expert with intimate knowledge on how VPNs works, much less if you are not. Go to their headquarters, talk with staff, ask how they do their operations, talk about server and algorithm stuff, how is the situation of their servers in other countries, visit some of them by making several trips to other countries, check what sort of encryption they use, ask for testimonials from other non-sponsored users, personally audit everything you possibly can for weeks or months on end, check how every single bit of thing is running from encryption, entry points, exit points, etc etc etc. They could be a-ok all top notch approved now, a week later it all falls apart. And the reasons as to why it all fell apart could be numerous, because there are just too many things involved, and thus too many potential points of failure. This is a general problem in evaluating VPNs in general, not just for sponsorship. Linus knows this on the entire TunnelBear case. xD It's outside peoples' control. And here's the thing - afaik, NordVPN was fairly well regarded among security experts. TunnelBear also was. Technically, I think they were on the up and up. Another one that is fairly well regarded in technical terms is the one Linus is being sponsored by these days, PIA. But being technically well regarded does not prevent it from having all sorts of problems. If I understood the whole thing correctly on the NordVPN case, it was a hack where someone got access to a 3rd party server located in Finland and used it to extract keys and data. It was one server among some 5000. So, if I'm being fair with them... I think this is something most VPN services are vulnerable to, which is a thing people should know about VPNs. I don't think most VPN services, if any at all, really owns all their servers spread throughout the world, and have total 100% 24/7 control over them. It probably doesn't make much economical sense to have it that way, perhaps aside from some VPN service by a huge corporation that already has servers and presence in all countries they offer exit points. Not sure if any exist available for common lowly end users. A company that only offers VPN services wouldn't be able to afford all that just by itself, unless it charged an absurd ammount of money for the service... which no one would pay for. It's kinda similar to how most big services do not host all of their content on the company's own servers. Netflix I think uses a whole lot of Google or Amazon servers, Google also uses Amazon servers, etc etc. Depending on geographical location and some other factors, services that need local servers in a bunch of different countries will be forced to use whatever is available there. NordVPN's response to it all was pretty bad though. Choosing not to disclose the breach the moment they learned about it is considered bad practice in the security community, and it's what they are getting most of the flak from. A breach or leak is almost an inevitability, but hiding it from users for whatever reason they gave such as checking all of their servers to see if and where it happened is not an acceptable excuse. There are also some doubts as to how exactly the whole thing happened. NordVPN is blaming the 3rd party who provided the servers, the 3rd party is blaming NordVPN for not securing them properly, and there's even a separate theory saying this was done by a disgruntled employee due to the nature of the breach and the data that was exfiltrated. All in all, a mess. And that right there is the whole problem with VPNs. They are supposed to protect user privacy, but they are all still solely based on trust. Which to be fair, often times is still a better proposition than trusting people's own sense of how to operate privately in general, or trusting your own ISP which is very much likely collecting data and selling it for advertisement networks for profit, plus spying on the name of intelligence agencies and police. There's no perfect solution. This whole deal also points out to something else about service and software recommendations, which affects any form of active sponsorship and even regular reviews. As far as I know, apart from this case, NordVPN wasn't a bad service. TunnelBear before breaking up and being sold to another company (McAfee) also wasn't. Well, perhaps it still isn't despite being sold. The problem is that any service or brand is subject to breaches, hacks, ownership and staff changes overtime. But the active on-video sponsorships are forever, unless you are willing to take down all the content, re-edit everything, and re-upload it. And then it goes into ethical quandaries... would editing and re-uploading videos be seen as correcting a recommendation that is now bad, or seen as surreptitiously hiding a sponsorship that went sour? Say for you Louis, if one of the products you recommended, thoroughly examined, actively use on repairs and all that, suddenly the company that makes it starts cheaping out on internal components, construction or something else and releases an entire batch of defective stuff, which some of your viewers get and then become pissed about... what to do? I think you'd put up a video absolutely slamming it the moment you knew about it, and you'd perhaps take the video with the recommendation down. But you see how messy it'd be. Products still have the benefit of perhaps even being able to refund people (Dave touched on this), but services, particularly services that when it fails expose private content of costumers is far worse, because there's no turning back. But at the same time, advocating for privacy focused products and services needs to be more of a thing. This is a real conundrum. If it was possible, I wanted to see more and more and more people shilling from companies like Fairphone, Purism, software like Signal and ProtonMail, Linux distros like Qubes and Tails, among several others. But it's kinda rare for successful commercial companies with enough money to put on heavy advertisement to coincide with privacy focusing and worries. Anyways, sorry for making a too big tortuous writeup... just to put thoughts out there.
    1