Found this pretty interesting.
Wouldn't shock me if most/all of the 'free' VPNs are tied to data-mining firms.
Sad that Nord is mixed up in this, they had a pretty good rep.
That article is complete bullshit.
TIL that the country Lithuania somehow coexists with a town in Switzerland that doesn't actually exist.
I tracked down the Hacker News thread where some guy claims to source this. But his link to what I guess is some kind of corporate registry in Lithuania is to a company called "CYBER ALLIANCE, UAB." Protonmail acknowledges in the HN thread that they rented office space from Tesonet, which is maybe why some of the addresses come up?
The article also makes some wildly misleading quotes. It attempts to conflate references to physical "addresses" to IP addresses, despite there being 0 evidence presented to indicate that ProtonVPN used any servers owned by Tesonet. It also claims that the same CEO is listed for the Cyber Alliance company as Tesonet, but fails to show how this contradicts what ProtonVPN is saying in the thread, namely that they piggybacked on Tesonet's corporate presence. Meanwhile, contrary to what the article says, ProtonVPN's main HQ is with ProtonMail's in Switzerland.
I was curious who "PIA" was in the article you linked. From the HN thread, it turns out that it's Private Internet Access....a U.S.-based competitor to ProtonMail. Moreover, these claims were brought up by one of PIA's co-founders in response to a suggestion that PIA was secretly working for U.S. intelligence in some capacity. He never actually denied anything, but jumps right into how ProtonVPN is super shady or whatever. So the only "source" we have is a competitor to ProtonVPN, who only brings this stuff up on some thread that's questioning his company's integrity. If they have so much evidence, why is there no mention of ProtonVPN on their blog? Two of his comments are flagged, and he claims that an Ars Technica piece with a misleading headline somehow shows that your e-mail isn't safe in Switzerland, either. And in case you think I'm misrepresenting the Ars article, it has that headline yet says almost immediately that:
Which is of course super different from the United States. (If anyone still had questions about why I'm skeptical about Ars Technica's journalistic standards, this is a perfect example.) This person clearly has no idea what he's talking about, and it's frightening to think that a significant number of people are trusting him to keep their data private.
But anyway, it's clear this is a credulous blogger reposting a hit piece by one of ProtonVPN's competitors as if it were gospel. Call me unconvinced.