There is at least one VPN provider (that I know of) that doesn’t record account and payment data. You can send the fee via regular post in a envelope tied to only a random numerical user ID
Billing? ID -> balance. “Very” important data for hackers. They had more? Like card numbers, names, addresses, etc? That’s a bad practice for VPN providers.
You are surprised that a for-profit company that bills people on a RECURRING basis for a paid service keeps card numbers and billing addresses/names? How would recurring bills be paid if the info isn’t stored?
This is not how most people operate around subscription services. People expect that the online subscription service will manage that shit. Less secure I know, but you live either in the past or in a much higher risk environment than most.
Mulvad gives you a 16 digit random number when you sign up. Anyone with that number can use that account, it’s on you to not lose it, if you do you have to make a new account. You send them money and an account number and they add balance to that account. When it’s out, that account is blocked from service until they get more money. You hack their service and you get a list of numbers and whether or not they have service. They keep no documentation and if you pay with card you have to manually input every time. I know them better than they know their users.
I do understand, you just don’t seem to understand that this testing environment never contained real data. And you can absolutely generate dummy data without having real data to start with.
I say that they shouldn’t have any sensitive information at all. And their claim that it was testing data that leaked shows that they do have that sensitive information. It just hasn’t leaked yet. At least if we believe in what the company says.
Why would *VPN even have ANY data worth taking through breaching?
They operate a business that charges for a service, and therefore have user accounts and payment data for those accounts.
There is at least one VPN provider (that I know of) that doesn’t record account and payment data. You can send the fee via regular post in a envelope tied to only a random numerical user ID
Mulvad. That’s how I do it.
Same reason as any other online company?
So for selling it to aggregators? That’s bad practice for a VPN-providing company.
You really think thats the primary function for user data? Not like, billing?
Billing? ID -> balance. “Very” important data for hackers. They had more? Like card numbers, names, addresses, etc? That’s a bad practice for VPN providers.
You are surprised that a for-profit company that bills people on a RECURRING basis for a paid service keeps card numbers and billing addresses/names? How would recurring bills be paid if the info isn’t stored?
I’m not surprised. I am accustomed to the shit around.
Just go to the bank (or open your bank application on the phone) and pay.
This is not how most people operate around subscription services. People expect that the online subscription service will manage that shit. Less secure I know, but you live either in the past or in a much higher risk environment than most.
How do they send you your invoice? Password resets?
Mulvad gives you a 16 digit random number when you sign up. Anyone with that number can use that account, it’s on you to not lose it, if you do you have to make a new account. You send them money and an account number and they add balance to that account. When it’s out, that account is blocked from service until they get more money. You hack their service and you get a list of numbers and whether or not they have service. They keep no documentation and if you pay with card you have to manually input every time. I know them better than they know their users.
The customer can notify ID during payment.
I’m not sure what you mean by that…
It wasn’t, it was test data
You don’t have any “test data” if you don’t have any “real data”. Why would you?
Uh… this entire event is a strong reason for using dummy data in a testing environment. You shouldn’t ever use production data in a test environment.
You generate dummy data that looks like real data for testing purposes.
You didn’t understand what I am saying.
I do understand, you just don’t seem to understand that this testing environment never contained real data. And you can absolutely generate dummy data without having real data to start with.
No, you don’t.
Ok, then explain it to me.
I say that they shouldn’t have any sensitive information at all. And their claim that it was testing data that leaked shows that they do have that sensitive information. It just hasn’t leaked yet. At least if we believe in what the company says.
I just wanna say that I get what you’re saying and this thread was hilarious to me for some reason.
Because your previous trust is clearly misplaced.
I don’t care what somebody’s TOS says, I’m going to remain skeptical.