There are two types of VPN companies that exist today: those who buy, and those who rent servers. The sad truth about most VPN providers is that they rent all or a very large percentage of their server infrastructure, leaving their network vulnerable to physical attacks. This is of course how they are able to boast such high server and location numbers. Physical attacks are nothing new. Expose a vulnerability within a network by physically accessing a vulnerable piece of the network and you can do untold levels of harm to those who use the network.
Stealing, manipulating, viewing, or stopping information altogether, gaining access and/or control of systems, these are just some of the nightmare scenarios brought on by physical attacks.
Remember - privacy is not something you get back once it's breached. Let me repeat that...once your privacy is breached, it is gone for good. There is no such thing as retroactive care when it comes to your privacy and security. You cannot undue what has been done.
This is why AzireVPN only owns the infrastructure it uses - never rents. Although it may seem farfetched to some; these attacks happen, and have happened with other VPN providers.
Potential Security Issues with Rented Servers
- Shared Space (contamination, speed, reliability)
- Legal Ownership
- Access Control
Case - NordVPN Hacked in 2019
As some of you may be familiar already, way back in 2019, the world famous NordVPN suffered a catastrophic hack - and didn't tell anyone. Not until well after the fact and rumors had started to circulate, according to TechCrunch.
NordVPN told TechCrunch that one of its data centers was accessed in March 2018. “One of the data centers in Finland we are renting our servers from was accessed with no authorization,” said NordVPN spokesperson Laura Tyrell.
The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed. - TechCrunch
TechCrunch goes on to expose that other VPN providers around the same time also faced similar man-in-the-middle (MITM) attacks/physical breaches as well.
These cases point out the severity of leaving any part of your secure infrastructure in someone else's hands - which is why we don't. We own and install 100% of our servers ourselves. We do not share servers with any other company, person, agent, government, or otherwise - nor will we ever.
Case - HideMyAss vs Lulzsec
Although the specifics of the HideMyAss vs Lulzec case are slightly different, people are quick to point out in the comments that jurisdiction and what a VPN provider is willing to do to work with authorities is troublesome. How difficult would it be for a third-party service provider (such as the data center you rented your servers from) to allow/enable a man in the machine?
Which is exactly why we have refused to rent servers - mitigation of risk. In this case - a highly probable risk.
AzireVPN's Owned Servers
- Diskless (no disks/drives; no storage)
- Portless (no USB or other ports for malicious actors to plug in devices)
- 100% Owned & Operated (no one else owns or has a legal right to access, augment, or otherwise interfere with AzireVPN servers)
- No Access Control (physical and digital security measures to prevent unauthorized access)
As we continue to update and improve our VPN services, we will only ever continue to use servers we have purchased and own ourselves. We will only ever use servers we have built and made secure ourselves, to ensure AzireVPN remains as private and secure as possible from all forms of attack.
Buy, don't rent.
Want to learn more? Join us on Matrix!