use Wireshark… again! Wireshark

Back in late September 2013, caused quite a flurry of activity amongst the VPN community when they installed Wireshark on one of their US servers, an Illinois one to be precise. The reason behind this was in relation to their Ethics Policy which states they will not only hand over details but also they “will do much efforts to respond to the request of legitimate third party” in cases which include “Any activity related to direct physical and/or moral harm to individuals or  groups of individuals

It has come to our attention that are again employing the use of Wireshark although this time in relation to a DDOS (Distributed denial-of-service) attack against their Netherlands 5 server. As the below screen shot taken from their web site shows they will be using it between 30/11/2013 00.00 CET and 02/12/2013 00:00. Wireshark Wireshark

The issue we have with this is again although they are being clear behind their reasoning for using such a product and have given notice of it, that notice is hidden away on their “Service Status” page and posted only 4 hours before they intend to start using Wireshark. There is no mention of it on their Twitter feed nor have any emails been sent out.

We understand that due to the DDOS attack that the need to move swiftly is required but it begs the question that why are not making more effort to inform their customer base in a better fashion. With a Twitter follower base of 18,216 users and the recent advertising from them to post their Black Friday deal notices both via tweeting it and a full sized banner on their front webpage it seems an alien concept to hide such an important detail about their intended network troubleshooting on such a rarely visited or updated page of their site. has recently become the first VPN provider to openly publish all abuse reports they receive such as DMCA take down notices in what they title their “Transparency Report” and while a step in the right direction and something we applaud for it seems with this latest Wireshark incident after the waves the last debacle made you would imagine they would be more careful as it appears as it is two steps forward and one step back for them.

We have asked for comment regarding their lack of widely public publishing of such incidents and will update as and when we receive a response.

[UPDATE 30TH NOV 13, 08:53 GMT] responded with the following statement.

“For your information we have published a transparency report about the attack:

As for the form of publication, we believe it is the most optimal one. The only thing we might agree with you, is in regards with Twitter. We will see in future if we can connect our network statuses to our Twitter account.

The other things are futile. The status is not “hidden away” from the status page, it is just under the table of nodes stats, because the latter is more important details to everyday customer’s experience. And sending emails out, as well as putting any notice on the frontend, would either lead to inconvenience or incomprehension.

These notices are here for those who would like to take an extra step into ensuring their privacy, by making sure they do not connect to a specific server while we intervene on it. RSS feed and single URL is the best output we can arrange so far.”

While we appreciate the response from it remains quite clear to us that publishing of such actions should be made more widely available and if possible within a larger time frame. While viewing their user load for the server in question it has remained constant at nearly 50% from the point of our article being published to this update showing that regardless of their network status post, most users have either not had the opportunity to make themselves aware of the action or are not concerned about it.

Hopefully based on their response they will heed our opinion and make public their network actions via their Twitter account. This seems like the most appropriate method of communication for these types of notices due to the speed and wide reach that Twitter can provide.

Furthermore have informed us that a more thorough Ethical Policy will be published in the near future, what we have seen makes good advances in the ability to provide clear information to their customers and is a further welcomed step.

Christopher Seward

Author: Christopher Seward

After 25 years of using the internet, Christopher launched one of the very first VPN comparison websites in 2013. An expert in the field his reviews, testing and knowledge have helped thousands of users get the correct VPN for their needs.


  1. […] posting an article two days ago entitled use Wireshark… again! in which we looked in to the second public usage of the network troubleshooting (aka sniffing) […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.