Is there any real-life situation in which this matters, though?

If you're picking a country so you can access a Netflix show that geolimits to that country, but Netflix is also using this same faulty list... then you still get to watch your show.

If you're picking a country for latency reasons, you're still getting a real location "close enough". Plus latency is affected by tons of things such as VPN server saturation, so exact geography isn't always what matters most anyways.

And if your main interest is privacy from your ISP or local WiFi network, then any location will do.

I'm trying to think if there's ever a legal reason why e.g. a political dissident would need to control the precise country their traffic exited from, but I'm struggling. If you need to make sure a particular government can't de-anonymize your traffic, it seems like the legal domicile of the VPN provider is what matters most, and whether the government you're worried about has subpoena power over them. Not where the exit node is.

Am I missing anything?

I mean, obviously truth in advertising is important. I'm just wondering if there's any actual harm here, or if this is ultimately nothing more than a curiosity.

▲

wongarsu 9 hours ago | parent | next [-]

Attempting to use a VPN location in Somalia and actually getting routed to an exit in Paris or London is not what I would consider "close enough". That's off by 3000 miles. That's like claiming to be in the Amazon Rainforest in Brazil while being in Montreal, Canada. And apparently 28% of locations are off by at least this much

And if I do it for privacy, the actual exit location seems very relevant. Even if I trust the VPN provider to keep my data safe (which for the record I wouldn't with the majority of this list), I still have to consider what happens to the data on either end of the VPN connection. I'm willing to bet money that any VPN data exiting in London is monitored by GCHQ, while an exit in Russia probably wouldn't be in direct view of NSA and GCHQ

▲

rynn 9 hours ago | parent | prev | next [-]

> Is there any real-life situation in which this matters, though?

You’d be shocked at the number of people in regulated industries that thinks a VPN inherently makes them more secure. If you think your traffic exits in the US and it exits in Canada — or really anywhere that isn’t the US — that can cause problems with compliance, and possibly data domicile promises made to clients and regulators.

At minimum, not being able to rely on the provider that you are routing your client’s data through is a big deal.

▲

AndroTux 9 hours ago | parent | prev [-]

Yes. Let’s take an extreme example: you think you exit in Japan, but you’re actually exiting in China. This means your traffic will be analyzed and censored by China.

The routers don’t care about where the provider says the IP comes from. If the packet travels through the router, it gets processed. So it very much matters if you do things that are legal in one country, but might not be in another. You know, one of the main reasons for using VPNs.

▲

twosdai 8 hours ago | parent | next [-]

A more general case is for legal and SLAs. If a company uses one of these vpns to make sure their traffic only travels through a specific legal path, and then it's found that their traffic entered a different territory, there can be a lot of consequences.

The case I can think of most accessible would be anything that streams copywriten video.

▲

crazygringo 9 hours ago | parent | prev [-]

Are any VPN's getting China wrong? It would be pretty obvious. In fact, common VPN's I'm looking at don't even support China as an option. Obviously no VPN's are mixing countries up where it becomes clear from what you're allowed to browse.

But so "if you do things that are legal in one country, but might not be in another" is what I'm specifically asking about. Ultimately, legality is determined by the laws that apply to you, not the country your packets come out of. So I'm asking for a specific example.

And I already said, that if a site is attempting to determine permissions based on the country, it's doing so via the same list. E.g. when the country is actually Greenland, but you think it's the UK, and Netflix also thinks it's the UK. Which is why I'm saying, at the end of the day, is there any real consequence here? If both sender and receiver think it's the UK, what does it matter if it's actually Greenland?

▲

AndroTux 8 hours ago | parent [-]

China was just an example. Try to extrapolate on your own.

Take someone from Russia, Iran, wherever, trying to access information they aren't allowed to access, or sharing information they aren't allowed to share. They think they're connected to a neighboring country, but in reality are exiting from their own country. Therefore, the traffic gets analyzed and they fall out a window.

Imagine Snowden sharing information about the NSA while using a VPN that actually exited from the US. Things might have developed differently.

Yes, it won't matter for most services. But as soon as states or ISPs are involved, you're fucked if you get it wrong.

	▲	crazygringo 7 hours ago \| parent [-]
		> Try to extrapolate on your own. No need for the snark. Obviously we're not talking about somebody in Iran or Russia connecting to a VPN that just leads back into their own country, that would be idiotic. None of the VPN providers are providing anything like that. Those don't even make sense conceptually. A Western VPN provider that an Iranian or Russian is using isn't even legally allowed to operate nodes inside of Iran or Russia due to sanctions. I'm talking about the realistic mix-ups that the article is using as examples. Where Somalia is actually going to France or something. That's why my original comment started with "Is there any real-life situation..." No VPN providers are accidentally routing into an oppressive dictatorship.