While this forum has been an incredible source of information conserning anonymizers there are still a lot of services which are completely unknown as far as reputation and quality of service goes. I haven't found any reviews for them (or for many others) so I'm basically left with the ad claims from their sites. Here are some I'm interested in:

1) Trilightzone. Many servers in different countries and several other
service options. (Read from this forum that they might be affiliated with
privacy.li. Yikes) Any user experiences?

2) Neomailbox. Mostly an email service but Netherlands and Swiss tunneling
available. No linux compatibility for tunneling software mentioned in the
help section?

3) Anonymouse paid service. Only a proxy but with SSL and other filtering
options. They have been in business for a long time so that should count for
something.

4) Cryptohippie. Sort of a new kid on the block with their service now
available for individuals. A pricey (275$) multihop service.

There are along out there and as anonymizers are niche industry, however most information about them are found in forums and usenet and are hard to search for. However from experience many use the same system and there isn't too much difference.

1: Trilightzone are know to use the same servers as Privacy.il a very dodgy service, not only for baiting users but using information gained to silence any protenial bad press. looking around here should reinforce this reputation.

2: Neomailbox has been around a while and hasn't much of a presence on the internet. they offer a ssl tunnel to the netherlands for 29.95 or boxed together with thier mail service for $69.95. however its limited to 500megs a month bandwidth and really is for securing email and light browsing, excess bandwith is really expensive.

3: Anonymouse are quite well known and have quite an extensive presence. However they are only a cgi proxy and as such probably aren't worth paying for, they are only good for anything within active windows and any other windows/pop-ups will show your ip. other providers of cgi paid proxies are megaproxy, proxify and the cloak, all do about the same.

4: Cyrptohippie are the new kid on the block and aren't that expensive for what your paying for. your are paying for a multi-hop VPN that is secured against evedroppings and man in the middle attacks. They are miles ahead of the competition and are only about ~$22 a month. They have servers around the world in politically stable countries with very minimal logging. The only service that comes close is Xerobank and they only have a 2 hop network with exit nodes in canada and netherlands, with is 35 a month or ~400 dollars a year.

So basically your best bet is cyrptohippie, they are a solid service with the backing of experience, they are also a third party of the network, with a whole other company responsible for the network. 2 and 3 are good for light surfing where you have no control over the system and 1 should be avoided like the plague.

Thanks for the reply fuzzylogic. I pretty much came to the same conclusions
based on the limited information I found. Like you said they are a niche industry...

No problem, don't be afraid to have a good search, a good place to look is groups.google.com, whom you can search through Usenet to find more information, or google.com to search for forum posts. These have been very useful to me and have a great resource; but be prepared for the tinfoil crowd and shift through the paranoia ;)

Xerobank has 3 hops.

I was sure that Xerobanks personal offered a 2 hop (Your ip - USA - Netherlands/Canada), where the business offered Oynx network offered a 3 hop network.

Unless I am just completely off, and I don't think I am, the personal version has 3 hops and the small business runs through the new cryptorouter and goes through the new "blacknet". I don't have enough technical knowledge to understand blacknet, except that it is above and beyond the ordinary 3 hop xerobank network that has been offered. I have seen it discussed and the added benefits mentioned, but I do not understand the terminology yet. I hang out mostly in the "Special Ed" section, LOL! Also, there will be a new low grade version with only one hop soon for $10.

http://forum.xerobank.com/index.php/topic,211.0.html

http://xerobank.com/cryptorouter.php

Looking forward to looking at ShadowVPN, but steve seems pretty slow in releasing stuff but does deliver in the end.

I'm pretty sure that it was a 2 hop network, at least at the start anyway. I sure there was an argument here or on usenet about how a 3 hop network was a minimum for a anonymous network. It may of been improved since then, i kinda gave up on following xerobank, too hard to get good information but i long got over that and now just follow the niche of anonymous networks.

Through I'd like to see what cryptonewbie choose in the end. They were all good choices (expect trilightzone) and have good uses in different environments ie cgi proxy in an locked down system ie cybercafe/library/school, stunnel for light surfing and a full on VPN 3-hop network for total solution.

{QUOTE-> Looking forward to looking at ShadowVPN, but steve seems pretty slow in releasing stuff but does deliver in the end.

Through I'd like to see what cryptonewbie choose in the end. <-QUOTE}

Decisions decisions! I am still undecided but partially in the game. Opted for a 3 month package from StrongVPN and the cgi proxy from Anonymouse. Why choose one when you can have two. I have a soft spot for them because I have used their free service for a long time. The SSL proxy is much faster with no ads. Strong is 20$/month. Annual fee with openvpn is 215$. So far so good. Speed is excellent. I notice only a very small lag. Using it right now. I can finally take advantage of wireless which I get free from my employer :) The price is very steep considering that Cryptohippie is only 60$ more with more countries and hops. It does look very tempting. ShadownVPN looks very interesting also. Hope they get it running soon.

{QUOTE->
I'm pretty sure that it was a 2 hop network, at least at the start anyway. <-QUOTE}

I just realized what you are referring to now. There use to be a Plus account. It was just the browser and not a VPN. But is did go through the Xerobank network (not Tor0. I think it was $10 a month. I started off on the Pro and had completely forgotten about the old Plus accounts.

I'm still sure their current offer goes through only 2 hops for personal and business/government goes through a 'blacknet/oynx network'. Could steve drop through and answer this?

Plus = 2 hop
Pro = 2 hop
--------------
Personal = 2+ hop
Onyx = 3+ hop
Onyx Advanced = 4+ hop

Okay. I guess I was wrong about the 3 hops for a pro or XB2 account. I don't know how I got confused about that.

{QUOTE-> Okay. I guess I was wrong about the 3 hops for a pro or XB2 account. I don't know how I got confused about that. <-QUOTE}

Well, it's 3 hops to your destination for Pro and XB2, it's an easy mistake.

You -> Node 1 -> Node 2 -> Destination

The reason is that more than 2 nodes are needed if the control of the nodes is decentralized, meaning you need to obfuscate the traffic from one operator to another. In a network where node operators can't be trusted, like Tor, you need 3 nodes to obfuscate identities from each other. The first two are obviously needed, but why the third? Because if you are the first party, and you're handing off to another node, you know not only who's traffic it is, but you also know the node it is exiting from, which defeats context obfuscation, and greatly lowers anonymity. We don't have that problem because we control all the nodes.

thanks for the steve, i thought as much. another quick question, is the onyx network your network or an extention of the cyrtohippie network?

also does the onyx network use the same exit nodes as the regular xb (paid) network?

netherlands, u.s. or canada?

Basically I'm wondering if the onyx network has different IP's than the regular xb (paid) network and if they use different servers.



Thanks

Onyx uses none of the same exit nodes that xb2 uses. The most basic level of onyx provides >1000 USA IPs, in addition to other countries. For onyx advanced with large contracts, clients get access to 5,000 to >100,000 IPs. However, remember that lots of IPs != anonymity. Infact, quite the opposite. Those who need lots of IPs are those who have adversaries who try to filter by IP address.

{QUOTE-> Onyx uses none of the same exit nodes that xb2 uses. The most basic level of onyx provides >1000 USA IPs, in addition to other countries. For onyx advanced with large contracts, clients get access to 5,000 to >100,000 IPs. However, remember that lots of IPs != anonymity. Infact, quite the opposite. Those who need lots of IPs are those who have adversaries who try to filter by IP address. <-QUOTE}

How can I get more information on the onyx network, pricing, etc.. I'd also like to know if there are any additional features than xb2 and a list of which other countries you have exit nodes/IP's in.


Thanks

Mr Paquette and Mr Estes handle onyx sales, but I do know the spec details. Pricing starts at $2900/year, and includes a free cryptorouter. The exit nodes are USA, Germany, France, Switzerland, Russia, Netherlands, and we can add exit nodes countries per contract.

I have not been able to find Cryptohippies website after googling for it.

Three more little known anonymizing services:

Hideway, Jondos and VforVPN

I've used all three of them, and I had only a problem making Hideway
work with Vista 64 bit, but Jondos and VforVPN worked great, two
different privacy approaches, the former using a chain of proxies and the
latter using a single proxy (OpenVPN or PPTP).

Did you notice the owner of VforVPN is a high school student? Pretty cool if you ask me. But I will never use a US vpn. That pretty much defeats the purpose.

I had not seen the owner of VforVPN is a high school student, probably not someone you would want to trust your privacy to.

But most times You get to know very little of who is running the VPN you are using. Maybe not high school students, but you can find all kind of strange personalities out there too.

I often read this, I would not use a US based VPN, but there aren't too many alternatives, Germany,Switzerland,Sweden,Denmark...basically it is between the US,Europe and some proxy servers in Hong Kong/Malasya(SurfSolo).

As for location, Guardster located in Nevis (West Indies) seems to be the best, regarding privacy laws.

From a privacy aspect a US proxies isn't good, but for watching hulu and nbc then its another matter.

I wonder how good of a proxy in japan would go?, it has good international peering, no data retention laws and fairly good privacy laws, i mean www.anonymousspeech.com works out from there for anonymous email (hosting is from malaysia).

{QUOTE->

2: Neomailbox has been around a while and hasn't much of a presence on the internet. they offer a ssl tunnel to the netherlands for 29.95 or boxed together with thier mail service for $69.95. however its limited to 500megs a month bandwidth and really is for securing email and light browsing, excess bandwith is really expensive.

2 and 3 are good for light surfing where you have no control over the system and 1 should be avoided like the plague. <-QUOTE}

Fuzzylogic,

I am responding to your post on Neomailbox. I just discovered their website, the services do look interesting and it seems Neomailbox is a serious company.

Could you knidly enlighten me on the following aspects, as I'm in the learning stages:

its limited to 500megs a month bandwidth and really is for securing email and light browsing.
This refers to download/upload speed, or means that we're alowed to download a total amount of 500MB of data during one month?
Light browsing: does your comment imply that going through the Neomailbox tunnel affects the ability to download a lot of data (such as torrents for ex) or does it imply that simply browsing (downloading internet pages) is slow?

no control over the system and 1 should be avoided like the plague. <-QUOTE}.
What do you mean by this?

I am residing in Switzerland. In this precise scenario, is there an advantage of passing through a tunnel with servers in Switzerland?
Is it correct to say the closer the tunnel's servers are to one's computer and to the servers of one's ISP, the better the speed and performance?
Or does locations and distances between computer-ISP servers-VPN tunnel servers have no effect on browsing speed & download capability?


Thanking you in advance for anytime you may give in sharing knowledge.

Best regards.

hey, yeah neomailbox have only just recently in the last few month offering tunneling services along side their email services. I'll answer the questions as numbered;

1, light browsing is basically only surfing simple webpages and email once and again, 500 meg is burned pretty quickly with streaming media/flash games. Torrenting wouldn't be a good idea over this system.

2, no control over the system would imply a system you dont' own or know whom's used it or controls it. this includes public cafes/wi-fi. these tunnels give you protection against evedroppings.

3, you wouldn't gain must in the way of benifits from someone outside the country. proformance/speed maybe. Usually one looks for a proxy outside of their country as to make it harder for court orders or people to findout what you've been looking at. Europe has a better peering between countries so i wouldn't believe you'd bee worse off speed wise with a proxy in another european country.

Thank you FuzzyLogic.

I have a clearer picture now. I now see what you mean about what's the use of choosing a server in another location from where one is (jurisdiction etc).

What do you think about the secure email?

I'm looking for a paying email account because I no longer wish to have ads embedded in emails I send to people.

What do you think about the IP being hidden in the headers? I mean, from the point of view of protecting oneself from eavesdropping, email ID theft etc. Is hiding one's IP in email headers a good extra security against whatever malicious people are up to?

Do certain people, or rather certain email clients and websites, block emails that contain no IP in them? I mean, the spam filters integrated in email clients/websites, do they block emails with no IP in header?

It wouldn't be good if we pay for a secure email that hides our IP and then some of our emails would be marked spam in the receiver's inbox. I don't know how spam filters filter so this is just a thought that came to mind.

I appreciate your giving time and any feedback.

Best regards.

really doubt a paid email service would be blocked, unless they do not care about spammers and thats very bad for business in most cases. Blocking via no/different ip address is rather ineffective way of blocking emails, you can always change/forge another ip address.

There are other besides neomailbox which remove header info from emails, lavabit does the same thing as well as mutemail and safe-mail.

Secure email is really up to you whether or not what emails you get are that important, i guess if you get alot of bank emails/bills via email and wish for the extra protection then go for it. For basic private email then lavabit stands out for quality and effectiveness for money, they encrypt your email on the servers as well as encrypt to and from the servers but not the the sender, thats where you'll have to use GPG to encrypt them yourself. Through on the downside they are hosted in the US so if that does help you then probably neomailbox should be good second option.

{QUOTE-> For basic private email then lavabit stands out for quality and effectiveness for money, they encrypt your email on the servers as well as encrypt to and from the servers but not the the sender, thats where you'll have to use GPG to encrypt them yourself. Through on the downside they are hosted in the US so if that does help you then probably neomailbox should be good second option. <-QUOTE}

Thanks for the feedback.

I had failed to find Lavabit before reading your post. Interesting. Thanks for pointing out to me their great feature of server encryption for stored emails. :thumb:

I give them credit for the openess and thorough information provided on the website, with no emphasis on "secure email" as a marketing catch. I believe they really do put their principles first and it looks like their values are the motor of their project rather than just a marketing tool (like many do). Out of all the email services providers I've visited until now, they come out as the most transparent and trustworthy along with NeoMailbox.

I opened a free account for test. I might say that the webmail lacks features, but as they say they are growing rapidly and improving their features constantly.

Still investigating into NeoMailbox. I'm trying to find out if they encrypt email storage on their servers like Lavabit. Waiting for a reply. I'll post here (http://www.wilderssecurity.com/showthread.php?t=231651) to update that.

Regarding NeoMailbox choice of email servers, Netherland's policies on private data protection has more to offer to the individual than a US-based email server, that's clear. See here (http://neomailbox.com/component/content/article/217-multiple-server-locations) if you're interested. I have to say that the policies in the US with p.a.t.r.i.o.t. act are really something.

I'm also enquiring if they will add in a near future secure email services through their Switzerland-based servers, as Switzerland offers one of the best guarantees when it comes to indivdual private data protection, in terms of official policies, in the world.

Thanks for the exchange. Best regards.

{QUOTE->

Regarding NeoMailbox choice of email servers, Netherland's policies on private data protection has more to offer to the individual than a US-based email server, that's clear. See here (http://neomailbox.com/component/content/article/217-multiple-server-locations) if you're interested. I have to say that the policies in the US with p.a.t.r.i.o.t. act are really something.

I'm also enquiring if they will add in a near future secure email services through their Switzerland-based servers, as Switzerland offers one of the best guarantees when it comes to indivdual private data protection, in terms of official policies, in the world.

Thanks for the exchange. Best regards. <-QUOTE}

Switzerland is a data retention country. For years they have logged all email traffic for 6 months. It does have good privacy protection for an individual compared to many others but after 9/11 even the Swiss privacy protection has loosened to covertly accomodate The Patriot Act. Look for website policies. Many which refer to laws are dated November 2001. This of course doesn't apply to Swiss services only.

{QUOTE-> Switzerland is a data retention country. For years they have logged all email traffic for 6 months. It does have good privacy protection for an individual compared to many others but after 9/11 even the Swiss privacy protection has loosened to covertly accomodate The Patriot Act. Look for website policies. Many which refer to laws are dated November 2001. This of course doesn't apply to Swiss services only. <-QUOTE}

Hello AnonG,

After reading your post I decided to enquire.

I was under the (wrong) impresson that because of certain safeguards existing within the Swiss legislative system (such as the referendum (http://www.swissworld.org/en/politics/people_s_rights/people_s_rights) enabling citizens to challenge laws, the Transparency Act and the existence of a Federal Data Protection & Information Commissioner (http://www.edoeb.admin.ch/org/00447/index.html?lang=en) who's role is, amongst others, to supervise infringmenets to data protection and supervise federal bodies), Switzerland was "safer" when it comes to government bodies seeking to intercept communications.

However, I see after looking into it that it's not the case at all. I was also under the wrong assumption that there were more safeguards to protect privacy and data, because some websites I've seen speak of Switzerland as "Switzerland is outside the EU and is not subject to the EU directive on data-retention. Comprehensive privacy legislation makes Switzerland one of the most privacy oriented jurisdictions in the world" (quote).

All this lead me to think that it was a place relatively less affected by privacy infringement than perhaps other areas more notorious for that.

But after reading a few article (perhaps this (http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-83795) is the website you were reffering to), I get a clearer picture. I see that I was too quick to give Switzerland a good reputation in terms of privacy/data protection. I should've done more research before making the claim.

We learn as we go ... thanks for rectifying.

Best regards.

6 months is that all )?, UK is kicking Swiss ass for that one, 2 years of logging all emails, sms, phone and internet sessions. From my prospective it still requires alot of work to get to that information and there are still some good safeguards on what can and cannot be done.

Better than some countries that have no or very 'loose' definations of privacy. Still some countries haven't lost their backbone and still have good privacy laws, Netherlands, Luxembourg, etc would be ideal new places to place good proxies/email services.

Anyway getting back to business, keep us informed about lavabit and neomailbox, i'd be interested in what you think of their services.

{QUOTE-> 6 months is that all )?, UK is kicking Swiss ass for that one, 2 years of logging all emails, sms, phone and internet sessions. From my prospective it still requires alot of work to get to that information and there are still some good safeguards on what can and cannot be done.

Better than some countries that have no or very 'loose' definations of privacy. Still some countries haven't lost their backbone and still have good privacy laws, Netherlands, Luxembourg, etc would be ideal new places to place good proxies/email services.

Anyway getting back to business, keep us informed about lavabit and neomailbox, i'd be interested in what you think of their services. <-QUOTE}

I see you are quit uninformed regarding The Netherlands.
That country has new legislation coming up, later this year.
The manufacturing of it has been going on for a couple of years now.
Although it got some criticism from several privacy-watchdogs en Internet Service Providers, it still got from parlement to the senate and will now, later 2009, be voted by the sitting government itself.
Because it has been passed by the complete parlement, it will for certainly be actual law by the end of this year.

This concerns logs of internet- and cellphone traffic, for a period (I thought) of 6 months or 9.

Just to let you know.