paid vpn service recommendation as of august 2015?

win 10 compatible paid vpn services? (used either with proprietary software or openvpn software or win10 built-in vpn system)
tia

 

mullvad.net, ivpn.net, airvpn.org, perfect-privacy.com, insorg.org, prq.se, privatecloud.com, bolehvpn.net, nordvpn.com. Something like that.

 

aamof, i used most of them but not on win10. what i'm asking is whether they are fully compatible with win10. you know, win10's said to have very serious privacy issues, so i wonder how that affects vpn tech.

 

Well that is a different question. All of those I listed works under Win 10. Either with openvpn or their custom client.

Privacy and Win10 are a different issue. The only way your going to block privacy concerns is by following current research into it.

There are tools/software which can reduce Win10 privacy concerns by using the host file to block calls to MS services and delete the telemetry keys.

 

did you use and test them all on win10?
i wonder what @mirimir has to say on it.

 

No I haven't tested every one of them. But by now they should all work on Win10 with no issues. Most have updated their clients for Win10.

 

If the Windows install knows who you are, either through a money trail or through documents stored on it, neither VPNs nor Tor will provide much privacy. As soon as Microsoft sees your Windows ID via the VPN or Tor exit, you're compromised. Better is using Linux VMs for private stuff. But the Windows host OS owns them, so there's no guarantee. If you need Windows, even better is running it as a VM in a Linux host. But that's not so usable for gaming. In that case, as I've said, you're safest using one box for Windows and gaming, and another box for Linux and your private VMs. And to prevent cross contamination, you want the two boxes to be on separate vLANs, at least, and best on separate LANS. Pwning Windows boxes is a standard approach for pwning LANs.

 

I've been playing around with another VPN that came with free subscription to a smart DNS service called Smartdnsproxy. The main service uses smart DNS for unblocking content and the VPN service is an extra that comes with it. There is no client software, just ovpn configs available. Router connections are supported. Several other VPN protocols are supported. The VPN service is combined with the smart dns and it is proving to be absolutely wicked when it comes to geolocation. My browser appears to be in 3 different parts of the world at once. This test just times out.

http://www.browserleaks.com/geo.

They claim unlimited bandwidth but it is topping out at around 1mbs so it is not fast. Still good enough for Android mobile devices and that is what I'm going to put it on.

 

Adding one thought as it pertains to many of us, and me for sure. If you are on a machine that has Windows installed the motherboard ID has been "acknowledged" by M$ and it knows YOUR machine ID. Its just how it is and how they control/track their product key abuses. There is absolutely no way around it. That is OK though when you are using the machine for legit gaming and REAL NAME stuff.

I mention this to draw attention to the fact that when you also use Linux - bare metal- on the same machine you are using the same motherboard. Think of the ramifications, while simple to beat they should be dealt with. So setup linux bare metal as HOST only and run virtual machines for your actual workspace VM's. The VM's have DIFFERENT physical machine ID's and there is NO traceable connection to the physical motherboard being used unless there is a breakout to the host, which is very unlikely. Also, you can adjust the settings of the VM and change the physical ID's like mac's etc.. at any time. Should an adversary manage to gain access to the workspace VM they will have nothing traceable to your actual machine.

My post is not covering all the vpn, tor, tunneling stuff this is about the smart use of virtual technology to cloak your activities. Remember the actual physical machine identity has already been established with M$.

I am just trying to help you see it through and not trying to scare you or anything.

There is a guide down in the linux forums, which I started a thread on, about how to go bare metal linux fully encrypted on a single partition. I have that running great and use around 100 Gig leaving the rest of my hard drive encrypted outside of any linux stuff. You might want to give it a look if you want to try linux 100% and not worry about windows clouding up the mix. Just a thought. I actually struggled with that thread but now I can do it in a few minutes and its sure fire.

 

thank you so much for the spot on info, mirimir.

 

thank you, pal. that's a good point. could you give the link for that thread on linux forums?

 

Link below. You will have some reading to do if you are brand new to linux. The regular Linux installers are almost automatic, but this alternate process takes a little learning to use. There were two other members on that thread that helped me figure out the simple but important items I was missing. I am running both Ubuntu and Debian side by side as I form an opinion of which is better for my needs. The thread starts a little rough and confusing, but when you get down to where a "guide" starts getting tweaked it should make sense. You don't even need to understand it all for now, but I wanted an LVM on LUKS paradigm, which is what I have now.


https://www.wilderssecurity.com/threads/idiots-guide-for-getting-luks-to-boot.378560/

At this point I have everything except 512 bytes (MBR) encrypted on this machine. I even wrote an executable shell script on my linux desktop, which compares the sha256 checksum of the current MBR to a known static mbr file (baseline). When I launch my linux desktop I always make sure the MBR has remained unchanged (not even one byte changes or the checksums will fail to match). For the record I have /boot (the files Linux needs to start) on a removable flash drive so Win 10 or internet adversaries cannot access them ever. Tin foil hat! LOL!

 

If you have Windows on one disk and Linux on another (not partitions, different disks), and if you took care to only have one disk connected when installing respective OSs (so Windows doesn't write to the other disk when installing) then what difference does it make if the mobo ID is known to MS: you can only boot one OS at a given time and the motherboard doesn't record details of the sessions.

 

hide.me is a good VPN. You get a month free trial with 2gb bandwidth.

 

you can find an god VPN on privacytools.io

Our VPN Provider Criteria

• Operating outside the USA or other Five Eyes countries. Avoid all US and UK based services.
• OpenVPN software support.
• File-Sharing (P2P) is tolerated on selected servers.
• Accepts Bitcoin, cash, debit cards or cash cards as a payment method.
• No personal information is required to create an account. Only username, password and Email.

We're not affiliated with any of the above listed VPN providers. This way can give you honest recommendations.​

 

It is an interesting site with good information but keep in mind that what each of us need in a VPN is different. I need privacy more than anonymity. I live in one of the five eyes countries and accept the fact that there is mass surveillance of internet traffic. I have a history of community activism and a public persona related to it. I'm not worried about the NSA, I'm not doing anything that would attract the attention of the NSA but I have local adversaries that would love to take a peek inside my computers if they got a chance.

As far as VPNs are concerned, I'm attracted to ones that have something different and experimental. I don't use custom VPN clients and just want compatibility with standard protocols. NordVPN is interesting to me because they have some interesting things like their TOR VPN combo. I like the idea of being able to use TOR through a VPN server and not have any TOR client software on my computer. The SmartDNSProxy service that I stumbled upon by happy accident is another interesting experiment because combining a VPN tunnel with smart DNS so scrambles geolocation. Geolocation is a big issue with mobile devices and that makes it ideal for them.

 

I actually used to do that using removable swap trays back in the IDE days. Only later I discovered the way physical ID can compromise a user so read below for my take

My feeling on the subject, and opinions might vary:

Lets say an adversary were to penetrate your linux OS somehow (it does happen). With proper/common tools they simply gather the physical ID of the motherboard that is running your OS (it remains unchanged). Now if that adversary is a Gov't agency they might consider going to M$ and asking if there is a Windows OS, which they have registered to the specific machine ID in question. It wouldn't surprise me if the Gov already has a direct link and wouldn't even need to call. If the answer is YES (M$ shows the exact physical ID) then they have positively linked your linux machine to the Windows machine and whatever they know about YOU on Windows is probably too much if you are reading this thread and have any concerns!

By far the best option is to acquire an anonymous laptop and NEVER use Windows registered to you or your home on that machine. That is not really feasible for many folks. Not everyone has an extra 1000 bucks laying around for such a nice option. So, what to do?

The next best answer from my perspective; setup a linux HOST only OS and then use ONLY virtual machines for workspace internet surfing. These VM's can be NAT'd or bridged via the host. If configured properly they will NEVER allow an internet connection that reveals there even is a host of any kind. Because of how secure this method is most malware is designed to self destruct if it even detects that it is running in a VM. They do that so you cannot easily "map" what the malware is attempting to do. The virtual machines are anonymous in that there is no correlation/ID associated to the actual physical computer you are using. Further the virtual machine ID can easily be changed whenever you want to do so.

Word picture: the linux host OS is vpn'd (& wrapped in SSL tunnel for extra measure) and this is all your ISP or backbone observers will readily see. After that further VM's and relays using any subsequent vpn providers OR TOR, only exhibit virtual physical ID's even if they were to be compromised.

Users/Testors play around with "breaking out to host" scenarios, but in the wild I can't find one true instance of it happening.

 

@Palancar
Thanks for your comprehensive answer.

 

Regarding Windows, it is best to use a manufacturer supplied OEM system that uses SLIC table activation. These use a common Windows PID across thousands of computers. Unfortunately this system went out with Windows 7 and anything later is going to have a unique PID and product key. If it is manufacturer supplied OEM install, it will be in the bios of the machine itself and that unique identifier will still be there even if you install Linux. I'm sure the free upgrade to Windows 10 will include a unique PID that tags your system among other privacy concerns.

 

Joxx, you are welcome

MisterB, reason to employ VM's without fail -assuming you can't afford another computer!

 

Every version of Windows since XP has serious privacy issues, and they just keep eroding more and more with each passing version. It may honestly be a pretty moot case what you use/try to do anymore. I would use a dedicated box, like a newer laptop with VT-x, VT-d, EPT and TPM... Host XP Pro on it and run a Linux distro and use that if you need to do sensitive type stuff. And/or with the new Virtualbox 5.0, I haven't read through everything yet but it introduces some spiffy new things that can help make that process more seamless. Look for it in a thread in here about Virtualbox.

Also unless you have the means/know how to set up the type of rig Mirmir has illustrated both in here and at iVPN's site, you may want to get a good router (or two) that either allows you to store VPN configs in them or flash them with dd-wrt firmware and go at it that way.

My favorite two right now are Mullvad & PRQ (in that order), though I use the hops in the opposite order. I used iVPN before too and liked them very much. I hear a lot of people talking about Private Internet Access these days but have never tried them myself.

 

There are many reasons to use VMs, and not do anything in the host itself, except maintenance and maybe running your initial VPN client. If you're very paranoid, you can disable host network access, and run your initial VPN client in a pfSense VM that's bridged to the host NIC. But then you can't update the host. So there's a tradeoff.

 

Agreed. If I were running windows on my "private" computer I would bridge in PFsense instead of direct/NAT to the motherboard. With Linux I don't worry about it as much (hoping Wireshark or similar will capture any breach), and I am willing to accept the tradeoff in exchange for vpn1 access to linux upgrades on the host. No workspace usage on the host!

 

Questions for palancar/mirimir

That is some next level privacy stuff not ever reached that level but it does peek my paranoid interest coming from a windows user.

Just to get a basic understanding are you suggesting use a Desktop or laptop for Windows stuff ie gaming/banking(perhaps a normal isp connection or VPN provider 1), buy a 2nd desktop or laptop and install Linux but just in case of that unique id, motherboard id or bios tagging or anything else to id yourself you can run a separate linux VM for anything private (running off a different LAN like VPN Provider 2) ?

Could be completely wrong on the above !

 

Yes, Paranoid Eye.

I use pfSense on a low-end box as my perimeter router. The box does have a four-port Intel server card, though. pfSense is setup with three LANs; one for work, one for casual non-work and the family, and the third for Mirimir and other private stuff. Each of the LANs can reach the Internet, but none can reach any of the others, enforced by routing and firewall rules. I don't run any VPNs on the router.

As I've said, I keep old computers, so there's no need to buy. I use the newest one for whatever needs the most resources. In my case, that's now my main VirtualBox host, which I use only for Mirimir and other private stuff.

My next newest box runs Windows 7, for crunching data in Excel (which uses multiple cores). It's on my work LAN. I only boot it when needed.

I use older computers for testing stuff.