Anyone tried XeroBank (formerly Torrify)

I wanted to try the demo but my av flags it as firewall disabler.

http://www.virustotal.com/analisis/9e0750f78959087d935b8a301581129c

 

Pricing isn't my area at all. Those numbers are just my suspicions for xb 2.0, same with download quotas. Although I imagine the download quotas will be huge comparatively.

 

False alarm.

 

Whose area is it? I don't think we'll be getting an answer to who profits from XeroBank. This "transparent" company gets that reputation just because the developer uses Wilders (and their bandwidth) as their own forum since they don't have one of their own. I don't care who is coding XeroBank, I care about the money - who owns XeroBank? I provided examples of how PGP is open about it, Anonymizer is open about it, COTSE is open about it, but XeroBank - who prides itself on openness ----- hides the ownership!!

So, pricing, not an unimportant thing -- is not "your area" --whose area is it? Who OWNS XeroBank?

 

No offense, Steve, but I could not read the comparison chart.....at all....so I fixed it a little. Have you explained the difference in XB Pro and XB 2 anywhere? In lay terms, hehe!?


Service-------Price---Protocol---Speed-------VPN--Surfing-Email--Storage--VOIP--Logs------Corp_Juris
Tor-----------Free----SSL--------20Kbps--------Y----N-------N-------N---------N-----N/A--------Multi
Relakks-------5e/m----PPTP------100Kbps-------Y----Y-------N-------N---------N-----?-----------Sweden+
Anonymizer---$10/m---HTTP------100Kbps-------N----Y-------N-------N---------N-----All----------USA
Findnot-------$45/m---PPTP/TLS--200Kbps-------Y----Y-------N-------N---------N-----All---------USA
SecureTunnel--$10/m---SSH------110-1200Kbps--N----Y-------N-------N---------N-----All/Abuse---USA
MP*Tunneler---$20/m---SSH------200Kbps-------N----Y-------N-------N---------N-----Abuse------?-
MP*Pro--------$35/m---TLS------?Kbps----------Y----Y-------N-------N---------N-----Abuse------?
XeroBank*Plus-$10/m---SSH------200-700Kbps---N----Y-------Y-------N---------N-----Abuse-------Panama
XeroBank*Pro--$35/m---TLS------1500Kbps------Y----Y-------Y--------N---------N-----Abuse------Panama
XeroBank*2.0--$30m----SSH/TLS-1500Kbps------Y----Y--------Y-------Y---------Y-----Abuse------Panama

Service-------Privacy---Hops--Notes
Tor-----------Medium----3------Malicious exit nodes sniff traffic
Relakks-------None------1------Very unsafe. 100% dns leaks.
Anonymizer----None-----1-----No encryption. Bad jurisdiction.
Findnot-------Low-------1-----Unsafe. DNS leaks. Bad jurisdiction.
SecureTunnel--Low------1-----Good design, Bad jurisdiction
MP Tunneler---Medium---1-----Looks good
MP Pro--------High------2-----Looks good
XeroBank Plus-High------2-----Looks good
XeroBank Pro--High------2-----Looks great
XeroBank 2.0--High------2-----Looks excellent

 

I have been lurking here for sometime and I have to agree. There is a total lack of transparency. Panama or the West Indies? They log abuse so what it the point if a subscriber is not up to something nefarious? And if they were, they would be smart enough to use a dead-drop on a free usenet access forum using PGP. Or any of the hundreds of binary forums to drop a PGP or Truecrypt container attachment. Tunnel in; no tracks; buried in the clutter of hundreds, if not thousands of posts a day.

Nothing personal, but I smell a possible poorly veiled sting being run here. Could be wrong, but too much hyperbole and too many unknown fan boy testimonials who have not been here over the long run. What are they really offering that can not be gotten with Steganos as far as a VPN. If you are on the up and up and have nothing you want to hide from LEA then it will serve nicely as a vpn. If you do have something to hide then you need to have control from start to finish. Anyone else in the chain who is an unknown is a security compromise and Xerobank is an unknown

Good point too, about no forum. No, who we are; nothing. If they have nothing to hide, then they need to stop the rhetoric and give some direct answer as to who, what, why, when and where. People are reporting German IP's. Privacy is out the window there. The real sticking point is they log abuse. So where is the privacy if they are logging. And even if they say they are not logging, how do you really know. You take there word for it? OK, sure why not if you have nothing you want kept secret. What do you really know about Xerobank? And if their servers are in Germany they have to log and you can bet if it is XeroBank traffic it is going to be scrutinized by the very fact that they advertise privacy.

Who, if they want to hide their tracks, would subscribe to a service that is advertised to do just that when there are so many other ways to do it better, faster, cheaper, and no third parties in the loop? It is like joining "Felons are Us" to plan the heist of the century.

If there is an unknown in a security chain, and Xerobank is an unknown, and is therefore a weak link. The 'you have to trust someone' is BS. The first principle is trust no one unless they and everyone they have been associated with has been vetted from their date of birth to the present time. And then it still takes years and they could be not as they appear. So again, what is the point, and what are they hiding by their lack if transparency.

Jessme

 

Genady,
a whois taken from xB domain gives three names. I don't know if they are enough for you:

http://network-tools.com/default.asp?prog=whois&host=www.xerobank.com

Registrant:

Koenig, Florian
PO BOX 636
Charlestown, Nevis
KN

Domain name: XEROBANK.COM

Administrative Contact:

Topletz, Steve admin@torrify.com
TORRIFY LLC
PO BOX 636
Charlestown, NEVIS
KN
+1.8888677439

Technical Contact:

Herzog, Stefan stefan.herzog@torrify.com
PO BOX 636
Charlestown, Nevis
KN
+18888677439 x23135

About what you are discussing, I am confused about this need of revealing the identities of who owns XeroBank. If this is a anonymous company, why they will release their personal informations, the names of the real people who owns the company? They should be kept in the dark to avoid others to bring this service down.

Don't you think if they were so open and transparent, they will still be here today? I don't think this is the real issue here. Either you trust them, or not. What if they were so transparent and in the end you find out all their personal info was not true?

We don't need to know who is behind of Tor to trust them. Sure they are not perfect but usually are very much used every day.

 

vBulletin lacks table formatting in posts. Alas. Your display is much better, thanks Caspian, it looks like you deciphered it.

The difference between XB Pro and XB 2.0 is pretty large. First off, XB 2.0 will have VPN just like Pro, but will have SSH like Plus as legacy for when you are on a guest machine and can't install VPN drivers. You can also have "unlimited" amounts of concurrent VPN connections for an account. So that means your notebook, PDA, home and work computer can all be on XeroBank at the same time.

Next, in XB 2.0, no more SMTP blocking. You no longer have to register your outbound SMTP servers, you can use anything. This was one of my suggestions. XB 2.0 gets you access to new features as they become available. Surfing is the same except a brand new network. You get to pick your exit country right from the task bar.

No more size limitations on email boxes. The sky is the limit, although there will be a "soft" 20GB ceiling that you bypass.

Being in XB2.0 also gets you access to all future services too. We'll be rolling out unlimited offshore data storage, and later in the year we will unveil encrypted VOIP servers and software for your smart phone. The plan is to keep adding benefits to the accounts.

XB2.0 users will also be able to elect to get plastic Access Cards to use their services. Just carry the card in your wallet, go anywhere and download your software, plug in your card number, xB software configures the rest for you.

Regarding logging. XB doesn't do logging unless the machines notify us of abuse, only then it gets checked for being abuse. The others that I list as "abuse" do complete logging but supposedly only keep abuse logs. We prefer not to create logs in the first place, unless we suspect abuse.

 

Good question. People always want to know what is in the magician's hat, which is natural. If I was an outsider who had to make an educated guess, I would say this might be a good move for "Levereged Unpredictability".

PGP is a US corporation, and is subject to National Security Letters. They already have nothing to lose by giving you more information, they are at the full mercy of the US. I'm not a lawyer so I can't vet that, but just as a security guy I would rather go with the guys who are less vulnerable by design and are a private corp, rather than the very vulnerable and/or public guys. A lot of that public information for PGP may be marketing, warm fuzzies, and a US requirement of public disclosure, who can say?

 

TOR is a bad example. Truecrypt would be a bad example. These are free applications. XeroBank is a commercial service - a for-profit company. I think users should know who is behind it and check it out all they want. As the poster above you said, it is silly for them to expect trust just because they ask for it. Jessme (good post by the way) also mentioned Steganos. Well, I can check these guys out if I so choose:
https://www.steganos.com/us/company/team/
I had previously mentioned Anonymizer, PGP, COTSE and others - they are all very upfront. XeroBank is asking for trust without revealing who they are. We hear from Steve here at Wilders - what does that tell us? In the WHOIS you listed, he is listed as the administrative contact, in an interview he gave a month or so back to a magazine he was identified as a "consultant." As for the other two names in the WHOIS, I have no idea who they are.

You say they are an "anonymous company", well, I agree, they certainly are. But you are talking about the service they provide. I don't quite understand, if they are needing to "hide" as you suggest then why is Steve Topletz here? He's easy enough to track down - he's in real estate in Dallas, TX according to Google. But, he says he's just a member of the "team", a "consultant", the "administrator" -- pick the description/title-of-the-day.

I was also amused by his self-conducted comparisons with other VPNs. Did you see who rated the best? XeroBank and - yep - there's that name again: Metropipe! Was I surprised?

Too many unanswered questions.

 

Always a pleasure watching you spin your wheels Genady. Metropipe was pretty good in my opinion. I'm not out to unduly badmouth or cheer anybody on, I just call it how I see it: other than XB, there isn't anyone close to MP's offerings except perhaps SecureTunnel. Honestly, I think you see me talk more positively of SecureTunnel than anybody else. You should suggest I'm a shill for them, just to keep it even. I don't know how the rest of the team feels about Metropipe, or even if they acknowledge their existence. But I do know they are all very proud of what they're doing for XB.

As to the titles, there is nothing mutually exclusive about being an administrator or consultant. All XB hires I know of are consultants and advisors, for whatever reason.

I think if you find out who the team players are, you're going to be crestfallen that it turned out to be such great guys. But I have faith in you, I know the witch hunt will continue to the ends of logic, and beyond reason. Personally, I don't care if the owner is Santa Clause, Satan, or Shakira because they're locked out of all compromising data, and they're letting us build the most amazing anonymity network on the planet.

 

Witchhunt? By wanting to know who it is that is asking us to TRUST them with our privacy and surfing habits?

You only respond with more marketing spin, Steve. All I hear is they, they, they. Well.....who the hell is "they"?

It is obvious you have much to hide.

 

Genady, you aren't trusting "they". They don't have access. They don't manage the privacy practices or network. You're trusting me and the other team members, so I fail to see your point.

 

May i suggest that you take the approach of Ironkey. They are basically in the same field with exactly the same problems. Instead of sitting by the product and coping alot of flank they actually not afraid to answer any questions thrown at them. They will even take any ideas on board and reply to customer feedback. Wouldn't believe it take much to setup a forum.xerobank.com, have your designers, consultants and sales people just spend 10 minutes a day answering these questions, not only does it build a small community but you will not have to go through the same loops and same questions, and people will have the satisfaction of knowing there is more than just a one man show.

 

Steve, about the Windows Media Player and Real Media streams (which are trying to leak your true IP and can't be controlled like Java/flash), Paranoid2000 said on the other thread:

You should be able to anonymise WMP (or any other application) by "socksifying" it regardless of its lack of proxy support.

I haven't checked that, but I don't think the answer is to block both of them from xB while using Tor. We should be able to use plugins without leaking our true IP, along with the browser. If that's not possible to manage on the browser, why not change this by following explanations left here?

You see, thanks to Paranoind and my insistence, I was able to find the correct rules to block Java/Flash from leaking my true IP while using xB browser. And wasn't necessary to block them using Noscript.

About the "Restart Firefox button", it can be seen after you finish downloading the extension, Firefox asks you to restart the browser. The same goes to applications for Windows, they ask you to restart your computer, otherwise they will not work. I don't think you will solve anything by removing any functions. Tomorrow you are going to block Java or Flash?

As for the Noscript configs, I saved what you have modified a long time ago. Remember that NoScript by default comes with Google/Yahoo sites allowed on the whitelist, and you have changed the NoScript to block most threats out there, including Web Bugs and that sort of thing. This time on xB 2.0.0.12b you forgot to enable some of these options.

As you can see on this post, this is the way you have used to configure NoScript in the past:
https://www.wilderssecurity.com/showpost.php?p=1107761&postcount=4

 

About this comparison chart, I noticed that some jurisdictions are located on US, and today I was looking this interesting entries on Steve's blog:

 

Oh...They don't have access...they just own the company. I see.

But, while you're on the subject of "team members," just who are they? I'm not sure what to think. Maybe this IS a one-man show and you're trying to pretend otherwise. Maybe you're a honeypot for the government. Maybe you're a honeypot for __________. Can't you see the problem? Everyone is left to wonder just who XeroBank is; and without your being open and transparent, people can say and think anything they want. Hence, you've got people like me who are wondering what the secrecy is all about.

 

Fuzzy,

We had a forum at one time, and it was great. But you're very wrong about not answering the same questions. People would ask the same ones over and over again. I dare say I answer more questions here, on neutral turf, than I did in our own forum. The issue of hosting a forum isn't really a big one. Servers are cheap. We *could* again but I'm not sure that it warrants it at this time. When I first started writing Torpark it made sense because the software wasn't as mature as it is now. How many XeroBank threads are there on Wilders? 5 at most? And the rest are handled through the XB helpdesk. Is there some outcry somewhere for XB assistance that I haven't heard about, so much so that a new forum is needed? I'm interested in it. I would love a reason to say "yeah, let's bring the forum back."

Jim,

We actually didn't change any configurations at all. It appears NoScript has changed their code, requiring more changes, which is fine. I'll take a look at it before the next release. NoScript has a very far way to go. So it isn't a surprise that things are changing internally, causing external problem.

 

Now you're on the right track. That information should be released on the new website launched at the end of this month.

 

thats the great thing about forums, even if the same questions are asked, good threads that explain them can be linked to and then the thread left to die. The problem with single threads are they become long and are hard to find specific information relating to ones question. Also information may become outdated and new a new thread used to bring it up to speed.
Even if you can't be bothered setting up a forum then at least a community FAQ about xerobank wouldn't go astray, again i'll use ironkey (i just think they have such a good layout and strategy to this), learn.ironkey.com outlines everything there is to know about the product in good layman terms and whitepapers for people with more technical questions.

Don't get us wrong, we're not trying to undermine xerobank here (looking forward to seeing xerobank 2.0 and its features) but alot seem to have questions that you continue to neatly dodge and focus a question back at them, you'd make an awesome Zen teacher but a more PR prospective is needed.

EDIT: I just thought of something even better, use a wiki. its just what you need. you wouldn't have to go through endless threads or faq, just redirect to the appropriate article in your wiki.

 

Fuzzy,

We do use a wiki.

http://support.xerobank.com/wiki

Perhaps my knowledge of the XB network is so vast it seems like zen, but I try to keep a "noob" perspective. I think most questions will be answered within a month of the XB 2.0 launch.

Steve

 

I'll wait and see. I'm looking forward to seeing how this all goes, if as promised i think everyone is in for a treat.

 

Genady,

IMHO you may need to give this some further thought. Clearly you may care about whatever you wish, but how is it truly relevant, and how much information is really required to get a level of reasonable comfort?

If a service such as Xerobank is to provide real privacy protection, it needs a complex legal structure, spanning several jurisdictions through cascaded corporations, trusts, foundations and other legal entities that must also be legally sheltered from each other. All in order to reduce its vulnerability to hostile legal action that might compromise the privacy of its users.

By its very nature and purpose such a structure cannot be transparent.

You are never going to get around the fact that you must reach a personal conclusion as to wether you wish to trust somebody or not. Does not matter if it is an anonymous corporation, a friend or a relative. With anybody who isn't you, you will never be able to be 100 per cent certain, right?

Even if you were to receive information regarding who the shareholders in Xerobank are, how would you determine a.) that the information is correct, b.) who these people actually are, c.) if they are trustworthy in general, d.) if they haven't been subjected to threats and coerced into...

Do you want a Due Diligence package for the entire corporate structure, including statutes, shareholders agreements, excerpts from corporate registers, agreements with service providers (bet you're dying to know what Steve's deal is...), etc. for all entities involved? We're probably looking at tens of thousands pages, possibly in several languages.

Do you need a report on the above from an international law firm and an auditor (that certainly helped a lot with Enron)?

How else would you be able to draw any conclusions whatsoever?

Do you even have the knowledge and experience to analyse and comprehend multinational corporate structures?

Do you want proof and verfication as to the identity, financial and moral standing of each shareholder? Why not the members of management and supervisory boards where/if applicable? How much information is required for you to feel certain? Notarised passport copies, birth certificates, letters of reference, CV's, etc.?

Cheers!

 

So someone else could actually log on to my account while I am using it??

Will my account automatically be switched over to XB2 or do I need to cancel my pro account and reorder?

 

Yes, you can share your account with others, concurrently. You can additionally give them their own line of bandwidth credit, based on your account, if you give them their own access card. That gives them their own email address and storage, that can feed from your monthly balance. You can also shut off their access or remove them, at any time.

You won't have to switch, legacy clients will get an upgrade path to switch, if they so choose. I think the upgrade path will be released in April, as we're rushing to get out the door with the end of march release of XB 2.0. However, I'm sure I'll be available to help VPN clients immediately switch accounts with a little legwork if they are willing to wait a little while for their plastic card to arrive.