XeroBank vs Perfect Privacy

How does XeroBank compare to Perfect Privacy in terms of:

• Price
• Speed
• Bandwidth
• Features
• Trustworthiness
• Security
• Anonymity

In particular I'm interested in a claim I read elsewhere that XeroBank doesn't leak DNS queries, whereas other services do. Does anyone have any details of how XeroBank accomplishes this? Is it simply a question of pushing DNS through VPN? Does anyone know if Perfect Privacy also does this (I could find no info about this on their site)? Does XeroBank's "enhanced"? Tor network play any part in this, or is this something unrelated?

Indeed I'm rather confused as to what role Tor plays on XeroBank's network. Is their VPN and Tor combined into an über-secure + anonymous solution with multiple hops? Is that what makes it unique? Please explain.

I'm also interested in jurisdictional considerations. For example, Perfect Privacy has a server in Iran, which appeals to me in particular because it's about the least likely to be politically/legally compromised by pressure from the US/EU (no treaties). What jurisdictional safeguards does XeroBank offer (i.e. where are they)?

Can anyone here vouch for Perfect Privacy (precious little info elsewhere), either in technical terms or in terms of their trustworthiness?

Their own user community is either very small or very paranoid, as their forums are extremely sparse, so I thought I'd try here instead.

TIA.

 

I can't answer most of your questions but I am a Xerobank customer and I can tell you that as a free service, the XB Browser connects to Tor. Also the XeroBank machine, I think connects to Tor for free. If you upgrade to the VPN then Tor is not used at all and is in no way connected to their VPN service.. But the VPN *does* go through 3 hops and they are spread out over multiple jurisdictions. I think I am explaining this correctly.

I guess one of the biggest differences in Xerobank and other services is that they do go through mutiple hops where other services don't. But they do have a less expensive version for I think $10 coming soon. It is just a one hop sevice. But I will tell you that xerobank is the fastest that I have used so far so downloading is a breeze. I have a torrentfreedom account too just in case I need something extra.. And I have tried some others, like Metropipe. None of them come close to being as fast and smooth as xerobank.....and certainly not with 3 hops.

As for the server in Iran? I tried a service quite some time ago called Hide IP, (I think that was the name). And it had a server in Saudi Arabia. I tried to go to sites that were not even porn or anything and I would get this big notice on the screen written in Arabic and English. It basically said that the website was a bad website and that if you knew of any others like it to please report it so they could block them too. Now I am telling you that these websites were just normal sites. Sites that any kid could go to in the US and no one would think a thing of it. But anyway, I got a big warning sign with red letters. It came me the creeps big f*cking time! I would also not want to be associated with servers that are considered to be connected with terrorists.

 

caspian has not used perfect privacy thats why he cant answer your ? i also cant answer that ? either but i know there is a member on here who can so hopefully he will shed some light


as far as xerobank is concernd speed is bad for me from uk unlike caspian he gets good speed but the main factor is my problems was never sorted from steve so after trial i left i am now with swiss vpn this month but will be changing to the other service you ask about from next month

 

Thanks for your reply.

OK, so I guess the only real difference between XeroBank and Perfect Privacy is the three hops, which I don't really care about anyway, since as long as the exit point is in a non-US/EU jurisdiction then I don't need to worry about "security letters" or logging. The Russians/Chinese/Iranians can log my activity all they want AFAIAC, so long as it doesn't end up in the hands of the NSA/MPAA/RIAA.

I'd still love to know about the DNS issue though.

Ref: Iranian terrorists. I don't want to go off topic, but I think it's rather narrow minded to equate an entire country with terrorists. I doubt the sysadmins at the Iranian server do much in the way of bombing. Also, there are terrorists in every country. E.g. I'm not going to boycott www.heanet.ie (hosts Linux mirrors) just because it's located in Ireland (IRA terrorists).

WRT website censorship, I'm not sure how, but Perfect Privacy's servers don't seem affected. I worked in Kuwait for a year as a civilian contractor to the US army, and used the Internet a fair bit during that time, but I can't say I saw much censorship, and what little their was I could easily bypass with CGI proxies. Certainly there was nothing much to be scared of over there, despite the war raging over the border. In fact it was rather dull. I did get a nice tan though.

 

Just FYI: So far I've tried Relakks (dog slow, very unreliable, and used the hideously insecure MS-PPTP), and I'm now in my first month of Perfect Privacy (seems pretty good so far, and according to speedtest.net I'm getting about 5.5Mb/s. Although I'm still concerned about DNS leaks).

 

i am with you on using them so any feedback i would welcome for when i join them as far as dns leak goes i cant answer that but i think they would not suffer that also i agree there servers are located in some of the best places so like you say the hop is not that inportant

try asking on there forum they do reply to ?s from peeps so worth a go

 

I'll see how it goes, and let you know. I've still got a couple weeks left before the sub runs out, but no problems at all so far.

BTW: I should mention that the speed I mentioned above (5.5Mb/s) is through their Russian server (I'm in the UK), so that's pretty awesome. I can't use their Tehran (Iran) server unless I sign up for at least a year.

 

Hi

Fuzzylogic mentioned Perfect Privacy here.

It seems that Perfect Privacy uses SSH and Xerobank uses VPN though I have no idea what the difference is.

I went to their websites and PP says it's 9.95 euros for one month plus one-time setup fee of 9.95 euros and Xerobank is 1 USD first month and 35 USD every month after that. So I guess PP is cheaper in the long-term.

 

Actually PP do both VPN and SSH. They also have a SOCKS proxy, Squid and I believe SSL POP/IMAP too.

I use the VPN since it covers everything with the minimum of hassle. I could do SSH tunnels selectively, but given the good speeds I'm getting over their network, I don't see the point.

I might give XeroBank a month trial anyway, just for comparison.

 

What's the difference between VPN and SSL and a SOCKS proxy and a Squid and SSL POP/IMAP?

Thanks

 

Well with VPN you just start the service and it creates a "tap" or "tun" device (think virtual NIC) through which all your IP data goes (hopefully including DNS). You start it then forget about it, and it works system-wide. Although you need to be aware that if the tap suddenly dies then you'll no longer be secure (straight through). Good firewall rules can fix that though, by basically blocking everything except the tap.

The net (ho-ho) result of this is that you are essentially moving the exit point of your IP data (also true of SSH), from your ISP's datacentre (where all those BOFH are busily logging everything you do, then handing it over to the government; the MPAA; the RIAA or Dr. Evil), to some more enlightened jurisdiction uncorrupted by western totalitarianism and greed (assuming such a place exists). IOW it's a trade-off between who you trust more: Places like Russia; China and Iran, or your own country. Sadly, for many people the answer is increasingly the former, thanks to the Bush/Blair administration and the rise of Corporatism.

Meanwhile, the only information the aforementioned BOFH at your ISP will be able to see/log, is that you have established a VPN connection to some server in e.g. Russia, and that you have transferred xxGB of data that month. That's it. That's all. He won't be able to tell where you're going or what you're doing beyond that bit of information, since the actual packets of data are all encrypted, and even an NSL or other forms of "coercion" from the government or "other parties" will be quite fruitless in unearthing the privacy of your online communications. They'd have to get multi-jurisdictional cooperation to do that, and given the types of places one can connect to (e.g. Iran), getting that "cooperation" might be damn-near impossible. IOW you're safe, or at least much; much safer than you would be otherwise.

With SSH you need to create a tunnel that maps a port on a remote server to a local port, then you route all data that would otherwise go directly to the Internet to your local port instead, where it is "tunnelled" (usually encrypted) to another (more secure) remote server (e.g. outside the jurisdictional boundaries of your locale's laws). The difference between this and VPN is that with SSH you need to either create multiple tunnels (one for each port), or map specific ports through that tunnel in one go ... and therefore know in advance which ports you're going to tunnel. This is not system-wide (each application needs to be configured to use the tunnel) and it doesn't automatically support every port (you have to specify).

The benefit of VPN is it's easier, and you can rest easy knowing that nothing is leaking out of the tap (ref: firewall rules). The benefit of SSH is you can pick and choose which ports and apps to run over the tunnel (which is necessarily slower than straight through the normal interface). So you could have e.g. BitTorrent running through an SSH tunnel (slower + secure), but Web browsing running as normal (faster + insecure).

SOCKS is the mechanism that enables you to forward ports from one server/port to another, and is typically used in conjunction with SSH for this purpose. I.e. this is what actually maps the ports when you start the tunnel.

Squid is just a caching server, but if it's on a remote host over SSL then the details of your Web browsing etc. will be encrypted, and therefore unintelligible to your ISP. You still need to beware DNS lookups though. You could use a service like OpenDNS to at least avoid your ISP logging your DNS (assuming they'd bother, or be able to log that much data). If some government agency was determined to discover what you were doing, they might be inclined to demand DNS logging on your account, although that by itself wouldn't be incriminating, they could correlate that with other data to draw conclusions about what they "believed" you were up to.

IMAP/POP and SMTP over SSL/TLS is just encrypted MX connections, which protects your Email from being logged/read by ISPs or other nasties (this is actually a legal requirement in the UK now, so it's worth protecting it from snooping ISPs).

I'm no security guru, this is just my very limited/simple understanding of the above, so I'm sure someone more knowledgeable will provide corrections.

 

OK. Thanks for the detailed explanations!

 

This is for someone who's using Perfect Privacy, do they let you choose which server to connect to? According their site they have servers in US and Canada, I wouldn't want to be connected to those servers. Thanks.

 

Yes indeed, you can choose from 14 servers around the world, including China; Russia; Iran; the US (x4); Australia; the Netherlands; Germany (x2); Luxembourg; France and Canada.

You can connect to any of those servers at any time you want (Iran requires a 1 year subscription commitment), indeed I believe you can even chain multiple servers together, although I haven't tried that yet.

Most are classified as "unlimited traffic", and three are on 1Tbit pipes (Moscow; Amsterdam; France) , which give me a good 5-6Mb/s downlink.

 

That's good enough speed for me. Thanks.

 

Please don't take this as criticism of the service, but doesn't having servers in China and Iran seem a little strange? What's the deal there.
* I should clarify, due to above posts.... I'm not calling Iran bad - referring more to global perception on the whole. It's not exactly low-profile.

+ How does the # of hops Perfect Privacy makes affect its service (in theory/practice), versus XeroBank?

+ any updates on DNS leaks?

Cheers

 

Ref: China and Iran.

Having a proxy in a certain country is useful for more than just privacy issues, there is also the question of foreign access to services which block foreign IPs, using GeoIP data.

E.g. In the UK, television catch-up services like iPlayer and Sky Anytime block non-UK IPs. There may well be similar resources in China and Iran that ex-patriots wish to access.

Also, consider that privacy on the Internet can never be 100% ... somebody always knows what you are connected to (exit node), therefore "privacy" is relative to whom you wish to keep your private activity hidden from. In my case, I am only concerned with preventing my own ISP and government from knowing my private business, and I simply don't care if foreign interests unaffiliated with my country know what I'm doing. That immediately precludes the UK; the EU and the US, who might just as well be a single country from a jurisdictional perspective. Countries which have poor diplomatic relations with that "super-jurisdiction" are especially interesting to me, since they are the least likely to cooperate with that cartel to expose my online activity.

From that perspective, Iran may actually be the best possible proxy for my needs. Certainly there is nothing I do which the Iranians would find even the least bit interesting, and there is little they could do about it even if they did (beyond disconnection).

I demand the right to privacy, but my government has revoked that basic human right, therefore I have no alternative but to seek "cyber-refuge" in a country with the least diplomatic relations to my country. Right now, that would seem to be Iran.

Ref: Hops

The default service is one hop only, however it is my understanding that multiple OpenVPN connections can be tunnelled through each other, or multiple SSH connections, or various combinations of OpenVPN; SSH; SOCKS proxies; Squid caches; etc. I have yet to experiment with that, so if you need confirmation then please contact PP directly for more information. I do currently use the Squid cache on the same server that I connect to with OpenVPN, but that is more to speed up my browsing, than for additional security reasons.

The more jurisdictional hops involved, the more difficult it is for authorities to demand access to your private data (logs, if any ... or live monitoring), since they'd need "cooperation" from many different foreign authorities, some of which may prove to be completely uncooperative (Iran). PP do not keep logs, but the governments in the EU or US have regulatory powers to coerce PP server admins in those countries to capitulate with their demands (e.g. via a National Security Letter). This is why it is essential to avoid connecting through countries which cooperate with such demands. In that sense, the number of hops is actually less important than the location of the final hop, if that final hop is outside of the jurisdiction of those authorities one wishes to evade.

Ref: DNS leaks.

This issue is resolved.

OpenVPN can push DNS records, dependant on the server configuration. PP's servers do indeed push DNS records, however actually utilising that data requires an extra step on certain operating systems. In my case, I run Fedora Linux, and the solution is to use scripts contributed by the OpenVPN project itself, in the "contrib/pull-resolv-conf" directory (client.up and client.down).

The login and DNS process is now a fully automated service on my systems. Note that automated login to OpenVPN services is not possible under Windows, without rebuilding OpenVPN from sources to enable that feature (disabled by default, for some reason).

 

Thank you for that very informative reply Homer! I think I'm just about up to speed on how these work now

While it's my understanding that everything transmitted through the VPN would look like regular secure connection/VPN traffic, and essentially be indecypherable jibberish to people outside of the loop (ISP/govt), there was one (potentially noobish!) follow-up question that popped into my head -

Could your ISP (and by extension, home government), see that you were establishing/maintaining a connection to an ~Iranian server (GeoIP) of some kind.. or is there a step I'm missing?

Putting aside the fact they wouldn't be able to determine the nature of the data traffic between you & the server, if they could see you're maintaining a secure connection with ~Iran (home internet > Iranian ip), wouldn't that potentially raise red flags/shine a spotlight on your internet activity? Would be fair enough if you're a bad guy doing bad things....rather unfortunate if you just want to keep your private life private

Cheers

 

Have a server in Iran does a few things.

Because Perfect Privacy is a single-hop network, your ISP may flag you as suspicious for being connected to servers in Iran. If you're using their PPTP protocol, then you're probably still leaking what website you're visiting from Iran, all the way back to local ISP. Maybe, maybe not. Then once you are connected through the Iran proxy, you have to deal with the Iran firewall which is strong on censorship.

To me it's kind of like going through a rabbit hole only to come out in a cage on the other side.

For each user they'll have to determine what's best for them, but most of them aren't capable of deciphering all the pros and cons themselves.

 

Yes, there is no way to hide the IP of the (first hop) VPN server you are connecting to from your ISP, however this is all they can see, along with the total volume of traffic that you shift over that connection. Your ISP cannot see anything beyond the VPN server (i.e. the ultimate destination IPs), nor decipher the actual contents of that data. All they see is white-noise encrypted data and a single IP pair (yours plus the VPN).

The ISP/government can "red flag" anything they want, but the fact remains that it is not actually illegal to simply establish an authorised VPN connection to Iran ... or anywhere else. They might very well be suspicious, but there is nothing legal they can do about it - short of disconnecting you, and even the legality of that is questionable.

If I had to choose between raising the suspicions of my government, or allowing them unfettered access to all my private communications, then it's no contest ... I'll take privacy every time, and live with any consequences.

ISPs log everything they are able to anyway, indeed they are required to do so by law in the UK and EU (I don't know about the US, but just look at the AT&T scandal), so worrying about "raising suspicions" is rather moot. It surely can't get any worse than being subject to the constant surveillance that we must already endure.

Then there is the possibility that the government might invoke "special powers" to detain you (e.g. Patriot Act), which is just a license to do anything they want without proof of any actual crime (i.e. circumvent the democratic process).

Let's be honest, under such conditions, which are tantamount to Marshal Law, all bets are off. Governments operating under such a system don't actually need an excuse, much less any tangible evidence, to detain you, so worrying about "raising their suspicions" is a waste of time. They've already declared everyone guilty anyway, with their revocation of our basic rights. It is precisely because of their intrusion into my privacy, that I need to use VPN services in the first place, and that's exactly what I'll tell them if/when they ever "detain" me for questioning. I look forward to the seeing the public's reaction to me being imprisoned because "he might have been committing a crime, but we don't know what it was, or even if he committed any crime at all". The backlash of outrage would likely see an end to our present "Big Brother" political climate.

 

Good luck to them.

I look forward to reading their list of legal citations, not that a blank page will take very long to read, mind you.

I don't, I use OpenVPN and SSH. I'd hope that everyone should know by now that PPTP is useless.

 

Are multi-hop VPNs a waste of time?

Here's another thing to consider. Let's assume that I establish a two hop VPN from the UK to Iran via Amsterdam. What's to stop the Dutch government from flagging that first hop as "suspicious", then invoking "special powers" to detain me through an extradition order, or shop me to my own authorities?

If an ISP is inclined to flag as suspicious any connection to Iran, then it doesn't really matter how many hops it takes to get there, nor which country that final hop takes place, if the location of that hop is in a jurisdiction that "cooperates" with the governments in all the intermediate hops.

But if the whole point of moving the end-point of your Internet communications is to avoid your local jurisdiction, and all those who cooperate with it, then it's inevitable that you're ultimately going to have to connect to somewhere that this jurisdiction deems "suspicious", because it is the very lack of "cooperation" that makes it so.

IOW it isn't "connecting to Iran" that is suspicious per se, it's taking successful measures to evade surveillance, that automatically brands us as "criminals".

There's no way to win this one, since you must choose between not "raising suspicions" by connecting to a "friendly" country that may ultimately betray you, or successfully secure your communications by "suspiciously" connecting to an "unfriendly" country.

Personally, I'm quite happy for my government to be as "suspicious" as they like. I'm sure it bothers them a whole lot more than it bothers me.

 

Pause.

How does the Dutch government know your UK connection to them is the same one connecting to Iran? They don't, unless your traffic is unencrypted and unprotected.

 

Presumably the Dutch OpenVPN server (B) can see which IPs are connecting to it (A), and which IPs it in turn is connecting to (C). OpenVPN must bridge those connections somehow, otherwise a connection could not be established from A -> B -> C. "B" won't be able to see the decrypted contents of the packets, but it should be able to deduce which IP at "A" connects to "C". Therefore anyone (government agent) with root access to "B" will know who at "A" is making that connection.

You've admitted yourself that you have the ability to make such deductions: "we get notified of someone hacking bank accounts with our system, we will look into it and respond with prejudice if we can verify it". How else could you possibly deduce that "A" was hacking "C", if you can't make the correlation between those two points?

Remember the assertion is that merely making a connection to Iran is "suspicious". The encrypted data in this case is irrelevant.

What I'm suggesting is that this "suspicion" will exist regardless of the number of hops involved, and that therefore multiple hops do not, in and of themselves, evade that suspicion, it merely moves the source of that suspicion from one location to another.