Xerobank questions ?

[hierophant]

Quote:

Originally Posted by Sheldon7

I think its increasingly unlikely Onyx ever existed Hierophant. Reason being? For over 18 months now, my associates and I have been waiting for even a single response to countless emails / support ticket requests / forum posts.

It does seem that way.

Quote:

Originally Posted by Sheldon7

You know what really antagonizes the user base? The COMPLETE lack of communication. About everything. Support. Announcements. General questions.
Surely Steve / Wizard / someone has seen the months worth of unanswered questions and issues raised on the Xb forum and on Wilders. Yet no reply from them, just silence. It forces the question, why?

Perhaps "management" decided to hose the project, and none of the "staff" could officially work on it thereafter? Of course, I have no clue whether terms such as "management" and "staff" are applicable. They could be an anarchist collective, for all I know

And that reminds me of an interesting story. Back in the 90s, an anarchist musical collective called "Godspeed You! Black Emperor" achieved enough popularity that Danny Boyle wanted to use a piece in "28 Days Later". Although he managed, it reportedly wasn't easy. Sound like XeroBank?

[axle00]

I'm thinking of jumping ship and signing on with Cryptohippie....I just wish I had a better understanding of Cryptohippie's and Xerobank's relationship...

[Pleonasm]

Quote:

Originally Posted by Sheldon7

The tragedy for Xb, is that a customer exodus could still be avoidable if only Xb were to communicate, assure stability and re-establish some credibility. Clocks ticking though

Excellent advice. I hope that XeroBank is listening.

[geazer40]

there forum page is back now

[geazer40]

Quote:

Originally Posted by PooseyII

https://xerobank.com/forum/Themes/de...nstruction.gif " The forum conversion has been completed. The XeroBank forum will return with the coming launch of our new website."...

...is what I see, no forum. I hope for the sake of Xb's users that they do get their forum back.

i said forum page back not the forum itself

[Cutting_Edgetech]

Xerobank says the forum conversion is complete, but still no word on when it will be back online. They also say there is a new website coming in the near future. I've been hearing this for a long time. Does anyone have any additional info?

[LockBox]

Sad to say, there's always something new -- just right around the corner. No matter what goes up at that website, I am guessing few will pay much attention. You can't just put fresh paint on something and expect ignored users and complete silence from Steve to simply be forgotten. The very definition of being played.

[Pleonasm]

In addition, the The XeroBank Development Blog has been “missing in action” since June 5, 2009.

[Pleonasm]

Quote:

Originally Posted by LockBox

Sad to say, there's always something new -- just right around the corner.

I share your frustration. In my opinion, it would be a better business strategy to under-promise and over-deliver.

[Simon T]

There are a lot of things to mention with Xb and other companies offering completely anonymous services, namely with logs and the country's jurisdictions over the servers they have there.

But firstly:

No company can offer a completely anonymous service because this is simply impossible. ALL companies need to keep logs ---even if they claim they don't--- because they MUST keep track of errors to have a functioning service. Logs that these companies must keep are: error logs, firewall and intrusion logs, apache logs, email logs etc. Without these there is no way a company could actually function and have customer support to deal with issues such as intrusion or lost emails. A lot of these logs can't directly identify the user, however with some searching that information can be accessed by those working for the company, in this case Xb.

And secondly: wherever the servers are and wherever the information is requested from, the laws of that country apply. In Panama, there are hardly any laws governing Internet privacy, therefore a lot of companies set up business there. However, the lack of laws mean that the company has no laws governing them either, meaning they aren't liable to the customer if your information is exposed by a compromised server. In my opinion I think it is much better to have servers in countries with stricter laws so that the customer can feel more secure, even if this means that the company must hand over client information by court order.

Another thing, I tried the Xb forum yesterday and it's still not up and running, any ideas about that yet?

[Pleonasm]

Quote:

Originally Posted by Simon T

ALL companies need to keep logs ---even if they claim they don't--- because they MUST keep track of errors to have a functioning service.

The issue isn’t only about whether logs are maintained. The issue is whether the anonymity service is able to associated activity on their network with the identity of the corresponding user. XeroBank claims that they are not able to deduce the latter from the former, due to the use of an Access Account that is independent of a Deposit Account.

[hierophant]

Quote:

Originally Posted by Simon T

... Logs that these companies must keep are: error logs, firewall and intrusion logs, apache logs, email logs etc. Without these there is no way a company could actually function and have customer support to deal with issues such as intrusion or lost emails. A lot of these logs can't directly identify the user, however with some searching that information can be accessed by those working for the company, in this case Xb. ...

What customer support?

I'm confident re their security skills and implementation. Regarding the rest, they just don't want to know. As I understand it, they can identify malicious access accounts, and terminate them. However, I get that identifying the deposit accounts that fund malicious access accounts is extremely difficult. As Pleonasm notes. Basically, they must attack their own system. Google VAULTS if you're interested.

Quote:

Originally Posted by Simon T

Another thing, I tried the Xb forum yesterday and it's still not up and running, any ideas about that yet?

They're bogged, IMHO. They promised a lot -- far more than an anonymous VPN. As long as the VPN keeps working, I'm willing to wait and see. If I needed support, I might feel differently. If course, even if they come through, I may not be interested in what they've created. Time will tell.

[hierophant]

Quote:

Originally Posted by PooseyII

... If they claim they cannot tie accounts to data, then when they get abused, and they most certainly will, when they get immersed in spam, how are they going to match which accounts to cancel with the abuse?

According to posts in the support forum, and published interviews, XeroBank has cancelled many access accounts because of spamming and other abuse. However, they reportedly didn't even identify the deposit accounts that funded those access accounts. As a result, DalPay would presumably have continued rebilling

Quote:

Originally Posted by PooseyII

If they cannot check the abuse(r) they are going to get dumped by their ISPs, sooner than later.

True. They've been dumped a few times for SMTP abuse. And so their SMTP server is no longer accessible outside the VPN. That's a problem for some of their critics, BTW.

Quote:

Originally Posted by PooseyII

Outside of ToR, the only way to increase your level of anonymity is to tie together different privacy providers.

Yes. That's my strategy, for anything beyond casual stuff.

[caspian]

Quote:

Originally Posted by Simon T

ALL companies need to keep logs ---even if they claim they don't---

I am not going to take your word for it.

[caspian]

Quote:

Originally Posted by PooseyII

Outside of these system considerations, if a company says it does not log or destroys logs quickly, then they are either lying[/url]

Okay then I guess that makes it official.

[Sheldon7]

There is a lot of collective wisdom available here on Wilders.

I'd love to see some of us analyze weaknesses, frustrations and problems with current vpn providers, and comment on how to fix them. What could a future vpn solution do differently?

Obviously Xb is the focus of this thread and commentary could pertain mainly to the problems found with them.

[Simon T]

Quote:

Originally Posted by hierophant

According to posts in the support forum, and published interviews, XeroBank has cancelled many access accounts because of spamming and other abuse. However, they reportedly didn't even identify the deposit accounts that funded those access accounts. As a result, DalPay would presumably have continued rebilling
.

Spot on... the logs ALSO help them keep track of their users, therefore in some if capacity if not directly they know who their clients are. If the billing ceased than Xerobank was able to associate the account with the user ---even if they claim they couldn't identify deposit accounts.
Also, with spamming the logs help direct the spam to a certain user as well and therefore their identity either in their account name or their true identity.

I think that maybe there is no such thing as being completely anonymous... maybe from the rest of the Internet users but not from the company that provides you with the "anonymity."

[hierophant]

Quote:

Originally Posted by Simon T

Spot on... the logs ALSO help them keep track of their users, therefore in some if capacity if not directly they know who their clients are. If the billing ceased than Xerobank was able to associate the account with the user ---even if they claim they couldn't identify deposit accounts.

Right. If any of my access accounts were terminated, I'd wait a year or two before having DalPay stop rebilling.

Quote:

Originally Posted by Simon T

Also, with spamming the logs help direct the spam to a certain user as well and therefore their identity either in their account name or their true identity.

Huh? Spammers don't advertise their true identities (except, for example, Chinese firms that don't consider spamming to be bad).

Quote:

Originally Posted by Simon T

I think that maybe there is no such thing as being completely anonymous... maybe from the rest of the Internet users but not from the company that provides you with the "anonymity."

Yes, that's a key problem. Combining independent services probably helps. Subscribe to Service A from your true IP. Then subscribe to Service B on a VM that's running in a host that's connected through Service A, and pay anonymously. Service B doesn't know your true identity, unless Service A reveals it. And so on.

[Pleonasm]

Quote:

Originally Posted by PooseyII

If they claim they cannot tie accounts to data, then when they get abused, and they most certainly will, when they get immersed in spam, how are they going to match which accounts to cancel with the abuse?

As I understand the architecture, XeroBank has the ability to identify “abuse” of their network. When that occurs, the company can terminate the Access Account associated with the abusive traffic – all without knowing (or caring) about the identity of the user that is responsible for the abuse. Thus, there is no need to learn the identity of the abuser to address and solve the problem – it is only necessary to ensure that the abuse itself is terminated, as Hierophant has noted.

[Pleonasm]

Quote:

Originally Posted by Simon T

If the billing ceased than Xerobank was able to associate the account with the user ---even if they claim they couldn't identify deposit accounts.

One would suspect that many Deposit Accounts are cancelled (and added) each and every month, so that linking the termination of an Access Account to a change in billing status would not necessarily be obvious – especially if the user continues the automatic billing for a period time beyond the cessation of the Access Account, as Hierophant has suggested.