How do ISPs keep track of where we visit?

Discussion in 'privacy general' started by Devinco, Sep 19, 2005.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Guest

    WARNING to any potential METROPIPE users !

    I knew this set off alarm bells ringing in my head, so i did some digging as it's essential as many people as possible get to hear about all this to protect them from possibly some really bad ****

    See Post 14 by Neggy only a few weeks ago, and mine also here

    https://www.wilderssecurity.com/showthread.php?t=79635


    Compare http://www.myprivacyclub.com/tunnelreport.html with http://www.metropipe.net/Faq.shtml and see if you can spot how similar they are, and i Don't wonder why either !

    Whois

    person: Hiro White
    address: MetroPipe Networks
    address: Box #B60
    address: 86 Voorburgwal
    address: Amsterdam, NL
    e-mail: domains@metropipe.net
    phone: +31 20 524 8791
    notify: ripe-mntner@hetzner.de
    mnt-by: HOS-GUN
    nic-hdl: HW1178-RIPE
    changed: ronny.biering@hetzner.de 20041223
    source: RIPE


    I wouldn't risk it for a biscuit, would you !


    StevieO
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Well obviously one party is copying from another here. However given that metropipe's domain is older (created in 2002 according to a lookup), I'd say that Privacy Club's page is more likely to be the copy. It isn't really possible to draw conclusions about Metropipe from this (at least they give some technical detail on how their service works) though seems that privacy.il has a special Metropipe forum, and any service offering 25-50% commission to affiliates has to raise a question about their pricing in my view.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
  4. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    re - MPC - i thought you would enjoy that one P2000 :D

    i'm not a fan of paid for services in general as for the average customer there is no real way of knowing how trustworty and technically competent they are - they will always say they are the best but they are only as good as the weakest link.
     
    Last edited: Oct 9, 2005
  5. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    What do you think about Anonymizer and COTSE?
    Both are paid for Anonymity services based in the US.
    Are they more trustworthy than privacy.li or less?
    Just because they are in the US, does that mean they are automatically backdoored/infiltrated by the government?
    Or are they more trustworthy because they have a legal entity existence?
    I've heard good things about privacy.li on Wilders, were they just shills or happy customers?
    You can also have people from competing services post negative comments (negative shills).
    Just because a service is free, doesn't necesarilly make it more secure.
    A free service could be a honeypot the same as a paid service.
    For the same reason that AV companies don't create virii, what incentive would commercial privacy providers have to "sell out" or jeopardize their revenue stream?

    Very confusing...o_O
     
  7. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    this is better answered by P2000 as he is much more experienced in this field than i am - i don't usually use an anon service myself but have tried the free ones just to see what they are like (slow) they pass all the anonimity tests i've tried so they seem pretty secure but there have been some rather heated discussions on othe boards regarding how secure they are to infiltration by rogue servers setup by crackers.

    the moment you hand over your credit card details to a commercial company then you are no longer anonymous (unless the method of payment they use is somehow 100% anon too) they already know what IP address you are using to connect to their system so you are known to them.

    so the test i'm using here is simply - whatever method you choose just how anonymous are you really?

    fascinating discussion - thank's for starting the thread Devinco. :)
     
  8. StevieO

    StevieO Guest

    I wasn't just alerting people to the similar info between their webpages, but much more SERIOUS goings on !!! All the rogues that have been and still are connected with it and other "Services".

    Short extract from here, and if you've overlooked reading it then please make sure you do before even contemplating using any of them.

    https://www.wilderssecurity.com/showthread.php?t=79635

    - scam dog aka Rex Rogers (Dodge City-scam), running MAILFAULT (mailvault.com), a honey pot to eavesdrop on the privacy concerned populace, also a major partner in metropipe.net (tunnel services/honeypot setup)

    Also

    ''MailFAULT is run by the same guys who brought you the follwoing scams:
    - laissez faire city
    - FLO
    - DMT Orlin Grabbe scam
    - Metropipe (eavesdropping service)

    Since a few months mailfault keeps your emails and delivers them with time lags up to 2 months, they keep copies of all your 'private communications'

    You have been warned!''

    This does seem true as I signed uo for a Mailvault account a few months ago but never really used it. I sent and received a few (10ish) test messages and lots of them were never received. Some were weeks later though.


    StevieO
     
  9. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    freenet - this from the beeb
     
  10. richmni

    richmni Guest

    Beware of false rumors spread by privacy.li...

    dear o dear.

    these false rumors about MetroPipe and others originate on the boards of privacy.li, and are clearly a baseless attack on their legitimate competition.

    there is a reason that no 1 security and crpyto expert Bruce Schneier chose privacy.li for The Doghouse...just read the facts and research in his weblog comments: http://www.schneier.com/blog/archives/2005/07/the_doghouse_pr.html

    privacy.li is the front of a bunch of really nasty scam artists.What you read there at Schneier's weblog is just the tip of the iceburg on their activities.

    they love to create seemingly unrealted forums (but really hosted by them) on which to post falsehoods and have many shills postingin pretty obvious ways both on their own boards and real boards (just a few examples of the shills hunterman, uppity, 2be, Sub Captain, Fury, insider, yogi...the list goes on and on like a bad horror movie..).

    regarding Mailvault for the record those who have used the service for a long time will note that there were no problems with Mailvault email as reported until privacy.li started their posts on their boards. coincidance? privacy.li certainly like to do all kinds of nefarious things and ddos attempts using botnets is well within their grasp.

    check and verify for yourself.

     
  11. METROPIPE is a SCAM -- watch out!

    For those with any doubt, I assure you, metropipe is a scam. I'm not sure if metropipe was ever NOT a scam, as some people (who are now wringing their hands over the idea that metropipe is a snoop) have actually gotten their "custom tunnel" key and used it. But metropipe is definitely a scam now. The only reason there isn't a shitstorm of negative comments about metropipe is because most people are putting their privacy before justice. In my case, they are sadly mistaken.

    Metropipe offers some fairly decent bait, the mailvault e-mail service. It is PGP-encrypted webmail with only one banner, the one for metropipe. The banner takes you to a speil about how privacy is under attack, especially in the US, and thank goodness there are champions of the Bill of Rights such as the scammers who run metropipe. They prefer payment in e-gold, which is great for anonymous payments, but is irreversible. Because their site seemed fairly professional, e-gold is what I used.

    I immediately received an e-mail confirmation stating that my tunnel was being generated and I would receive a link to where I could download the tunneling software. Since I didn't have a privacy solution at the time by which I could check my e-mail everyday, I checked back after a couple of weeks. No e-mail pointing me to any link. I e-mailed their support address asking what happened. About a week later I got a reply saying I could download my tunneler at some generic-sounding link like https://www.metropipe.net/tunnelers/. That's when my bullshit detector started to go off. But I thought well, maybe they'll just have me put in a code or something. Nope. The page is blank. The source of the page is just a tag for a horizontal line: <hr>. Whoop-de-doo, I just paid $90 to stare at a line.

    So I emailed again and waited another two weeks for the response telling me to try the non-SSL link http://www.metropipe.net/tunnelers/. That too was just a blank page, so I pointed that out and again asked for a working link. No response for 3 weeks. I sent another e-mail asking for a refund. After another two weeks I got an e-mail claiming to be from a different help-desk guy, apparently oblivious to my request for a refund. I reiterated my request to all help-desk personnel I had been in contact with, stating that (since there is nothing left to say) I was finished logging onto mailvault and that I'd know their response by the balance of my e-gold account. A couple of weeks later, still no refund. They stole my e-gold outright.


    So to recap, the metropipe scam is this:

    1. Entice users with free encrypted e-mail service.
    2. Put banner for metropipe scam on each web page within said service.
    3. Have banner link to fairly professional-looking website that offers an encrypted proxy while playing up notions such as privacy, the bill of rights, and the virtues of paying with e-gold.
    4. Wait for sucker to pay you by irrevocable method such as e-gold.
    5. Once sucker pays you, expecting the promised link, ignore him until he asks what is going on.
    6. Send sucker dead link, making him think there is some problem on his end.
    7. Once sucker complains about dead link, say "oops, sorry" and send other dead link.
    8. Wait for sucker to try both links several times from different computers and finally give up on this bullshit and ask for a refund.
    9. Ignore sucker's request for a refund until he gets pissed enough to alert others to the SCAM that is METROPIPE.
     
  12. doug6949

    doug6949 Registered Member

    Joined:
    Nov 28, 2003
    Posts:
    110
    I know this thread has evolved considerably, so forgive me if this now seems out of place.

    Since the ISP owns the connection, what is to stop them from selling customer profiles? Consider this:

    1. Employers could purchase this data to screen out applicants with certain lifestyles, political, or religous affiliation.

    2. One who collects pictures of swimsuit models might be characterized as a pedo due to sloppy data analysis.

    3. Banks, zoning boards, and all manner of service agencies could discriminate based on information from a questionable source.

    Am I missing something here?
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Nothing - aside from any privacy legislation in their juristiction (e.g. Europe's data protection laws) and the negative publicity that would result if they were found out.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.