best vpn ? any recommendations?

Discussion in 'privacy technology' started by happyyarou666, Feb 9, 2012.

Thread Status:
Not open for further replies.
  1. mirimir
    Offline

    mirimir Registered Member

    Tor is far stronger against passive attackers (who merely observe traffic) than typical VPN arrangements. That's because there are so many Tor relays, and so so many (more or less factorially) possible circuits, and because circuits are periodically rebuilt. It's rather like (loosely speaking) you created a multi-hop VPN setup, using servers from multiple providers, and periodically changed your setup, using different servers in different orders.

    With single-hop VPNs, attackers need only observe traffic entering and exiting the VPN server. Identifying which VPN server to observe is trivial, whichever end (you or the website that you're accessing) an attacker is starting from. Once an attacker correlates entry and exit traffic, it can confirm the correlation simply by blocking one or the other. They can also request logs for that VPN server.

    It's more complicated for multi-hop VPNs. Incoming connections to the VPN exit server are not merely VPN tunnels from individual subscribers. Rather, they are VPN tunnels from other VPN servers, which are carrying traffic from multiple subscribers, who are connecting through multiple entry servers. Also, those connections may involve multiple VPN providers. But multi-hop VPNs are still more vulnerable than Tor to passive attackers, I think.

    However, assuming passive attackers is unrealistic, and Tor arguably becomes more vulnerable, because attackers can freely join Tor (but would need to take over VPN providers). There's a huge literature on this, and I won't even attempt to summarize it. It's my impression that deanonymizing Tor users would be harder than deanonymizing users of multi-hop VPNs. But that's really just a wild guess.

    Given all that, the most secure choice is using VPNs through Tor through VPNs. But that's very slow. Using VPNs through VPNs (user-level multi-hop) is probably good enough for most of us, most of the time.
  2. caspian
    Offline

    caspian Registered Member

    Thanks for explaining that, Mirmir. I am just going by what I have read from some different sources over the past 4 or 5 years.

    And maybe I shouldn't have suggested that a single hop VPN is "easy" to trace. But from what I have read here and there, a single hop VPN based in the U.S. can be traced by the FBI or ATT with no problem (and maybe others?). Maybe it's not true, but since I have never heard anyone make an argument to the contrary I have just assumed that it was true. Evidently they can just stand back and see all of the connections.

    But I have also read that it would take a "Global Adversay" to trace a multihop VPN if it is set up properly. Otherwise the number of hops wouldn't make that much of a difference, if any. But if various techniques are used between hops to obscure the traffic, it can be pretty difficult to trace and would require significant resources. So if you are just downloading some music or porn or blogging anonymously and are no threat to national security, then those resources wouln't likely be squandered away on something so trivial. Which, in my view, makes you pretty darned anonymous.

    I can't help but wonder if a U.S. based single hop VPN might be, in some ways, less anonymous than just going through your ISP. With the VPN, the website can't see who you are, but I suspect that all VPNs in the U.S. are traced and logged by default. And I bet there are automatic mechanisms in place to throw up red flags to tag certain types of traffic for automatic logging and tracing.....VPN traffic being one of those. Look at what Mark Klein uncovered just a few years ago. So, maybe I'm wrong but I bet I'm not too far off base.
  3. EncryptedBytes
    Offline

    EncryptedBytes Registered Member

    This is where trust comes into play with your VPN provider. Single hop is plenty secure from traffic monitoring, the issue would come down to if either endpoint is compromised be it the customer or the provider. A multihop adds more variables for passive attacks however if all hops are run by the same entity you really gain no protection if your provider decides to help your attackers in determining your identity.

    Depending on the country such as Iran, China or Egypt where the government has strict control over ISP traffic, I would agree red flags for encryption streams exist and can be blocked or MIM'd. With the U.S there is no logical means to raise flags on encryption as every entity under the sun uses it in this country. From government agencies, to corporations, to academia institutions, to small business owners, to small mom and pop shops, and all their employees who also work remotely. Unless you are doing something to bring attention to yourself by other means, simply using a VPN won’t raise any eyebrows in the U.S
    Last edited: Mar 14, 2012
  4. caspian
    Offline

    caspian Registered Member

    Do you think that a U.S. based single hop VPN is pretty secure from traffic monitoring? You also mentioned multihops being run by the same provider. What if you fired up a VPN and then ran the Tor Browser Bundle? How much additional protection would that provide, in your opinion?

    I had no idea that many people used VPNs. Do they ("corporations, to academia institutions, to small business owners, to small mom and pop shops") have their own company VPNs or do they use commercial ones like people here at Wilders?
  5. CasperFace
    Offline

    CasperFace Registered Member

    @happyyarou666

    Here's another one for you to try:

    Incloak VPN
    • No logs, according to their FAQ
    • OpenVPN 2048-bit
    • Payment via PayPal, LR, WebMoney, bank wire, or money transfer
    • Servers in Russia, US, Canada, Germany, UK, Ukraine, Italy, Sweden, Vietnam, Hong Kong, Indonesia, Netherlands, Poland, Estonia, Hungary, Luxembourg, France, Switzerland, Austria, Latvia, and Czech Republic
    I'm a bit curious about the enforceability of their TOS -- but overall, Incloak looks pretty solid. The price is right, too. :thumb:
  6. happyyarou666
    Offline

    happyyarou666 Registered Member

    well if finally gotten a reply back from perfect privacy and low and behold a reply back from secretsline took em a while , they thought theyve sent me a confirmation but they didnt lols and apparently they was under ddos attack and vip vpn hasnt replied back yet , anyhow

    now its up to testing been waiting to get my grabby hands on PP, and ill check out incloak vpn with theyre 1-day trial , not a fan of theyre payment methods thou ;)

    p.s: single hop is plenty secure as long as they DONT log not just say it but truly dont log , then even if compromised by the gov they wont find you , since its a shared ip and good luck with single-ling out your ip lmfao ;)

    and its true if you use multihop from the same vpn provider its not one bit more secure since IF that vpn provider where to cooperate with the gov then you could have 20 servers you hop through and it wouldnt change a thing ;), and as mirimir stated tor is indeed more secure than multihop from the same vpn provider

    in the end its you who must find a truly trustworthy vpn provider and then theres no worries, and as said if completely paranoid or you wanna sign up anonymous just use tor while doing it ;) , thou for all i care you could multihop with your vpn , enjoy the speeds , see ya next year then i guess? , cause thats how long itll take till you load up a website , roflmao xD
    Last edited: Mar 15, 2012
  7. EncryptedBytes
    Offline

    EncryptedBytes Registered Member

    logging no, traffic monitoring yes. That combo would protect you to a degree depending on the information you are accessing. Remember throwing a VPN into your arsenal will simply be moving the exit traffic from the Tor node to a company and again you are back to the issue of trust. While depending on how you are utilizing Tor with your VPN you can mask your true location from the VPN company however if you are accessing PII none of that will matter. Additionally if your VPN gives up your billing records you are in the same boat.

    Dpends on the organization or comporation. Most businesses use commercial vpn setups from vendors, Universities are the same, though their respective IT departments may have their own. (We do) Me personally I've configured several in my time for large and small business needs. You wouldn't expect the car repair shop down the street needing a vpn, but they do. ;)
  8. mirimir
    Offline

    mirimir Registered Member

    I routinely use two two-hop VPNs, four hops overall, and I typically get 2.5 Mbps each way, and sometimes almost 4 Mbps.
  9. happyyarou666
    Offline

    happyyarou666 Registered Member

    yeah i think ill stay with single hop and tor for signup ;)
  10. G3ZERO
    Offline

    G3ZERO Registered Member

    Where I work the VPN client for employees to connect is cisco anyconnect. There are also VPN tunnels setup to various vendors for direct access to devices for monitoring and support.
  11. happyyarou666
    Offline

    happyyarou666 Registered Member

    well secretsline wont connect to any server ive tried so theyre off the list , and pp has some problems detecting theyre server ip , still troubleshooting theyrs ,

    thats all for now ;)
  12. especiallyespresso
    Offline

    especiallyespresso Registered Member

    I have read most of the posts in this section and I have used a variety of vpns, including..anonymizer.com, ivpn.net, bolehn, mullvad. I understand some of the differences in providers such as logging, server locations, multi/single hops, 4 files from provider, etc.

    ALL I want to do is have privacy while I am using the internet. Canada is about to pass an "snooping" law called Bill C-30

    Bill C-30 requires Internet providers to acquire the ability to engage in multiple simultaneous interceptions and gives law enforcement the power to audit their surveillance capabilities. Should it take effect, the bill would create a new regulatory environment for Internet providers, requiring them to submit a report within months of the law taking effect describing their equipment and surveillance infrastructure. Moreover, they would actively work with law enforcement to test their facilities for interception purposes and even provide the name of employees involved in interceptions to allow for possible RCMP background checks.

    Do you think a single hop vpn provider like Anonine or Boleh will suffice or do I need to spend cash on perfect-privacy. Please give me your opinions as I value them greatly.
  13. happyyarou666
    Offline

    happyyarou666 Registered Member

    well im back with a perfect privacy result after figuring out that i had to set a dns in order for pp to work lols -.-':

    steinsel: 8mbit ping=83
    shanghai: 350kb ping=741
    Reykjavik: 9mbit ping=164
    montreal: 6mbit ping=281
    kiev: 9mbit ping=115
    gigabit nl: 5mbit ping=69
    hongkong: 500kbit ping=667
    cyberjaya: 400kbit ping=790
    basel: 12mbit ping=82
    stockholm: 5mbit ping=135


    nothing special tbh -.-' , ive expected more the way pp was being praised by some , all in all i wouldnt recommend it no offense pp not for the asking price not ;)

    p.s: support takes forever to reply, and stay away from anonine !!!


    newest whitelist from best to worst:

    Bwprivacy
    Airvpn < needs some anonymous payment options like ucash or paysafecard etc ;) protip bitcoin IS NOT anonymous ;)
    Bolehvpn
    Mullvad <if theyd just work on theyre server speeds then i could maybe even give it a better position since theyre the best swedish provider

    any others you guys would like tested just holla at da boy ;) of course you know what it is they gotta be following the rules as stated at page 1 ;)

    all in all thou the above vpns make for a nice selection already and tbh that in itself is a job well done for now , always open for suggestions thou , im about to test out incloak havent gotten to it yet;)

    i still got 2 months left on my current vpn so im considering getting bwprivacy or airvpn its a difficult decision tbh , since airvpn is so damn pro security but bwprivacy is so damn fine in payment options and speed and close to airvpn's security , its a dilemma i tell you xD, the more i think about it the more i want bwprivacy thou ;)

    update: heres the results for incloak:


    ukraine,kiev: 600kb ping=280
    ukraine,karkov: 5mbit ping=139
    switzerland,zurich: 6mbit ping=88
    sweden,falkenberg: 2-3mbit ping=240
    russia,yekaterinburg: 2-3mbit ping=241
    russia,saratov: 5mbit ping=169
    russia,moscow,west: 7mbit ping=146
    russia,moscow,east: 7mbit ping=143
    luxembourg,steinsel: 7mbit ping=107
    latvia,riga: 5mbit ping=166
    hungary,budapest: 5mbit ping=110
    hong kong,central: 400kbit ping=727
    finland,helsinki: 5mbit ping=160
    czech republic,prague: 9mbit ping=108


    all in all average ,speed nothing special,thou they got a ton of russian servers , and the payment options arent something to brag about neither seeing as theyre supposedly 5 years in buisness and several magazines etc suggest them apparently lols ;)

    havent gotten a reply back from vip vpn btw
    Last edited: Mar 25, 2012
  14. LockBox
    Offline

    LockBox Registered Member

    I would throw Russian VPN Insorg ( http://safe-inet.com/en ) in the mix as well. Multiple servers with single, double, even triple nodes. Pretty easy to work with as a single email gets you free time to try it out. You can pay by the day, the week, month, etc. Pretty inexpensive for the various perks.

    They have a simple SSL proxy you can use for free at https://webvpn.org/?lang=en - it's basic, but nice to know it's there in a crunch. This service is similar to MegaProxy. It even allows "post" ability which a lot of those don't without a paid subscription.

    Insorg also has an elite proxy service as well - http://proxy.insorg.org/en/

    You can find a menu of all of their services at this English language link:
    http://insorg.org/index_en.php
  15. Phil McCrevis
    Offline

    Phil McCrevis Registered Member

    I've tried around a dozen or so of the top VPN's over the last year and the two I really like are:

    ibvpn.com

    ivpn.net


    Ibvpn is quite a bit slower than ivpn and uses 128-bit encryption however they're never down and customer support is very good. My speeds very from 20-25 mbps, after I connect and go through their service (ibvpn) the speeds on avg. for U.S. servers varies from 5-10 mbps. For EU servers I see speeds between 2-5 mbps. I'm sure they're overselling their servers to compensate for the cheap prices. Lot of servers to choose from but offer no multi-hop.

    Ivpn is by far the best I have used yet, not a huge selection of servers to choose from however their speeds, support and price are very good. They use 256-bit and also have a number of multi-hop servers to choose from. I see very little drop in speed (sometimes none at all) on U.S. servers and about 50% reduction when using non U.S. servers. Just over $8 a month (if you buy 12 months) is pretty hard to beat.

    Both offer openvpn and are extremely easy to set up, can be up and running within a few minutes.
  16. LockBox
    Offline

    LockBox Registered Member

    It's weird that VPN discussions can go on and on with multiple people always involved. But when it goes quiet for a few days, everybody who usually participates is quiet as well. Considering we're talking about VPN services...hmmm.
  17. traxx75
    Offline

    traxx75 Registered Member

    I think PP's strength isn't in ultra-high speed VPNs but the flexibility of the services they provide. Most of the servers they have run OpenVPN, PPTP, and L2TP over IPSec in addition to SSH and squid/SOCKS proxies. This would allow you to chain your choice of protocols between your choice of servers in a large selection of locations (14 of which weren't tested above presumably due to time constraints and a few being US/UK/FR/DE). This is not, however, done automatically so a user would need to be somewhat familiar with these technologies to do it themselves.

    Something that is also worth mentioning is that PP server traffic is crowded with a small amount of TOR traffic. This may be a good or bad thing depending on your point of view. More noise means it is harder for someone to hear, but the nature of TOR usage means you may be more likely to find the servers banned from some places.

    Speed is also going to be hard to keep consistent. If speeds are good with a particular provider/server then that's probably because there aren't many users on it. Given enough time (and lack of capacity planning to add more servers) those speeds will slow down as more people join and compete for bandwidth. I applaud any provider that can consistently provide 10Mbps+ over months/years. I haven't personally used a provider that has been able to maintain high speeds over time. Perhaps I should look at BW Privacy :p

    Support at PP does appear to be inconsistent although it seems people have the most luck when emailing the staff rather than using the forums. Also, they appear to be less active in the "International" (ie. English) section of their forums.

    I think that some VPN services suit some people's needs (speed/privacy/anonymity) more than others. If all you need is a simple VPN or proxy service there are definitely cheaper (and faster) options than PP but there do not appear to be many that can compete with their flexibility. Most people probably fall into the category of only wanting a fast, single-hop VPN. I just felt it might be useful to point out the positives of services that may not appear to fulfil this criteria :D
  18. PaulyDefran
    Offline

    PaulyDefran Registered Member


    Still here! :D

    PD
  19. bolehvpn
    Offline

    bolehvpn Registered Member

    Just to let you know that any concerns that our passwords to the customer portal are stored in cleartext have been resolved with the launch of our new portal system. In any case, the portal sites has always used HTTPS and secured by SSL. We're still working out on continuing to beef up our security of our new customer portal system even if it means it may be a bit paranoid.

    PS: The logins do not by themselves grant access to the VPN servers which rely on the certificates and keys.
  20. PaulyDefran
    Offline

    PaulyDefran Registered Member

    Thanks for the update.

    PD
  21. happyyarou666
    Offline

    happyyarou666 Registered Member

    yeah thanks for that update bolehvpn ;)
  22. bolehvpn
    Offline

    bolehvpn Registered Member

    We also now have a Liberty Reserve payment option (for 180 day package and above only) just for the moment to test it out.

    Eventually if it kicks off, we'll extend it to all package options.
  23. mirimir
    Offline

    mirimir Registered Member

    Cool! Thank you :)
  24. mag1c
    Offline

    mag1c Registered Member

    Here is a good VPN that's great if you like Anonymity.

    http://www.doublevpn.com/en/

    -No Logs
    -2 Hops
    -Speed is ideal
    -Multiple Server locations
    -Price = Anonymous :)
    -Trusted

    I've used them for awhile now and I trust them.
    I would def recommend this to anyone that wants to keep their privacy.
  25. DasFox
    Offline

    DasFox Registered Member

    If a VPN provider allows for multiple connections then you can create your own multi hop, as far as doing it just running in Windows or Linux I'm not sure. The only way I've done this is through a VM, which in and of itself for another discussion, actually many discussions already on Wilders is a great layer to add, and through them you can create your multi hop vpn... ;)
Thread Status:
Not open for further replies.