Can You Trust Your VPN Provider…?

Precisely. 99% of what we're discussing here is pure conjecture. We have no clue who we can actually trust or not, and we hope that all of the security features we put in place aren't just giving us a false sense of security. It's possible that every VPN exit node in the world of every single VPN provider is being siphoned off and decrypted in real time by various spy agencies. We would never know unless there are more Snowden's out there willing and able to expose them. So while people residing in the U.S. are probably better off using exit nodes outside the U.S., we don't know for sure.

 

But which one would prove a more privacy/secure set up scenario 1 or 2 ? I added ubuntu into it since if I did this:

User > VPN1> VPN 2> VM-ubuntu I could at least use Tor BB here or a decent setup browser(with security/privacy addons) and run torrents, with say whonix I am stuck since all goes thru the Tor network. This is why I think VPN tunnelling will work faster for me, and I can spread my paranoia or level of trust between 2 vpn providers.

 

Which is better depends on what you're using it for.

I wrote lots on that yesterday at <-http://tor.stackexchange.com/questions/445/secure-my-connection-with-vpn-router-tor->. I could just copy it here, but let's see how this works.

 

Thx mirimir

I do like that quote "And I prefer that my ISP and associates see that I'm using a VPN service, rather than Tor"

I too feel its safer if people can see am using a VPN and not Tor, I guess I am trying to find that best of both world setups, I think ill stick to this setup

PC > VPN1 > VPN 2 > VM -whonix or ubuntu

Got 2 VPNs and then under Tor network, plenty of barriers as it is

 

Cool

Maybe it's just my love of messing with stuff, but now I'm wondering whether one could run "multi-hop" Tor relays. That is, a relay comprising two VPS linked by VPN. But somehow I doubt that the Tor network would accept that

 

Yes it is nice to try new things out, I recall a while back about that virtualbox logs issue, well PrivaZer latest build supports virtualbox logs, also CCleaner addon mod called CCEnhancer includes much more including virtualbox logs also, may help you in privacy clean up further.

 

Really? I was talking about Mir about possible VB logs and he gave me a right advice, to fully encrypt the host to be safer, however thanks to this last version of privazer u are saying its possible to delete those logs? Nice, u already tried?

 

Yeah, but in the Host system not in the Guest (unless maybe you run it also there).

 

My VB is installed on my host system so should be fine i guess (Mir you could correct me if i am wrong)

 

Yes, VirtualBox runs in the host, by definition (being why it's a host).

VirtualBox will not run in the VM, because the VM doesn't have physical resources that can be virtualized.

 

The logs of virtualbox do go, but obviously not anything stored directly within vb software itself. Either way encryption should come first, privaZer and ccleaner + the addon helps nicely I have found the addon for ccleaner called CCEnhancer really does add dozens of more entries and things I was not even aware of.

 

If a person enables Shadow Defender, virtualizing the entire OS, and then runs a virtual machine from inside of a truecrypt folder, what traces of this would be left on the computer after reboot? My guess is none at all, or not enough to be very meaningful.

 

If Shadow Defender actually provides a virtualized environment, I doubt that VirtualBox would run in it. VirtualBox needs direct access to CPU, RAM and disks.

 

hey mirimir
did you encounter anything similar to this or did you hear from anyone any similar stories?
i was considering to give air a try. but after reading talis' posts about how air is full of flaws and doesn't care about its customers' privacy, now i'm leaning towards other providers, because i take talis' words serious for he surely is an experienced member about vpn issues.

and one more question. do you consider bolehvpn as a reliable provider? considering they're based in malaysia, a country under sharia law, it frightens me leaving doubts in my head about the safety & privacy of their users' data.

 

It runs just fine. And it is referred to by everyone here that I have heard as virtualization. Maybe I should mention that at the SD thread and see what they say.

 

I have encountered this. And the way that I noticed it was because google all of a sudden was in the US instead of the Netherlands. Which brings me to another point. With airVPN, I never use the German nodes because Google knows that I am in the U.S. But all of the other exit nodes take me to Google for that country. But I just tried Boleh. Google is not fooled by any of them. Google sees me as being in the US no matter what connection that I am using. So Boleh is completely out of the question for me.

I can't afford Cryptohippie right now. And I also like then idea of having more exit nodes. So maybe I will give Insorg a try for a month. Or that other one that was mention... IVPN? Either that or I just need to learn how to set firewall rules with Comodo and continue using air..

 

"Virtualization" is used in many ways. The primary meaning at http://www.merriam-webster.com/dictionary/virtual is "very close to being something without actually being it". Hypervisors such as Xen, ESXi and Qubes are very simple Linux-based operating systems that virtualize CPU, RAM, storage and network connections, and make those virtualized resources available to virtual machines that they manage. Hypervisors are very specialized, and not useful for anything but managing VMs.

Application-level virtualization software, such as Qemu, VirtualBox and VMware, work much like hypervisors. However, they're less efficient for running VMs, given the host OS overhead. And they're less secure, given the greater attack surface.

Software such as Shadow Defender are very different. I don't believe that they virtualize CPU, RAM and networking, for example. As long as they don't virtualize those resources, virtualization applications, such as Qemu, VirtualBox and VMware, can run "on top" of them. That's because raw CPU, RAM and networking are available to be virtualized.

Conversely, VirtualBox won't run on VMware, or even ESXi, because it can't access any raw resources to virtualize. Indeed, it's arguable that any "virtualized" platform that runs VirtualBox or VMware isn't truly virtualized.

Shadow Defender does virtualize storage in some way, however, because that's how it defends. It's my impression that it works by catching application-level storage streams, and storing them temporarily in some wipeable cache. But I don't believe that it truly virtualizes storage resources as Xen, ESXi, Qubes, Qemu, VirtualBox and VMware do.

 

You have to disable everything but IPV4 in your network adapters with BolehVPN because most of their servers have full port forwarding. Reverse DNS/Host name scans on BolehVPN and many VPN company's can figure out what language to set Google as this way and by using your browsers signature fingerprints. I don't know about you but for me IVPN gave me much trouble with slow UDP speeds. Changing your network adapters to only use IPV4 is something you should do anyway.

 

Re: Google knows where I am -

There are many reasons for this... IPv6 left active, HTML5 in the browser, etc...

But...

In regards to Air, (and maybe Boleh) they use sanitized Google requests, via the fastest route to you. So even if you connect through Switzerland, you may get the US Google page. It doesn't mean Google knows where you are (as long as the first two things I posted above aren't active - and a VPN can't really control that).

Do this (I just did): When you get the "regular Google" page on a foreign server, just type "my ip". Google will show the IP it sees (It wasn't my real IP, it was Swiss). Then click "Learn More" and you'll go to a Google help page about IPs. On that page, you'll see a "Find My IP" box...click it. It should bring up the Google Search page from the country that Google thinks you're in, ie. the server you're connected to. Mine popped up the Swiss page. So the first page you get, if it isn't foreign, doesn't necessarily mean they know where you are. If they did, all those other pages above, would show the same, actual, IP.

PD

 

Take a look at this. This is a screenshot of an IP location service and the gmail IP login info at the same time. Notice the Asterisk. I get that every time that I am connected to one of these exit nodes when Google knows that I am in the United States. Sometimes it doesn't say what the location is but there is always an asterisk. But this time it says New York instead os Sweeden.

I use German Privacy Foundation DNS on all of my adapters.

I like seeing a different country when I login. Just a few minutes ago I opened my browser and saw that I was in the United States. But airVPN had been connected for several hours. I looked in the system tray and it was grey. It had somehow disconnected. I would not have noticed it without Google's home page switching back to the US.

 

Have you considered using a firewall instead of relying on a "one button" solution?

 

What Swedish Air server is that? I have 178.x.x.x and 94.x.x.x for Serpentis and Cygni.

PD

 

fawkes, i think the point he's trying to make is that the airvpn client SECRETLY and FREQUENTLY disconnects. (an alleged fact also stated by talis in previous posts).

 

so you say bolehvpn keeps most (if not all) ports open just for the sake of file sharers. is that what you mean? (if memory serves me right, you said that same goes for airvpn, right?)

if so, that's too bad.

 

With BolehVPN they have their servers set up in two ways, some are close ports like the Netherlands server and other open for file shares. its about a 50%50 split. Having the ports set up the way they do is fine as long as you have a normal firewall and your network adapters set up they way I said before, Airvpn on the other hand has too many servers for me to be sure but most likely they all have different setups for whatever reason. BolehVPN with its open ports and recent move to AES 128 is probably one of the fastest services right now. I can get 22 Mbps down and that is on WiFi while other people also use the connection 20+ Mbps consistently is my constitution of current hardware A+ rating for VPN services.