Choosing an Anonymizer

Hello I've only used Arovax Smarthide... But now I'd like to try out the competition... What other programs compete in this kind of market... I've seen Hide IP NG but I haven't much luck seeing other programs that work.

I looked at xB VPN but I'm not sure if it covers everything Smarthide does... If there's another program out there feel free to tell me.

 

Hello,

I'm happy to answer any questions about xb products you may have. As to the others, there is a good thread for that info:

https://www.wilderssecurity.com/showthread.php?t=203246

WARNING: BROAD GENERALIZATIONS AHEAD

Typically you have two types of solutions, tunnels which are pretty much just for surfing, and VPN, which takes most of your traffic.

As a quick overview, most of the SSH stuff is the same, but you should ask if they use key exchange authentication versus username password, and you should ask for a demo. You should prefer key exchange for enhanced security.

VPN is a big deal. It is supposed to capture all your network traffic. However, there are a few important points. VPNs using anything other than IPSEC or OpenVPN are going to vulnerable to leaking your data as plaintext.

 

So XB VPN will work for things like torrents in hiding my IP and keeping me anonymous?

 

I have been using Total Net Shield for about 3 years now.

http://www.anonymizer.com/consumer/products/total_net_shield/

 

Absolutely, and it is an OpenVPN based solution. It also has some other benefits over other VPNs, and you can PM me if you would like to know more about them.

 

Yeah but if the company that does all of the security for the NSA has bought them out, then aren't you the least bit concerned that all of your data is being captured, just as a matter of course? AT&T evidently assisted them in this, but using a *supposed* anonymity service operated by them seems to be putting it right in their laps. And it is a US company where everything is up for grabs. I would even be concerned that the profits of the recording industry are involved in this. Spying in this country has not just been for national security. They spied on PETA and gay college students and who knows They can do whatever they want because they don't have to answer to anyone right now. I fear that it may take something huge for people to wake up. But anyway, knowing this, I wouldn't touch Anonymizer with a 10 foot pole.

 

Try this live cd. It is called Incognito.

"Incognito is an open source LiveDistro based on Gentoo Linux assisting you to securely and anonymously use the Internet almost anywhere you go, e.g. your home, work, university, favourite Internet cafe or local library. Incognito can be used from either a CD or a USB drive and has several Internet applications (Web browser, IRC client, Mail client, Instant messenger, etc.) pre-configured with security in mind, and all Internet traffic will be anonymized. To use it, you simply insert the CD or USB that you have installed Incognito on in a computer and restart it. Incognito should then start as an independent operating system instead of Microsoft Windows or whatever operating system you have installed. It is also possible to run Incognito as a guest operating system inside Microsoft Windows by simply inserting the media while Windows is running which should present you with a menu.

Incognito is Free Software released under the GNU/GPL (version 2). "


http://www.browseanonymouslyanywher...?option=com_content&task=view&id=27&Itemid=40

 

Anonymizer news:

http://blogs.techrepublic.com.com/networking/?p=497

 

Caspian, I agree with everything you wrote about Anonymizer and Abraxas. However, the service you use and support - Xerobank - won't even tell you who owns them. In fact, in another thread just within the last 48 hours, Steve with XB says he doesn't even know who owns Xerobank! With Anonymizer at least you know the poison. As far as we know, Xerobank is owned by the NSA itself. Think about it. He says he doesn't know. You're telling somebody to stay away from Anonymizer (and rightfully so!) because of who owns them. I agree with you! 100! Steve with Xerobank says who owns the company doesn't matter. See the problem?

 

Hi,

There's no need to pay to get a good level of security and anonymity: just use JanusVM.
And Xerobank is not the only anonymous surfing provider on the market: i can mention for instance ultimate-anonymity, Metropipe, GoTrusted, Securstar, Cryptotunnel and many more....
Regarding ip hider softs, there's plenty too, like Proxyway, Ninja Surfing etc...

It's not a secret that data retention is practised in many countries, but on the other hand, the net should not be a "no law's land".
And of course, a gvt. security agency can be hidden behind providers of anonymous surfing.
The FBI already used click trap against pedopornography.

More you control a process, more it can be secured.
And it's off course possible to build your own SSL VPN anonymous service.
And in case of service like Xerobank and co, there is no warranty of "100% integrity/honesty".
At last ressort, the database can be hacked, and i don't talk about issues like SSL MITM or XSS.
In proffesional hacking, anonymous servers are rent in exotic countries (China for instance) where the jurisdiction is quite permissive for cybercrime; that makes investigations highly difficult.

Therefore, the choice depends of what you want to hide, your budget etc.
There's no absolute answer to question like "help me to choose a car, an antivirus, a coffee or a country to visit!

regards

 

JanusVM would be a nightmare for me. It is far too slow. I would never get anything done. And I guess the guy who created it also works for XeroBank now.

 

I understand what you are saying, but I don't really know anything about the owners of any of these services. But I do know that Steve is associated with some pretty radical, free thinking "free speech" and "human rights" people. And now the creator of JanusVM is there too. I think he has a pretty credible rep too, doesn't he?That means a lot to me. Steve is also a very intelligent individual and I doubt that he is completely blind as to the true nature of XeroBank. I just don't think that Steve is so unenlightened that he would be involved in some kind of malicious organization. I have to just try and use my best judgment. At least I *think* that I know where he is coming from, which is far more than I can say about any other service.

I like to toy around with some other services. I will probably get another sub for Metropipe tunnel. I have an Iphantom, which is pretty questionable. And I will surely try a few other services just out of curiosity. I am a beginner and I learn a little here and there just by fooling around. But so far XB is serving my purposes very well. It is fast, it covers all of my traffic, and it is not a US company.

Worst case scenario would be that Steve is the "Son of Satan" and is logging all of my traffic. In which case I would be furious because that would mean that I am paying someone a lot of money to log all of my personal information and probably selling it to the highest bidder. That would piss me off to no end. But I am not an identity thief, I'm not into little children, I barely understand what a DOS attack is, and I am not a violent person....so I will never be arrested as a result. But I do value my personal life and I believe in the basic principles of "Freedom of Speech" and a "Right to Privacy", so I do hope that everything is on the level. I think it is..

I understand and appreciate your concerns. And I am glad that you are willing to ask some tough questions. But from all that I can see, I feel more comfortable with XB than with any other service that I know of. I just have to rely on want seems to be my own best judgment. I hope that I am right. I think that I am. Have you ever considered that maybe XB truly is a trustworthy service from people who really do care about individual rights? Maybe they value their own privacy as well. But Steve is a pretty public guy.

 

Caspian, let’s consider “anonymizer service X” for a moment. One of three conditions must logically be true:

1. The service does not, in fact, have the US Government as a client.
2. The service does, in fact, have the US Government as a client – but doesn’t say so.
3. The service does, in fact, have the US Government as a client – and publically says so.​

Now, as a user of the anonymizer service, it is impossible to distinguish between Case 1 and Case 2. Therefore, the interesting comparison is between Case 2 and Case 3. According to your logic, you prefer Case 2 over Case 3. In other words, it appears that you would be more willing to place trust in an anonymizer service that avoids stating that it has the US Government as a client (Case 1 or Case 2) rather than one that makes it public knowledge (Case 3). Isn’t that an odd argument?

If Anonymizer/Abraxis had something to hide because they have the US Government as a client, don’t you think that they would hide that association? The fact that they are open about it should increase – not decrease – your level of trust in the company.

P.S.: These comments also appear in post #55 in this thread.

 

Regardless of whether I know or not, I do not want to do business with a US company who is so heavily associated with our government. Not with all of the current abuses. I don't see how anyone could trust a US "privacy" service whether they work for the government or not.

 

Caspian, two questions:

1. What anonymizer service do you use?
2. How do you know that the service you use does not have the US Government as a key client?​

 

I primarily use XeroBank. But I also have a Metropipe Tunneler and an Iphantom. And I do have the Vidalia bundle handy if I want it. I don't know if XB has the US government as a client. And I am not so sure that just having a gov agency as a client would bother me. But Abraxas is deeply involved with them. I noticed just scanning their site that they specialize in unmanned aircraft and missile systems and who knows what else? It just gives me the creeps. Even if I thought that they were truly sincere about protecting basic rights like freedom of speech and right to privacy, what reason would I have to believe that they could offer any protections in these areas.....under our current administration anyway?

 

I don't think that is odd. I would be a little concerned about the legitimacy of a privacy service that announces the identity of their clients. As an analogy, I would be worried about the secrecy of a bank that announced which clients have deposit boxes. But maybe it doesn't matter because a FOIA would reveal if the gov is a client.

 

To be clear, we are discussing business (not consumer) clients of a company. For that reason, the bank analogy concerning the names of individual persons who own a safe deposit box does not apply. Banks do routinely and regularly highlight their commercial client roster. See, for example, Wachovia’s Broad Client Base listing.

If “anonymizer service A” has a higher degree of transparency than “anonymizer service B,” then – all other things being equal – the former is to be preferred over the latter, since transparency is a hallmark of trustworthiness. Abraxis could have acquired Anonymizer and kept the association secret – but it did not do so. To me, this level of transparency increases my confidence in the trustworthiness of the company.

 

Right, and wachovia is a terrible US bank with no banking secrecy. Try that in a location that has banking secrecy laws to protect their clients. Those wachovia guys would go to prison for a loooong time.

Transparency is not the hallmark of trustworthiness, but let's pretend it is: I suppose if they started posting the logs of your online browsing activities that would be some enhanced transparency. And posting their decryption keys in the name of transparency! And hey, let's be totally transparent, we need to allow anybody off the street to come check out our client list, right? No! Of course not! That is antithetical to the privacy they purport!

You want to have transparency in your security mechanisms that do not operate with enhancement from leveraged unpredictability, NOT THE DATA YOU ARE SUPPOSED TO BE PROTECTING. Do you think they just don't know this, or just don't care? Take your pick.

You know, sometimes I think about they way I communicate ideas. Many times people have severely misplaced their trust in others. Unfortunately it is rare that the bulb lights up and they drop their previously held beliefs and embrace the opposition. The typical result is usually cognitive dissonance. They don't want to believe it despite the merits of the argument, and they either like to reject the argument, or reject the argumentor if they can't do the former. Often times I've argued a subject and thoroughly and soundly decimated the opponent's position, and they may grudgingly agree, but make an ad hominem against me. This often appears as people only saying "I didn't like the way he said that." Sometimes I think this is the best you can hope to achieve to people who are inured into their positions. Other times I'm disappointed with myself that I don't understand how to gently bring people out of their dream state, and when I do I encounter people very dismayed that I interrupted their warm gossamer of false security and cognitive relaxation.

 

A tad bit arrogant there, Steve? You are not the sole holder of truth. What if, (just what if), it's you who needs to wake-up on some of these issues? You who needs to see that the hiding of Xerobank's ownership - and even claiming to not know who owns Xerobank - is what's dismaying? What if?

 

again, worrying about who owns xerobank is like a lady worrying about getting prostate cancer. xerobank's owners can't decrypt the data, so the threat isn't there. But anyway, that isn't what I was talking about. I really mean it when I say how tough it is to wake people up. I like getting woken up, but only because I don't attach ego or importance to being right, I gladly sacrifice those things for having the right answer. It's one of the reasons I'm going to be happy to do a disclosure against an OpenVPN vulnerability/exploit, even though it's what xb uses.

 

Returning to the issue of choosing an anonymizer, by far and away the most attractive provider in terms of:

(a) ethos
(b) range of services, and
(c) price

seems to be Perfect Privacy (perfect-privacy.com).

- The company appears to be incorporated outside the US and EU
- No logging
- Payment can be made anonymously
- Full range of VPN, SSH, Squid proxies, etc
- Approximately 11 servers around the world

They do not seem to have received much notice on this board, but - on paper at least - they look awesome, and are definitely worth looking into.

 

true, their mention on these forums is rare, a search brought up only one thread and no real comment. the web seems to be the same i only found one kinda of review,

http://www.jwharrison.com/blog/2007/10/15/tales-from-the-darkside-2-–-cloak-of-the-vpn/

they certainly have all the points covers:
- incorportated out of the US, from the whois information in Liechstenstein
- various pay methods including paysafecard
- various servers some outside the US, Perth, Australia; Hong Kong, China; Berlin, Berlin; Frankfurt, Germany; Amsterdam, The Netherlands; Roubaix, France; Moscow, Russia; Montreal, Canada; Chicago, United States; Houston, Texas; and Las Vegas, Nevada (taken from thier faq), most are located in coutries with good privacy laws (some with not so good privacy laws).
- use openvpn

someone here must of been with them or have tested their services. I'm sure steve could give all the ins and outs or has at least heard something about them.

 

I've read the perfect privacy FAQ and it seems to have lots of points covered. No logs and anonymous payment is really important. What about their speed? Has anyone used them before?

Steve, can you show proof in terms of an independent audit that the way XB is set up that there is no way data routed into the XB servers can be attributed to a particular user?

 

I don't think an audit would prove it, but the design certainly does. In the xerobank 1.0 network we used a destructive account identifier. The account is first set up and given an identifier. Once the payment is completed, a 16 digit transaction ID is created. The only thing linking the transaction id to the account is the account identifier. The account identifier is then destructively wiped from our system, breaking the link. Effectively, we know only that an account was paid for, not who paid it.

In the XeroBank 2.0 network, we are using a new technology we developed called VAULTS. It is a token based system that uses asymmetric encryption and blinding techniques to accomplish a similar situation, but has significantly more flexibility. We hope to be presenting a whitepaper of VAULTS at either the Privacy Enhancing Technologies conference or at DefCon itself.