Good VPN setup?

Discussion in 'privacy problems' started by markedmanner, Nov 19, 2011.

Thread Status:
Not open for further replies.
  1. markedmanner
    Offline

    markedmanner Registered Member

    I just recently signed up for a VPN that is PPTP based. I was wondering if you all had any tips for maximizing my privacy with using a VPN. I have already disabled IPV6 since apparently it can leak your real IP see here. I use Firefox with adblock plus with all of fanboys lists including the tracking. I also use the https everywhere extension and noscript. I also have cookies disabled by default and only enable them only where needed. I am not so much worried about local privacy example: web browser data being recovered from my hard drive by someone locally using a tool like recuva. I was just curious if anyone has any suggestions or tips. Thanks.
  2. parsec
    Offline

    parsec Registered Member

    Setup seems ok.. however i would change PPTP for OpenVPN.
  3. markedmanner
    Offline

    markedmanner Registered Member

    Yeah other than the IPV6 leak with PPTP what is the disadvantage? Currently my provider only offers PPTP they are currently working on OpenVPN.
  4. parsec
    Offline

    parsec Registered Member

    OpenVPN uses stronger encryption, thats the difference i know of.. google would be your best choice as to why openvpn is better.
  5. markedmanner
    Offline

    markedmanner Registered Member

    Yeah reading a bit now. My VPN uses 128 bit encryption on PPTP plus I use https as much as possible that should be more than suitable for now.
  6. Cutting_Edgetech
    Offline

    Cutting_Edgetech Registered Member

    OpenVpn offers much better anonymity because it is less likely to leak your DNS. It also works better behind most firewalls. It offers up to 256bits AES encryption when pptp offers up to 128bits. I'm at work on my iPhone so I can't go into much detail. You should read some of the threads here on dns leaking under Xerobank, but I don't recommend them anymore because of there extremely poor customer service. The info provided in those threads is good though. Also disable java script and flash when surfing. Openvpn is your best choice if anonymity is your priority.
  7. markedmanner
    Offline

    markedmanner Registered Member

    I understand what you are saying about the DNS leakage. I just ran the test at http://www.dnsleaktest.com/ and my DNS was not leaked. Then again that is just one test. Until my VPN gets OpenVPN support would it help somewhat if I configured my computer to use something like an Open Nic DNS provider that does not log. See here: http://www.opennicproject.org/publictier2servers If anyone has more DNS leak tests I can run let me know as well. As far as using flash and java I am personally unaware of how an example of where your real IP is leaked when using a VPN. I understand that with a proxy or tor it is possible (Unless you are using JanusVM). Not saying it is not possible to leak the real IP with flash or java but I am not aware of an example of it. Could you point one in my direction? I thought ALL traffic from your computer regardless of the program would be sent over the VPN?

    I also ran these test and none of them were able to get my real DNS instead they all show the DNS of my VPN.
    https://www.dns-oarc.net/oarc/services/dnsentropy
    https://www.grc.com/dns/dns.htm
    Last edited: Nov 19, 2011
  8. luciddream
    Offline

    luciddream Registered Member

    If your VPN provider doesn't have OpenVPN available by now, you might want to think about choosing a new one. That's a bad sign if they're slow to keep up with the tech.

    That site you posted with the leak tests has a nice tool to prevent DNS leaks. It flushes the DNS cache on connect. Or you can do it manually. Setting FW rules is a great way to strengthen your setup. I use Comodo, and in Network Zones add a VPN zone with the ranges my VPN service assigns me. Then I incorporate them into my rules, and add block rules at the end. What this does is block any leaks in the event your VPN connection drops. A few of us discussed this in this post:

    http://www.wilderssecurity.com/showthread.php?t=309955

    As someone else pointed out, disable Javascript & Flash and use only when absolutely necessary. You said you use the HTTPS-Everywhere add-on... good call. You might want to look at HTTPS Finder too. I recommend using Ixquick as a search engine too. And use the built in proxy along with your VPN for even more privacy/anonymity.
  9. markedmanner
    Offline

    markedmanner Registered Member

    Thanks for the tips. You have any suggestions on VPN providers? I chose Ipredator from this list https://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/ so far I like the speed and it seems to be working well as has been noted the only downside I see is they do not offer OpenVPN. From what I understand Ipredator is a creation of the owners of Pirate Bay and I think those guys have a strong belief in privacy etc. Thats what made me choose them. Not that there would not be another provider I would use. Also thanks for the suggestion of Ixquick. I actually use Starting Page which is ran by the same people. https://startingpage.com/
    Also I am checking out HTTPS finder. I find it very interesting I have actually been looking for something like this. It would be nice if the HTTPS Everywhere extension could incorporate this type of function of finding new sites that have HTTPS. That way you would not have to have 3 extensions.
  10. luciddream
    Offline

    luciddream Registered Member

    We discussed a lot of VPN providers in another thread, but it's many pages long now and I don't expect anybody to read through it. In the end only 3 really graded out high:

    iVPN
    Boleh VPN
    PRQ

    I use iVPN and it's great. But if I had known about PRQ back then they would have gotten serious consideration. Either of them would be my recommendation.

    I'm not sure how PRQ operates, but with iVPN you can try it for 1 month with no commitment and see how you like it. I recommend using the OpenVPN client found here instead of the custom clients the providers give to you:

    http://www.openvpn.net/index.php/open-source/downloads.html

    To my experience it's more stable, and you can swap in & out configurations to try different services without having to re-install everything.
  11. mirimir
    Offline

    mirimir Registered Member

    I concur with luciddream about VPN providers. BolehVPN (fully routed) is inexpensive, and very fast, in both directions. However, no anonymous payment options are available outside Malaysia. But I use nested VPNs (routed in VirtualBox via pfSense VMs) and BolehVPN is excellent as outer VPN. Both iVPN and Insorg are excellent as inner VPN. Both accept Liberty Reserve. Using BolehVPN plus either, I generally get 2-4 Mbps in each direction with ~200 msec ping and 5-10 ms jitter.
  12. markedmanner
    Offline

    markedmanner Registered Member

    Thanks for the info. I noticed none of those 3 made the list over at the torrentfreak post (Well Boleh did but they had a delayed response) Out of the 3 you mentioned I could definitely consider PRQ for sure. From what I have read that have a very strong commitment to privacy. I will definitely consider giving PRQ a shot.
  13. mirimir
    Offline

    mirimir Registered Member

    PRQ provides colocation, not anonymity. Their VPN tunnel service provides virtual colocation. Customers get dedicated static IP addresses. That's great for running servers, but there's no crowding. From -http://prq.se/?p=tunnel&intl=1

    I would rephrase as "any tracings will only lead to your dedicated static IP address, hosted by us".
  14. markedmanner
    Offline

    markedmanner Registered Member

    the phrase: "any tracings will only lead to your dedicated static IP address, hosted by us".

    That would apply to ANY VPN. That is just fact I would assume. Of course all your traces will lead back to there servers that is the point of a VPN. Maybe I am missing something I dont know.

    And as they do not keep logs of data traffic (see here: -http://prq.se/?p=company&intl=1) and the connection is encrypted would this not offer privacy and anonymity? I see this is not billed as a VPN service on there site but is that not exactly what this is?
  15. mirimir
    Offline

    mirimir Registered Member

    OK, consider iVPN. Let's say you're using one of their Amsterdam exit nodes, with IP address <83.170.109.115>. Let's say that they have ten exit nodes. On average, you are sharing that Amsterdam exit IP address with 10% of active iVPN customers. Also, you are sharing an entry node with traffic routed through all ten exits.

    Conversely, with PRQ, you have static dedicated exit IP address. Any loss of anonymity involving that IP address will affect all past and future traffic through it.

    It doesn't matter whether they keep logs or not. What logs permit is linking traffic to users. That's not needed here. It's your IP address, reflected (I'm sure) in their billing records. You're anonymous as long as they refuse to cooperate. But "we refuse to cooperate" is very different from "we don't know".
  16. markedmanner
    Offline

    markedmanner Registered Member

    I understand now... Seems to me a static IP through a VPN provider would not be a good idea at least if you are looking anonymity. Thanks for your help. Maybe PRQ would not be the best choice then.
  17. Digizik
    Offline

    Digizik Registered Member

    first rule about vpn-providers which are offering an anonymous service:
    don't share the provider on open forums...
    i'll pm you about a good vpn-provider!
    regards, digizik ;)
  18. The Oracle
    Offline

    The Oracle Registered Member

    Is this true? For now I just disabled IP6 on the Networking Properties tab for my normal network card (Local Area Connection) and the TAP-Win32 Adapter V9 connection. Is there anything else I would need to do or is that fine what I have done?
  19. The Oracle
    Offline

    The Oracle Registered Member

    First, I am not sure if I am doing the right thing, but I have been using DHCP from my router till I just set up this new VPN. I switched it over to static IP because I didn't feel like manually flushing the DNS every time I connect. I tried this http://www.dnsleaktest.com/how-to-fix-a-dns-leak.php but I am not seeing a pop up window flushing the DNS when I connect to the VPN, and I was leaking after connected. I put in the static IP and used google for DNS servers instead of relying on my ISP. I also put google in for the TAP-Win32 Adapter connection for the DNS.

    Once I did that, I tried http://www.dnsleaktest.com/ and the leaks were gone.

    Then I tried https://www.grc.com/dns/dns.htm and got a "moderate" ranking. There is a lot of information there and it looks like spanish to me, so I am not sure if there is something I am suppose to do to get a higher ranking.

    Then I did https://www.dns-oarc.net/oarc/services/dnsentropy and got:

    DNS Resolver(s) Tested:

    74.125.126.88 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.126.80 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.126.90 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.126.83 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.52.87 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.52.92 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.126.81 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.126.84 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.126.87 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.126.85 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.52.94 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.126.86 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.52.90 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.
    74.125.52.95 appears to have UNKNOWN source port randomness and UNKNOWN transaction ID randomness.

    Not sure why all I got was a bunch of unknowns, instead of indicator lights healthy or not. I looked around on the site, and don't see anything about "unknowns".

    Any thoughts?
  20. The Oracle
    Offline

    The Oracle Registered Member

    Do you also recommend using the OpenVPN client for Boleh also?
  21. marktor
    Offline

    marktor Registered Member

    I say use OpenVPN for a few reasons.

    1. Better encryption instead of just 128 bit you get 256 bit.

    2. No worries about the IPv6 flaw I mentioned earlier. It is real. I seems it may only effect bittorent. You can read more about it here: http://www.instantfundas.com/2010/06/security-flaw-makes-pptp-vpn-useless.html

    For more on why to use OpenVPN see here: http://www.ivpn.net/pptp-vs-l2tp-vs-openvpn.php
  22. The Oracle
    Offline

    The Oracle Registered Member

    You know I don't mean OpenVPN in general right? I was referring to using this one http://www.openvpn.net/index.php/ope...downloads.html versus the one that comes from the VPN providers install package. Just want to make sure we are on the same page with the question ;)

    I disabled IPv6 on all my network tabs and just running IPv4 for now. Guess that is what I was suppose to do.
  23. Spooony
    Offline

    Spooony Registered Member

    Since your oing point to point you don't need a provider.
  24. luciddream
    Offline

    luciddream Registered Member

    I'd recommend using it regardless of the service you choose. It's constantly being developed, and universally compatible with OpenVPN. So if/when you decide to choose a new service you just swap config files in & out instead of complete re-installs.

    For example, I see they're on version 2.2.1 right now, whereas my iVPN client was on v. 2.1.4. Reason being iVPN may be looking to incorporate other changes too, and will therefore wait to throw it all into 1 update... whereas the OpenVPN client on that site I pointed you to doesn't have that much on it's plate and can improve/patch quicker.
Thread Status:
Not open for further replies.