How to choose the best vpn provider

Discussion in 'privacy technology' started by Asus125, Sep 8, 2009.

Thread Status:
Not open for further replies.
  1. Asus125
    Offline

    Asus125 Registered Member

    Hello!

    I have displayed almost a 30 page of this forum, trying to find a anonymous and trustworthy vpn provider. Since I didn't find it, I decided to register this forum and ask about them.
    I have a few providers which I have considered to be good:

    https://xerobank.com/personal/service-summary/
    http://thesafety.us/en/about.php
    https://www.cryptocloud.com/index.php
    https://www.intl-alliance.com/
    http://www.steganos.com/us/products/secure-surfing/internet-anonym-vpn/overview/
    https://www.perfect-privacy.com/

    I know basic stuff of those providers, but what differences they do have?
    Example, Xerobank has a 2 or 3 hop network and thesafety is offering a double vpn. Are they the same thing? International Alliance Privacy Services has servers in the Hong Kong and CryptoCloud says they have no logs
    Are there any other other factors than number of hops, entry/exit nodes, and usage logs which I should note?

    opinions and experiences are more than welcome!
    Last edited: Sep 8, 2009
  2. tgell
    Offline

    tgell Registered Member

    I am not familiar with the ones you listed. You also might want to take a look at the following free VPN's

    PacketiX.NET is a Japan VPN service. It is actually a premium service, but they have PacketiX.NET online test service as well which is free to use. The service is fast and reliable and it is easy to use as well. Just download the VPN connection manager, install and connect!

    UltraVPN is a French VPN client that hides your connection from unwanted ears and allows you to use blocked application. It is also based on OpenVPN service. Traffic is quota is unlimited. Bandwidth is up to 500Ko/s depending on network conditions.

    CyberGhost is a free VPN service from Germany which helps you route you through a German IP. The free service is limited to 10GB traffic every month, which is more than enough for surfing on websites, chatting and email. The paid service is also affordable.


    Hotspot Shield
    _ Advertiser Supported
  3. Asus125
    Offline

    Asus125 Registered Member

    I have tried PacketiX, UltraVPN, and cyberghost before.

    PacketiX only gives me about 50-60kb/s download speed so I only use it if I really need it.

    Ultra vpn gives me good speed, but I just think it isn't really that anonymous and secure.

    Cyberghost is disconnecting too way often, and if I chose premium option, I would prefer Steganos.

    Hotspot Shield has never worked on my pc.

    There would be also JanusVM, but it is too slow and not protect udp. Therefore I want to anonymous commercial vpn.
    Thanks for the tip though
  4. LockBox
    Offline

    LockBox Registered Member

    Half of this sub-forum are threads asking this same question.

    Here's my answer in another thread:

    I wouldn't pay for anything that wasn't an SSL VPN based on OpenVPN:

    Xerobank/ShadowVPN (though I am reading lots of bad things about lack of support).
    AlwaysVPN
    (VforVpn was good for a year or more until they disappeared a couple of weeks ago.)
    WiTopia if you're just wanting hotspot safety, etc. No torrents or P2P allowed.
  5. axle00
    Offline

    axle00 Registered Member

  6. Asus125
    Offline

    Asus125 Registered Member

    Yes, I did see many threads about vpn providers but they never answered my guestion. Every topic moved discuss about Tor or Jap and how good they are for anonymity and etc. Okay, I understand that tor is decent anonymity service but because it's free, it is slow. Only one thread gave a little information about anonymity and it was Xerobank vs Perfect-Privacy.

    I want to know differences between listed vpn providers. What kind of anonymity techniques do they use? Is thesafety's double vpn as secure as Xerobank's multihop network if it's not, why?

    Because I am not anonymity expert, I want some service comparison. I don't want to waste my money and time if it is not even good for my privacy/anonymity.
    Last edited: Sep 8, 2009
  7. JB007
    Offline

    JB007 Registered Member

    Hi Asus125,

    I`m not really sure that total anonymity can be achieved. It appears that most paid services have some form of monitoring your activity, so there's probably not a heck of a lot of difference than your isp watching what you do. If you look at the TOS for Xerobank for instance, and correct me if i`m wrong please, they have some monitoring software to check malicious/suspicious content and this may be reviewed by a person, then logs are wiped. Again if I am wrong in my interpretation, I apologies, but it seems monitored to me. I would assume that for legal reasons, most companies would do the same. I think privacy and anonymity are two very different things, and not entirely sure the latter can be achieved these days...
  8. darrenlee
    Offline

    darrenlee Registered Member

    I think if you are eager to obtain total privacy and anonymity,you should buy VPS and ask customer service to install VPN or OpenVPN for you.Of course you'd better learn how to install and how to configure OpenVPN for yourself.

    In this case everything is under your control.
  9. draecena
    Offline

    draecena Registered Member

    I am using perfect-privacy.com and Patrik (one of the support guys) usually replies swiftly to questions. They have lots of servers (pick one close and you get good speed) and several with unlimited bandwidth. The police have raided their servers at least once and nothing happened so I believe that when they say that there is very little logging then there is _very_ little logging ;)
  10. Asus125
    Offline

    Asus125 Registered Member

    perfect-privacy.com looks good, and I think it almost the best of these vpns in the list, however, it would be nice to see Steve to reply this thread because he has said that xerobank and (cryptohippie) are the best what you can get with money. I would like to know why are these two assumed to be so superior.
  11. draecena
    Offline

    draecena Registered Member

    Well, from what I've gathered Steve works for XB and they in turn are owned by CH, atleast they share a strong bond by using the same provider... It's hard to judge what is "best" since most of the players promoting this or that service has something to earn from promoting "their" service. Hell, for all you know I could be "working" for PP. So my advice is to read up on the various services and check them with your needs, then pick the one that seems best. Don't trust the guys on the internet, trust your own judgement.

    Here's another list of various VPN-service-providers, in case it hasn't already been posted. The english version is after the Svwedish one, so just scroll down ;)

    http://docs.google.com/Doc?id=dgv4b9h3_333c8tv2vwx
    Last edited by a moderator: Oct 5, 2009
  12. caspian
    Offline

    caspian Registered Member

    I have been using Xerobank for a long time. I had a Xerobank1 account for over a year before I transitioned over to XB2. So obviously I am a satisfied customer. From what I understand, Cryptohippie and Xerobank are not the same company. But they know each other and share some of the same ideas about privacy, and evidently have a similar expertise in the technical aspects of how to obtain privacy on the internet. I am convinced that many of the VPN providers out there do not have this kind of expertise. And I am also convinced that many do not care beyond a certain point.

    Both Cryptohippie and Xerobank are incorporated in Panama to avoid the data retention laws of the U.S. and certain parts of Europe. It appears that in the U.S. and U.K., logs MUST be kept. And if someone wants your logs, for any reason whatsoever, and without a warrant or any oversight, they can have them just for the asking. And anyone who hands over the logs best keep their mouths shut. I think this is an important consideration no matter what anyone says.

    Cryptohippie and Xerobank are both multihop VPNs. From what I understand, this helps to prevent certain types if tracking using traffic analysis (?). Other techniques that have been mentioned are lag obfuscation, multiplexing etc.. There is no logging. If you use a credit card to purchase, the payment account are kept separate. But there are other forms of payment, including cash.

    XB Browser is a very sophisticated privacy browser that is free to use with Tor, but it works with a Xerobank acount as well. So it is fast for a Xeobank customer. There are always new projects. There is XB Machine. XB Mail that is kept on encrypted servers. Kyle Williams, creator of JanusVM, is offering a cryptorouter that will soon work with Xerobank. http://janusvm.com/ And eventually there will be storage with Xerobank as well..

    Who do you trust? There have been a few people on here going on and on about who is Xerobank and who is Steve. But Steve is the only person that we know anything about....from any of these companies. And also Kyle Williams as well. He is very well known.. So please. Steve is a member of CDC and Hacktivismo. I consider them to be true Freedom of Speech and Privacy advocates. This is not just about the money for them. Kyle created JanusVM which is pretty amazing. It is free. From my point of view, I am a musician and I know what it is like to to be devoted to an art or craft regardless of money. There is an innate drive to achieve and to always transcend boundaries. (It's like crack...you always gotta have that next hit....LOL!) To push beyond the ordinary. I am convinced that they are driven to achieve and that they are far more capable than most.. This means a lot to me. I appreciate talent.

    Please don't get me wrong. I have had a Torrentfreedom and Perfect-Privacy account. If Xerobank were not available I would have one of those services.

    The biggest difference in Cryptohippie and Xerobank for me is bandwidth. Xerobank gives me 75 G a month. Actually, Xerobank has an unlimited connection as well that I think is a little slower. Where CH only offers maybe 10G or so. ShadowVPN http://www.shadowvpn.com/ is a single hop service but they use Xerbank's servers. They are $10 a month, but again, I like to download and they do not offer 75G.

    But anyway, these are my thoughts and why I have chosen Xerobank, if that helps any.
  13. I no more
    Offline

    I no more Registered Member

    Caspian, can you tell me a little more about Xerobank?

    1. How much is it per month for the 75GB (unthrottled)/unlimited (throttled) account?

    2. And when you do exceed 75GB, how limited is your speed after that?


    It seems like Steve's been gone for a while. I'll admit it amused me when people (myself included) jumped on him, but I wonder if he's decided to leave the forum. If he cuts out all the hyperbole, I think his thoughts would be welcome.

    I personally had a problem with all of the doom and gloom about competing services. It would be better if he published the information about competing services elsewhere, then let it trickle down to here instead of posting vague promises of a stunning exploit months down the road. I don't think this is the place for that, to be honest. I would rather he let people continue to use the service if he can't really explain the issue. Otherwise, explain it as quickly as possible instead of waiting for Black Hat. People here are paranoid enough, and not everyone here may agree with his assessment.

    I'll put it another way. People don't like to wait months for a promise that doesn't live up to the hype. It's better to understate something as much as possible then deliver more than you promised. Or better yet, don't promise at all, then deliver something unexpected.

    So, I hope he comes back in a slightly more understated way.
  14. draecena
    Offline

    draecena Registered Member

    I am not saying that XB or CH is bad in any way. I am just saying that when someone who profits from my choice urges me to choose their service, I always get a bit suspicious... And despite a persons good volunteer work, he still needs to pay bills... so I doubt that the good volunteers is less greedy than the rest of us, they merely use a different scale than most people.

    Now I've been hanging around on this forum off and on for the last 3 years reading stuff, mostly about privacy and backup issues and I remember (http://www.wilderssecurity.com/showthread.php?t=224184&page=2) that there has been some serious bashing between various people regarding "the best VPN solution" and "who can you trust". From what I've read you guys never quite agreed on those two issues and why should you?

    I think what is best for me isn't necessarily as good for the next guy and the people I trust sure as hell isn't trusted by the next guy... So I say trust the technology and in doing so you need to read up on some stuff. If you think that's to much of a hassle then follow the advice you think is best.

    Now XB and CH are both very good, unless you like to download a lot, then PP is better 'cause they have unlimited servers. As for the whole "anonymous thing" you really should check you paper trail, 'cause money talks regardless of how many hops your packets do in their VPN journey. And why trace internet traffic when you can just hack the persons computer? Now I am no expert but I know to stay away from windows, which should be a strong recommendation for anyone seeking privacy and control.

    Last but not least I believe that all these people working to provide us with quality services deserves a lot of respect for their effort and even if someone makes money from promoting a service doesn't mean that that service is any less good than if that same person didn't earn a dime for promoting the very same service. Sales guys do tend to promise a bit too much though, so it is good to read up a little to avoid the worst scams ;)
  15. I no more
    Offline

    I no more Registered Member


    Interesting. That thread is new to me. I participated in many of these types of "debate" on usenet years ago. Except back then it was Privacy.li and Cotse. It brings back so many memories. If the people in this thread aren't the same as those on usenet, they must be their clones. It's quite amazing how the same scene keeps replaying itself over and over on different forums with different players. One guy will post a huge litany of "proof", then one side will accuse Person X, Y, and Z of being a sock puppet, then the other side will start with the sock puppet claims. :thumb:

    I can't believe this is a coincidence. This kind of pathology can't be this common, and I can't believe this scene is repeating on a different forum with entirely different players. I have to assume these are the same people I ran into on alt.privacy.*. You never know who's who around here. I guess I'll have to resort to analyzing writing patterns. Interestingly enough, Steve has a pretty distinctive style that I think I'd recognize.

    Good times. If I were Steve, I wouldn't really want to deal with all of this stuff.

    Edit: Ha!! I just read this from Steve:

    Honestly, my response above was even before I read this from Steve. I guess you can't escape your own writing style.
    Last edited: Oct 6, 2009
  16. Asus125
    Offline

    Asus125 Registered Member

    Draecena. I agree with your opinions ( too much to quote :D) and thanks for the vpn providers list.

    Caspian you said you have had a torrent freedom account and also a pp account. What do you think of them? Speed, reliability, etc..
    And what comes to Xerobank, I think the Xerobank is the best commercial choice for anonymity: Servers are located in Panama, Steve and Kyle's reputation, and many other factor that others don't have(?) but it's a bit expensive though.

    By the way is the unlimited connection in the same multihop service, if it is, does speed drop significantly? Because if it's a one hop service, I can't understand what difference does it make if you download a little with a one pipe or all the time with that.

    Well It looks like I have to do a comparison between XB, TF, and PP.
  17. SundariDevi
    Offline

    SundariDevi Registered Member

    It sounds like people here have different reasons for using VPN. So depending on whether you want to secure your connection when using wi-fi in a webcafe or hotel, or want to hide activity from an ISP you might find different solutions attractive.

    I've used a VPN service that has worked pretty well vpnuk.info . You can choose from servers located in UK, US, Switzerland and I think Spain. They also offer a choice of VPN connection protocols including PPTP, L2TP and Open VPN SSL. It's worked pretty well for me for awhile and I get very high data rates and have never had any problem downloadng gigs of stuff. Recently they made some changes to a non-static IP and now the connection drops a lot with normal use (i.e. not downloading or streaming stuff). The support is very good via email and they say that I need to switch to Open VPN or L2TP to avoid that. You can also use the same vpn on your mobile phone.

    I have also used an SSH Tunnel via guardster.com. When I first signed up they required you to send a check drawn on a US bank account to open the service, then after you can pay by paypal. Now it looks like you can just pay by paypal the first time too. Anyway, I sent the check and after two weeks nothing had happened, so I called Nevis, the caribbean island where they are located and it was just some offshore company management company and it sounded like i was talking to a Mom in the kitchen asking "honey do we manage guardster.com?". So I emailed support and then they apologized and set up my service. With this kind of attention to detail, I'm not sure there is any data to be had if they actually get raided, but they claim they keep no logs (I believe they don't keep many records at all since they let my service run six months extra for free). Guardster servers are located in the US (on slicehost - Since slice host is basically just a serviced hard drive space, I believe there are no logs because Guardster would have to create them. Slicehost does nothing). I always get great data rates from them and there is no data cap. The SSH data tunnel is not so simple to set up the first time and the documentation is practically non existent, so with this you are basically paying for an SSH server and the rest is do it yourself. the company is incorporated in a Caribbean island tax haven.

    SSH tunnelling is something different from VPN as it doesn't automatically protect every application, like a VPN does, but I've found that many public access points block access to a VPN and with the SSH tunnel I've never had this happen (maybe it's possible to change the VPN port to avoid this? anybody know?). Additionally with the SSH tunnel I don't think there are any concerns about data leaking out of the tunnel like people here are saying about PPTP VPN. And if you use a client like Putty, you can choose any kind of encryption supported by putty, which includes 256 bit Blowfish and AES.

    With respect to server location and company jurisdiction, these are two different things and I think there is some misinformation here. Guardster for example is located offshore but the servers are in the USA. So if somebody wanted to subpoena data from the server (logs or whatever is on there) slicehost would have to hand it over. But as I said above if there is no data, there is nothing to do. The company's administrative home (panama, etc) would determine whether or not a foreign country could get access to client records including payment data and money trail.

    As I said above, country of incorporation should have no bearing on data retention. The server location should.

    To the best of my knowledge the US and Canada have no data retention laws. Companies may want to keep them for their own purposes and to defend themselves against illegal activities on there servers. But this is something different and it is described in privacy policy and terms of service. There are many cases of US based ISPs getting sued for handing private information over to record companies who want to catch P2P downloaders. I don't know who wins these cases, but there is no blanket law allowing data sharing to anybody who asks. In the US that would be an invitation to lawsuit.

    The EU only recently set up a data retention law and telecommunications companies in every EU country must keep records on IP addresses that connected to the server etc. for 2 years. But they aren't required to log contents of emails and maybe not quantity of data. It's more like email header type info. In Switzerland data is retained for six months. If you want privacy it's probably best not to use a server based in a EU member country. Switzerland seems to be the best European choice.

    For a worldwide list, look here:
    http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-559597&als[theme]=Communications%20surveillance
    Last edited: Oct 8, 2009
  18. SteveTX
    Offline

    SteveTX Registered Member

    I was told by Asus125 that someone has some questions about XB services in here. If so, please do post them in condensed format and I'll try to answer them in as timely a manner possible.
  19. Asus125
    Offline

    Asus125 Registered Member

    I think I have to summarize this thread a bit. I have asked people to reply what details do I have to consider when buying a vpn, and compare them in anonymity/ privacy. I made list of the things that I thought to be considered before buying a vpn:

    - L2TP Ipsec or open vpn
    - Service's incorporation location
    - Terms of service and privacy policy
    - Anonymous payment options
    - Must not keep any logs
    - Server locations
    - shared ips
    - 2+ hops
    - Data mixing and crowding

    If I watch my original vpn provider list, I know there can't be many serious option for security/privacy because many of them lacks something. However, I don't know are such attacks like a traffic analysis an easy to do in large scale, or are there easy, cheap and effective ways trace to user's original location without traffic logs. If there aren't, It really doesn't matter how anonymous vpn I have. In case there is, How common is it?


    What comes to Xerobank, I would like to know what plans do you are providing? There is 35$ plan which consist 75 GB traffic per month. If it gets exceeded, then what? There also have been talking a cheaper plans than that in this forum but your website doesn't show any other options.
    Last edited: Oct 17, 2009
  20. SteveTX
    Offline

    SteveTX Registered Member

    Yes, those are all important aspects. As to your question of tracing a user, yes, it can be trivially done if those anonymity properties are not in place by tens of thousands of agencies, corporations, and organizations, and anyone with a subpoena or court order, and of course cooperating ISPs, and even hackers with core router access. This is done every day, on a massive scale, passively against all internet traffic.

    So once XeroBank's Internet Privacy service for consumers is in place, that defeats all the spies and snoops and corps and telcos leaving only 15 orgs in the whole world who have the power to do enough global spying access and active billion-dollar traffic analysis horsepower to defeat the consumer-level anonymity service. You would have to be the most wanted man on the planet for them to go after you like that. And that is just the strength of our consumer-level services. :)

    We currently provide a consumer level plan with 75GB of premium multihop traffic per month, and unlimited crowded singlehop traffic, and an anonymous email account on our servers for $35 / month. We will be dropping the price shortly, making XB accessible to everyone. We will also be introducing three new services, one of them will be free entirely.
  21. Asus125
    Offline

    Asus125 Registered Member

    Could you specify which anonymity things? Since I think it depends on country how much do you have money to spend. But let's assume that I live in Sweden and I have a Canadian vpn provider which server is running on Netherlands. When the traffic goes in to datacenter it's encrypted, and when it leaves out, it's decrypted and can be spied on by Netherlands government. If they go to datacenter, don't they only see encrypted traffic there not my ip address?

    This is reason why I asked that can they spy me without vpn provider's logs.

    I assume that you offer 75 gigs of premium traffic and if a customer exceeds that limit he can use singlehop traffic after that, or singlehop all the time (no traffic limit for the one hop service). However, it isn't a multihop service anymore. What difference there is if I use one hop all the time, or part of the time multihop and part of the time singlehop server? Isn't a Torrent Freedom exactly this type of service?


    I am really waiting for that but I still would want to pay a little because I don't want to surf 8 KB/s. ;)
    Last edited: Oct 17, 2009
  22. SteveTX
    Offline

    SteveTX Registered Member

    Your traffic looks like this:

    [You] ==encrypted==> [Netherlands] ==unencrypted==> [Destination]

    This can be easily defeated through netflow analysis right at the datacenter. They see an encrypted stream coming in, and an unencrypted stream coming out, and can correlate the two.

    In that case they can acquire both your traffic (the unencrypted portion) AND your identity (the connection back to you) and you are fully deanonymized. It's like watching a watermelon being swallowed by a python, you can follow the traffic from beginning to end and vice versa.

    Your VPN provider can be defeated by:
    1) Netherlands government,
    2) governments adjacent to Netherlands,
    3) any domestic or foreign police body with a subpoena or MLAT,
    4) anyone with IX access to the DC's upstream,
    5) any corporation or telco with core router access in Netherlands
    6) it can even be performed remotely by a hacker using MPLS route attacking techniques to redirect the flow of traffic.

    In other words, nearly everyone has access to your traffic and identity and can associate the two. In this case it is not relevant that the VPN provider is located in Canada because it does not require access into the host machine, merely watching the traffic enter and leave. In XeroBank's network, we defeat this by crowding optimization on exit nodes, multiplexing our traffic, and putting the entry and exit nodes in two different countries so it is out of a single snoop's jurisdiction.

    XeroBank turbo privacy nodes are nothing like Torrent Freedom or any other single-hop service. Why? Our single-hop traffic isn't a single-hop node. It runs on the exact same exit nodes as our multihop service. That means you get all the speed of a single-hop service but all the protection of multiplexing since outside observers will be unable to differentiate between the two due to crowding optimization. In other words, our single hop unmetered traffic is more anonymous than any other single hop system out there.
  23. Asus125
    Offline

    Asus125 Registered Member

    Wou! That's a little creepy how many ways there are to locate the user's true location. Still I am wondering how common it really is, if I am for example downloading torrents (In case of small country like a Sweden, Norway, Estonia, Finland, etc).


    OK. This may not be true but I think that one can achieve crowding if lots of people are using the same pipe. But does crowding produce multiplexing, or do one need crowding + multihop network + no logs for that?

    -If it's true, doesn't a single hop system without no logs like the Torrent Freedom still provide a little privacy/anonymity?
    -If it's not, Outside observers can't know is the traffic from single hop system, or from multihop system. But is there a change that they notice it's from Sweden and others are from your other node? After that it is not very hard to conclude that it is user's true location.
  24. SteveTX
    Offline

    SteveTX Registered Member

    No. It provides a little bit of privacy and no anonymity. It provides privacy from the users' ISP if encryption is used, to everyone else it is open hunting season on your traffic. The tradeoff is that instead of trusting your ISP with your activities, you are trusting a shady "anonymity" group to give all your traffic to. In the past, many of these disappear and turn out to be selling your traffic or spying on you or using it to perform MITM attacks, such as privacy.li / trilightzone / ultrasurf etc. I can't vouch for them one way or another, but they have a hacker-ish feel on their website, and there is nobody reputable associated with their service, so caveat emptor.

    Additionally, if the VPN uses PPTP, then it probably isn't private from your ISP, as it would leak traffic directly to them. Also, if their DNS implementation isn't leakproofed through the VPN, you're definitely leaking your browsing habits back to your ISP, in which case the VPN is useless because you are announcing everywhere you are going on the internet.

    Sweden has a domestic surveillance program watching it's traffic and border transit, and I believe it also has a data retention program logging all traffic. You're already discovered as to what you are doing, the only question is if your activities are interesting to Sweden's government or communication peers.

    Re: crowding. You have to have lots of people with active streams and to use encryption and some traffic shaping to achieve sufficient crowding, it isn't automatic. Crowding does not produce multiplexing. Multiplexing is a thing that can only happen in multi-hop networks, and must be specifically implemented. Multiplexing is a different beast entirely, and it is where you take all those connections and put them into a "blender" and pour them down a single pipe from one node to another, instead of having thousands of unique and traceable connections from one node to another. In order to achieve what we have done, you need all of these things and more. Without them an anonymity system fails to protect users.
  25. caspian
    Offline

    caspian Registered Member

    Wow Steve I had no idea it was that bad. I guess in a lot of situations it would be better to use nothing at all than to use an unreliable service..
Thread Status:
Not open for further replies.