let them switch theyre vpns every week , whatever suits theyre needs , but i aggree its a rather useless tactic , id rather stick with a trustworthy vpn/vpns reviewed by the security/privacy community , than go through 20 different vpns every month , it is indeed in my eyes as well a simple waste of time thats unless your bored and have nothing better to do , lols , all you gotta do is make sure that you always pay anonymously for you vpns and know that your first vpn always has your isps ip address, logs or no logs dont matter they have it for the time your connected so use chaining and keep your IRL identity seperate from your anonymous identity , preferably seperate machines or vms or whatever just never leak IRL info while using your anonymous identity , simple as that, remember profiling is your greatest enemy not masking your ip or encrypting your packets thats only a part of the entire process of protecting ones privacy from 3rd partys
I guess for me it seems we are placing a lot of faith in these VPN providers to be doing the right thing. And I guess for the most part they are. But money talks. And if enough is offered, be it millions or even tens of millions which is pocket change to a Government then some, probably most people can be bought. Lets face it, most of the companies that set up a VPN service did it for the money. So if a Government came along and offered them say 100 million to play ball or even paid off certain staff in a key position then the gig is up for many of those that relied on a VPN provider. Another thing, I noticed in one of the leaks from Snowden the NSA were using blackmail against people, so add blackmail on top of getting a few million to co-operate and people can be bought. Anyway, its just my thoughts on this.
hence why you always use anonymous payed chained vpns located in different countrys around the world that dont like eachother and are highly unlikely to cooperate with eachother no matter how many millions they wave at them , mind you not everyone can be bought with money exspecially not the activist types of outfits and the vpns that we use do not do it for the money the money is just required to pay for for the electricity , servers , maintenance and so on , sure theres some shady vpns out there that are trying to make a quick buck but those are the ones we try to stear clear from , thats why on wilders and other security forums we put those vpns under heavy scrutiny and review and review them over and over again to make sure we get a trustworthy vpn provider , as far as trust over the net goes mind you , not to mention one should always asume everything and anything comprimised , meaning chaining chaining chaining ...dont trust your first vpn in the chain since they have your IRL ip as long as your connected to theyre servers even without logs , not that that would be an issue if the vpn is a trustworthy one but then again who can be trusted is the question
Because Fred's pornography is worth 100 Million to the government. Because if you are worth 100 Million doing whatever your doing, please leave as your obviously a bad guy. Plz. Plz.
I agree for most folk VPN chaining is perhaps overkill, but as previously mentioned around here your 1st VPN gets hold of your IP and potentially your traffic (if we believe the no logging aspect or not) a 2nd VPN chained will encrypt your traffic further so if any issues arise they still see your exit IP from the first VPN in the chain, your splitting your levels of trust between 2 places hopefully that hate each other and will never co-operate. Hopefully mirmir can confirm the above or someone else, but that is roughly how I see it. Using VPN then Tor is really all you would need and works similar and free and better. For the paranoid perhaps VPN chaining is ideal
Not always. There are plenty of countries where the Government works in partnership with organized crime and the very people, charities or orgs that are trying to help the victims are often targetted by the Government, police and military. Spend some time working with some of the organizations that are helping the victims of the human trafficking trade in Asia and rape victims in Asia and you will soon see just how connected organized crime and Government can be when billions of dollars are involved. Police are easily bought off in rape cases as are judges. The Philippines is a classic case of the Government working in partnership with organized crime in the human trafficking trade. So the very people on the ground that are trying to help the victims need as much protection as they can get. Even one small mistake can cost them their life. Organized crime is often prepared to spend million to protect their interests.
sure for the hardcore you can go option 1> isp ip > vpn 1> Tor gateway vm> vpn2 > internet , that way vpn 2 would not know vpn1s exit ip , upside it only requires 2 vpns , but sufficient to say itll be slow as heck , so a compromise must be made aka option 2> isp ip > vpn1> vpn2> vpn3 more than that is overkill but be my guest and you get the idea its faster but you of course must choose vpns that hate eachothers guts and are in completely different regions on this planet in order to uphold a close to the first options security, not so much of a difficult task just takes a bit time and research if youre serious about your privacy that is oh and before i forget , thou this has been mentioned and thouroughly explained in the past in several threads , ill add it here again , its about people asking about failsafes against dropping vpn connections , guys if you wanna make sure that your host pc only ever uses your vpn connection then make sure to 1st install comodo its a great firewall and only requires 3 rules , namely first one would be > block ip in/out from mac any to mac any to protocal any, and the 2nd setup a network zone for your pfsense vm wich you setup per mirimirs instructional video wich your host pc connects to and 3rd add an allow rule for that network zone and finish , once any connection from that pfsense vm aka your vpn drops the host has 0 connectivity to the net and ontop of that we set comodo to make sure nothing gets through in or out until you reconnect to the vpn , protip the pfsense vm setup instructional video from mirimir helps alot for people that have a hard time going through his manual written setup
@Paranoid Eye Yes, the point of using two or three nested/chained VPNs is requiring adversaries to gain cooperation from, or compromise, two or three providers, instead of just one. But even with three VPNs, you have something like a single Tor circuit. With Tor, you would use such a circuit for ten minutes (or as long as some connection keeps it in place) but never again. With VPNs, you're more of a sitting duck. There's no doubt that Tor provides stronger anonymity than any workable VPN setup ever could. However, VPNs are faster and carry all protocols, whereas Tor handles only TCP. I've come to understand that routing only TCP is by design, because UDP can leak more routing information than TCP. But in any case, there's a tradeoff. Tor also attracts more attention, in part because its use is less common. You can hide Tor with VPNs on both ends. But that weakens Tor anonymity somewhat, especially when you tunnel VPNs through Tor and force a circuit to live far longer than ten minutes. So there's another tradeoff.
@lucygrl That's a powerful statement! Thank you We focus on technology and methods here, for many reasons. And it's good to be reminded of what's at stake for some who seek help here.
you forgot to mention that if you only use tor your traffic is unencrypted effectively not to mention your isps ip logged on whatever tor node your currently on so it would be as above mentioned either option 1 for hardcore or option 2 for less anonymity but close to it and more speed , you can switch your vpns servers as well just saying and chain more or less vpns but i recommend atleast 2 sure there are other ways as well , you could for example hack a wifi hotspot or a neighbours wifi for stationary use but i dont recommend it thats for sure way to risky imo, you could also go for a wifi stick that operates over LTE network , requires a prepaid sim card , anonymous of course , thing is youd have to hack the sticks firmware in order to randomize its imei and mac thou that way your isp provider aka the wifi stick would not have any IRL data on you but they could track you in like a 820 feet radius depending on equipment even less , downside its speed aka about 100mbit and usually a download limit is far from what you get by selecting a regular isp over your phoneline goes up to 1gbyte and unlimited downloading depending on your location and as usual this is a discussion forum above all so please do not hesitate to state your opinions we all keep on learning and improving and gaining experience as should be exspecially when it comes to a constant changing medium such as the internetz
thx happy/mirmir always a wealth of information Did I hear that right without a VPN if one uses Tor it remains not encrypted? Also mirmir could you explain further on the 10 minutes Tor system ? are you suggesting Tor is only safe for 10 minutes and one should disconnect or reconnect after 9 minutes.. first time heard anything like this but its good to learn and know
Any good VPN would be P2P friendly wouldn't it? I assume that air and Mullvad would work with P2P. But for people reading this, I think it's important to know that like airVPN, Boleh will also allow your true IP through if the internet connection is interrupted. I tested it. So if you use airVPN of Boleh you have to either use Comodo firewall or some other method to prevent your bare connection from coming through if te VPN fails.
Tor changes your circuit after 10 minutes. You get a new IP after 10 minutes to be simple. @Caspian BolehVPN does not leak when dropped if configured correctly, their "Block DNS Leaks" also functions as a general leak protection script. I was one of the first to complain about AirVPN, I would know.
I tested it by turning my wifi off long enough for the VPN to fail. And then turning it back on. It did not block my bare connection. So are you saying that they have included a fix that can be configured? One that will block all internet if the VPN fails? Because it doesn't do this straight out of the box. So how does it work? I may give it another try.
Yes, they have DNS leak fix option. It works fine, I found one issue with its coding but it does not effect the leak protection, and they are fixing that right now after I made them aware.
Tor circuits are encrypted from clients to exit relays, just as VPN tunnels are encrypted from clients to exit servers. With either Tor or a VPN service, exit operators can see your traffic, unless there's another layer of end-to-end encryption. As Taliscicero notes, Tor changes circuits at ten minute intervals, in order to frustrate traffic analysis. But if you have an open connection, such as a chat client or a VPN tunnel, that lasts longer than ten minutes, the circuit(s) carrying that persist until the connection ends. Tor circuits comprise three relays: entry guard, middle and exit. During its first connection to the Tor network, each client picks three entry guard relays. That's a defense against evil entry relays. I gather that the Tor Project is may reduce that to two, based on recently published vulnerability studies. But even with two changing relays (middle and exit) there are enough relays (about 4700) that a given client will rarely get the same circuit twice.
nope not quite my friend , i see youve kinda misunderstood , and mirimir already cleared that one up quite well , ill add some as well , it goes as such to make this clear and simple , first off let me say this any traffic inside the tor relay is encrypted what ive meant by unencrypted was the traffic that ends up on the tor exit servers not your isp server , the traffic on your isps servers shows as tor traffic signature from the encrypted packet headers just as youd get a openvpn signature from the encrypted packet headers while using a vpn the internet traffic aka data payload and actual packet headers itself is encrypted for both vpn and tor mind you , now if youre in a country that blocks vpns and tor then you gotta use masking techniques such as running openvpn over ssl or ssh tunnels wich will cost you performance same goes for tor , anyhow heres some simplified examples if you go example 1 , isp ip > vpn 1> tor relay/vm> vpn 2 > Internet then no the tor exit server will NOT be able to see what youre doing and your isp will not know that youre using tor either , 2 positive things , depending on country youd have to use ssl or ssh tunneling for the first vpn as mentioned now example 2 isp ip > vpn > tor relay/vm > internet well the tor exit servers will indeed then know what youre doing but your isp still dont know your using tor 3rd example tor relay> vpn > internet well suffice to say now your isp knows your using tor but the tor relay again has no idea what your doing nor would the vpn know youre isp ip , again this is slowwww as well as example 2 above is slowwww BUT example 1 is safest imo , depending on country having a tor connection show up on your isps servers logs isnt beneficial at the least to say then we can go one more as previous post mentioned , example 4 isp ip > vpn 1> vpn 2> vpn3 > Internet aka chaining as you desire , having atleaset 2 vpns if you go for chaining , this method doesnt require tor and keeps your performance, but you can use tor browser bundle with this setup as well , and youre 2nd vpn again has no idea about youre isp ip, keeping in mind previous posts tips update: and the ultimate chaining config would be example 5 isp ip > vpn 1> vpn 2 >tor relay/vm> vpn 3 > internet
thx guys great info, I am using isp ip > vpn 1> vpn 2> and then Tor if required, feel much more secure and safer to say the least
After using them for some time I feel confident throwing PRQ's name into the mix of trustworthy choices. Initially they operated as more a simple tunneling service and their model wasn't really as a VPN. They didn't even offer OpenVPN. But their business model has changed over time and now they're a very good VPN service. And these people are known by those "in the know" as the type that would give "the man" the middle finger and tell them to "F off" before handing over any information on principle alone. Definitely the freedom fighter type. I've been using them in conjunction with Mullvad for awhile now. So options I recommend (in order): Mullvad PRQ AirVPN BolehVPN iVPN ... and whatever mirimir recommends you can bank on. I haven't personally experienced as many as he has and I consider him the authority on this subject.
Hey, thanks I've also come to like SecurityKISS. You can get their free option via Tor using CCC's anonbox.net and buy paid service with Bitcoin.
VPN = Virtual Private Network See http://en.wikipedia.org/wiki/Virtual_private_network You can also check out my guides, starting with https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-1
youve got lucky then , id recommend to not use the internet any further without one , its like running around without clothes imo, everything can be seen by your isp btw ive added an ultimate and overkill 5th option to my previous explanation post above as well , mind you this option shouldnt be used only in extreme situations since theres really no need for it , since the tor relay vm switches relays every 10 minutes unless ive missed something, as does tors browser bundle and the 2nd vpn at the end of the chain per example 1 encrypts traffic to the tor relay vm anyhow and your 1st vpn only seeing you having tor signatured headers , now if you want tor signatures not to be visible youd have to use like using ssl/ssh tunneling for hiding openvpn signatures for your vpns , youd have to use Obfuscated bridges to hide the fact of tor usage
Yeah I've heard other people give props to SecurityKISS too. Now that I see you have as well I've added it to my list. From what I've heard it's the only free VPN worth using. And I know some people that use it as one of their hops in a chain combined with another paid option, instead of paying for two. So they must trust it. So now I have: Mullvad PRQ AirVPN BolehVPN iVPN SecurityKISS And I remember you saying good things about Insorg before right? Do you still back them?
