mind you securitykiss has a 300mb daily cap + bandwith throttling so not really of any use , except if you dont have tor in order to sign up anonymously for your paid vpn and gotta use something else to mask your isp ip when doing so, thou if ive missed something please do say so
I've been impressed enough with their free version to try paying. But I haven't yet. Some months ago they started seeming unreliable, so I dropped them. And I recall reading that the Russian government had been threatening VPN providers over "hooliganism", as they say. I intend to try them again, but haven't yet. They do have an impressive set of exits, and they're the only service I know of that offers triple-hop routes.
Paying for the VPN service via Tor over your ISP line..... once you connect to your VPN provider they still get your real IP anyhow ? I see many on here not even using there VPN to connect to a bank website... Some even disable flash 100% when surfing.... I understand the need for privacy only to well and yes many workaround's for the above, but I have found there has to be some cut off point surely ? Otherwise are we going to avoid every website and not bank online or use paypal/ebay and half the net or worry my 3 way VPN tunnel is now pointless since I connected to my bank website via my real IP Its a bit like bitcoins, I bet most folk pay with bitcoins for a VPN sub and do it from there ISP IP connection and then think oh bugger ! Perhaps my thinking has been wrong on the above, but I prefer to find a real net neutrality and privacy based VPN provider that has not given up 1 customer for anything, and if they been around for few years even better
@Paranoid Eye You've glossed over some important distinctions. It's essential to distinguish among activities using our true names, those where we use pseudonyms, and those where we want to be as anonymous as possible. The appropriate tools, and how they're used, depend on our goals. In many places, there's no need to use VPNs for online banking, shopping and so on, when we're using our true names. All reputable firms use HTTPS, and many now use two factor authentication. Malware is the major risk, and using VPNs won't protect against that. The best protection is using a dedicated machine that's used for nothing else, and avoiding contamination via networking and storage. For pseudonyms, the appropriate tools depend on the degree of anonymity required. Maybe one VPN is enough, for casual play. Where the stakes are higher, chaining multiple VPNs and/or using Tor are indicated. We don't have to use the same setup for everything we do online. Indeed, it's essential that we don't do that, in order to avoid cross contaminating our various pseudonyms. I do agree with some of your points. There is no point in using highly anonymized Bitcoins to pay for VPNs services that we connect to directly over our ISP lines. A little anonymization can't hurt, and may frustrate broad scanning. But the VPN provider does know its customers' IP addresses, and their ISPs know who paid for them. You also note the potentially huge impact of even one error. We all make mistakes. Given that, we need tools that protect us from ourselves. That's why it's essential to firewall VPN connections, so they fail closed, no matter what has gone wrong. If the VPN isn't connected, and we don't notice, there's no Internet connection. Using two nested VPNs, where one would really be enough, provides additional protection against error.
excellent and well put points mirimir, did not ever consider cross contamination of pseudonyms to that level. I have used my VPN for everything and still do. I do wonder though if there has ever been a case where the bank or ebay etc has been contacted so they can link the 2 IPs together and build a kind of "your our guy" case. I guess putting to much faith into a VPN providers no logging aspect can send a wrong message out, or be relied on to much. Still I like to think of VPNs as the moment they give up someone is the moment they loose the business...well almost
Just a question on this, do these VPN providers lease their servers on a data centre? Because if they do, could not the Government just go straight to the Data Centre and bypass the VPN provider?
Some do, I'm sure. Some may even use virtual servers aka VPS. But there's no way for users to determine that. It's arguably more likely that VPN services with numerous exit servers in various places are using hosted servers. Establishing and maintaining private hosting in ten countries would be expensive, no? But then, if they were collectives with members in those various countries, costs would be much lower.
I'm still a newbie to VPN. I've been using VPNgate with Softether as a free VPN and last month got a 3 month Jade account freebie on Security Kiss. I would recommend VPNgate with Softether as a free VPN due to the lack of bandwidth restriction but there are other issues of which the main one is frequent disconnects. It varies from server to server but it is an issue. There is also the possibility of using VPNgate servers with Openvpn that I intend to try when I have the time. I also have lots of disconnects with Security Kiss but not nearly so many and part of the problem looks like my own internet connection which requires long timeout values in the VPN configuration due to sporadic dropouts in the the connection that can last from a few seconds to a minute or more. One thing I've found in playing with VPNs is that, apart from the anonymity, I enjoy connecting from other countries and seeing what the internet looks like from them. Security Kiss conveniently bypasses local censorship and you can log onto the Piratebay from a UK connection with no problems but VPNgate servers are volunteer operations and an attempt to log onto a blocked site from the exit server is subject to the local censorship. It took me all of 30 seconds to bypass UK ISP blocks and get to the Piratebay which is a good demonstration of the waste and futility of the censorship being done. A few pages back, Mirimir recommended against Hide My Ass and I would like to know what the specific issues are. I looked at comparisons of paid VPN services and one of their selling points was the number of exit servers and the number of counties they were in. That is an attractive feature for me but it has nothing to do with the basic anonymity that is the primary function of a VPN.
Thank you Mirimir. The UK is not a jurisdiction I would want my VPN provider to be in. I should have checked that out and certainly would if I was going to pay for the service. VPNgate is sufficient for experiencing the internet from an international perspective and you get the real thing with all the local emphasis and censorship.
Thankyou Mirimir, So should we be looking for a VPN that uses its own data centre or should we be looking at different factors in a VPN provider?
That's one factor. But it's not one that you can reliably know. It's difficult for users to verify anything about VPN providers. You can ask questions, and see if their answers seem honest and correct. Answers to four key questions frpm several providers are summarized here: <http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/>. And there's the discussion here on Wilders, but it's very hard to find anything specific If a VPN provider has been in business for more than five years, and an hour or so of Web searching doesn't turn up anything bad about them, they're probably OK.
Add EarthVPN to that list, one of their data centres gave up a customer to which they suggested they had no control over... And Proxy.sh also monitored one of its customers and issued a warning to that person to leave 100% or face prosecution. Hide my ass being the most famous case of them all. So far only seen 3 bad providers to date, I prefer the way Proxy handled the case with just a stern warning and told the individual to leave. The other 2 simply gave them up to the law to deal with which is unfair considering the law is already as corrupted as the next innocent person.
Out of the recommended VPN providers in this thread which ones offer SSH services?? I just want my web browser encrypted with SSH I don't my whole OS going thru a tunnel.
SecurityKiss VPN FAQ: What is the encryption strength of your tunnel? We use 128-bit Blowfish algorithm for session encryption. For the session keys exchange we employ 1024-bit RSA certificates. Session keys are renegotiated once per user per hour. OpenVPN is using OpenSSL with algorithms 3DES, AES, RC5, Blowfish. 128 bit encryption with 2048 bit keys, 2048 bit encryption for control channel (e.g. Key based authentication.) Pro XPN uses a 2048-bit encryption key with 512-bit encryption tunnel. Could someone explain the security strengths of VPN's and how SecurityKiss compares? Thank you.
They're virtual machines. It's very easy for the hosting provider to see everything. With a dedicated server, they can also see everything, but it's harder.
@Compu KTed That's a huge question. Here are some sources: http://openvpn.net/index.php/open-source/documentation/security-overview.html https://forums.openvpn.net/topic7786.html https://www.schneier.com/
Not surprising. For anyone that hasn't done a lot of research on this subject, most of the review sites you'll see are shams, paid for by either "the man" or by the very options they give high ratings to. Naturally, they don't want people using the truly good ones, so they try to throw you off the scent. The written reviews there even reak of being manufactured and unobjective. Especially the "Best VPN" site/list that's usually at/near the top of the list when you search for reviews. The recommendations offered in this thread were arrived at through actual trial & error... experience, from members here.
Yes, most of the "best VPNs" sites range from standard advertising ("pay us to give you a good review") to protection racket ("pay us to not give you a bad review"). The one exception that I know is <http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/>.
I'm just rereading the Torrentfreak review. I'm also reading the site's articles about, such things as copyright trolls and how risky bit torrent can be if you don't hide your IP while using a bit torrent client and the site is motivated to do a real review and ask the right questions. I have personal experience with both the UK and the Irish Republic. The UK is a very civilized police state where the state, court system and police have very great power. It has a huge police presence in comparison to some neighboring European countries. The open, aggressive and useless censorship of bit torrent sites is a sort of thing that just doesn't happen in the United States even with all the excess surveillance that we suffer here. It is ironic that the corporations driving the UK censorship are based in the United States and they can't get such censorship put into effect in their home country.
Thanks mirimir for the links. Blowfish is known to be susceptible to attacks on reflectively weak keys.This means Blowfish users must carefully select keys as there is a class of keys known to be weak, or switch to Blowfish's more modern successors Twofish and Threefish. Bruce Schneier, Blowfish's creator, is quoted in 2007 as saying "At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead. SecurityKiss VPN: We use 128-bit Blowfish algorithm for session encryption. For the session keys exchange we employ 1024-bit RSA certificates. Why is SecurityKiss still using Blowfish and 1024-bit RSA Certificates when Twofish and RSA 2048-bit certificates are available?
SecurityKiss VPN if I remember correctly stated some of the info I was looking for in FAQ, but now I can't locate it or they removed it. (http://www.securitykiss.com/faq/) Sounds like SecurityKiss needs to "beef up" it's VPN service. Also 1024-bit RSA certificates from what I've read are being phased out. The larger the key, the more resistant the key is to hacking or decryption. RSA 2048-bit certificates requires more processing power on both client and server. 256 bits Elliptical Curve Cryptography (ECC) is the equivalent cryptographic strength of 3072-bits RSA. ECC offers stronger security with less server overhead and will help to reduce CPU cycles required for server cryptographic operations. (source: https://www.symantec.com/page.jsp?id=1024-bit-migration-faq)
