Secure Anonymous VPN

Discussion in 'privacy technology' started by Gasp, Jan 18, 2010.

Thread Status:
Not open for further replies.
  1. Gasp
    Offline

    Gasp Registered Member

    I am looking for a secure and anonymous VPN, ideally with no restrictions on bandwidth usage. I have used Swiss VPN and Black Logic a few years ago but haven't used any for a while now, if I remember correctly both were pretty slow.

    I have compiled a small list of VPN providers that I am familiar with but I would like your advice on which is best and which I should avoid.

    Strong VPN (http://www.strongvpn.com)
    Unblock VPN (http://unblockvpn.com/)
    Swiss VPN (http://www.swissvpn.net/)
    VPN Privacy (http://vpnprivacy.com/)
    Black Logic (http://blacklogic.com/)
  2. hierophant
    Offline

    hierophant Registered Member

    As y'all know, I use XeroBank, and I'm happy with it. And I'm looking for others, so as to have multiple independent channels.

    They're a US company, which is a fatal flaw for me.

    Thanks for the list. There's a rather exhaustive list at < filesharefreak.com/2008/10/18/total-anonymity-a-list-of-vpn-service-providers >.
  3. bryanjoe
    Offline

    bryanjoe Registered Member

    hi gasp,

    i am using Packetix. Browsing speed is good.
  4. hierophant
    Offline

    hierophant Registered Member

    Although I'm not ready to post re all the "anonymous" VPN services that I'm researching, I've found two that are worth mentioning. One is unblockvpn.com; it's a Czech company, and accepts "anonymous" payment. I don't see any technical specifics on its website.

    The other is cryptocloud.com (formerly goldens.com). It's apparently a service of Baneki Privacy Computing (baneki.com), which is a Canadian company, with a global server network. However, I don't see technical specifics on its website, either. Its privacy policy is at <www.cryptocloud.com/privacypolicy.php>. Although its signup form features only PayPal and credit cards, the privacy policy includes ...

    "If you prefer, we are happy to work with you to pay for your CryptoCloud service with a 100% anonymous procedure: cashier's checks, etc. Not many customers ask for this service, but we've never said no to any procedure a customer suggested."

    I'll let y'all know how it goes.
  5. LockBox
    Offline

    LockBox Registered Member

    That's Fausty's service. If you're not familiar with the drama, just Google fausty or drfausty. You'll find a lot of information. The funny thing is, he goes on and on in a post on their about how they will do whatever necessary to keep child pornography off of Cryptocloud. Not odd in itself until you know the rest of the story. He doesn't approve of, uh, relations with kids (thank God) unless we're talking the animal kind. Yes, he boasts about it. He campaigns for human/animal....uh....uhhhhhhh...."rights." He is also a millionaire, or was. He is CEO of Baneki, which isn't much of anything but Cryptocloud. No, in case you're wondering, he didn't make his money running a privacy service. Better yet, his name is Douglas Bryan Spink, just Google that and it will keep your attention a while. It would make a fascinating movie. I think?

    Just so you know who you'd be giving your business to.
  6. hierophant
    Offline

    hierophant Registered Member

    Thanks, LockBox. That explains the top page of the old goldens.com site, I guess. I did read the Douglas Spink page at Baneki, and it struck me as very privacy positive. Now I gotta wonder whether he's been busted, and it's a honey pot.
  7. LockBox
    Offline

    LockBox Registered Member

    As for the drug smuggling convictions, you have to wonder how he got away with only three years. All media accounts say the judge approved requests for leniency for his "cooperation." Another one of the guys got 17 years!

    As for admitting, and being proud, to being a zoophile and linking to bestiality sites, that's just despicable.
  8. hierophant
    Offline

    hierophant Registered Member

    Right, Spink was busted with 149 Kg cocaine, and got just three years. He was just a runner, however. It was the smuggler who got 17 years, and another cooperative runner also got just three years. Even so, I'm still suspicious. And in any case, notwithstanding moral issues, being a customer of a service with such associations might attract too much attention, even if Cryptocloud isn't a honey pot per se.
  9. Asus125
    Offline

    Asus125 Registered Member

    I am personally using cryptocloud because Baneki privacy computing has been in the vpn market about three years. Their support is very fast and friendly, and their network is based open vpn which runs quite a smoothly; It does also port mapping by itself so you can connect to others even though you are using a vpn (many vpns cannot connect to others which can interfere with many application: p2p, online gaming, and so on.) Together with price and privacy policy it's a good choice, I think.

    I have also tested Xerobank. There was nothig wrong with it. Servers was stable and fast. However, neither of them did change, when I tested Cryptocloud's Netherlands server. Basically only differences were support and price which everyone can test themselves.

    -Xerobank's support didn't exist, period. Whilst, Cryptocloud's was professional.
    -XB one year term is $420. CC is $139


    Part of Cryptocloud's privacy policy: "We don't store logs of your network activity whilst "in the Cloud." Ever. Yes, we mean that: we do not store logs of your network activity. We don't have a privacy policy regarding those records because we don't keep those records. Yes, sometimes less is more."


    What comes to this drama: "jail thing", I really have hard to tell anything because I don't know anything laws in there. The "animal thing", well if it's legal there, guess they can do it. I, personally have no interest for that stuff.

    It's still good to customers know about these, so thanks for mentioning them LockBox.
    Last edited: Jan 21, 2010
  10. SteveTX
    Offline

    SteveTX Registered Member

    I just had an interesting conversation with a friend in Netherlands. He met with the Netherlands FCC this morning. Unless CryptoCloud is using multihop networks, you are 100% non-anonymous and non-private OR operating illegally and subject to shutdown, as Netherlands Telecommunications Act requires 1. Identity of all customers, and 2. Requires a copy of encryption keys made available upon request. Further, all telecom systems must employ Data Retention. Even if CryptoCloud isn't keeping logs, their datacenter is keeping logs of all the users. Just the facts.
  11. LockBox
    Offline

    LockBox Registered Member

    So much for Cryptocloud despite any other questions. This is what matters. Thanks, Steve.
  12. hierophant
    Offline

    hierophant Registered Member

    Right. Having researched CryptoCloud, I get that they're adamantly single-hop. Fausty still denies the real-world relevance of multi-hop, and characterizes its proponents as unreasonably paranoid. Time will tell.
  13. Asus125
    Offline

    Asus125 Registered Member

    How do we know that they really are facts - we can't. "Asking from a friend" is a tenuous claim for that. All the power of the argumentation trusts in your authority here; you are a XB Steve, a privacy expert, so everyone is going to buy it automatically.

    I don't have anything against you, Steve, but you are running a one man show here. Since, you are working in a corporation, your thesis is trying to market Xerobank here, and there is no wrong with that. You are just a business man who does what a business man does - selling his product.

    As I said, you are feeling a great guy who just does his business, and maybe there is nothing else; you have a good reputation working with torpark, you are a part of group which promotes privacy and human rights, and so on. But I have seen many back and forth discussion about these things in different forums. So I am feeling like a Fox Mulder, desperately trying to seek the truth.

    I want to believe you but Rhetoric is a powerful way to influence, and that's the Fact.
    Last edited: Jan 22, 2010
  14. SteveTX
    Offline

    SteveTX Registered Member

    No problem. I will get you the names and details and relevant laws. Stand by.
  15. SteveTX
    Offline

    SteveTX Registered Member

    True to my word:

    Bas Visser, Lead Auditor, Agentschap Telecom of Netherlands

    According to the Telecommunications Act, overseen by the Dutch Ministry of Economic Affairs; Chapter 2 (Onafhankelijke Post en Telecommunicatie Autoriteit) OPTA defines what companies are covered under the telecom act. Chapter 11 defines that customer-data must be kept, including encryption keys, and may be used; Chapter 13 enumerates Lawful Interception. In 13.1, says that anyone providing access to public telecommunications-services can only make their service available if there is the feature to employ lawful interception hardware. If this is not possible, one may not offer these services by law.

    This is in addition to the EU Data Directive.

    So CryptoCloud's uplink is operating a logging / intercept system whether cryptocloud acknowledges it or not, and the law may require cryptocloud to as well. You're left with a funny situation:

    Either

    1. They don't know the legal environment and privacy risks they are exposing their users to, or
    2. They do know about the logging system and decided not to mention it
    Last edited: Jan 22, 2010
  16. hierophant
    Offline

    hierophant Registered Member

    What are the implications of these Dutch and EU laws for XeroBank and its users?

    What's being logged now (or in future)? What encryption keys have been produced (or demanded)? Keys f'or internal XeroBank connections? Keys f'or incoming user connections? What lawful intercept capabilities have been installed (or are immanent)?

    What role(s) does the Amsterdam node play in Xero Networks? Is it just an entry/exit, or is it part of the anonymity routing?

    How does this affect users? Should we be avoiding the Amsterdam node altogether?
  17. SteveTX
    Offline

    SteveTX Registered Member

    EDIT: I think these questions are better to be asked at the XB forum instead of derailing someone else's thread.

    We use multi-hop network and multiplexing. This not only breaks the logging that the uplink performs, but anonymizes the traffic.

    Now
    For XeroBank? None. We don't have them, those are managed by Xero Networks AG, and they've declined to provide them.
    No such thing exists for XB. Servers outside of Netherlands are outside of their Jurisdiction.
    Keyservers outside of US/UK/EU and very very locked down.
    All the normal ones in the uplink, unfortunately our network renders them useless.

    We have a multiplex node in Amsterdam that acts as an entry/exit/1-hop. It is good for 1-hop operation ONLY because it is used for entry/exit with multiplexing w/ multihop's deniability.

    No. Use our entire network with confidence. We have done all the homework for you to make XeroBank solutions safe for clients.
    Last edited: Jan 22, 2010
  18. hierophant
    Offline

    hierophant Registered Member

    I do get that, and I apologize to Gasp for serial derailing. However, I wasn't comfortable just dropping the issues here, and raising them at the XB forum. Thanks for your answers, Steve. I'll create a thread at the XB forum.

    EDIT: It's at <xerobank.com/forum/index.php/topic,815.0.html>.
    Last edited: Jan 22, 2010
  19. LockBox
    Offline

    LockBox Registered Member

    This really has nothing to do with Steve. He was passing along a specific conversation regarding the Dutch laws regarding these issues. He wasn't giving us an opinion or his interpretation, or even that of his friend. This is all a matter of written law. When Steve wrote facts are facts, he meant that this is Dutch law. Period. He wasn't basing it on one conversation with one friend. It's clear he keeps up with these things, as do many of us (as much as its possible, it's very fluid). Sometimes I think people just look for reasons to dump on Steve and don't appreciate the fact that he's here and willing to share so much of his area of expertise. He may be with XeroBank, but the knowledge he shares here covers much more than the ins and outs, and even sales of products, at XeroBank.
  20. Asus125
    Offline

    Asus125 Registered Member


    Thanks for this
  21. JustJohnny
    Offline

    JustJohnny Registered Member

    Hey guys! What do you think of Perfect-Privacy?
    https://www.perfect-privacy.com

    I just started testing them out and it seems ok so far. The speed could be a lot better, but I guess that is to be expected. I like how they have a large number of servers and different services PPTP, OpenVPN, SOCKS/Squid Proxies, etc. There is no limit on anything really. You can switch servers as often as you wish, chain proxies, etc. I still have to try all the different servers, some can be really slow. But it seems like a decent service.

    Anyone else use them and can say how they compare to some other VPNs?
  22. Fausty
    Offline

    Fausty Registered Member

    I suppose it's somewhat of an honor that, by all appearances, our friend "SteveTX" and his Xeroxbank affiliates have chosen a marketing program that involves aggressive coattails-riding on the years of work and credibility our company has earned in the VPN market. After all, if someone can't manage to say anything substantive that's not couched as a mention of a competitor that flat-out provides better service, one need not guess which is the credible entity and which is willing to say anything to "get attention."

    Needless to say - but I'll say it anyway - this claim about Dutch law "requiring" us to do this or do that when it comes to our customers is complete bull$hit. That's right: bull$hit. We're not a Dutch company, first of all. Secondly, we're not a "telecommunications provider" under the terms of the relevant European Union directives on lawful intercept - which are, in fact, the operative statutes with respect to the overwhelming majority of cross-border internet traffic in the European Union. Perhaps Xeroxbank/SteveTX didn't realize this, but Holland is part of the EU. Feel free to look it up. *puppy*

    Citing as an authority a "friend" in Holland (does he also get commissions for hyping Xeroxbank, SteveTX?) and providing utterly misleading "summaries" of the complexities of lawful intercept statutory language is, to put it mildly, disingenuous. Anyone who doubts this is highly encouraged to consult a REAL authority on the legal treatment of internet traffic. Don't take my word for it; I'm not a practicing attorney, and I'm not specifically trained in EU intercept law like a "real" attorney is. Contact, oh, the Electronic Frontier Foundation - or Privacy International - or any of the leading academic legal theorists writing on data privacy issues. Ask them if every internet service provider in Holland is part of some shadowy conspiracy (that only SteveTX/Xeroxbank and his "friend" in Holland know about, apparently), or if perhaps Occam's Razor holds true: the reason Xeroxbank is engaging in dishonest, fear-mongering smears of legitimate VPN companies is out of competitive desperation.

    (Incidentally, I'm surely not the only one who has noticed the completely, laughably flawed logic behind this hand-waving statement of SteveTX/Xeroxbank at it's core, am I? After all, even if someone did stick a packet sniffer on the outside of one of our VMlets and scoop up every unencrypted packet coming and going - which would require neither lawful intercept language, law enforcement powers, nor even much technical sophistication - they get absolutely nothing relating to individual customers. That's entirely self-evident given the structure of our secure network - indeed, of any well-architected VPN network - but I thought I'd mention it, anyway. Even if SteveTX's imaginary legal requirements for every network service provider in Holland to log every packet were somehow made real, it wouldn't make any difference with respect to the privacy of our customers. This topic is extensively, diversely, and broadly discussed & debated in our forum's "no logging" thread, so I'll not belabor it further here.)​

    I'm not going to get into the numerous reasons why the hype-ware, black box "multi-hop" magical security gizmo is no more than a distraction from the real, proven, well-understood challenges of providing genuine, verifiable, reliable data security. I've already done so in our own forum - which, I know from SteveTX's efforts to troll that forum (and submit customer service "questions" to our staff that misrepresent who he is), he has already read and, apparently, lacks the integrity to reply to directly. Instead, he comes here and waves his hands and - booga booga - we're suddenly cooperating with Dutch authorities, etc., etc.

    I suspect anyone reading this thread has already realized there's a serious credibility gap when it comes to Xeroxbank. It seems, to them, the "solution" to any problem - real or fabricated from thin air - is, of course, "multi-hop" black box hype. They have every right to hype unproven, proprietary nonsense that's been rejected by every legitimate provider of privacy service. The rest of us have the right to recognize that hype for what it is - and I certainly reserve the right to call it what it is: nonsense.

    Penultimate, I find it entirely not-coincidental that SteveTX/Xeroxbank's sudden obsession with our service coincides with a bunch of anonymous snark posted about me, in this thread. Kind of predictable, in fact. It's also rather ironic - funny, really. All of the "super secret" stuff that these trolls apparently are so eager to "expose" is, err, extensively documented and discussed and nicely organized in one place to provide for ease of reference and debate, in our forum. Anyone can read it, anyone can reply to it - including anonymous folks with no account on the forum. Anything that's not included in my "over-communicate anything and everything even remotely interesting or 'controversial' about me and my life's trajectory" posting, accrued over years of archival research and combing of legitimate news citations of my historical record, is - simply put - fantastical, imaginary rumor. My commitment to complete, unstinting personal transparency has nearly a decade of real, verifiable credibility behind it - that doesn't stop desperate trolls from making up this or that extra-bonus rumors, here and there. It does remove any expectation they have of being taken seriously.

    So, if anyone really is curious about who I am, and wants to burn some time learning, feel free to dive in as deep as you want. Easy to remember URL, leads right to the relevant threads: dougspink.com. Yes, that even includes my sexual orientation and family life. Seem like it's irrelevant to just about any discussion? Yeah, I actually agree - but rather than have trollish imaginations run wild, I squashed the rumor frenzies by over-communicating to the extreme. I'm afraid it's rather boring in comparison to many of the "facts" generated by the tidal flows if interweb rumors, but hey I do the best I can. ;)

    Last but not least - and the ONLY reason I've actually replied here - let me make one thing crystal clear: anyone who continues to spread rumors that I'm a snitch/rat/whatever, with respect to my smuggling case, is a confirmed, verified, absolutely proven liar. I've known this all along, of course, but recent information finally released by law enforcement authorities has unequivocally confirmed exactly what I've said all along. So, feel free to judge anyone who has posted about that kind of personal smear, in this thread - they're liars, plain and simple. Not even good liars - I've had the public data posted in the thread which compiles all the existing reporting on my smuggling case, for months already. You'd think they'd check to see if they were lying about something that's demonstrably false - but you'd think wrong, apparently.

    Having gone to prison as a result of my smuggling career, first and foremost, but more specifically as a result of someone who wore a wire for the DEA for several months... I could state, personally, that I have strong feelings about "snitches." Ironically, I don't flat-out claim they are evil people - even the fellow who "ratted me out" by wearing a wire, I've forgiven and even talked with since then to let him know he's not got any guilt to carry on my behalf. However, I have even STRONGER opinions regarding people who knowingly, falsely accuse OTHERS of being snitches. Those people are absolutely the bottom of the bottom of the pile - far worse than any actual snitch, in my own opinion. In prison, falsely labeling someone else as a snitch is a really, really good way to end up on the receiving end of "bad news" from literally each and every subculture in the joint - from the white supremacists to the Crips to the Mexicans and everyone else along the way. EVERYONE hates snitch-accusing liars, and EVERYONE calls them to task for their lies.

    To that end, does anyone who has made such claims, in this thread, want to publicly recant them given the independent, verifiable data I cite below? If so, now's a good time to do it - and salvage whatever shreds of your reputation you can. Otherwise, let it stand as part of the public discourse that you've been caught falsely accusing others of a serious, serious breach of fundamental moral standards - and thus you, yourself, are beneath contempt. Here's the thread referenced above - the only link I've included in this post, so as to prevent it from appearing to be in any way promotional:


    If there's substantive discussions here which would benefit from my participation, I'm happy to do so. However, I'll certainly not be wasting any time re-re-re-re-responding to the latest troll-bait rumors posted here, or elsewhere. Such responses are available, already, in "authoritative" form, in our forum - for anyone to read & comment thereon. Given that we've already got an extensive discussion thread on "multi-hop" magical hoo-ha, it seems somewhat pointless to replicate it here.

    There's only a few things you can call me that will actually get under my skin; a snitch is one. Apart from that, I'm quite ok having trolls make up trollish rumors about me and my life; it's a bit of a sport for me, by now. It's been so many years - more than a decade - since I was first thrust into the rumor-swirl of public internet obsessive attention that I've literally seen, read, and heard every imaginable rumor about me. If someone comes up with a creative new one, hat's off! :p That's unlikely, given how many already exist. Accusations of being a snitch are one exception to my laissez-faire approach - that particular rumor is demonstrably a flat-out lie, and is identified as such.

    It's ronic that a privacy campaigner has, in his own personal life, chosen to completely remove any and all non-public components and open all elements to public discussion, good or bad. When I'm asked if I think everyone should do as I've done, and thus whether I believe privacy is "pointless" or obsolete, my response is this: how many people would want to live in the public glare that I do? Not too many, I imagine. Given that, privacy IS important - and well worth fighting for. I've come to terms with my public (in)fame; I'd not expect others to be eager to follow suit.

    Regards,

    - fausty
  23. bryanjoe
    Offline

    bryanjoe Registered Member

    hi fausty,

    thanks for sharing....



    .... no no to all xB softwares !!!!!!!!!
    Last edited: Jan 25, 2010
  24. LockBox
    Offline

    LockBox Registered Member

    Fausty, Following your link it sounds like you really don't like the idea of your service being called a honeypot. Point taken. The rest of your long and convoluted writing is in defense of intimacy with horses and such. I'm sorry, but to me and many others, that's not just disgusting but is illegal. I would call what you say, "Horse S#*T", but I realize that would only excite you as it's a subject you are well aware of on an "intimate" level. Just go away. Disgusting.
  25. SteveTX
    Offline

    SteveTX Registered Member

    Very long-winded ad-hominem attack from frosty. tl;dr, although I thought I saw a response in there, but the short reply to frosty is that

    1) i've never heard of you or your service prior to a couple months ago, nobody else i've spoken with in the anonymity groups has either. However I did visit your flashy website and it looks very cool and web 2.0.

    2) i've only heard your server is in netherlands. Not that it really matters where it is particularly, especially if you are in the area of the EU. However, it does mean your users identities and traffic are compromised if you aren't running a multiplexed multihop multijurisdictional network or an unobservable network design. sad but true.

    3) i feel bad for you because i realize that you are invested into cryptocloud and nobody wants to find out their product is made of swiss cheese, but i simply do not have the time to get into it with you to help you with the network design mistakes. I hope your users don't have to find out the hard way. If you need some anonymity network consultation, you should contact either Xero Networks (the group i work for, Panama group ~[300 Eur/hour]) or KryptoHippie (an EU group [5000 Eur min]) or the Tor Project (US non-profit [150 - 200 USD/hr]).

    The world of anonymity has changed, meaning the standard is much higher and harder to defeat because adversaries have become more advanced. A slick website offering a VPN protocol connection to only a proxy running inside a virtual instance may be good enough for adult content or whatever it is you do, but it is not anonymity, is likely not private, and is definitely not secure on the server side.
Thread Status:
Not open for further replies.