TorrentFreek - VPN Services That Take Your Anonymity Seriously, 2013 Edition

https://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/



Some of our most used VPN's make the cut

LOL @ PRQ

 

Thanks!

 

Also thanks
Glad to see Anonine in the list this year

 

What was the "high-profile case of an individual using an ‘anonymous’ VPN that turned out to offer less than expected protection"?

Anyone know how bolehVPN is rated?

 

I am guessing that they are talking about Hide My Ass VPN turning logs over to the FBI, that is the only "high profile case" I am aware of in 2012.

 

Hide My Ass lost my respect for their actions, its almost like a broken trust claiming you will keep someones anonymity safe and then breaching that and on-top you are paying them for that service. In their defense, the person who got caught was bragging about his crimes in IRC chat, named exactly what VPN he used, exactly what he used it for and his round about real location. It would be hard not to turn over logs if you kept any for statistical purposes when its so obviously clear that a malicious user is using your service. This is why most good VPN's don't keep "Any" logs, so if someone is an idiot, they have nothing to turn over.

 

Regardless of what VPNs say, I find it very hard to believe that they don't have ways to identify and get rid of malicious users. Maybe they can do that without retaining logs that could deanonymize their users.

 

They should test free services for comparison.

 

did Hide My Ass turn over all their logs, or only the ones about the specific customer?

if it was the former, then a LEA employee or contact could easily post such claims about any VPN to obtain a warrent intended to investigate other users.

 

They can filter packets at the firewall level, one of the VPNs on the list explained it.

 

Good article; but I'm disappointed that they didn't include HideMan VPN. It's the service that I use on my devices when I travel to Asia. Fast and plenty of connection points.

 

Thanks, I'll look.

So they don't delete the user, but just block their traffic?

 

I'm not sure why BolehVPN were not approached this time around. Quite disappointing really

We even have full BitCoin integration now.

 

I was wondering where Boleh was. Strange that you guys were not approached, any reason why?

 

No idea, I have e-mailed them but not sure if they would respond. Thanks for the guys who have mentioned us in the comments section.

I even posted a full response to their questions in comments but I can't find it now, not sure if it was moderated

 

Perhaps they are doing them in groups, and they need to pad out an equal spread. With some good and bad VPN's per section. Maybe saving BolehVPN for the next list where it will be padded with bad VPN's, you can't from an editorial position put all the good ones in the first edition and then all bad ones, nobody would read the other editions due to all the good VPN's already being mentioned.

 

I don't think there is going to be part 2, I think that's it.

 

I posted my full response twice in the comments but both times, did not see it. Not sure if there's a word limit on it or something or is there some requirement for an Admin to approve new discussions.

For the benefit of Wilders users:

Here are our responses:

1. No we do not keep logs. However as per our policy, if we do notice any unusual activity on our servers (high bandwidth loading, high number of connections or cpu usage) we may turn on logs temporarily to identify abuse of our services (such as DoS or spamming through our servers).

Once the user is identified, we will terminate the offending user, issue him an e-mail for the reason of termination and wipe the logs from our system.

Turning on logs for troubleshooting is a very last resort and is necessary to ensure the integrity of our services. It has happened very rarely (only a handful of times in our 6 years of operation) and such information was not disclosed to third parties but merely used to terminate the offending user. In any case logs were usually enabled for not more than few hours and only for the particular server that was experiencing abuse.

2. We're a Malaysian incorporated company which is not subject to any mandatory data retention laws. As we don't keep logs, there is not much information to share even when requested.

3. Servers hosted in US or categorized as "surfing/streaming' have P2P disabled on them. As for other servers, they are not subject to DMCA and we have a good working relationship with our server providers.

In the event DMCA notices or similar are given to us, we normally respond that we don't have such content hosted on our networks and if the provider is adamant, we will terminate our relationship with the server provider and find a new one. We will not reveal the user that generated that DMCA notice (nor can we with no logs taken). Over the years, we have identified server providers that we can work with and understand the nature of our business.

4. We accept BitCoin, Liberty Reserve, Paypal and MolPay (Malaysian online bank-ins) and also direct bank-ins for Malaysian users.

For each order, there is an Order ID that is tied to a user name which is marked as paid or not and the method of payment. BitCoins would be the most anonymous form of payment since all other payment processors would require some identifying information. However to sign up to our service, all is needed is a working e-mail and you are free to use placeholder names etc etc. Only in the event of dispute or chargeback cases (especially with credit cards), additional info is requested which is to be expected when using a credit card (unless a prepaid visa is used).

 

Thanks Boleh for the information, I'm not sure why you were not included. Maybe email the Admin?

 

This strikes me as an honest response, without the "no logs" bluster.

Please comment, bolehvpn, on box750's comment about controlling abuse via "filter[ing] packets at the firewall level" rather than using logging.

 

Have e-mailed them but not positive on a response.

 

Afaik this is possible where the abuse is for a certain protocol.

TorGuard

If I understand this correctly, if there is abuse, they block the protocol. Soo if it's spam mail...they block mail? I'm not quite sure, I would have to check with my technical partner on this on what they could possibly mean.

Of course there are certain firewall rules that can be implemented such as oh limit to how many connections at a time, blocking ports and protocols but as it's a shared resource, the blocking of a protocol may affect innocent users (not to mention add additional load on the server). When we allow P2P it's also tricky since the number of connections involved there are high.

And if it's on a server basis...then what's preventing the user from then switching to another server or using a different port/method and repeating the abuse? Instead of fighting the fire, I want to remove the source of the abuse, which is the user. People who abuse our service are breaching our terms of service and therefore do not deserve our protection. We turn temporarily turn on logs purely to terminate them. Sure, they can come back and sign up again and repeat the abuse, but they're paying money to do so, so it's their money to waste (one of the reasons why we have no free trials). The risk to me is minimal in the few hours we turn it on just on that server and thereafter terminate.

 

Surprise surprise:

 

Thanks, Reuben, that was very kind of you.

 

And we're in