Which VPN providers really take anonymity seriously? (ARTICLE)

No. A VPN is extending your private network over the Internet. Hiding your IP via a SSL enabled proxy server is not a VPN.
Any company or whatever can delete the logs or whatever but the moment you reach your ISPs gateway your ISP knows what your doing where you going everything. No service in the world can hide that. So if the authorities or whatever wants your details all they do is subpoena your ISP which is easier because its normally in the same country and they subpoena Google which collects more info of you than any vpn provider or all of them put together.
Then theres the blokes with mobile broadband connections. Well theres no hiding with that because it makes a irremovable cookie with the sim and imei details of the phone/modem on a arp proxy.

 

VPN stands for "Virtual Private Network". VPN services typically discussed on Wilders connect clients to remote networks with WAN gateways that are far away, and are used simultaneously by many clients. We agree that SSL proxy servers are not VPNs.

Are you limiting "service" to "SSL enabled proxy server"? If you are not, please explain how my ISP knows where I'm going, and what I'm doing. What they see are encrypted packets, carrying an OpenVPN tunnel, between my WAN gateway and my VPN's entry node. With real time traffic analysis, maybe they could establish that I'm posting to Wilders as mirimir. But why would they bother?

 

No those are connectivity services. Let me explain why.

1. It's not a VPN.
It does not provide a connection to a private network but to the Internet.

A connectivity service allows you to overcome connectivity restrictions imposed by your providers, network admin or who ever as well as hides you from nosy people so they can't see what your are doing on the Internet.
It's not a perfect anonymizer. It provides a certain level of anonymization by hiding your IP adress. So in reality the connection requests appears to be coming from one of the Connectivity server IPs but it can't protect you frrom your own mistakes or flaws in applications or protocols.

So basically what it does it turns your PC into a Web and SOCKS proxy that can be used by your applications instead of doing a direct connection. You see what these so called VPN's are really? It a web proxy where you pay for the trust level that you don't get from public proxies.

Now that article fail to mention some certain details.
One is the country where the "VPN" service is located.
Every country has different tele communication laws. Those laws state what types of logs can be kept and what can be recorded because you can be sued. In the USA is differ from state to state but you must have permission from both ends to do it. Both ends are the destination your connecting to and yourself. Dunno if they changed it but thats what it basically states.

I know for German providers its illegal to log what a person has accessed. The German Tele Communication Law does not permit that. They log the lowest 16 bit of the IP address you connected but not the full address and its not kept for more than 4 days. All VPN providers have consoles on their servers but where they can see what your doing all be it watching pron or running a major crime syndicate via the Internet but the moment you disconnect that data is gone because its illegal to log it. If you want to spy you need a court order but why go through all that trouble when they can just bust your door down and confiscate your PC.

So to find out what your Provider can log and cannot log check which country its from. Then go look up the Tele Communication laws and you will find your answer. If its illegal to log certain stuff and one day they want to use that they cant but you can sue them and end up a very rich person and dont need to Net to run your syndicate or whatever paranoia thing your doing that your baiting your nails about.

In reality there is no such thing as real anonymity online, if you do something bad enough, the people in power can find you. IP Spoofing is misunderstood in 9/10 cases and is no protection against anything. And web proxies, offer little or no protection. They are good enough if you just want to stop your school/parents/office from tracking your surfing habits, but they won’t protect you from doing time if you commit a federal crime.

For your other question. How does the ISP know?
Remember the traffic has to go from your computer to a proxy, and come back in again. All your ISP needs to do is to see the packets going out and coming in at the right times to your machine from that proxy. Remember the data maybe encrypted but the addressees to what you connect to ain't.
Your ISP keeps logs too. I would be more worried about those logs than I would worry about the ones of a VPN provider. Your ISP knows a lot about you. They ultimately control your connection to the internet. And by control, I do mean total control.

Hiding your IP address to the rest of the world doesn't hide your activity from your ISP. Every bit of traffic you generate is captured and classified into HTTP, streaming, p2p, news groups etc. There's a thing called Deep Packet Inspection.
http://en.wikipedia.org/wiki/Deep_packet_inspection
Read that for a explanation what it is

The other thing is many people don't even realize there is a hidden channel in the P2P protocol where someone can sit and monitor everything. That's why the application bitthief was released to show some serious flaws in that protocol but what does the clever torrent users do when you mention that name they go ape **** thinking you dont want to share but they really never go and check why it was created. That application is able to disguise it self and just download torrents without uploading and no one can see it or stop it doing it.

And then theres Narus
http://blogs.law.harvard.edu/surveillance/files/2008/11/nss.png

http://blogs.law.harvard.edu/surveillance/2008/11/11/narus-security-through-surveillance/

 

Thank you for your careful and thoughtful reply. I need to leave soon, so I'll be brief for now, and respond more fully after returning. [I've edited this.]

Actually, VPN tunnels are themselves virtual private networks that OpenVPN etc establish. Remote OpenVPN servers NAT route VPN tunnels to Internet, either locally (if one hop) or through other networks (such as VPN tunnels to other routers). Local OpenVPN clients NAT route VPN tunnels to user machines, either locally or through LANs.

EDIT: Here's a diagram of the setup through which I am posting this -http://www.4shared.com/photo/6K9zr22v/Network.html

That is basically true for one hop services. With multiple routers in different jurisdictions, multiplexing with other VPN services, crowding and so on, you get anonymity that's harder to break.

ISPs just see UDP (or TCP) packets sent to and received from OpenVPN servers. Obviously, ISPs know IPs of those OpenVPN servers. But all other Internet routable IPs, application information etc are encrypted. Deep packet inspection will reveal nothing unless encryption can be broken, which is unlikely if OpenVPN has been properly configured. That doesn't prevent traffic analysis, of course. All low latency anonymity systems are vulnerable. But only global adversaries have resources for that if you're using multihop routes from multiple providers, and are paying anonymously.

 

Would this VPN providers be good for No Logs ?

- DoubleVPN
- QuadVPN
- nVPN

 

No matter what providers say, or what laws say, I assume that everything is logged.

They wouldn't need to bust down my door, because it's never locked If they raid every VPN user, I'm toast. My machines all use crypto LVM, though, and I tend to forget passwords under stress.

"Le mieux est l'ennemi du bien." Voltaire (Francois Marie Arouet) They found him several times, so maybe he was striving for too perfect anonymity

That's true. But if all streaming, p2p, news etc were illegal where I was living, I would go somewhere else.

DPI doesn't reveal contents of encrypted packets.

 

You must be a p2p junkie

Some vendors would have us believe otherwise https://www.wilderssecurity.com/showthread.php?t=312493

 

It would be overall repression level, reflected in such policies, that would drive me away. I do use Tor and i2p, and always torrent, largely for background noise My wife chats and uses VoIP. My routers let important stuff through using traffic shaping.

They're just blowing smoke, I think. In any case, for sensitive content, depending entirely on VPN encryption would be foolish.

 

Besides this VPN site, I've seen two other ones that are using the same theme, so something isn't right here, three different companies all with the same theme look and all VPN companies.

Sorry I forgot the other two, but if I come across them again I'll be sure to post it here...

I'd stay away from this...

 

Spooony we've been over this many many times and you fail to listen, so please pay attention you do not know what you are talking about in regards to OpenVPN.

Knock off all the VPN connectivity BS, you're spreading incorrect information!

VPN services provided on the internet by companies that use OpenVPN, offering such services is still a VPN, now if you don't want to listen or believe this, then march right over to OpenVPN and contact them and find out for yourself.

So please knock this VPN nonsense off, until you've spoken to the developers of OpenVPN!

Here's the truth, right here, for anyone that doesn't believe this, go and ask ---> info at openvpn.net

 

If you connect to a web site on the internet 9/10 times the last link is not encrypted. Thats between the web site and vpn providers proxy that encrypts decrypts the data normally which leaves you wide open for a man in the middle. With a real VPN theres no such things possible

 

OK, I get that. But with "real VPNs", you can only connect to VPN servers where you have accounts (or agreements, as with anonet). In any case, thank you. I finally get your point.

 

Spooony no more OpenVPN proxy stories...

CONTACT ---> info at openvpn.net

After you do so then post exactly what they showed you ok?

You haven't shown anyone here on this forum that respect by doing what I asked, but you continually go on about all this...

 

I would like to see how this works. Im sure that the encryption is not actually being cracked. Its more of a man in the middle type attack probably something like this where the user has to be tricked or something has to be installed on the victims computer: http://www.komodia.com/products/komodias-ssl-decoderdigestor

 

Secure VPN services renegotiate TLS keys periodically (every hour, typically). So decrypting each hour's traffic represents a new challenge. This openvpn-users thread may be useful -https://groups.google.com/group/openvpn-users/browse_thread/thread/b9314e5515158291/79aa1c01c88b61c5

 

Saying a Real VPNs is not correct, why? Because OpenVPN has many different implementations and they are still a VPN and OpenVPN considers them just as real as the next.

Now why do I know this? Because one of the OpenVPN developers told me and Spooony keeps talking nonsense confusing people and he/she doesn't seem to understand that OpenVPN has several implementations to it's usage. Actually with OpenVPN you can't call any of it real or not real.

I told Spooony to contact OpenVPN and show us what they told him and did he do this out of respect for the forum? No...

Spooony sits around telling us to go use proxies off some no name proxy list on the internet and this is his means to security over a VPN service and you're going to tell me this is security? LMAO

 

As I understand Spooony's point, it is that it's dangerous to think of VPN-based anonymity services as "real VPNs", because connections are not necessarily encrypted end-to-end. Spooony agrees, I think, that there are "real VPN" connections between clients and their providers' entry servers. However, connections between providers' exit servers and internet servers that clients access are not necessarily encrypted. Is that correct, Spooony?

 

Maybe you know something I dont but If you are connected to a VPN all your ISP can see is encrypted traffic and the fact you are connected to a particular VPN. They can not read the traffic since it is encrypted (256 bit in the case of OpenVPN). Your ISP also can not see what your destination is. Where am I getting this wrong? The only way for someone to possibly read your traffic and identify it with you would be some sort of massive surveillance that would have to be monitoring you entering the VPN and then reading the traffic that exits the VPN at the same time. How this would be accomplished Im not sure but I guess that large governments possibly could. If your VPN allows more than one user to use an IP at a given time that throws some curves into this scenario being plausible as well. Since it would be difficult to know which traffic belonged to which user on a VPN.

 

OK, I'm looking at three months of my WAN traffic (pfSense RRD graph, daily averages, with in plotted up and out plotted down). Torrents and i2p are obviously distinguishable from browsing and simple downloading. Much of it is encrypted in one way or another, but that doesn't hide traffic patterns.

 

Supposed actual VPNs are point to point or site to site...

This is what Spooony keeps going on about and since using a VPN service is neither of these he thinks this is not a real VPN, but here's the sticky part, so pay close attention; 'OpenVPN Has Different Implementations It Offers', and the OpenVPN developers will tell you that using a VPN service is still a VPN, just a different implementation of OpenVPN is all, so then do we call this not real? Maybe the VPN purist will always argue this, but to OpenVPN it's a VPN!

Using a VPN service through OpenVPN is a different implementation and I think we have to becareful as to not confuse people calling things real and not, otherwise we're going to scare users and then they're all going to say all those VPN services are not real and not use them and this is wrong, it's just different...

 

I agree that saying "real" versus "not real" is potentially confusing. Maybe I'm dense, but that distinction confused me for months! It's also important to keep in mind that VPN services don't provide end-to-end encryption.

 

Oh really, my understanding is the VPN tunnel you connect to is an encrypted layer, end to end for all network traffic that travels over it...

Now get this, funny we are on the subject, take a look at this VPN service provider;

https://encryptica.com/

What does it say under their 'Security' section?

I don't claim to be the expert that Spooony is spouting off to be, but I find a lot of VPN providers if not most will tell you they provide end to end encryption, so what are we suppose to make of all that? Go out there and ask VPN providers and see for yourself...

 

Here's "my" drawing of a one-hop VPN:

The VPN tunnel (cylinder) connects your computer (notebook icon) and your VPN provider's entry node (router icon). There is no VPN tunnel between your VPN provider and the website that you are browsing.

 

I hope you don't mind my jumping in, but this topic is of interest.

With the exception of some VPN remote access scenarios, isn't this rather the point of a VPN? It's not supposed to provide a globally encrypted tunnel between the tunnel originator and everywhere else. The 'anonymity' provided by these service is via tunnel encryption and obfuscation of the originating IP address and port.

I'm curious about this. If I create an L2TP/IPSec VPN tunnel on my router, I can quite happily classify the data entering/exiting the tunnel, but after the data has left my router via the tunnel, it's encrypted. So, unless your ISP can decrypt every packet, even using deep packet inspection, it's going to very difficult, if not impossible, for them to differentiate one encrypted packet from another.

 

Yes. That's how "VPN" is typically used on Wilders. But I'm willing to accept that, in Spooony's world, VPNs are used only for remote access

That's true. But decryption isn't necessary to see traffic patterns. Both torrents and i2p have much higher upload/download than browsing, and torrents are much choppier than i2p.