Anyone tried XeroBank (formerly Torrify)

Steve,

as I've tried Relakks (and SecurSurf) in the past (indeed it was rather slow) I'm rather surprised by your saying that a vpn like Relakks is leaking DNS requests, thereby compromising anonymity.

Could you please elaborate on this and explain me why this happens with Relakks and not with XeroBank?

Thanks in advance

 

Steve, In one post (a while back), you promised a rundown of all the privacy services and pros/cons of each and how they differ from XeroBank. Could you still do that for us? I was impressed you were willing to do that.

Thanks!!

 

Is the Xerobank Email working? I am getting denied access on my login and password. Haven't heard back from their Support yet. Anyone else have problems?

 

Relakks leaks DNS requests 100% of the time when we tested it a few months back, with the way their VPN was set up. We conducted tests of most of the major ones. If I recall correctly, it was due to the protocol implementation of PPTP. There are lots of unprofessional privacy offerings out there masquerading as though they are doing you some benefit.

We designed our network to use OpenVPN which uses TLS. This implementation routes *All* traffic, including DNS requests, through our network. Why does this not happen with XeroBank? Well to put it in short, because we are the only serious commercial privacy network. Everyone will learn this at the end of March.

 

Gerard,

Sure, I can probably handle that. I made a spreadsheet at one time, so this stuff may not still be accurate. We are seeing dinosaur services trying to catch up with us, so some of their offerings are changing... "same woman different dress" sort of thing. What kind of stats did you want to see, or shall i just pic my own arbitrary metrics?

Steve

 

I'll ping support and have them locate and escalate your ticket.

 

I spoke with support, they said that a keyserver and smtp server is down while we are implementing new systems. Should be up shortly. More good news. XeroBank 2.0 Network is 95% complete... now if we can just get previous users switched over, that will be the trick.

 

Steve-

Do you have a guess as to how many users you currently have? Also, how many people are employed and working on Xerobank? Just curious, thanks!

 

Steve,

I've tried to install a trial version of xB-Browser_2.0.0.11 but I only got an error message saying that my key wasn't recognized and I should contact XeroBank? By the way, why does xB-Browser need access to MS windows update during setup?

Needless to say that apart from surfing anonymously it is p2p via a vpn which is the attractive proposition but it seems that XeroBank's pricetag on the package which includes p2p is prohibitive. So I'm very curious to learn about the new possibilities offered at the end of March.

In the mean time I look forward to your rundown of all the privacy services and pros/cons of each and how they differ from XeroBank.

 

I would be interested to know also.

 

I guess I am participating in some risky behavior then. But I am a musician and I love artistic stuff. Call me shallow, but I like all of the animated gifs and stuff too. I recently tried using Returnil. Will that prevent any permanent harm should youtube decide to screw with it's users? God I hate to have to even think about these things.

 

Re: getting onto email

Thought I would post here because Xerobank support has still not replied to my 2 open tickets from 1 week ago. The private messaging doesn't seem to work....so this is the only forum for a question.

Love the product...love the concept...but I'm a new user and I want to be assured that there is consistency so I can start using it as my main browser and email address.

My problem is:

Email: I have not been able to login to thunderbird for a week. I know the previous post said that the SMTP servers were down earlier...but its been 1 week now. Thats a bit too long if you have important emails to get to.

On the browser, my google search is returning an error that my query "looks like an automated request", which means that the IP address used to connect to Google has too many requests into google...and google is not allowing the requests anymore (IP is being monitored by google). This happens when one IP address is used for many users. What is being done to solve this?

Thanks,

 

We have over 150,000 accounts the last time I checked a few months ago. I am unable to distinguish between trial and pay-for accounts though, so your mileage may vary. As to employee internals, all I can say is that we work in cells and shells.

To anyone here having problems, I'm taking all the remaining tickets personally, today. Additionally, I may not be very available till later this month. We're all working hard to bring XeroBank 2.0 out.

 

I almost thought Xerobank was a scam until I found this forum. I signed up for an account about a week ago, my payment was processed, and that's all the farther I got...still can't download software or setup email; sent an email to them and then 2 service tickets but no one ever replies...does anybody know what's going on with the company? Does it usually take this long even to get a reply? It sounded like such an awesome service, but now I'm starting to worry...thanks guys...

 

I found out one of our servers had a hack attempt against it, nothing was compromised or even at risk, but that it raised some flags and the security team locked it down. That server caused a delay in keys being issued and emails sent out. So then support got a barrage of tickets and me and two techs dove into the machines to smooth things out again, in the middle of our upgrades. Funny little snowball effect. SO it makes me think I need to add some advanced error reporting into the xB Browser to send XeroBank notifications that there is a potential problem. I wonder how people would react to such a popup asking them if they want to notify XeroBank there is an issue...

So key servers are back up and cranking out thousands of RSA/DSA crypto keys, and I think the demo registration network is back up as well. I'll be testing the rest of the cascade shortly.

Needless to say, we just turned on a lot more servers today and are working on deploying them into the XeroBank 2.0 network structure.

I personally have taken about 60 tickets, half of which I've answered yesterday, and another 30 to answer today. Should all be sorted out shortly.

 

I've been meaning to ask something else for several days. But this is too much and people deserve a straight answer. You have been fairly upfront about your relationship with Metropipe.net .......... but they say the same thing (attempted hacking) happened to them. Also, WHOIS seems to show an even closer relationship than you have acknowledged. Can you please - finally - just come clean and admit the full extent of the Xerobank/Metropipe relationship?

 

Genady,

I realize people are prone to fits of paranoia, but the attack happened at the MeshMX network base, as I explained is the thing we have in common, which services both Metropipe and XeroBank on some servers. Thus the resulting cascade is affected. So we've made an executive decision to segment entirely as our network traffic and do a complete migration, which is happening over the next two weeks so we can make sure that we don't share any risk domains anymore. You'll be seeing servers and services that metropipe isn't offering, so then you can enjoy confirmation of what I say. You'll even be able to select exit node countries.

Steve

 

All tickets answered and closed out. New network APIs completed and tested. Netherlands, USA, Canada, and Germany are alive and in beta. Now concentrating on Switzerland, Bahamas, Australia, and Japan.

 

Hi - I just signed up based on the great responses here... but i must admit to being very disappointed. at least, so far.

I'm doing this on a mac - So - after signing up i expected some kind of 'welcome, here's what you do next' type of message or download or anything of that kind.

But - nothing so far. (at least that is apparent.)

I've downloaded the vpn - know how to work that but instructions would be nice. It asks if it's a copy or moved... ?? who knows?

Then once I'm in i put in my transaction id and it says it's updated. However only the Tor will allow me any net access and it's paiiiinfully slow.

The other options say 'not configured'. Well... I thought that's what I had done by entering my transaction id? On client.xerobank.com it says my account is active etc... I'm paying extra for mac access... but what do I do now?

I've tried hunting around zerobank's site but support and client side are so slow I can't even get to any pages other than home. All other net access is fast (including xerobank.com) so I know it's the client.xerobank.com that's the problem. I'd log a support ticket but it's timing out.

I'm REAAAALLLLY hoping this is just something bad and wrong in the last few hours and that it will be solved in a few minutes.

Thanks for reading. Any help or instruction pdfs you can point me to would be GREATLY appreciated!

jaynkie!

 

J,

Sorry you're having trouble. You've caught us in the middle of massive upgrades. Normally there is a nice email you get that explains everything. We're in the middle of migrating servers right now, so some things aren't as smooth as I would like them. This isn't indicative of typical xB, so no worries, we'll get you sorted out. You'll probably get that mail later as the queue would have to be poked at when the mail is finishing migrating.

We just migrated over the SVN servers today, are migrating the support servers, and will be migrating the registration servers tomorrow. Lots of fun.

So you've got VPN and a mac, or are you just using a mac for communication? Are you trying to run xB Browser under Wine?

Since support servers are migrating now, they're intermittently available.

If you're running a Mac for VPN, here is the document. And here is copy incase the link isn't available. You'll want to run xB Config and tell it to not try to do tor management, as you'll be using a VPN connection.

If you're running a PC, here is the document. And here is a copy incase the link isn't available.

 

Is there any sort of best practices document that tells one how to best use XeroBank and remain private whilst going about using the Internet? I'd be curious to know what common mistakes can be made and how to avoid them so as to remain private.

Thanks!

 

There isn't *yet* a best-practices manual, but we are working on developing it. Here are some ones off the top of my head:

1. Encryption is best when it is end-to-end, so use https when necessary.

2. Anonymity means people cannot discover who you are, unless you tell them. You can tell them by mentioning your real name, or using credentials that can lead back to your identity.

3. Any login that you've ever registered or touched while not anonymous, has your true identity attached to it, and can never become anonymous. It is 'dirty'. Register a new IM name, email address, myspace, etc if you are trying to be anonymous there.

4. Always stay connected to XeroBank unless there is a compelling reason not to. If you only protect traffic that should be secretive, then attackers know which traffic to monitor. Make your innocuous traffic blends in with your sensitive traffic by staying connected.

 

Steve,

I've been doing a bit of research and I must say that one conflicting statement keeps reappearing regarding your privacy policy.

In a recent interview with DGC Magazine, you state:

This glares at me saying that there is a way we can track our users, either you track what a user sends over the Xerobank connection or you keep logs and wait for a problem to be reported by an authority. A third way would be to change the system in order to identify a user, which could only be done by identifying that user in the first place, unless you change the system for everyone.

Now I am pro digital privacy but as I understand it, there is no way that 100% anonymity is achievable without sacrificing the ability to stop people (criminals) abusing the network. I understand that TOR in fact does this.

I am worried that maybe I am not making my point clear in this post. If you want me to elaborate please say so.

SVS

 

I love these questions. They resonate against the failures of others, causing you to wonder how the hell we solved the problem. And let me assure you, Tor is not 100% anonymous by any measure, and there are still unpublished and undiscovered exploits against the Tor network allowing for full compromise of users.

Here is how our system works:

We aren't locked out of controlling machines in our network like Tor is. However, we are governed by a sophisticated design that is highly resistance to compromise without collusion, and rules that allow us to deal very politely with our traffic, while respecting the privacy of our users. First we separate the identity of the user from the actions of the user, using the VAULTS technology we developed. Secondly, we employ machines to notice "malicious traffic" and to take actions if they see any. All non-malicious traffic doesn't get logged. If the traffic is indeed malicious, it is a violation of the terms of service and is not covered by a secrecy guarantee, so logging can occur in that instance. So legitimate traffic can be attacked in two directions when we don't collude, from exit or from identity:

1a. People's Republic of Banana saw some exit traffic about civil rights that they don't like and want to know which account it originated from. Our machines didn't think it was malicious so it was never logged. The End.

1b. Or our machines DID think it was malicious but a human auditor didn't, so the log created was wiped. Identity of user never exposed to the auditor, regardless. Sorry, Banana, still don't have that info.

2a. Republic of Banana believes a certain person has an account with XeroBank, and wants to know what traffic is associated with it. First, that is against our policy, second, we are not subject to the laws or wishes of Republic of Banana. Third, we don't have a link from Deposit to Access unless the user created one. The end.

2b. Republic of Banana believes a certain person has an account, is performing "evil", gives us the originating IP address. If there is indeed legitimate reason to believe Republic of Banana, we can investigate if there is indeed "evil" traffic exiting our network that originates from that IP address. Then the situation goes to a human auditor. This again reverts to our privacy policy, and if the "evil" traffic isn't violating our terms of service or we don't believe it is "evil", the audited account will attempt to be informed (via email) that an auditor had reviewed their traffic at the request of Banana and found it to be deficient of any concern. Then it is up to the Republic of Banana to acquire court orders in all necessary jurisdictions, assuming legitimate user XYZ doesn't change to a new account. The message sent to Republic of Banana is don't waste our time with anything short of solid misconduct, otherwise you scare away the fish.

But what about malicious traffic?

1. If an auditor agrees the above traffic is evil, it still may not be in the jurisdiction of Republic of Banana, and is not shared with them, but instead the proper upstream authority of locale.

2. XeroBank can see an "evil attack" originating from our networks, thanks to malicious traffic monitoring machine. We can then trace the live connection back through the system to find out what IP the incoming traffic originated from, and perhaps what Access card account was used. Does that get us an Identity? Typically not, but the originating ISP network would know the supposed identity of that IP holder.

 

Hi Steve,

Can I run Xerobank on a Sony Mylo? and how exactly would that work? i mean I could run it on my pc (windows) and on my mylo (linux based)?

Regards,