best vpn ? any recommendations?

Discussion in 'privacy technology' started by happyyarou666, Feb 9, 2012.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    I need to pop in here and mention something. I have been meaning to post about this. I stay at a motel once or twice a month. Several months ago I noticed that the ISP of the motel blocked a couple of the file sharing services that I use. But other ones were not blocked. No problem. I would just log into XB or Cryptohippie or Mulvad. (I no longer use Mulvad though).

    But anyway, 3 or 4 months ago while staying at this motel, I could not log into any file sharing service period. Not even Mediafire, which I only use to store software and various personal files. I also could no longer do searches and use the Google cache feature. They disallowed that too.

    So I tried to login to XB and could not. In fact, I have not been able to login to XB at this Motel for a while now. So then I logged into Cryptohippie. But when I went to the file sharing service, it was blocked! "not allowed on this network".

    I have checked cryptohippie DNS many times with Oarc and GRC spoofability test and it always passed. But it was leaking here at this motel. So I logged out and checked to see who the ISP was. It was Comcast Business. They are really intrusive. They are blocking all filesharing services and somehow forcing me to use their DNS.

    I don't know how to configure DNS specifically for Cryptohippie yet. But I did try the DNS fix it that someone posted. And I also tried Comodo. They both worked. And I use them over top of Shadow Defender so nothing is permanent.

    But anyway, my point is that apparently an ISP like Comcast can see where you go while using a VPN unless you take deliberate steps to stop them. They may not be able to see exactly what you are doing or what you are seeing, but they know all of the links that you are connecting to. I don't like these guys at all. And I do not trust them. They seem really intrusive and I can't help but wonder if they would take all of this a step further and somehow hack into your computer just to see what a person is doing. I have traveled around a pretty good bit and have never seen anything like this anywhere else. So my advice is if you have another choice for an ISP, I would consider switching.

    When I am at this motel, I enable Shadow Defender or Returnil before I connect. And I always use Sandboxie as well. So at least if they try to plant something it will be gone at reboot.
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    I think the answer here is a new motel.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Indeed :)

    You could also force use of neutral DNS servers, such as OpenDNS.
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I'd be really interested to know how they could tell what websites you were trying to use through an encrypted tunnel? They could block bog stock VPN by disallowing port 1194, but if you connect via 53, 80, or 443, the VPN should be good to go, Then, how in the heck can they see into the tunnel? Like you said, a DNS leak was a good possibility to track down, but if you were 100% sure it wasn't leaking.... I'm at a losso_O? Our network experts will have to chime in.

    PD
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    I don't know. If I checked my IP it showed cryptohippie. When I went to google it was in German. But when I went to https://www.grc.com/dns/dns.htm it showed that the DNS was comcast business. I did try Comodo's DNS and also DNScrypt and both of those methods stopped it. But that really gives me the creeps about Comcast.
     
    Last edited: Jun 27, 2012
  6. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    The problem identified by Caspian is pretty darn scary. I'm no networking expert but I think I have have a rough idea of what's going on, and I think there's a workaround that will resolve the problem.

    Specifically, public Wi-Fi can be set up so that it forces user traffic to use a specific predefined DNS. The predefined DNS can be set up to include filters blocking Wi-Fi users from accessing various web sites. See for example:

    http://www.safefromsites.com/index.php?p=faq&f=tech&l=en
    and
    http://www.opendns.com/business-solutions/wi-fi-hotspots/benefits

    Moreover, these services can apparently be set up to prevent the user from using a different DNS; see for example,
    http://www.readwriteweb.com/hack/2012/04/dont-mess-with-your-dns.php
    http://www.phonenews.com/dnscrypt-opendns-helps-keep-you-secure-online-19771/ and
    http://security.stackexchange.com/q...n-sent-in-a-public-wifi-radius-802-1x-eap-etc (note the last response)

    One would think that a VPN connection would bypass the public WiFi DNS and use the VPN DNS instead. However, we know from the "DNS leak" issue that Open VPN and other VPN protocols will default to a static DNS if the static DNS address is set in the user's network protocol. With the latter in mind, if the Wi-Fi DNS filtering service injects a specific DNS address into the user's wireless DHCP address (as part of login, or handshake protocol), then that DNS will likely be passed down into the OpenVPN encrypted packets.

    I think the use of multiple, nested VPNs should provide a workaround in that a DNS server set in a user's second, nested, VPN should still prevail over any DNS server address injected into the user's wireless DHCP setup. See the following for an outline of how to set up multiple, nested VPNs.
    http://www.ab9il.net/crypto/multi-vpn.html

    Hopefully various users here with a more detailed understanding of WiFi networking can verify or correct the above.

    __
     
    Last edited: Jun 26, 2012
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Thanks for that. I think you are right. Somehow they are forcing their DNS service on the customer. GRC actually showed both cryptohippie and Comcast Business. But this is the only place that I have had this happen.

    Well I take that back. This also happened once a long time ago when I was traveling and connected to a satellite internet service. I don't know how to use a firewall as some have suggested or how to go into command prompt etc... But DNScrypt worked etc... But that is not using my VPN's DNS. I have been meaning to email cryptohippie and see what they recommend but haven't. I did change motels though.

    The article you posted is interesting. So you could start a VPN, then run a VM with another VPN installed. And then I guess you could actually run the Tor Browser Bundle inside the VPN. So it would be a VPN through a VPN with Tor running through that. That could be interesting to do sometime for fun, but I bet it's slow.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    The WiFi's DHCP server is pushing Comcast's DNS server(s), is all. DNS queries do go through the VPN when it's connected, but using Comcast's DNS server(s) reveals to observers that you may be connecting via Comcast (even if they can't see any Comcast IP address). When you're setting up VPN connections, you always want to check what DNS servers you're using. The GRC site is a good way to double check.
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    So what does Comcast actually see from me? My request for a webpage and that's it?
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    The DNS server sees your IP address, and the URL that you're looking up.
     
  11. vkidv

    vkidv Registered Member

    Joined:
    Oct 6, 2003
    Posts:
    62
    That only be the domain part, not the full URL including the path.
     
  12. rdebruin

    rdebruin Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    7
    I was using iVPN for the last couple of weeks and this was my feedback to their feedback department.

    Dear Feedback Department,

    A few remarks about the iVPN service that I am using for a couple of weeks.

    I like to run OpenVPN as a service, as described in http://openvpn.net/index.php/open-source/documentation/install.html?start=1.
    However, I think iVPN is not very well suited for running as a service, because one need a readable txt file (with userid and password) to accomplish this. For me this is a security issue. Furthermore, you have to edit all configuration files to add this option by modifying the line auth-user-pass into auth-user-pass <password-file>. Other VPN providers like Boleh of AirVPN have a better transparent solution. Can you have a look at it?

    The speed of my VPN connection is fine, I have no issues with that.

    However, I do have some issues with the pricing. The price is high if you compare it with other major VPN providers. But what is really annoying me is that you can get a large discount if you have a blog (I don't have one) or when you cancel your Paypal payment just before the actual payment is made. It seems you get a major discount via the email after this cancellation is recognized by iVPN. Come on guys, of course you can give some discount, but 30% (!) is annoying. That feels that I am paying too much as a normal user without a blog or making a "normal" payment.
     
    Last edited: Jul 16, 2012
  13. JohnMatrix

    JohnMatrix Registered Member

    Joined:
    Apr 12, 2012
    Posts:
    48
    Location:
    Behind you
    I've been using Mullvad for some months now but it's pretty slow the last few weeks. According to the owner they are suffering from a DDOS attack. Hope they get their **** together quickly because I like their ideas regarding internet freedom and censorship and the VPN they've created.
     
  14. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    sorry to hear that hope that gets sorted soon , mullvad is pretty good next to airvpn
     
  15. Phractal

    Phractal Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    15
    I am not sure my idea would work in this particular situation, but worth a shot.

    If you explicitly add your wanted DNS servers into the TCP/IP configuration of your vpn network, wouldn't that circumvent the forced DNS usage of the motels WiFi ??

    No network pro here either, but this has worked for me in the past.

    Basically you could use the DNS servers of your home ISP as all DNS queries would be sent to the DNS servers AFTER they get routed through the VPN servers. Granted, it might be slower, but the ISP might see what websites are being queried but not your home IP (or motel IP).....at least that is my understanding....please correct me if I am wrong.
     
  16. zx81

    zx81 Registered Member

    Joined:
    Jan 25, 2010
    Posts:
    58
    I am using tunnel bear (paid, its 50bucks a year) in a hotel in dubai to be able to use skype (UAE blocks it) and also to be able to watch the womens beach volley ball on bbc iplayer, during ramadan :)

    :argh::eek: :cool:
     
  17. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Right now I'm using both iVPN & Mullvad. Quite simply, I trust them the most, and also like their tech/encryption. I haven't tried Boleh but I get a very good vibe from their rep (Ruben). If I wasn't already happy, I'd give it a shot.

    Since Mullvad offers truly anonymous payment they work great in an inner-outer tandem that I saw another poster in here mention (whose name eludes me right now). I wish I could remember and point people to the thread, it was great advice. And if I'm not filling out any forms/logging into sites I'll even use Ixquick's proxy to tunnel through those VPN's, so that even they can't see what I'm doing.

    And it's surprisingly light considering 2 hops with iVPN, another though Mullvad, then the proxy. Most of the slowdown is the proxy. But it depends on the site. Here at Wilders there's barely any slowdown proxied (with Ixquick)... dunno about Tor.

    After over a year of experimentation now, this is my take on the subject. But to each his/her own.
     
    Last edited: Aug 4, 2012
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    So Mullvad accepts cash?

    Was it Mirmir?
     
  19. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yes, I believe it was Mirmir that provided an excellent tutorial for how to accomplish this. That's where I got the idea from. I'm too lazy to try to dig it up right now.

    And yeah you can send Mullvad any amount of money, even $10-15 just to try it out. I think that gets you like a month (I forget). That and a customer ID # you get on their site. No personally identifiable info. needed.

    All VPN's should be this easy/anonymous...

    Still, I rarely use my VPN's. I won't use them to do normal stuff, like post at Wilders like I am now. Not worth the slowdown unless you really need the anonymity. I'll use them to have private conversations... like when I'm using Pidgin to discuss things with certain people I wouldn't want the whole world knowing about. Like where the parties are at, etc... ; )
     
    Last edited: Aug 8, 2012
  20. privacyrights4all

    privacyrights4all Registered Member

    Joined:
    Aug 29, 2012
    Posts:
    6
    Location:
    United States
  21. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    541
    Location:
    United States
    From their Privacy Policy:

    Giving in to "police state" legislation is a deal breaker for me.
     
  22. redcell

    redcell Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    126
    I like to advise any beginner and even intermediate users to be wary of VPN offers (unless VPS totally run by yourself). Recently, there is an aggressive marketing scheme on so-called private, borderless or worry-free VPNs.

    I understand most users want anonymous VPN to express freedom of speech in their home country against their leaders/policies. A good thumb rule is to know the intelligence and political status of the country where the server is located at.

    For instance, if a user wanted to post comments against China government (eg. human rights), the user must not use VPN where its server is located in China's allies (eg. Russia).

    Ultimately, paper/electronic trails of VPN purchases can be traced. The risk can be reduced by implementing cascading VPN tunneling via VM, and changing your base connection (wifi hotspot).
     
  23. Couldn't of said it better. I find some of these fly by nighter VPNS highly dubious and don't trust them.
     
  24. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    bitcoin and a couple "washes" and there aint no trailing to do ;)

    p.s: yes thats why forums like these that are security and privacy oriented exist in order to uncover such scheme like vpns and the trustworthy ones whitelisted ;) , and yes of course you inform yourself about the server country you connect to first , you always want a privacy and human rights oriented country aka sweden instead say the US or china or russia etc
     
  25. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    That reminds me of a couple of "interesting" VPN providers that have emerged from the blackhat community in recent months:

    • Enc0de's VPN - A one-man operation with a "100% no logs" VPN server located in Russia.
    • OffshoreVPN - Claims to have VPN servers located in Iran, Cuba, Kazakhstan, and Somalia. :eek:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.