Why Should I Use a VPN

If the connection is HTTPS, then yes...but - since you are *known* to the bank, your identity can be tied to VPN use, since they will have the VPN IP when you log in. If that matters to you, then just connect direct for banking sessions.

PD

 

That never really occurred to me but thinking about it, I guess it's common sense but I very much appreciate you pointing it out to me. I'm really beginning to think that use of a VPN should be a part of my set up and maybe something that lots of people should use.

 

Indeed. More generally, never use a particular VPN (or Tor setup) for anything that you don't want linked together with everything else that you use it for. The same caution applies to particular computers, USB drives, LANs and so on.

 

If your connected to the website your buying from or your bank under HTTPS then there is no problem using the VPN while banking.

 

I agree that it's secure. But, as PaulyDefran noted, your bank would then know your VPN exit IP address. Also, if that VPN exit IP address is in another country, your bank might (and should, if they're prudent) freeze your account as possibly compromised.

 

I have done banking with my VPN a few times. Banks won't freeze your account unless it has many connections from different country's connected to it, for example a normal use of a bank account by a businessman who travels would show different IP's. I also don't worry about my bank having my VPN IP as its shared by many and unless you buy with bitcoins your bank knows you have a VPN anyway. Banks don't care if a person has a VPN or not, its just another IP for them and having a VPN task force is a waste of money to them.

If it does not make someone money they won't give a damn. If you connect to a server in china and your a US citizen and your using their servers to commit crimes, as long as they are not crimes against china they don't care as it would cost way too much time and effort to bother contacting your Government and getting the whole thing worked out. No money, no care.

 

That's probably why it's mainly Chinese IPs that are trying to pwn my servers

 

Hi merisi, not just because I made the post, but there's a WEALTH of information on it for anyone getting into OpenVPN and wanting to stay safe and secure...

https://www.wilderssecurity.com/showthread.php?t=285780

It's 32 pages long but it's not going to take forever to read through, or brush over it...

There's a bit to learn in this game of OpenVPN and a lot of BAD companies out there, so learning is helping in many ways, especially, staying away from the bad vpns!

When you click the link make sure in my 1st post you LOOK for this section and read what it says below it!

** P.S. ATTENTION SPECIAL NOTICE SINCE POSTING IN NOVEMBER 1st, 2010! ***


CHEERS

 

I appreciate all the information I'm getting here, I am learning a lot.

Mirmir, before you mentioned using a VPN, Tor and another VPN. I was wondering how you get that to work? The first part is easy I'd just got into the VPN and then launch Tor but how do you get the second VPN to only work on the last part after Tor and not at the beginning with the first VPN. Oh and btw, I did manage to get a VM up and running, a lot easier than I thought though still learning configurations.

Cubones, I totally agree with what you're saying about countries that don't care as long as they're not the victims of crime. You only have to look at the bizarre situation of Spain and the UK where it's legal for someone in Spain to defraud someone in the UK (or at least it was until very recently if that has changed.)

Just to reiterate, while I can't imagine my ISP or govt have any interest in me, really, I just want an extra layer of privacy and anonymity. I also like to try things out just to see if I can do things but mainly because I find tech fascinating.

 

Three of my main principles of security and anonymity on the internet.

(1): No money, No care.
(2): Bear Principle - Bear will eat those who are slower first, like an adversary will find people with a less well made set-up. Just have to be faster then 90% and the bear will never catch you as its got endless others to eat first. Only way you will be eaten is doing something stupid.
(3): Blending in and not calling attention to yourself is always best, sometimes less is more.

 

I sometimes wonder whether using layers of security is the equivalent of walking down a town high street with an over the top disguise, while people may not know who you are, everyone will be looking at you. It's difficult to guess what the right balance is, well difficult for me anyway.

 

VPN encrypted traffic won't be noticed unless someone is looking for it. You have to remember for the most part VPN's are used in real business as well and considered a very normal form a traffic. I keep my VPN on 24/7 while using the computer, I never remove it. My goal is using VPN 24/7 for 5-10 years and thus all existing logs of my previous activity time out and all that's known about me is nothing but encrypted steams.

 

Can you provide a quick summary about why some VPN companies are "bad"?

 

Because they lie and keep records when they say they won't?

Because they will rat you out at the slightest hint of a 'threat'?

Those are two reasons.

You want a VPN that publicly says "No records, at all, ever" (or as close to that as possible - they know when you connect, but should delete at disconnection). You want one that says "No 'legal' paperwork acknowledged unless it comes from an agency in our country" (and if there are no logs...ok, whatever. Giving over 100% of 0 is still 0). You want one that lets you buy with Bitcoin or Liberty Reserve or some type of bought-for-cash payment card.

Those are my criteria/opinions, others may think differently.

PD

 

I've also found out that you have to reconfigure your firewall to get a VPN to work properly but would this put all my online activity through the VPN because I only want certain things to pass through it which is pretty much my web browsing. While I appreciate this won't give me total anonymity which is something I feel is near impossible, I basically don't think it's the ISP or anyone's business what someone does online unless it's criminal. I guess that leads to well you can only know if someone is up to something criminal by monitoring them.

 

I use Comodo firewall
here's a guide I use to force my connections per application through the VPN tunnel ie browsers, utorrent etc
the guide is written for version 5 but works just as well with the current version 6

http://www.bolehvpn.net/forum/index.php?topic=5798.0

 

You can do that with just two VMs. The host machine connects to your paid VPN. To block leaks around the VPN, install shorewall, and set it up as described in -http://xerobank.com/support/articles/how-to-harden-openvpn-in-12-easy-steps/.

For Tor, use ra's Incognito [Tor] Gateway VM from -https://bitbucket.org/ra_.

Then you have your desktop VM of choice (such as Xubuntu). In the desktop VM, you set up connection manager with your free VPN. And you block leaks around the VPN using shorewall as above.

 

1) Assume that TheOrganization has infiltrated the Tor network and find that a communication originates at IP X and ends at IP Y using some kind of trace mechanism.
2) Assume that what you are trying to get to is a hidden service, so there is an additional layer of Tor in place. Theoretially even stronger than what you propose.

End to end, this is: You -> YourISP -> ThePaidVPN -> Tor -> TheFreeVPN -> Tor -> HiddenService

TheOrganization in question wants to identify people who frequent HiddenService, so:

1) They watch HiddenService and discover that some of the transmissions from the board come from TheFreeVPN.
2) TheOrganization contacts TheFreeVPN and discovers that they are happy to help due to the nature of HiddenService. Unfortunately for TheOrganization, the other side of the TheFreeVPN is not an ISP. It is identified as being Tor once again. Fortunately for TheOrganization, they know the login credentials of those who are connecting over Tor.
3) TheOrganization now identifies communication between ThePaidVPN and TheFreeVPN the same way it discovered communication between HiddenService and TheFreeVPN. TheOrganization contacts ThePaidVPN and discovers that they are also happy to help due to the nature of HiddenService. Your account at ThePaidVPN is identified as the one communicating with the account at TheFreeVPN.
4) YourISP is identified as the associated connection to ThePaidVPN, and shortly thereafter, you are identified and given up by your ISP.

Admittedly, this is very contrived and overly simplistic, and even perhaps incorrect in some ways, but it can likely be thought through much, much better than I am proposing. If I am right about that, it kind of shows that it is still possible to trace you. Difficult, but possible.

Whether or not You accessing HiddenService would ever hold up in any sort of court system is another story. Indeed, it is probably a much bigger problem for authorities than identifying you in the first place. However, try to explain to your family or your friends why the authorities showed up at your house and confiscated your computers to see if there is any local evidence of you visiting HiddenService.

 

My risk model doesn't include "TheOrganization" being after me

If it did, I wouldn't be sitting at my desk typing this. I'd be in a rented car, paid for with fake credentials, using a throw-away netbook somewhere with free WiFi

I've never tried Tor via VPN via Tor. I suspect that it'd be unworkably slow.

I'm sure that there are better approaches. They might involve remote servers and high-latency (randomly delayed) automated transactions.

 

Some of you live in la la land. What do you think will happen to your VPN provider after they stick a gun in his face and tell him to turn on logs or else? Or they threaten his family and say they will send him to jail if he doesn't co-operate and make a deal?

I'll tell you what...They will turn on the logs. It's a worse case scenario but it's bound to have happened or will play out like that in the future.

 

La la land indeed.

HideMyAss gave up a LulzSec hacker by court order. It has happened. It might be happening again right at this moment.

One doesn't know until they're knocking at the door...

It's not like an ISP or VPN would warn it's users that someone is watching...

 

I always assume that everyone is logging everything that they can.

 

VPN: To avoid fingerprinting , you should use Virtualbox , to avoid ip leak when VPN is disconnected , you should use VPN LIFEGUARD (in the host you should use VPN lifeguard , you put virtualbox.exe into VPN lifeguard , and when VPN is disconnected , Virtualbox ENTIRE will close , but you never know if time enough to avoid your real ip is leaking )
and when you want to reconnect virtualbox into vpn , you should be careful ,1º you should reconnect VPN in the host , and switch on virtualbox , to try avoid ip leak , and check DNS ,you never know if there are DNS leaking.

 

I don't know why people want to use VPN and not Whonix , and why whonix doesnt have too much support.

Whonix is the best thing that i have found to stay anonymous



Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location

Adobe Flash anonymously
browse the web anonymously
Anonymous IRC
Anonymous Publishing
Anonymous E-Mail with Mozilla Thunderbird and TorBirdy
Add a proxy behind Tor (Tor -> proxy)
Based on Debian GNU/Linux.
Based on the Tor anonymity network.
Based on Virtual Box.
Can torify almost any application.
Can torify any operating system
Can torify Windows.
Chat anonymously.
Circumvent Censorship.
DNSSEC over Tor ¹
Encrypted DNS ¹
Full IP/DNS protocol leak protection.
Hide the fact that you are using Tor ¹
Hide the fact you are using Whonix
Isolating Proxy
Java anonymously
Javascript anonymously
Location/IP hidden servers
Prevents anyone from learning your IP.
Prevents anyone from learning your physical location.
Private obfuscated bridges supported.
Protects your privacy.
Protocol-Leak-Protection and Fingerprinting-Protection
Secure And Distributed Time Synchronization Mechanism
Security by Isolation
Stream isolation to prevent identity correlation through circuit sharing
Virtual Machine Images
VPN/Tunnel Support
Whonix is produced independently from the Tor (r) anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
Transparent Proxy
Tunnel Freenet through Tor
Tunnel i2p through Tor
Tunnel JonDonym through Tor
Tunnel Proxy through Tor
Tunnel Retroshare through Tor
Tunnel SSH through Tor
Tunnel UDP over Tor ¹
Tunnel VPN through Tor
Tor enforcement
Free Software, Libre Software, Open Source
¹ via Optional Configuration

 

It's better to use Linux for both host and VMs, and use iptables rules.