How's the speed on AirVPN? Mullvad? iVPN?

you might also check vpn4all
I have been using it for one year before switching to Air, but just for changing. vpn4all provided me a good service.

 

PureVPN is dodgy. I'm on my phone so won't go into great detail, but “No Logs“ for them, means something completely different then what you would expect, I would not use PureVPN.

 

That's good to know, thanks for the info.

One thing I've wondered about AirVPN is that they claim they do not log even on their U.S. servers and that they have a way around being forced to do so by secret court orders etc. But couldn't a court just force the server farm that AirVPN rents space from to do the logging, unbeknownst even to AirVPN themselves? Perhaps I don't understand the technology behind this, but that was the thought that crossed my mind.

The only reason I would want to use a U.S. server is that presumably the closer it is physically to one's actual location the better the speed, especially in terms of ping.

 

Actually I do not know and being in EU I do not use US servers. Maybe you can post your questions on their forum, they will reply for sure.

 

unsure either of the above, but I know airvpn staff would most likely be able to answer that question.

I know AirVPN have kill switches in place in case of a raid, and to this date have not handed over any information to any law(so they claim!), they have simply responded with no information found or no offending file found on there network also.

 

Of course, in the scenario I outline, AirVPN would not be aware of the logging, which is why it concerns me. I have seen them address this issue in their forums and I'll have to go back and look at their comments again, but what I did see, if I remember correctly, made it seem like they were kind of avoiding the question and insisting that you couldn't be logged on any of their servers. That's why I asked here. I thought some of the more technically saavy Wilders members might be able to say if my hypothetical scenario is possible and/or if AirVPN (or any other conscientious VPN sevice) would have a technical means to protect against it.

 

VPN services are vulnerable to adversaries that can log all traffic to and from their servers. That's more likely with one-hop VPNs than two-hop ones. And it's less likely if you use two or more VPNs, in nested chains, especially if they're operating from non-cooperating spheres of influence.

 

Thanks for the reply. I guess this would require some sort of man in the middle attack (faking security certificates, etc.), since the connection to the VPN is encrypted? But in that case, is it any more secure to connect to a VPN outside the U.S.? Couldn't the veritable man in the middle be somewhere in the U.S. between the user and the server on another continent?

 

I meant "vulnerable" in the tracking sense, not the decrypting sense.

But, in any case, it's just your connection to the VPN server that's encrypted, unless you're also using end-to-end encryption such as HTTPS, SSL/TLS or SSH.

 

I guess I'm not understanding. You said VPN's are vulnerable to adversaries who can log traffic "to" their servers. If the connection between my computer and a VPN server in encrypted, then wouldn't it require a man in the middle attack to log my (https) traffic to the VPN server?

On the other side, as long as my connection to the VPN server is encrypted, why would I care about logging the traffic from their server, if it's a shared IP and the server itself is doing no logging?

So, rulling out those scenarios, I'm not getting where the vulnerability is to me that you were describing.

 

Yes, it would require MitM to log the content. But logging packet metadata (source IP, type, size, time, etc) just requires access through the VPN server's ISP.

Each website, for example, has various traffic signatures, depending on how you're using it. Even if it's a shared exit IP, it may be possible to correlate traffic from you to the VPN server with traffic from the VPN server to the website that you're visiting.

One can tell a lot from traffic patterns. Just sayin'

 

My personal experiences: I have to use UDP because my router limits TCP speeds to 200KB/s. Might be worth remembering if you get slow speeds!

- AirVPN: most servers are fast, there are a lot of servers so if I have a slow server I just pick another one. Once in a while there is a disconnect but overall it's very stable and fast.

- Mullvad: great philosophy of the owner, servers vary between slow and medium. Many disconnects and other connection problems (like 10 seconds of no network activity with Mullvad on). I haven't used Mullvad in over 6 months so it might be better now!

My advice: buy one month of Mullvad and one month of AirVPN. See which one you like best. Both are good and cheap. Personal preference is AirVPN for now but it's good practice to switch every few months.

 

Any VPN server located in the USA or UK must be believed to be compromised. This is the only rule you need to know. I am a UK citizen, I always use Netherlands, why? Because the more separation you create, the safer your data is.

On a side note Mullvad have been great for me. They also have the best TCP speed around bar none.

 

So they could see my IP connecting to the VPN, as well as the amount of traffic coming and going from me?

Do you mean things like browser fingerprinting?

Anyway, now that it sounds like the NSA has broken SSL, I wonder if it matters anyway.

*

@JohnMatrix Thanks for the feedback about AirVPN and Mullvad.

*

Yeah, that was the point of view I was holding also. But given some of today's revelations about the NSA and it's cracking of common encryption protocols, can they just sit on the backbone in the U.S. somewhere (sort of in the way the DEA is doing with AT&T and phone calls) and collect and decrypt traffic before it gets to servers elsewhere?

I'm starting to think VPN's are only good for privacy from marketing companies (Google, etc.), which I do care about. But when it comes to the NSA it's hopeless. Before I thought, if the NSA specifically targeted me (which I have no reason to think they would) then I had no chance, but I could at least avoid the blanket collection of traffic and emails, for the principle of privacy. Now I wonder if that's possible.

 

Yes.

Yes.

I'm not freaking yet. Their attacks seemingly involve backdoors, unpatched vulnerabilities, and side-channel compromise of key material. Open-source software used by technically-sophisticated providers outside US sphere of influence may still be secure.

They can collect everything. Maybe they have Wilders' key, and can decrypt what I'm typing now. But why would I care, because it'll be public in about five minutes? But can they decrypt my gpg-encrypted messages? I doubt it.

It's not yet time to freak

 

Thanks for your thoughts mirimir.

 

http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all&_r=0

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

 

@Tipsy

If you read those statements about VPNs in context, it's clear that they're talking about corporate VPN connections, and not about VPN privacy services.

 

Now the only protections of your privacy is that they collect too much information. They collect such amounts that they do not know even how to process it correctly. Otherwise, how did such thing as Boston bombing happen, even they already know one of the bombers was very suspicious!

The news reports tell that any hopes to keep all your informations completely private by encryption alone is wasted.

 

I've seen no mention of vulnerabilities, backdoors, etc in open-source software such as Truecrypt, OpenVPN, OpenSSH, etc. And I'm sure that all crucial open-source stuff is being rechecked. The major risk with open-source crypto is key compromise.

On the other hand, it is time to lose Windows and OS X.

 

It was never about stopping crimes or bombings. It's always about power and money, criminals and attacks are what the NSA really wants because then they can say: "You see, we couldn't stop criminal X, we need more money for intelligence so we can stop this in the future."

 

One question I never got answered I feel was if one is using AirVPN is it best to not connect a server based in england and us ?

I see most folk are connecting to the netherlands and many others to singapore servers even....

 

Generally, it's best to avoid them. If you need to have a US IP, get a free SecurityKISS account, and route it through AirVPN.

The Netherlands is a good choice. I'm not so sure about Singapore.

 

As long as pay either services with Bitcoins, you should be safe and untraceable.

 

Netherlands and Sweden is where its at for the most part. There are other countries but most people don't host there.