paid vpn service recommendation as of october '14?

Thank you for answering..

This is actually an interesting point. I'm an AirVPN user, though my subscription is ending and I might go with mullvad instead.

I thought their "Eddie" client was gonna support a way to block the internet while not connected to the VPN, but I read somewhere on the forums that they have no intentions of doing that.

I'll give UFW a try and see if I can configure it for my needs, but I'm a noob when it comes to doing stuff ://.

If only Mullvad was a bit cheaper.. It's like 10eur more expensive than AirVPN, for the 1year subscription, I think. I know it's not much, but it could pay for a domain name.. I need to start cutting down on the money I spend or I'll be in trouble.

 

And that's the problem. Most people don't want to have to download a firewall and learn how to create firewall rules. I still don't know how. But I haven't tried. I just think it's a little odd to leave heir VPN vulnerable for the majority of their users when there is a simple fix. That seems really odd to me.

 

Here you go. https://secure.cryptohippie.com/products_roadwarrior.php

"Servers, Location Agnostic (LAS)
We do not rent standard servers. Our products are Location Agnostic Servers: Servers that cannot be located by any normal means".

https://secure.cryptohippie.com/products_servers.php

 

How secure do you think this would be? Mullvad on my real machine. Cryptogippie on a VM. And then TBB inside of the VM?

 

That would be OK, but not as good as using pfSense VPN-client VMs and Whonix VMs. That separates stuff in different VMs, which provides some protection against accidental leaks and attacks.

 

For you guys commenting about Airvpn, I wonder how long has it been since you used their client? The network lock feature is on their client and it works for disconnections!

I use multiple VPN's from numerous providers and don't like to "pick/promote" one over the other out of the top 5 that always show up in these forums. On the other hand, I felt it was called for to support Air when the comments are clearly behind the times. The client has solid disconnection protection that can be turned on with a simple "click".

That said; some of us will NEVER rely upon any client from any provider, not ever. Manually covering my rear end is my responsibility and I doubt you guys care more about my security than I do. Know what I mean?

 

thanks for the info. it seems as if they don't want you to find out about their service, hidden deep in the website.
and yeah you're right. it is highly priced indeed.

 

i have no probs w/ air and i must say that i really love plain looking software but don't you guys too think that their client software looks way too archaic for its kind?

 

did you ever have any issues with geo-restricted content from providers such as hulu, netflix, pandora, etc. when connected through mullvad or pia while overseas?

 

I haven't been overseas in many years so I don't know. I do think though that Hulu knows when you're using a VPN because I tried connecting once with my VPN running and I was blocked.

 

Thanks Palancar. So they've fixed it? I think that's wonderful. I liked the service with all of the exit nodes but the disconnecting was really frustrating. I'm glad they fixed it.

 

thanks for the reply.

 

I have been putting this off but I did just start reading the tutorial. I downloaded Ubuntu 14.04.1. I assume that's okay. I am wondering though if this will work with my portable VMs. I have VirtualBox installed in a 100G TrueCrypt folder. I have Windows 7 and Whonix installed so far. Getting ready to install Ubuntu.

I take it that you don't have a lot of faith in Shadow Defender preventing permanent changes and in preventing traces of activity. But it just seems like such a good idea. I enable SD before I mount the TC container. And I also have SD installed on my Windows 7 VM. I've done some experimenting. I downloaded tons of stuff. Several G's worth, after first wiping the free space. Then I rebooted everything and ran recuva looking for any file (deep scan) and could not recover a trace of anything. It appears to completely prevent any changes from being made after reboot.

 

Oops. I forgot about the net vs com thing.

 

They are expensive. But I think they're trustworthy and it is a multihop VPN with good speeds. Only German exits nodes though, unless that has changed.

 

afair you had told air did discreetly get disconnected frequently revealing your real ip.
i fear it might still do so even with connection kill switch on. i hope it doesn't.

 

How about this? http://www.doublevpn.com/en/ It has good locations and double and triple tunneling feature as well?

 

Who is owner of cryptohippie? Or who is associate with owner? I have foggy memory of reading this forum several years back (long time now) many arguments about cryptohippie and xerobank or something. That guy Steve from Texas I think? Used to post here very frequently but then just stopped (or stopped using that handle anyway). So many arguments that posters were banned, or arguments also on other sites too.

Not sure. Maybe I am confuse with different company.

 

Yes, they were connected. It appears from http://www.swansat.com/liberty.htm that XeroBank was designed as part of the SWANSAT LIBERTY™ Suite. SWANSAT was planned as a network of low-orbit satellites providing service via WiMax. The project stalled after one of the founders died. I believe that XeroBank leased and resold VPN services from http://cryptohippie.net/. There was a lot of bad blood around that project, but I have no clue who did what to whom, or why. It is, at this point, ancient history.

 

Whats to be gained by doing this as far as accessing the Internet this way ?

Your remote connection up to your router would be protected, but your router to the Internet is in the clear.

Its like surfing from your home with no anonymity or privacy protection .... or have I missed something ?

 

The kill switches such as vpnetmon aren't very secure. When the vpn connection is lost, your ISP IP may be immediately exposed, and the other hand the kill switch procedure may take a few seconds to act (typically, vpnetmon take 0.5s not to act, but to realize that it has to act).

The firewall method or the route method are far more secure (and far more simpler: where vpnetmon needs .Net framework 4 plus a lot of code around, the more efficient route method only uses one line of msdos script...).

Concerning the paid vpn, my choice is AirVpn, Perfect Privacy, Boleh and Ovpn.

Perfect-Privacy is far too underrated on this forum, in my opinion: First, PP accept Bitcoin, PaySafeCard and cash, what is good for anonymity (few vpn providers continue to accept Ukash or PaySafeCard these days), PP has many servers around the world with many IP each (so, even with 1 hop vpn connection, your inbound IP is not the same as your outbound IP, making your connection more difficult to trace), provide Openvpn (with rock solid crypto) , IPSec, PPTP, Squid proxy, Socks proxy, and SSH on *each* server, provide a client *really* protecting against vpn disconnection and DNS leak , and permitting to cascade openvpn connections up to 4 hops (plus SSH tunnels and Socks/Squid proxies if you want... so many many hops...), each server can act as a "Tor 2 Web" proxy, P2P is allowed on *all* servers except the US ones; they allow ports forwarding on each server... And last but not least, they are trustable: They have had some server seized in the past (especially in Germany), but they had nothing to give to the cops, the cops found nothing and nobody has been arrested. Only AirVpn provide some features that PP not yet has (such as Stunnel). But PP has much more features on each server.

 

Yes, that's the idea. You can VPN to your home network, to safely access files, and use your home Internet connection (instead of, for example, Internet directly through a WiFi hotspot). But in this case, you're trusting your home ISP.

If you don't trust your home ISP, you could run two OpenVPN instances on your router. One would connect to some VPN service, and the other would be a VPN server for you to connect to. That way, you could connect securely to home, and then use the home VPN service gateway for Internet access.

 

Using your home IP remotely when needed and having a secure tunnel to it. It would be the connection to use for things like online banking. There are instances where you want to use your real identity and verify it. On the server side, a static IP is required for an SSL certificate and costs extra. Same principle. You are paying for a fixed IP so the certificate authority can verify the identity of your business.

The router itself is also part of the security setup. I have mine set up to block unwanted domains and IPs--mostly tracking related. That is an extra layer that can cover me if the plugins and client software I'm using fail and it doesn't require me to install anything on client computers. If I'm using an unsecured connection in a wifi hotspot I can tunnel to a connection that I know is secure, my own home connection.

 

This agnostic feature seems amazing. But I was not able to substantiate it afer a (quick) google search. What are the principles grounding this marvellous "agnostic location" ? Is this real, or another Xerohippie mumbo jumbo ??

Not very cheap: 258$/6 months just for the Panama/NL 2 hops vpn...

 

They're just hiding servers behind complex networks of nested VPN chains. Maybe they're located in private, high-security hosting facilities. But mostly they're probably just anonymized re ownership and physical location. They also use teams of trusted, anonymous administrators, who also don't know where the servers are located. It's the zero-trust thing.

For multihop VPN services, I recommend Insorg and iVPN. They're not cheap either, but they cost a lot less than 500 USD per year.