BolehVPN hasn't updated its warrant canary

Discussion in 'privacy technology' started by DrearyMushroom, Jan 29, 2018.

  1. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    27
    Location:
    The Internet
    Their policy states:
    But the warrant canary hasn't been updated since December 2, 2017.

    https://www.bolehvpn.net/canary.txt
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    It's been updated today.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  4. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    27
    Location:
    The Internet
    While it's been updated now -- it went for almost two months without an update, makes you wonder what's up.
     
  5. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Yes it does and it makes you wonder if they are still in control of it.
     
  6. 142395

    142395 Guest

    Warrant canary don't make sense if they forget to update.
    I hope BolehVPN staff to make clarification and make sure it will never happen again.
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    Those never provide much "peace" for me. If a 3 letter agency has a rope around your neck part of it would simply be; if you take down the canary we will pull on the rope harder than you can imagine. Given that pressure who is going to remove or "kill" that canary. Answer: no one
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Warrant Canaires will not make any difference if the VPN does not have a no logging policy. All a Canary will do is let you know that you might be arrested soon if you have committed a Felony Offense. In other cases a Country might try to pressure a VPN into handing over user data due to Political Opposition to the current regime in power.
     
  9. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    27
    Location:
    The Internet
    A third option (especially in the US) would be that the company was served with a National Security Letter with a gag order. Example here: https://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email

    --

    We also have a response from BolehVPN:
    {quote}Hi there, There was a rollback on our main site due to corruption in the mysql database. A new warrant canary will be up soon. No user data was compromised as the user database does not share the same hosting provider We apologize for any inconveniences caused BolehVPN support@bolehvpn.net PGP Key: https://www.bolehvpn.net/bvpgp.asc{quote}
     
    Last edited by a moderator: Feb 2, 2018
  10. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    It is these kinds of abuses of the law by those who are supposed to be upholding it, that will drive business out of America and into countries where if all else, at least the justice system is not corrupt.
     
    Last edited: Feb 2, 2018
  11. 142395

    142395 Guest

    I agree that one shouldn't put 100% peace of mind to warrant canary, but for me the problem is not that.
    It is some VPN services apparently uses the canary just as a marketing gimmick (contrary to this, Mullvad chose not to use the canary as it's not needed). When it comes to VPN, trust is everything and we can't verify if what they claim is true (well, only negatively can be proven). We can only guess, and I don't want to spend money to those who use marketing gimmick much, as long as there's an alternative.

    Anyway, so Boleh explained this? I couldn't find that statement.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, there is no way to verify claims about logging, data sharing, and other privacy issues. You only know when privacy failures come out in public statements, leaks, and criminal investigations. With some effort, you can test claims about server locations (using ping-location services) and check for HTTPS MitM (running your own HTTPS server). There is a niche for an independent rating organization. But then you'd need it trust it :eek:
     
  13. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    27
    Location:
    The Internet
    Here was the response I got:

     
  14. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    The BolehVPN main website has a certificate error now.
     
  15. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    27
    Location:
    The Internet
    Heh, I can't even get the site to load anymore. Getting a 500 Internal Server Error response.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Damn, I wonder what's up. One of their principals used to have an account here. But I don't recall his username. Maybe someone could PM him.
     
  17. 142395

    142395 Guest

    Yup, so the truth can only negatively proven. But as you say, we can see some technical or ethical aspects to guess. Independent organization might be interesting...
    Ofc we can double or triple tunneling (or hopping...I think tunneling will be better word) different VPNs to decrease risk, which is what I haven't tested... but may use after I moved to a notorious country and started to use VPNs 24/7.
    Thanks, so it was personal response. I'm currently not Boleh user but they're in my "watching list" for next VPN. So these things attracted my eye.:(
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, with tunneling (or nesting) VPNs, you don't need to trust any of them completely. It's like how Tor has three-relay circuits. Because no one VPN/relay can compromise you. You're OK as long as one of them remains uncompromised. I have guides on IVPN for creating nested VPN chains using pfSense VMs. You could also do it with physical routers. It's rather like multiple NATing.
     
  19. 142395

    142395 Guest

    I know your guide and it's where I learned that, thx!:D
     
    Last edited by a moderator: Feb 5, 2018
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  21. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    27
    Location:
    The Internet
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Shady or forgetful?
     
  23. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    27
    Location:
    The Internet
    I think they lend themselves to each other. Especially if the whole purpose of a warrant canary is to be weary if not updated.

    If they are forgetful about this, what else may they have they have missed or not set up correctly? Of course this is just all hypothetical, but it's perception that matters when there are many other options available for the same price.

    What gets me is that a simple monthly calendar notification would solve this. Or they could simply get rid of the warrant canary all together and write a blog post about why it isn't needed.
     
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I don't know. Does Malaysia have NSLs?
     
  25. 142395

    142395 Guest

    I also take it's bad sign. Being forgetful should not be allowed when it comes to WC.
    I thought they're no more located in Malaysia, at least regarding jurisdiction.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.