VPN servers raiding/sniffing by LEA

There is much discussion about vpn providers logging or not; it is good if no logging is done of course, but what about the servers?
Looking at Mullvad, Bolehvpn, Airvpn, i see only servers located in "western oriented" locations.
NL being especially popular, noting the increasing tendencies by authorities to "tap" the internet, in NL for instance the rightist government trying to get away with more and more spying:
"plan to let police hack computers", http://www.dutchnews.nl/news/archives/2012/12/advisors_criticise_minister_on.php
The idiots even want the power to infiltrate servers and destroy data on computers located in foreign jurisdictions. http://www.slate.com/blogs/future_tense/2012/10/25/netherlands_government_wants_power_to_render_inaccessible_data_on_foreign.html
So, what are the risks LEA putting a tap on a server which hosts a VPN, on the incoming side of the server unencrypted traffic could be tapped.
Servers are being raided all the time:
On 25 October 2010, a team of Dutch law enforcement agents seized control of 143 servers
https://en.wikipedia.org/wiki/BredoLab_botnet
A while back i wrote to the owner of Mullvad about this subject, this was the response: ( i asked and got permission to post this)
Begin quote:
"> Question: using vpn from a home pc: i live in The netherlands and your vpn has Leaseweb.nl as server,what happens as:
> the dutch authorities raid the data center and start sniffing traffic. (or inspect logs held at Leaseweb)
> is my home ip adress exposed?
Answer:
Hi! Sniffing would be hard but there is a theoretical possibility that
they could physically break in to our servers and compromise them
without us noticing. If you are dutch and concerned about the dutch
government you may want to use VPN servers that stand on ground
controlled by people who are not friendly towards them, depending on
the level of your needs and/or paranoia."
End quote.

I"d be interested to get views on this subject ,and any recommendations as to how to lessen the risk getting "tapped "
Using 2 vpn's might be enough?

 

I always think you should treat these situations as worst case scenario. That it is happening/already happening and protect yourself to that end. I just assume the VPN servers are already compromised and plan accordingly.

They probably know full well the situation with people using off shore VPN's but they don't care..... Yet.

If you don't know what a threat model is, look it up and do one yourself. That's my best advice.

I'm lucky I guess that all I do is stream a few T.V shows so I don't need to worry. Doesn't mean I don't care though.

 

I think everybody needs to worry , in general terms, and we need to be educated as to how to evade the government scrutiny.
I do now about threat model , but think myself not all that technically savvy, so i would welcome any insights from those whom are.

 

The advice from Mullvad is good. Better is chaining multiple VPN services, from different non-cooperating places. But, if you're going to use services from generally-unpopular places, it's best to put them in the middle of three-VPN chains, so neither your ISP nor websites can see them. The same applies to adding Tor to chains.

 

Wouldn't think it will be easy finding those; among good vpn providers.

 

Insorg (-http://safe-inet.com/en) is Russian, I think. I've also heard of Chinese VPNs. Maybe I'll compile a list

 

Sorry don't trust Russian or Chinese VPN's, too much of a possibility of government intervention.

 

Government intervention is possible just about anywhere. The key is being uninteresting enough to them

I didn't explain my plan very clearly. Start by picking a VPN that you trust. Perhaps there are shared politics, respect for privacy and human rights. And perhaps it's located in neutral territory. So that's your primary VPN. Using it won't attract very much attention.

For your secondary VPN, pick one of the "dangerous" third-party ones. All of your traffic through it is securely encrypted, so not much is vulnerable. What it accomplishes is relaying secured traffic to a third area that's more neutral. For your third VPN, you pick a plain vanilla consumer service, that doesn't attract much LEA attention or website banning. Everything in your third VPN is end-to-end encrypted, and all traffic through it should itself be independently end-to-end encrypted by Firefox, Thunderbird, or whatever.

What do you think of that?

 

@mirimir
The russian vpn has some exotic servers indeed; Romania ,Malaysia ,Russia, Panama,Latvia.
Your plan using 3 vpn's looks secure, but how workable would this be in real life ?
wouldn't this setup be very complicated to safely maintain?
all servers have to work;if one stops the chain is broken.
Preventing dns leaks ,would this be more difficult with multiple servers ?
using vpn should ( in my case) solve the drawback of using Tor; slow,slow slow.
Would using 2 vpn's be a reasonable compromise? the chance 2 servers in different jurisdictions being sniffed at the same time and this info shared ,might be slim?
Perhaps one "exotic" and one regular vpn ?

 

True. So does, for example, AirVPN.

I've used two-VPN chains (some two-hop) for years, now mostly with pfSense VMs as VPN clients. Most paid VPNs are pretty reliable, and they generally reconnect if there are problems. I occasionally need to reboot stuck VMs.

Each VPN client is firewalled, whether it's in pfSense or a workstation VM.

Yes With some combinations, I can get about 4-5Mbps each way with two-VPN chains, and about 2-3Mbps each way with three-VPN chains. While that's much less than (for example) AirVPN alone, it's better than Tor

Sure, two is better than one, in this case.

It depends what your goal is. I wouldn't use a Chinese VPN as your second VPN, unless you were posing as Chinese, and I definitely wouldn't it as your first VPN, unless you were in North Korea. But Panama is fine, I'm sure.

Russia, however, is iffy. Some Insorg exit IPs are blacklisted, which can complicate browsing and email. And the Russian government may be logging. But hey, someone is probably logging wherever you go. Just operate accordingly.

 

Romania is what i found, rest is "western"

Okay ,sounds good, have to get familiar wit vm's

I i saw a walktrough by your hand about pfsense, in: Why Should I Use a VPN https://www.wilderssecurity.com/showthread.php?t=339051
it looks fairly complicated , i'll have to do some reading.....

i wouln't need more speed, just normal browsing and the occasional youtube; i have ssl usenet for other things ,no need for vpn there.
Thank you for your extensive advice, i think i go for two vpn's (in a vm ?)
Whonix looks good too, but i'd rather not use tor if i can help it, but maybe Whonix could be used with vpn in the future.

 

my assumption is that VPN's combined with a proper firewall/anti-keylogger/strong passwords/etc are enough for now unless you are an actual cyber-spy, activist-hacker or other high level threat to powerful people because govts/mega-corps will first go after the low hanging fruit; people who are easy to bust and who make it easy to prove they are guilty in a court of law in your country, and to make examples of. when that starts on a wide scale it's time to look into the triple-VPNs, full hard drive encryption and other security measures.

full hard drive encryption of internal and external hard drives is a good idea anyway in case any of your equipment is stolen.

 

I do nothing illegal.

I try to hide everything I do because privacy is my right.

Therefore, any exit IP that can accomplish that, has a legitimate use, IMO.

CSN thinks all governments are omnipotent.

Having drawn a paycheck from them, many moons ago, I have no such view

PD

 

As a side note, a VPN chain is simple as opening several vpns one after another on the same host or guest OS?
So it would be

VPN #1----------->VPN #2----------->VPN #3

Correct me if I am wrong

 

No, it's not. You can chain two VPNs by opening one on the host machine, and another on the VM. The one on the VM connects through the one on the host machine.

To chain three VPNs, you need to use VPN gateway VMs. See this thread: https://www.wilderssecurity.com/showthread.php?t=339051. Start at the end, and work back.

 

Not to be overly pedantic, but there is actually one other way to use three services and maybe more if you were so inclined. You would need to probably be dealing only with text, no JS, and not much else. After your host connection through your VM connection you could simply browse to a simple SSL VPN such as MegaProxy or one of those once ubiquitous services. They used to be the only consumer-friendly way of using a VPN years ago. There's not many left, but there are a few - and they have their place.

 

ot post removed. see TOS

 

I don't think they are all powerful, but they do have the most power. They have the largest wallet, best toys and brightest minds that = power

On the topic of VPN raids, you will find 95% of the time nation states will co-operate with each other when it's in their best interest. So no, nothing is safe.

I could name some countries that "might" not co-operate, but they fit on two hands so it's not many.