Anonymous Services - Can We Get A List Going And Feedback?

In Tork it's really easy to do (GUI option), get it here: http://tork.sourceforge.net/wiki/index.php/FAQ
For Vidalia and plain Tor see:
https://www.torproject.org/docs/faq#ChooseEntryExit
http://www.ghacks.net/2008/01/29/configure-tor-to-use-a-specific-country-as-an-exit-node/

 

What's the difference between Tork and the Vidalia GUI?

Or Tork is just for Linux?

http://sourceforge.net/projects/tork/


P.S. 4 Days and no word back from Ipredator so I wouldn't waste my time with this...

 

Yes, *NIX only,
It could be ported as it's KDE based which is cross platform. But Vidalia does the same thing anyway minus a very few features like the country option requested.


edit:
https://www.wilderssecurity.com/showpost.php?p=1786832&postcount=2

 

Ok Cool


Ok guys PLEASE post some more VPN providers in Sweden. Ipredator has not returned my email so far in 5 days.

 

Check this link out guys;

http://gizmodo.com/5626381/this-is-the-nuclear-bunker-where-wikileaks-will-be-located

A few of the Swedish VPS providers I mentioned here have their severs located at Pionen White Mountains.

WOW talk about a really cool looking place...

 

hi there,

what are the vps providers that have their severs situated there?

those photos seems to be out from a movie....aliens?

thanks for the link

 

Isn't that really wild looking?

These are two I know that have their servers there...

Anonine
https://www.anonine.com/en

VPNtunnel
https://www.vpntunnel.se/en/

 

I would like to chime in and give a recommendation for Perfect-Privacy ( https://www.perfect-privacy.com/ ). I've been using them for a little while now and I am pretty happy with the service. They have basically any type of service you would want: OpenVPN, PPTP, SSH2 tunneling, Squid/SOCKS 5 proxies and L2TP/IPsec. They also have servers all over the world: US, Canada, UK, China, Germany, Russia, Netherlands, Switzerland, and a whole lot more. At the moment there are 22 servers online (hosting all services) so you can easily chain multiple services through different countries at no extra charge. Supposedly they do not log but, like anyone else, you just have to take their word for it. Support seems good and they have an active forum. Cost is about $35/month, but that seems fair for all they are providing. They also have a custom SSH client (Windows only), which makes things very easy as everything is already configured to their service. You just select a server and hit connect. The only issue is the speeds really. Depending on the server used and how many other people are on it the speeds can vary. At times it can be really slow, although mostly it is acceptable. Its still probably faster than Tor, but even at best its only maybe half the regular speed. More than adequate for general web browsing, forums, email, etc. Probably a little slow for file-sharing, but I guess that is the trade-off for security.

Another service I have tried is VyprVPN ( https://www.goldenfrog.com/vyprvpn/vpn-service-provider ), which is a relatively new service. It is from Golden Frog, which is a subsidiary of Giganews. Their pro service is $20/month with OpenVPN/PPTP/L2TP/IPsec. They only have a couple of servers, mostly in the US with one in Amsterdam and one in Hong Kong. What I can say is that the speeds are phenomenal. I am located in the US, and if I use one of the US servers I get speeds that are practically the same as with no VPN. Very nice. Even using the EU server I still get decent speed. However their service is not particularly secure. First off, they use dynamic IP so you are a lot less anonymous than with other services (like Perfect-Privacy) that use shared IPs. More importantly, they log for "at least" 3 months (which could, technically, be forever). And they are also US based, which may not be desirable. However the speeds are good, so I tend to use them if I need to transfer large files that are not particularly sensitive. They are also fast enough that I can use them all the time without really noticing (unlike other services you might only use when you really need them), and they do add some privacy and anonymity (at least against a casual snooper). I would not recommend them if you need serious security. However if you just need a little extra privacy and want good speeds, this might be an acceptable solution.

 

Both of these have been mentioned already, but thanks...

 

Sorry to double post but a forum that is into privacy and security I can't believe that this post is going by the way side...

There must truly be more people into anonymity and privacy, because in order to have them, you can't go around flashing your own IP around the web.

I said let's get a list and feedback if everyone seems to think we have covered the entire list for the entire world, well fine, but I don't think we have, then let's get some feedback and start really discussing some of this...

I for one don't wish to use my IP online, but now it's a matter of who do I trust to do business with that I'm connecting to and how safe is all of that.

I've also been hearing a lot about this 'Middle Man' attack and I would like to learn more about this as it related to VPN security.

Let's not let this post die, certainly there must be more to come for the new and old alike...

THANKS

 

I see where you are coming from but this isn't a necessary conclusion.

It's Wilders "Security" and security discussions is what got me interested in this forum and why I signed up. Of course you can't really separate these two topics.
So how does security and privacy relate to your home ISP's singed IP address being sent to every random server you connect through and to? As a law abiding citizen of a democratic state you are as secure and private as it gets: Your true identity is only ever be revealed by court order. That's how it should work. Would you need an anonymity provider in such an environment?
And secondly, if you don't trust your state and laws, do you actually really believe any of the commercial providers can provide anything but snake oil?

(I'm not being cynical here, these are honest questions)

If you truly care about strong anonymity there are several options, the most popular got already mentioned and there are several more
http://en.wikipedia.org/wiki/Category:Anonymity_networks
http://en.wikipedia.org/wiki/Category:Anonymous_file_sharing_networks

Well said, qft!

MITM is primarily about SSL. Modern browsers do a fairly good job warning the user, there are some great addons if you need more. VPNs don't add anything new to the table, the only thing that changes is that the provider it self can do MITM too, without a VPN there's less attack surface so to speak, a really minor risk with any of the popular services.

MITM is also a risk to consider with ssh, and yes any VPN implementation. Someone could pretend to be your VPN provider, everything would be tunneled through him to the real VPN, he could see everything in plaintext. PKI, certs or pre-shared secret to the rescue.

 

Browsers do a good job of warning about MITM, how?

And what addons are there? Please share some links...

As far as the trust factor goes, my gut feeling about Sweden seems a lot are honest, just fighting back over the P2P problems and thus offering this service to provide people protection.

So for trust, I really think a lot of the Swedish VPN providers can be trusted...

 

All modern browsers warn you about wrong, missing or outdated certificates. They show a big scary warning.

At least Firefox got a few:
Calomel SSL Validation
Certificate Patrol
Perspectives
https://addons.mozilla.org/en-US/firefox/collections/ivanristic/ssl/?page=1

You don't trust your own government, laws, LEA but you trust Sweden, is that about correct?
If you live in a small state with limited resources you got a chance but if it's the USA you don't gain anything from a VPN. Not only does it have the technological resources to eavesdrop on a global level but the same reach applies for its legal force as well.
My point is, if you want reasonable amount of privacy (i.e. you aren't wearing tinfoil) your ISP is good enough. On the other hand if you are worried about your state spying on you it's game over anyway. Well, you could move to Sweden

 

It's simplistic and misleading to state the alternatives as "want[ing a] reasonable amount of privacy" and "[being] worried about your state spying on you". Large states have many LEA and intelligence organizations, with varying priorities and capabilities. IMHO, what's most important is avoiding the attention of those organizations with the greatest capabilities.

In the USA, all voice and data traffic is probably sampled. Using a VPN prevents that, and so helps one avoid attracting attention. OTOH, VPN traffic itself arguably attracts attention. However, people use VPNs for many reasons -- business, file sharing, posting to Wilders, spying, trading CP, etc. In order to distinguish among those possibilities, it'd be necessary to decrypt the traffic. I doubt that even organizations with the greatest capabilities could decrypt every VPN connection, just to see what's there. And, of course, I could be wrong.

 

I'm not sure what you mean by that. I think you should first focus on those agencies you worry about, those who might be a threat to what you are trying to do and act accordingly.
However me being a (naive?) citizen of a country that isn't the USA I don't worry about any agencies in my country being a threat to my privacy and security. I have this old fashioned belief that if I'm not doing anything illegal I'm no target and they won't bother spying on me. I expect my government to respect our privacy and in case someone is up to no good an independent judge will issue a warrant (or not), the ISP reveals customer data to the police and the suspect will get a fair trial. Based on that I see absolutely no reason to spend money on a commercial VPN.*
*alright, there is one: open wifi and "real" VPNs, as in virtual private network if you know what I mean

You don't need to encrypt everything in order to see what's there and to distinguish between those different traffics. A global observer sees your entry in plaintext and an exit in plaintext somewhere else. It's easy to put the pieces together and correlate the two if you don't do any mixing and such like 99% of all commercial providers.
Second point you already mentioned, we don't know for sure what "they" are capable of. You might be interested in this here:https://www.wilderssecurity.com/showthread.php?t=288891 - just as always, rumors and FUD or more, we don't know.

But IMHO the third point that most often falls under the table in technology focused discussions is the legal and political power. All commercial providers have the ability to see everything that goes over their network, all can and most do log, and all can be forced to log. That's where they all fall short and that's why I claim they are selling snake oil.
I just can't come up with any realistic scenario where your identity is safe by using a VPN of some sort but isn't when you use your plain ISP assigned IP.
The only real difference is that you shift the trust from the ISP to your VPN provider but that doesn't really change anything.

 

That's not how it works in the USA, since 9/11.

That's not true. Although they see exit traffic in plaintext, unless it's encrypted, they definitely don't see entry traffic in plaintext, because the VPN is encrypted. I wouldn't use a VPN service that didn't use mixing etc.

For most VPN services, that's probably true.

I agree with you about shifting trust from ISP to VPN. That's why it's important to pick a VPN provider that you trust. However, I disagree that it doesn't change anything. My ISP is just some faceless corporation, with no loyalty to anything except its bottom line. OTOH, my VPN provider shares my commitments to privacy and freedom.

 

My bad. Of course I didn't mean the content. Let me rephrase:
They see a connection from you into the encrypted network, your true IP is visible in plain text and the amount and timing of transferred data is visible as well. That's all that is required for a correlation attack from the entry side.

That's my conclusion as well, if we only take into account technical attacks.
But that alone isn't enough and so far those that do mixing (only two to my knowledge) haven't convinced me that they are safe from government force and influence. I'd venture a guess that most of their customers are from the USA. Wouldn't they'd risk losing them all if they put idealistic privacy views above everything else?
We all know what happens if you upset "them", it's all about the news currently...

 

So what does wrong, missing or outdated certificates have to do with a MITM attack? I don't get that and then how are you going to know this when the browser warns you?

Well I'm not sure how we got on the government side of things, but it's not my concern really.

My concerns are more about having privacy from my ISP and privacy while I'm online with my IP hidden from any prying eyes, be that a hacker, spammer, someone like Google spying on me, being tracked online, etc., these are my real concerns, just staying safe from all the Internet Threats, as I'd call them, etc...

So that is why I thought VPN would be good to use as a extra layer of safety from all the Internet threats/problems out there...


THANKS

 

It's got everything to do with TLS MITM attacks. As I said there are other MITM attacks as well, but TLS is probably the most important one, most frequently used, most frequently abused. A wrong cert is a read flag that someone _could_ be conducting a MITM - though there's a high rate of false positives.

That's a very unrealistic threat model.
ISPs generally want happy paying customers (there are exceptions, Phorm...) they aren't usually in the spying and selling customer data business.
Google wants to sell targeted ads. For that it uses its ad-network that embeds their tracking codes on almost every website out there. Further they use cookies and to a much lesser extent (because a lot more inaccurate) IP addresses. You can easily protect yourself against this much more effectively with Adblocker, Ghostery, cookie default deny and so on. A dynamic IP (like most ISP provide) is just as good as a VPN where lot of people share a single IP.
Spammers don't care how you connect to the web, they want to deliver their spam to your email, get you read it and trick you into giving them money. VPN got nothing to do with that.
Hackers, if you mean crackers/black hats, they don't care much either. The biggest threat on the internet are drive-by-downloads and they work the same no matter what VPN or not you use. Good host security is what you need instead.
Remember that none of them except your ISP know your true identity just through your IP, spammers and crackers use other techniques and are effective enough. A VPN offers no further protection.

Some governments love to do monitoring and spying. If you live in such a country you might worry about that. But as I said above, a VPN isn't strong enough against a government level "attack". All they need is logs and they can get them from anyone, be that your ISP or your offshore (but friendly state) VPN provider.

My conclusion, for your threat model not worth the money they are asking for.

 

IMHO, more questionable "is the sincerity, credibility and believability" of this new Wilders user, EminenceFront, who started posting yesterday, and whose second post was a shot at XeroBank. Just sayin'

 

Yes, you could call successfully selling snake oil "to be on the up and up"...
It's still snake oil, so what's your point?

 

If a governments forces an anonymity provider to log all connections and hand everything over, according to who's directive are the latter functioning?

 

You must be completely misunderstanding me. Please read what I posted again and you'll see that I didn't suggest anything other than the point I repeated several times now. I though I was being very clear myself.

I don't talk about agendas, ideas, politics or morality. I'm only talking about how effective an anonymity provider can be against government level surveillance.

While you are at it you might also want to reread your own last post and discover the glaring flaw in your logic.

 

@katio, besides the MITM about certs, ok I see where you're going on that, also is there any other way to detect this? As far as the other things you mentioned, I know about these things already.

As far as the spamming part, I was talking about those that will hack your box and use it to spam from, this has been done before.

As far as the IP goes, of course just because people can see your IP that doesn't mean they know who you are, they just know where you come from and you've exposed yourself to risks, because now with an IP they can target you to see how strong the box is against attacks...

If you want to protect that box then you protect that IP and make it not so easy to find, this is all I'm going on about when it comes to Internet security and so on...

Hide the IP, then you're not exposed to internet threats of any types you can imagine...

I think everyone has me completly confused on this issue here and I assumed as GEEKS when I talked about this post everyone had a clue.

As Geeks you should know that if you want to get hacked you expose your IP and Ports, that's all there is to it,when it comes to loosing your privacy and anonymity and that's the LEVEL I was coming from, protecting that privacy and anonymity, PROTECTING THAT IP!

HIDE THE IP, PROTECT THE PORTS!

Now with this understanding this is why I was looking at using a VPN to hide my IP behind, for this simple reason of not hacving it so easily exposed...


THANKS

 

No, nothing besides what I've already written.
I've read about someone who's deleted all the default certs and then phoned the companies he was doing business with to check the fingerprints over phone but that's probably taking it a bit far

Then the same applies what I've written about crackers (malware, drive by, host security...)

Sorry to say this but you got it wrong. That's absolutely not how it works.

As long as you don't have an IPv6 address there is no point in hiding one's IP. There's only a limited pool of public IPv4 addresses and they are constantly hammered by automated attacks, all of them. Even if that wasn't the case you most likely got a dynamic IP and whoever had this IP assigned to before probably didn't use a VPN...

Don't keep any services running facing the internet. If you do make sure you use a strong MAC system, up to date software and preferably white list allowed IPs. There really isn't much to worry with the default home setup these days. OSs got good firewall rules ootb and pretty much everyone uses a router with NAT.
If you come out stealth here with your home IP you are as secure against these sort of threats as it gets: http://www.grc.com/x/ne.dll?bh0bkyd2

It's different with targeted attacks but I don't think that's part of your threat model.