can you connect to a VPN anonymously?

Discussion in 'privacy technology' started by scrty001, Aug 15, 2008.

Thread Status:
Not open for further replies.
  1. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82
    I was thinking to get one of those vpn services such as xerobank or findnot. I haven't decided on which service.

    I was wondering when I connect to the VPN can I connect anonymously or will my vpn service (xerobank or findnot) log the IP that connected to their VPN.

    There is a software called proxifier I believe which will make all your traffic anonymous. Not just, your browser traffic as if you were using a proxy but, all traffic and 3rd party applications such as IM programs. So would this work with connecting to VPN as well?

    Is Xerobox it's own anonymous OS ? So, I could use Xerobox to connect to a xerobank vpn ?


    Sorry if I sound confusing as this is going to be my first time to purchase VPN service. My main question is that if it's possible to connect to the VPN anonymously so that the VPN company doesn't log the IP the IP that is being connecting from.



    Thanks
     
  2. Ballzo

    Ballzo Registered Member

    Joined:
    Sep 30, 2004
    Posts:
    36
    Yours is an excellent question.

    There may or may not be a simple answer.

    Regardless as to how you connect to your anonymous connection ie; privacy service, Tor, whatever, your ISP knows where you are connected. However they cannot see the content of your traffic. They know you are connected to Tor, SwissVPN, FindNot, Xerobank, whatever, but they can't see your traffic.

    Now as to your question of logging that is a much dicier affair. We can take FindNot and Xerobank as examples, and examine their stated privacy policies. These policies are the subject of much debate and disagreement as to their accuracy. I do not mean to imply that they aren't, but some people take them at face value, while others assert that their logging policies can't be accurate, or aren't realistic.

    To me what it ultimately boils down to is: 1) What are you trying to keep anonymous? 2) Whom are you trying to be anonymous from?

    And lastly, these are low latency networks. It is assumed that one has no chance against a global adversary who has access to all points of traffic.

    FindNot

    http://www.findnot.com/competitive_analysis.html

    "Log Files - Most companies will log everything you do and save these logs for years. If they are in the USA (as 98% of them are) they will have to turn over the log files on any official request or subpoena and they won't even tell you. Read their terms of service. We retain log files for a maximum of 5 days after which they are deleted from all sources. This allows us to protect our servers from being compromised by abusive users. We have never yet received a lawful subpoena valid in our jurisdiction that we would be bound to comply with. If such a subpoena was to appear one day, we have no doubt that it would require more than 5 days for it to be served upon us Most legal processes requiring information take months from the time of the act in question, not days. We doubt this policy would ever violate someone's privacy and is in place to protect our system from abuse. We do not know of any competitive service that does not keep some sort of logs."


    Xerobank

    http://xerobank.com/privacy_policy.php

    Requests from Law Enforcement

    "XeroBank has built its privacy networks to have client account data separated, segregated, and encrypted on multiple servers in multiple countries so no single party can compromise clients and their data. Most internal account transaction details are not mathematically reversible due to one-way operations. Subsequently, XeroBank does not have specific client data to share with network providers, legal authorities, or law enforcement of any jurisdiction. In the case that such authorities can validate claims of violation of XeroBank's Terms of Service, we may attempt to terminate the client account from which the abuse originated. If XeroBank is served with court orders of all applicable jurisdictions for all specific servers, we may be forced to attempt to trace live data connections. Violation of XeroBank's Terms of Service invalidates the privacy policy and enables XeroBank's prerogative to log offending traffic. XeroBank will not aid or protect criminals. If fraud or hacking is detected within XeroBank's networks, we will proactively notify and assist authorities with tracking and identification of the criminals involved. XeroBank is not a service to mask abusive or threatening activities; thieves and criminals beware."

    "XeroBank does not log client activities or IP addresses when using the XeroBank anonymizing network, unless required by law, or unless an automated process has flagged traffic as being potentially malicious; however we may capture non-sensitive statistical data, used only to analyze network performance or locate problems. This data may be used to generate public traffic reports on XeroBank network health. In the event that suspected malicious traffic is captured, it will be reviewed by a human auditor. If the data is found to be non-malicious, the logged information will be securely wiped. In the situation that XeroBank is presented with court orders, to all involved XeroBank associates in their respective jurisdictions, XeroBank may be legally compelled to attempt to monitor that specific client's account, or trace the client's connection, but no others'. No "fishing expeditions" will be allowed under any circumstances."

    B
     
  3. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82
    Thanks for your reply!

    I understand what you're saying about the ISP knowing where I'm connecting but, not being able to see the traffic.

    I'm trying to find out if it's possible to connect to findnot or xerobank anonymously. Even though they say they only keep logs for 5 days or xerobank says they don't log IP's unless required by law.

    Even if they don't log IP's is there software out there that will let you connect to them anonymously so even if they did trace you that it would lead them to a different IP.

    What about if you used both services Xerobank and Findnot. Can you use 1 VPN to connect to another VPN? Is that possible? Would that even help or it wouldn't do anything?


    Thanks
     
  4. Ballzo

    Ballzo Registered Member

    Joined:
    Sep 30, 2004
    Posts:
    36
    These are payment-based subscription services. Plese keep in mind that unless your payment to that service is anonymized, in theory at some point there may an evidentiary chain as to who you really are. Your physical payment might be traceable to your actual account with the privacy service. That's an important point. This is why many people believe that a privacy service is just that: private, but not anonymous. They feel that the privacy service will always, at some point, know who you are. And how far they are willing to go to protect your identity, again, the subject of much intense debate.

    A privacy service will know what your originating IP is. There is no way around that. But when push comes to shove, will they protect you? That's a complicated question.


    When you connect say to Xerobank, the OpenVPN connection simply identifies a transaction ID that is assigned, and unique to you. Xerobank says that there is no link between the transaction ID and the actual customer.They state that payment records are anonymized, and unavailable to them.

    You are ultimately trusting a privacy service not to reveal your identity.

    By contrast, Tor operates on a model of distrust.

    Perhaps consider JanusVM, which is free and an excellent offering. This uses a VPN connection and operates through the Tor network.

    http://janusvm.com/

    Does this help?

    B
     
  5. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I think i've written on this topic a couple of times. Chaining proxies together lowers your anonymity and increases your risk because you are exposing plaintext traffic to two networks instead of just one. If the traffic is encrypted end-to-end such as https, then you're fine.

    As for using JanusVM, i think that is a great idea. It creates a VPN connection to Tor. However ONLY use https because it uses the Tor network, which allows anyone to monitor your plaintext internet traffic and inject malicious code into it.

    In regards to chaining proxies together, yes, you could. First create the initial OpenVPN connection, then create the next one. It should go out through the same extension.
     
  6. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82
    Thanks for your replies.

    I'll take a look at JanusVM although money isn't really an issue. The main thing is anonymity and privacy. Also, I'm not really sure about using the free ToR network, I've heard from experienced individuals in computer security state that there are way too many honeypots on the free ToR network. Only reason is that anybody can setup their own server on the ToR network.

    I think Xerobank has their paid version for the ToR network which is private believe. That could probably be used with JanusVM?

    @ Xerobank -

    When an account expires, it gone completely? All records, original IP, etc..? If anybody follows up with your company regarding a particular account that has expired, is it still possible for you to trace that account? I was reading through one of your threads on here and I believe somebody suggested to get a new account every week and it would cost more but, I think you said that was something you could do.

    Also I'm new to this and I'm not sure what you're saying when you were talking about how chaining proxies lowers your anonymity since you're exposing plaintext traffic.

    My interest is in being anonymous, if somebody else is snooping on the network I don't care since I'm not doing anything wrong or anything malicious. My only interest is being anonymous and not being able to be traced. So, I was asking if you use 2 services such as findnot and xerobank this is what I'm guessing you were referring to as "chaining proxies"? So, I was wondering if it would make it more complicated to trace the original IP. If you expose plaintext traffic to networks does that mean they can use that traffic to trace the original IP?

    When you say only use https you mean as in when you visit a website? If a website doesn't have https then you're saying to not use it?

    Sorry for the noob questions.


    Thanks again.
     
  7. fuzzylogic

    fuzzylogic Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    149
    its probably not techincally possible, no matter what third party you use they are going to know your ip address. that said perphaps you should consider using a SSH provider along side your VPN connection. Say have the VPN connect to say netherlands, and then a SSH connection to another country (say germany).

    its sort of chaining but your pushing your SSH through a VPN, its an idea.
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Kind of. Our network isn't Tor, because that is a distrust design and inefficient for a single entity to use, and results in lower performance and higher latencies.

    That's something we're toying with. The reason is because we have imap mail and storage in the network. If suddenly you missed a payment for whatever reason, you wouldn't want your data to disappear that day. But for a direct account cancellation, we'll be implementing complete account removal. However, due to the deposit/access account relationship, it doesn't matter. an IP address doesn't mean anything to us, because we aren't logging the traffic and have nothing to tie it to.

    My opinion on it is to keep an expired account undeleted for 30 days, and then wipe it. Cancelled accounts should be wiped on the next go-around.

    It isn't really possible to trace an account without the user being connected to the network live or having an active account that could be monitored. There isn't any going backwards because there are no logs and the account holder identity is separate from the account itself.


    This is a common issue. When you use a VPN, the internet is not magically encrypted the whole way. We encrypt from you to us, and then we decrypt it and hand it to the internet and re-encrypt the response back to you. All networks work like that. You use any network, and they can look at all traffic if they were inclined.

    [YOU] -> (encrypted connection) -> [PROXY PROVIDER] -> (unencrypted) -> [INTERNET]

    So if you chain two proxies together, you *could* get:

    [YOU] -> (encrypted connection) -> [PROXY PROVIDER 1] -> (unencrypted) -> [PROXY PROVIDER 2] -> (unencrypted) -> [INTERNET]

    That means two proxies get to see your traffic instead of one. If you manage to create one connection encrypted inside another, that means only the final one can see your traffic, but they can both do traffic analysis.

    Yes, kind of complicated. The bottom line is that you want to trust as few people as possible. Pick a single proxy network and use that.

    What it *sounds* like to me is you want a service you can use, that doesn't know who used the account. If that is correct, you'll need a provider who anonymizes the account activity from the account holder, and doesn't keep logs. Please tell me if this is correct or not.

    If you don't trust your proxy provider, or they are distrustworthy like tor, only use https. If the site doesn't have it, don't use the site, IMHO.

    These aren't noob questions. They are legitimate concerns, and anonymity is indeed a complex subject for even the most well-versed in it. You're certainly asking questions that others will want to know the answer to. Please feel free to ask any more.

    The pleasure is mine.
     
  9. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82
    Thanks for the explanation. I understand what you're saying about chaining proxies. What do you think about what fuzzylogic suggested about using SSH to connect to VPN. Would that be considered chaining?

    Yes, that's correct. So, you don't keep any logs at all unless required by law and Findnot does keep logs for 5 days.

    If somebody requested to cancel their account would you wipe the account or wait 30 days? Could you explain this further, "But for a direct account cancellation, we'll be implementing complete account removal. " I didn't understand completely. Is a direct account cancellation a request to cancel the account? When are you planning on implementing that?


    Thanks
     
  10. fuzzylogic

    fuzzylogic Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    149
    i must thank you for such a good thread, these are really good questions.

    i didn't explain what a SSH does and how its different to a VPN, a SSH connection will connect to a remote computer via a encyrpted connection but will only redirect applications that have been 'proxified' or have been configured to use that connection, otherwise they just ignore it and use a direct connection via your isp.

    a VPN is a remote encrypted connection to a remote computer but this time your whole internet is pushed through it and thus applications doen't have to be configured, they will all use this connection.

    So when your connected to a VPN and a SSH, that SSH connection is pushed throught the VPN, sorta 'chaining' but techincally your pushing one encrypted tunnel through another. i.e
    <computer>--<ssh connection via vpn>--<vpn connection>--<vpn server>-<encyprted>-<ssh server>--<internet>--<desination>

    this must be really confusing but its abit techincal to explain, so in conclusion all your ssh and vpn are ecrypted until it hits the internet.

    on a side not you could possibly connect to a openvpn server then to a pptp/ipsec connection thus chaining a vpn chain but i'm not so thats techincally possible and thats abit outside my understanding. i'm sure someone will explain that better than i can.
     
  11. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    fuzzy is right. It's like one straw inside another straw, if you do it like that. But you'll probably kill your speed. :D

    And as for cancelling, yes we'll wipe the account. That is opposed to the account just expiring.
     
  12. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82
    I understand what you're saying from your explanation about how using SSH with VPN would work. so based on what you said about the SSH being in Germany and VPN in Netherlands. Does that mean that if the VPN was logging IP's they would see the IP for the SSH in Germany?

    How do you SSH? Is it a service you purchase like VPN? If so, then this goes back to trusting your proxy provider since even though your VPN doesn't have your original IP now the company you're using for SSH has your original IP, correct?

    I'm just speaking for discussion now, that probably sounds really paranoid.
     
  13. fuzzylogic

    fuzzylogic Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    149
    well SSH is done by program like PUTTY, whom does all the hard work of connecting and authorising the connection, and what encyrption method is used. However most providers will provide a program all configured to be used straight away, this works for most average users, through some will use third party open source because they don't trust any software that isn't.

    Providers of SSH is:
    - Secure-tunnel: the most convient and simply to use. Servers are located in the US.
    - Metropipe: Their standard tunnel service providers a SSH connection to servers in germany, they are based in netherlands (according to the whois record). Cost around US$50 a year. There are rumors that they are scammers through this isn't much evidence to support that.
    - Perfect Privacy: based in new zealand, have ssh connects to several servers around the world. are expensive, around 30 euro for 3 months.

    There aren't too many good SSH providers out there and they seem really expensive.

    Yes your VPN provider will see an ip address for you ssh provider but nothing beyond that, just like your isp they will see an outgoing encyprted tunnel, but beyound that they have no idea where and what its doing.
     
  14. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82
    Thanks for all the information. When you connect to the SSH will they have your original IP? If so, do you think you could still benefit from connecting to your VPN with SSH if you're concerned about anonymity? If you've done this, does it really slow down your internet speed?


    Thanks
     
  15. fuzzylogic

    fuzzylogic Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    149
    yes, your SSH provider will have your orginal ip. A general rule of thumb is the more hops your make, the slower the connection will be.

    anonymity is a hard issue and i'm not sure you can do anything online thats completely anonymous. i think people get anonymity and privacy confused. i'm not a believer of anonymous; but i'm a big believer in privacy. if you want to become more private, they using these services will active that. if you pick up a SSH connection for web browsing, IM and email you've got it all covered. Vpn, even better. But anonymous is harder and theres always human error that will stuff even the best of plans. sure you could live on TOR/JAP and temporany emails but in the end you'll get sick and tired of it and just fall back to old habits.

    in the end the only thing you'll need is a SSH (metropipe/secure-tunnel), if you wish a Openvpn VPN provider. Noone will ever be anonymous or immune from consquences but in the end you'll have a system in place that will keep your web browsing private from snooping eyes; data retention and web nasties. However you'll never be safe from logging no matter how minimal it is. Filter what information you went online, keep your nose clean, and you'll be more than out of harms way.
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    So the secure tunnel provider would have your true IP? I thought the tunnel would go through the VPN first and then on out to the tunnel service. So then this means that the VPN would see the tunneler IP?

    Okay then, when Xerobank offers the Cryptorouter for personal use, then what would the tunneler see? Because everything that leaves your computer would have to go through that hardware device first. I would assume that the secure tunnel would only be able to see Xerobank if it is going through the cryptorouter.
     
  17. JimBss

    JimBss Registered Member

    Joined:
    Sep 8, 2008
    Posts:
    4
    It seems to me that the best way would be to use lets say xB and PP like this:

    Your PC (VNC Secure Connection to VPS1)---> xB ----> VPS1 ---->PP----> Internet

    This way all your service providers must give your IP info in order for someone to find you . Now if you can get a debit card anonymously you are very safe. You can also add more such nodes in between for enhanced privacy.
     
    Last edited: Sep 8, 2008
  18. JimBss

    JimBss Registered Member

    Joined:
    Sep 8, 2008
    Posts:
    4
    Also FindNot states:


    Q) What about E-Gold?

    A) E-Gold is as anonymous as you can get. There are in a privacy oriented jurisdiction and are not collecting any ID on users, so they don't know who you are.

    This is false so refrain from using them
     
  19. fuzzylogic

    fuzzylogic Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    149
    dead right, e-gold isn't worth touching at the moment if ever again, through at one time it was a safe anonymous way of paying. Through no more.

    Your VPS idea is a good one, but has the same problems as using a SSH via VPN, and you need good bandwidth to use remote desktop, otherwise it looks abit choppy and seems slower as it trys to report back to you. I'd guess you could use something like XB machine or the older metropipe portable OS installed to have a locked down/encyprted OS, anyone up to trying it?

    If you can't be bothered using a VPS to setup a system, cosmopod would be used, its the only one i can think of right now. their aren't many remote desktop service providers out there.
     
  20. JimBss

    JimBss Registered Member

    Joined:
    Sep 8, 2008
    Posts:
    4
    Well, you can install anything on a VPS, so it could be a machine that connects to Perfect Privacy through VPN, and you could install a SOCKS5 proxy that goes through the secure VPN. So you can replace VPS with the proxy...
     
Loading...
Thread Status:
Not open for further replies.