Can You Trust Your VPN Provider…?

Discussion in 'privacy technology' started by lotuseclat79, Oct 2, 2013.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Can You Trust Your VPN Provider…?.

    -- Tom
     
  2. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Spoiler:

    I can't help but wonder which free service they are referring to though.
     
  3. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Yes they can, why? Money. Why does the NSA spy? Money? Yes. Power yes, what makes power? Money. VPN providers are just as invested at keeping us private as the NSA in exposing us. Trust in finance.
     
  4. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    If I'm reading that right, that means if one goes by that logic, you can trust your ISP, Microsoft, Facebook, Google and all those other advertising companies and websites that emply advertising. To stretch things further, you can even trust your government.

    It ain't an argument from my side. I know exactly what you mean. I'm merely poking fun if that isn't obvious. Can't resist the temptation :p
     
  5. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Good article, thanks.

    PD
     
  6. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    ISP's motivation was never privacy and they don't offer privacy for money they offer your internet connection for money. In 99% of abuse cases an ISP will issue you 3 - 10 letters before they will close your service if you have been bad. Why? because they make more money from you being a customer then doing the opposite of what the product they sell you is "to provide internet". Facebook is a free service and so is Google, which make money from other entities which is why they don't care about you, they care about the other entities that are giving them money. Microsoft, does not want you to use Linux or Mac which is why 99% of the time people can pirate the windows operating system without issue, they would rather you be a non paying customer then lose you as a customer, but breaching their paying customers trust they cannot do which they don't because of the money that motivates them. Advertising again, they make money from their clients not from you, so why should that care about your privacy when you offer them no transaction in return. Governments provide national defense for your money and provide telecoms and infrastructure, which is what your tax dollars pay for, but the corruption you say? that's not the "Governments" fault, that's its employes who make less money and thus abuse their power and place in society to achieve a monetary gain.

    So yes... my point still stands.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I like TorrentFreak's auditing idea.

    However, there really is no way to know whether a provider is trustworthy or not, until you know that they weren't. Look at HideMyAss. Maybe their name and site design were dead giveaways ;) But really, who knew?

    Distributing trust among multiple providers, so that you can't be compromised without collaboration, is the best option that I know.
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    More than other Internet entities that (will) know my IP address.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Silk Road owner sold out by his VPN provider!

    We have another example, fresh off the BBC:

    <-http://www.bbc.co.uk/news/technology-24371894->

    Who was that VPN provider?

    Edit: There's another interesting implication in that quote. The claim that "detailed analysis of Silk Road's source code highlighted a function that restricted who was able to log in to control the site, locking it down to just one IP address" implies that they compromised the site before discovering who ran it. I'm betting that he was sold out by one of his administrators. Maybe it was the guy that he was trying to have killed. Another disgruntled employee ;)
     
    Last edited: Oct 3, 2013
  10. Gitmo East

    Gitmo East Registered Member

    Joined:
    Jul 28, 2013
    Posts:
    106
    Re: Silk Road owner sold out by his VPN provider!

    Surely he was using a service that "kept no logs".... surely.
    Did they (VPN provider) lie or get "compelled" o_O
    Either way not a good turn of events.
     
  11. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Re: Silk Road owner sold out by his VPN provider!

    Dread Pirate Roberts - As You Wishhhhhhhhhhhhh.

    (EarthVPN/HideMyAss) one of these two "my early guess". I can also guess he was using a VPN provider that offers "personal" Static IP VPN's due to the fact he set the website to only allow a single IP so it must be static and logic tells us he would want to own the IP so nobody else can use it. So we are looking for a VPN provider offering static personal IP's. Which again is probably why his VPN provider could not protect his anonymity.
     
    Last edited: Oct 3, 2013
  12. Re: Silk Road owner sold out by his VPN provider!

    I still cant believe how he used a gmail address with his real name...
     
  13. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Re: Silk Road owner sold out by his VPN provider!

    He was an economics expert, not a security expert he just did what he could. You start a company up and he may be impressed with your client security but have much to tell you about maximizing your profits by optimizing logistics. ;)
     
  14. Re: Silk Road owner sold out by his VPN provider!

    Do you think he's been selled by his admn or by his vpn?
     
  15. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Re: Silk Road owner sold out by his VPN provider!

    VPN, but not by their choice. He made posts on the open web with his personal email, which let authorities detect his real identity before anything else. Authorities then probably audited his Credit-Card/PayPal accounts and found a VPN purchase they located an IP address in the websites source code which was the only IP that could enter the admin console of SR. This means he was using a static IP that never changes, they took that IP and asked the VPN company if that was related to his account via his payment info, found out he had purchased a static IP on one the VPN company's servers and because its static and nobody else was using it they can determine it was his traffic to the website, then if the VPN company had logs of internal IP's they could tell authorities where he connected from, as well as the fact they already knew about his friends apartment as he logged into his Gmail there.

    Short answer, he done goofed before the VPN was even contacted.

    Just as an example if he was using IPVanish it would explain his capture. Same with any other similar services.
     
  16. Re: Silk Road owner sold out by his VPN provider!

    Thank you really nice answer Talis, which vpn do you use? Id like to try BolehVPN or AirVPN i havent decided yet but i read many positive feedbacks about the first one.

    A last question sorry, in your opionion its useless to chain vpn if you just want to use torrent? Because if i read well i can set up utorrent just with one vpn, or maybe i am wrong?
     
  17. Gitmo East

    Gitmo East Registered Member

    Joined:
    Jul 28, 2013
    Posts:
    106
    Re: Silk Road owner sold out by his VPN provider!



    Nice deconstruction :thumb:
     
  18. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Re: Silk Road owner sold out by his VPN provider!

    I have subscriptions to both BolehVPN & Mullvad VPN services. I have used many services over the last 5 years and these are the two I will keep, as I like to always have a back up, and my brother uses my BolehVPN account anyway as he uses it for torrents, they let you have 3 concurrent connections on different servers so its never been problem and kudos to them for that, its not an official rule but its an accepted one. I also use Mullvad as my day to day VPN myself.

    BolehVPN is king of the support VPN, they will go to great lengths to help you if you need it. Mullvad is the king of single hop servers and server side security in my opinion. Both are great choices, If your new to VPN's and networking and just want something to work go BolehVPN, if you like to play around with settings and mess with code go with Mullvad. Both are great.

    AirVPN has weaknesses, I don't recommend. ;)

    Don't chain VPN's there is no real benefit in doing this other then a slower internet connection, the only reason you would ever need to do this is if you are super paranoid or your engaged in criminal activities.

    Ty.
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Re: Silk Road owner sold out by his VPN provider!

    They had his site before his VPN sold him out.

    I'm guessing that one of his admins sold him out.

    That's rather like Snowden, isn't it? ;)

    Edit: He made lots of other stupid mistakes. But from the BBC article, they clearly didn't know who he was until after they had site access. It's even possible that they had some site access since 2011-2012, but not enough access to shut the site down.
     
  20. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Re: Silk Road owner sold out by his VPN provider!


    How comes ?

    Since its Italian and they share good relations with Canada and US ?

    Only 2 sell out VPNs I have heard lately is earthvpn (the one where his mate chatted online about explosives etc) and hidemyass one we all know of.
     
  21. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    No. But I'm somewhat paranoid :)
     
  22. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Re: Silk Road owner sold out by his VPN provider!

    When you continually see folks refer to Air as having weaknesses you have to consider why they say that. I have created some extremely stringent firewall rules with help and instructions from the "Air team". If you follow their recommendations you will end up with a machine that is locked down so much better than you can imagine. But - folks don't want to take the time to learn how to secure their stuff. They want some crappy little client auto-button that they think will protect them from a lost connection, dns leaks, and similar. If they took the time to examine those clients a little closer they would see the holes that little "click and done" approach doesn't cover.
     
  23. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Re: Silk Road owner sold out by his VPN provider!

    Agreed you should always go the firewall or pfsense or router route to block any outgoing connections if vpn drops, you could never tell if your client decided to crash or stall. I doubt however this is the concern over AirVPN.
     
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Re: Silk Road owner sold out by his VPN provider!

    From their history FAQ, I gather that AirVPN originally operated out of France. They got shut down a few years ago, and moved to Italy. Even then, no user account information was compromised (they say). So I'm confident that they're prepared for a bust, secure against information leaks, and ready to move if necessary.

    We could just ask them, no?
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Re: Silk Road owner sold out by his VPN provider!

    Just use pfSense VMs as VPN clients. Totally secure routing and firewall rules are just a few clicks away ;)
     
Loading...
Thread Status:
Not open for further replies.