Choosing a securely-anonymous VPN

This has been the core topic of many threads here. And there's still no clear answer, IMHO.

Users can assess many parameters -- such as cost, bandwidth, throughput cap, and customer service -- through provider websites, forums like Wilders, reviews, and other public sources. And they can readily verify them, and share their experiences.

However, it's very difficult for users to assess other key parameters, such as TOS, being a honeypot, technology claims, difficulty to compromise, and likely response to LEA requests. Even knowledgeable users don't typically have the necessary skills, and/or access to necessary resources. And AFAIK, there are no third-party reviewers that go beyond basic usability issues.

Consider my experience. I read good stuff about Lance Cottrell and Anonymizer.com in the mid-1990s, and I used them for years. Then I read that they'd been acquired by Abraxis, a CIA company, and immediately bailed.

Was I just being paranoid? After all, Lance Cottrell still apparently stands for privacy.

Anyway, after trying a few other services, I started using XeroBank, based largely on discussions here at Wilders. Although I'm still happy with the VPN service, I'm unsettled by the lack of customer service, the serial flakiness re new services, the poor communication, and all the FUD re LEA and XYZ associations.

There's nothing that rises to the "owned by the CIA" level, AFAIK. In other threads, I've criticized attacks by innuendo, and have challenged others to disclose any such evidence that they have. However, upon reflection, I get that there may be constraints preventing disclosure.

So what's the best approach? Do we bail at the first suspicion? Or do we wait for clear evidence? And how do we decide which service to trust next?

 

Let's wait until you're turned over to LEA? Then we will have proof?

 

-----

-----

 

I could care less if XB is a honeypot or not. The reason I left was due to consistent problems, poor throughput, and lies re: service improvements.

 

Regardless, it's "securely anonymous." You don't need a hyphen.

 

Yes, that would indeed be proof -- for me, anyway But wait. How would I know who/what had compromised me? And would y'all believe me?

Anyway, that's certainly one kind of proof. Examples that come to mind are penet.fi and eGold. I'm sure that there have been others.

Perhaps we need a testing service that creates "user honeypots" to test anonymous VPNs and such I'm not sure that I'm up for that, just yet.

 

True. My bad.

 

Since you were a grammar nazi with Hierophant.....

1. There's an edit function; no need for 4 posts in 7 minutes.

2. You mean you "couldn't care less," not that you, "could care less." Common mistake.

3. What does a post with the total content of "-----" mean? If you deleted the post, just type "self-delete" or something. Unless, you did post that as sole content. If so, what does it mean?

4. In your third post, "..due to," was completely unnecessary in your sentence. Remove it and see how it still works?

I'm being a jerk really as a joke to show that when one plays grammar police, it's best to not throw stones in glass houses.

Oh, welcome to Wilders!

 

Split infinitive... tisk tisk.

;-)

I couldn't edit my own posts. Meh. I'll just ditch this account and use another one. I have done that several times anyway now.

 

Fair enough. And what else is available?

And BTW, I'm focusing here on evaluating a single service provider. As you've noted, combining VPN services increases anonymity (unless they collude, of course).

What's the alternative? Word of mouth? Being a hermit, that doesn't work for me

Hey, at least I didn't play with AP or eGold

OK, I'm listening

Edit: OK, we can move to your new thread if you like.

 

For me the first rule has to be that the VpN is really off shore and its management is not in the USA, UK, or Europe, countries where everyone shares information and can get court orders to force any service to log and cache. For all you know your service could be logging and caching now on a closed court order and you wouldnt find out about it for six months. Off shore is the only way to go.

 

And your point is?

 

If its not off shore, by definition its not secure and not anonymous. Above you stated: cost, bandwidth, throughput cap, and customer service are the drivers. They don't determine security. Secure servers and location of management do. (As well as whether the service is actually encrypted)