Choosing a securely-anonymous VPN

Discussion in 'privacy technology' started by hierophant, Sep 20, 2010.

Thread Status:
Not open for further replies.
  1. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    This has been the core topic of many threads here. And there's still no clear answer, IMHO.

    Users can assess many parameters -- such as cost, bandwidth, throughput cap, and customer service -- through provider websites, forums like Wilders, reviews, and other public sources. And they can readily verify them, and share their experiences.

    However, it's very difficult for users to assess other key parameters, such as TOS, being a honeypot, technology claims, difficulty to compromise, and likely response to LEA requests. Even knowledgeable users don't typically have the necessary skills, and/or access to necessary resources. And AFAIK, there are no third-party reviewers that go beyond basic usability issues.

    Consider my experience. I read good stuff about Lance Cottrell and Anonymizer.com in the mid-1990s, and I used them for years. Then I read that they'd been acquired by Abraxis, a CIA company, and immediately bailed.

    Was I just being paranoid? After all, Lance Cottrell still apparently stands for privacy.

    Anyway, after trying a few other services, I started using XeroBank, based largely on discussions here at Wilders. Although I'm still happy with the VPN service, I'm unsettled by the lack of customer service, the serial flakiness re new services, the poor communication, and all the FUD re LEA and XYZ associations.

    There's nothing that rises to the "owned by the CIA" level, AFAIK. In other threads, I've criticized attacks by innuendo, and have challenged others to disclose any such evidence that they have. However, upon reflection, I get that there may be constraints preventing disclosure.

    So what's the best approach? Do we bail at the first suspicion? Or do we wait for clear evidence? And how do we decide which service to trust next?
     
  2. uxossone

    uxossone Registered Member

    Joined:
    Sep 12, 2010
    Posts:
    7
    Let's wait until you're turned over to LEA? Then we will have proof?

    :argh:
     
  3. uxossone

    uxossone Registered Member

    Joined:
    Sep 12, 2010
    Posts:
    7
    -----

    -----
     
  4. uxossone

    uxossone Registered Member

    Joined:
    Sep 12, 2010
    Posts:
    7
    I could care less if XB is a honeypot or not. The reason I left was due to consistent problems, poor throughput, and lies re: service improvements.
     
  5. uxossone

    uxossone Registered Member

    Joined:
    Sep 12, 2010
    Posts:
    7
    Regardless, it's "securely anonymous." You don't need a hyphen.
     
  6. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Yes, that would indeed be proof -- for me, anyway ;) But wait. How would I know who/what had compromised me? And would y'all believe me?

    Anyway, that's certainly one kind of proof. Examples that come to mind are penet.fi and eGold. I'm sure that there have been others.

    Perhaps we need a testing service that creates "user honeypots" to test anonymous VPNs and such :D I'm not sure that I'm up for that, just yet.
     
  7. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    True. My bad.
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere

    Since you were a grammar nazi with Hierophant.....

    1. There's an edit function; no need for 4 posts in 7 minutes.

    2. You mean you "couldn't care less," not that you, "could care less." Common mistake.

    3. What does a post with the total content of "-----" mean? If you deleted the post, just type "self-delete" or something. Unless, you did post that as sole content. If so, what does it mean?

    4. In your third post, "..due to," was completely unnecessary in your sentence. Remove it and see how it still works?

    I'm being a jerk really as a joke to show that when one plays grammar police, it's best to not throw stones in glass houses.

    Oh, welcome to Wilders!
     
  9. uxossone

    uxossone Registered Member

    Joined:
    Sep 12, 2010
    Posts:
    7
    Split infinitive... tisk tisk.

    ;-)

    I couldn't edit my own posts. Meh. I'll just ditch this account and use another one. I have done that several times anyway now.
     
  10. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Fair enough. And what else is available?

    And BTW, I'm focusing here on evaluating a single service provider. As you've noted, combining VPN services increases anonymity (unless they collude, of course).

    What's the alternative? Word of mouth? Being a hermit, that doesn't work for me ;)

    Hey, at least I didn't play with AP or eGold ;)

    OK, I'm listening :)

    Edit: OK, we can move to your new thread if you like.
     
    Last edited: Sep 20, 2010
  11. herr

    herr Registered Member

    Joined:
    Sep 23, 2010
    Posts:
    9
    For me the first rule has to be that the VpN is really off shore and its management is not in the USA, UK, or Europe, countries where everyone shares information and can get court orders to force any service to log and cache. For all you know your service could be logging and caching now on a closed court order and you wouldnt find out about it for six months. Off shore is the only way to go.
     
  12. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    And your point is?
     
  13. herr

    herr Registered Member

    Joined:
    Sep 23, 2010
    Posts:
    9
    If its not off shore, by definition its not secure and not anonymous. Above you stated: cost, bandwidth, throughput cap, and customer service are the drivers. They don't determine security. Secure servers and location of management do. (As well as whether the service is actually encrypted)
     
Loading...
Thread Status:
Not open for further replies.