Choosing A VPN Provider

Discussion in 'privacy technology' started by PooseyII, Sep 20, 2010.

Thread Status:
Not open for further replies.
  1. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    OK, I get that you have some expertise. So, which VPN do you recommend?
     
  2. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Hey, just thought I'd ask again ;)

    You've posted great advice, and perhaps that's the most I can expect in this context. Specifying one's threat model and other requirements is certainly where to start, rather than just focusing on technology.

    What's problematic is this question: "What do you really know about the provider - not what you have written or heard, really know?". Most of us know just about nothing, and have about no chance of learning anything (until that knock on the door, and perhaps not even after that). What's the basis of our "best guess", as it relates to one provider vs another?

    Anyway, thanks for your patience.
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    A VPN's weakness is that the computer is just as susceptible to malware as it was without VPN.
    So a VPN's goal is not in protecting the integrity of the system, but the transmission of data between two systems.

    I would choose a VPN from a company that can also help protect the integrity of my system not just the transmission of the data between two system.

    A VPN is in a unique position to do this.
    All the clients data is already being scoured for activity against TOS.
    So why not provide the client with information, when present, of malicious activity and type.
    I'm sure it's possible to accomplish in the bounds of anonymity and privacy.
    At least they can be forewarned.
     
  4. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I think we should all stick with Anonymizer because the CIA knows what's best for us. And we can trust them with all of our personal data.
     
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Summation of Lesson 1:
    You have a Bolshevik Detector. Use it.
     

    Attached Files:

  6. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Although you make some valid points, your anti-Topletz agenda is so pervasive that it's hard to get them.

    XeroBank's website is rather over-the-top re threats to privacy and the need for its services. And so are the websites of many other VPN providers. Some, OTOH, are more low-key and professional. De gustibus non disputandem est.

    I'm sure that Steve has a very checkered past, having started out with cDc in Texas :eek: And I gather that some in the Tor community (such, perhaps, as you) aren't too happy with him. BTW, who does answer XeroBank's 800 number?

    In Windows 7, the OpenVPN installer needs the password to run at startup. If you want to start manually, it's not necessary. I have no clue what ads you saw. I've never seen any ads associated with XeroBank. But then, I run Adblock Plus.

    Hey, I like the name, and the attitude :) I don't like the lack of service, and the general lack of communication. We've been through the DalPay rebilling issue.

    As discussed on Wilders, wireless-router-MAC-based geolocation is a problem for all services that anonymize IP address. Or is Tor immune to that side-channel "attack"?
     
  7. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    How about these?

     
  8. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    OK, if you say so ;)
     
  9. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Knock knock?
    Who's there?
    VPN!
    VPN who?
    Knock knock?
    Who's there?
    VPN!
    VPN who?
    Knock knock?
    Who's there?
    [​IMG]
     
  10. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    If he is willing to spend $40/month then he can set up his own VPN, anyone with a little Unix knowledge can install OpenVPN on the server, it is not a very hard thing to do, the main problem I found when I did it was having to deal with IPtables, the server firewall.

    The main reason why people don't set up their own VPN, IMO, is that you normally need a dedicated server and it works out much cheaper sharing costs using a VPN company for $10/month.

    You can have a low end dedicated server for around $40/$50 (month), that should solve the problems around someone you don't know being in charge of your data.
     
  11. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    That's true, if all you want is a one-hop proxy.

    Let's say you do that. And let's say you attract some attention. Someone contacts whomever you're renting that server and/or rack space from. And let's say you've been paranoid, signing up via Tor, and paying via Pecunix or Liberty Reserve (or cash, even).

    However, even if there's no identity trail, said interested party just needs to sniff your VPN server's IP. If you're the only user, you're hosed - unless you only access via Tor or an anonymous VPN (which makes the whole thing somewhat pointless).

    So what you need are lots of other users. You also want at least two levels of servers, with several in each level, in multiple jurisdictions. That's starting to cost serious money. And OMG, now you're an anonymous VPN service, and we argue about you on Wilders ;)
     
  12. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    83
    I totally agree with your point, but I think one can in some extend diminish this disadvantage in reserving some bandwith to setting up a tor server or a jondonym mix on your own vpn server.

    Or, you can sell vpn acces to other people, an other way to crowd the traffic through your server.
     
  13. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Perhaps that's the primary goal for many VPN providers.
     
    Last edited: Sep 23, 2010
  14. herr

    herr Registered Member

    Joined:
    Sep 23, 2010
    Posts:
    9
    Since Im not an expert and dont ahve the time to sit down and do the analysis, I tried to find a review service that does. From what I can see www.bestvpnreviews.com actually does some independent review and doesnt look to me like they are paid by anyone, but you be the judge.
     
  15. nix

    nix Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    257
    Location:
    Miami
    Coincidentally, I just came back from that site myself and I think it looks great. An intelligent, independent voice that uses consumer-friendly language. Impressive. I've been researching this area for months and have to say the tenor of the reviews comports with my own experiences.
     
  16. nix

    nix Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    257
    Location:
    Miami
    Actually, here's a link to another one of her articles:

    http://www.articlesbase.com/communi...-even-with-the-best-vpn-services-2954320.html

    I think that there are other factors that play into this kind of analysis, and the Hushmail and jurisdictional issues have been parsed here on Wilders in greater detail than her general overview, but her ultimate point, that real online privacy is difficult, if not impossible, in a real world model as opposed to a theoretical one, is an opinion worth noting.
     
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I haven't looked at this review site yet but I have a simple question: Does the owner of the site use advertising and/or affiliate clicks - for the products they are reviewing - for revenue?
     
  18. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    The review of XeroBank at www.bestvpnreviews.com is so loaded with off-the-wall misrepresentations and outright lies that I wouldn't trust anything reported there.
     
  19. nix

    nix Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    257
    Location:
    Miami
    I won't comment on the reviews, because they are ostensibly out of the editor's control. That's the whole point. However, she appears to be qualified and independent. She is not anonymous and she posts her bio. If anyone doubts her credentials, the burden is on you since she has put them forth.

    http://bestvpnreviews.com/about-best-vpn-reviews
     
  20. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    If that's really her in the pic, she gets my vote, brains & beauty :)
     
  21. nix

    nix Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    257
    Location:
    Miami
    As a woman, I have to say I'm delighted with this conversation. Easy, gentlemen. Your social engineering bugs are showing :p
     
  22. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    I suspect that you know. You probably wrote the review, given its similarity to what you've posted here. Or you got your points from it. Anyway, in the interest of clarity, I'll list them -- after I get some work done.
     
  23. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    What about uncooperative jurisdictions, such as Panama?
     
  24. nix

    nix Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    257
    Location:
    Miami
    She's definitely on the right track. Let's be clear, the TOS say it all. They're always the first thing I look at. And I don't care about jurisdictions. Here's the paradox: a true VPN would have very limited terms because in a perfect theoretical VPN model, one would have perfect privacy, which means the provider would take a stand and say something like this: "Data is inherently neutral, no matter what. The exchange of information should be free and unregulated. Cryptocommunication cannot distinguish between regulated and unregulated behavior. Prosecute the act, not the communication. We keep no logs. We never will. Welcome to the future."

    Agree with this or not, but that's the only terms a VPN should have in a perfect privacy model. Instead, we get gibberish about what they will and won't tolerate. Even the best feel it necessary to jump through these pseudo legal hoops.

    When we talk about uncooperative jurisdictions, what we really mean is will they cooperate with LE when LE moves through authorized channels. Let's get with the real world. LE doesn't need a a piece of paper to collect intelligence.

    Plus, any person in the U.S. acting in concert with an offshore provider is open to a conspiracy charge. While I think Lana's article reaches the right conclusions, she does not highlight the complex legal and political issues that will drive the debate from this point forward, though I have no doubt she could do so in a longer piece.

    Booz Allen has stated that attribution technology is first and foremost on the agenda: pinpointing any actor, anytime, anywhere, instantly. That's Mike McConnell's goal. But make no mistake: this drive toward attribution doesn't apply to LE, which in the U.S. is now housed all within the same office, the ODNI. Let's be clear: anonymity is the best tool for LE since firearms. It permits off-the-books sharing of prohibited evidence. Goodbye, civil liberties. Back door sharing between NSA and FBI? Done. Domestic military monitoring of U.S. citizens through USCYBERCOM and open source spying on the same? Done. All with anonymity technology. So you might be forced to give up anonymity, but they will never give it up in a million years. And that, my friends, is just the beginning.

    And no problem with the locker room talk Poosey. It's nice to know you guys are human. And I agree that it's great to see women involved in the conversation. Plus, since I'm a lawyer, I love seeing an advantage I might be able to exploit. :p
     
  25. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    XeroBank's TOS and LEA policies don't fall very short of that standard, IMHO. They cite the UN's Universal Declaration of Human Rights re prohibited activities. Even Freenet doesn't condone paedophilia.

    BTW, have you read The Second Realm: Book on Strategy, Crypto-Anarchy, Tradecraft, TAZ and Counterculture? IMHO, that may provide useful context for XeroBank.

    And, of course, it may all be lies. Only time will tell (or not).
     
Loading...
Thread Status:
Not open for further replies.