Choosing A VPN Provider

OK, I get that you have some expertise. So, which VPN do you recommend?

 

Hey, just thought I'd ask again

You've posted great advice, and perhaps that's the most I can expect in this context. Specifying one's threat model and other requirements is certainly where to start, rather than just focusing on technology.

What's problematic is this question: "What do you really know about the provider - not what you have written or heard, really know?". Most of us know just about nothing, and have about no chance of learning anything (until that knock on the door, and perhaps not even after that). What's the basis of our "best guess", as it relates to one provider vs another?

Anyway, thanks for your patience.

 

A VPN's weakness is that the computer is just as susceptible to malware as it was without VPN.
So a VPN's goal is not in protecting the integrity of the system, but the transmission of data between two systems.

I would choose a VPN from a company that can also help protect the integrity of my system not just the transmission of the data between two system.

A VPN is in a unique position to do this.
All the clients data is already being scoured for activity against TOS.
So why not provide the client with information, when present, of malicious activity and type.
I'm sure it's possible to accomplish in the bounds of anonymity and privacy.
At least they can be forewarned.

 

I think we should all stick with Anonymizer because the CIA knows what's best for us. And we can trust them with all of our personal data.

 

Summation of Lesson 1:
You have a Bolshevik Detector. Use it.

 

Although you make some valid points, your anti-Topletz agenda is so pervasive that it's hard to get them.

XeroBank's website is rather over-the-top re threats to privacy and the need for its services. And so are the websites of many other VPN providers. Some, OTOH, are more low-key and professional. De gustibus non disputandem est.

I'm sure that Steve has a very checkered past, having started out with cDc in Texas And I gather that some in the Tor community (such, perhaps, as you) aren't too happy with him. BTW, who does answer XeroBank's 800 number?

In Windows 7, the OpenVPN installer needs the password to run at startup. If you want to start manually, it's not necessary. I have no clue what ads you saw. I've never seen any ads associated with XeroBank. But then, I run Adblock Plus.

Hey, I like the name, and the attitude I don't like the lack of service, and the general lack of communication. We've been through the DalPay rebilling issue.

As discussed on Wilders, wireless-router-MAC-based geolocation is a problem for all services that anonymize IP address. Or is Tor immune to that side-channel "attack"?

 

How about these?

 

OK, if you say so

 

Knock knock?
Who's there?
VPN!
VPN who?
Knock knock?
Who's there?
VPN!
VPN who?
Knock knock?
Who's there?

 

If he is willing to spend $40/month then he can set up his own VPN, anyone with a little Unix knowledge can install OpenVPN on the server, it is not a very hard thing to do, the main problem I found when I did it was having to deal with IPtables, the server firewall.

The main reason why people don't set up their own VPN, IMO, is that you normally need a dedicated server and it works out much cheaper sharing costs using a VPN company for $10/month.

You can have a low end dedicated server for around $40/$50 (month), that should solve the problems around someone you don't know being in charge of your data.

 

That's true, if all you want is a one-hop proxy.

Let's say you do that. And let's say you attract some attention. Someone contacts whomever you're renting that server and/or rack space from. And let's say you've been paranoid, signing up via Tor, and paying via Pecunix or Liberty Reserve (or cash, even).

However, even if there's no identity trail, said interested party just needs to sniff your VPN server's IP. If you're the only user, you're hosed - unless you only access via Tor or an anonymous VPN (which makes the whole thing somewhat pointless).

So what you need are lots of other users. You also want at least two levels of servers, with several in each level, in multiple jurisdictions. That's starting to cost serious money. And OMG, now you're an anonymous VPN service, and we argue about you on Wilders

 

I totally agree with your point, but I think one can in some extend diminish this disadvantage in reserving some bandwith to setting up a tor server or a jondonym mix on your own vpn server.

Or, you can sell vpn acces to other people, an other way to crowd the traffic through your server.

 

Perhaps that's the primary goal for many VPN providers.

 

Since Im not an expert and dont ahve the time to sit down and do the analysis, I tried to find a review service that does. From what I can see www.bestvpnreviews.com actually does some independent review and doesnt look to me like they are paid by anyone, but you be the judge.

 

Coincidentally, I just came back from that site myself and I think it looks great. An intelligent, independent voice that uses consumer-friendly language. Impressive. I've been researching this area for months and have to say the tenor of the reviews comports with my own experiences.

 

Actually, here's a link to another one of her articles:

http://www.articlesbase.com/communi...-even-with-the-best-vpn-services-2954320.html

I think that there are other factors that play into this kind of analysis, and the Hushmail and jurisdictional issues have been parsed here on Wilders in greater detail than her general overview, but her ultimate point, that real online privacy is difficult, if not impossible, in a real world model as opposed to a theoretical one, is an opinion worth noting.

 

I haven't looked at this review site yet but I have a simple question: Does the owner of the site use advertising and/or affiliate clicks - for the products they are reviewing - for revenue?

 

The review of XeroBank at www.bestvpnreviews.com is so loaded with off-the-wall misrepresentations and outright lies that I wouldn't trust anything reported there.

 

I won't comment on the reviews, because they are ostensibly out of the editor's control. That's the whole point. However, she appears to be qualified and independent. She is not anonymous and she posts her bio. If anyone doubts her credentials, the burden is on you since she has put them forth.

http://bestvpnreviews.com/about-best-vpn-reviews

 

If that's really her in the pic, she gets my vote, brains & beauty

 

As a woman, I have to say I'm delighted with this conversation. Easy, gentlemen. Your social engineering bugs are showing

 

I suspect that you know. You probably wrote the review, given its similarity to what you've posted here. Or you got your points from it. Anyway, in the interest of clarity, I'll list them -- after I get some work done.

 

What about uncooperative jurisdictions, such as Panama?

 

She's definitely on the right track. Let's be clear, the TOS say it all. They're always the first thing I look at. And I don't care about jurisdictions. Here's the paradox: a true VPN would have very limited terms because in a perfect theoretical VPN model, one would have perfect privacy, which means the provider would take a stand and say something like this: "Data is inherently neutral, no matter what. The exchange of information should be free and unregulated. Cryptocommunication cannot distinguish between regulated and unregulated behavior. Prosecute the act, not the communication. We keep no logs. We never will. Welcome to the future."

Agree with this or not, but that's the only terms a VPN should have in a perfect privacy model. Instead, we get gibberish about what they will and won't tolerate. Even the best feel it necessary to jump through these pseudo legal hoops.

When we talk about uncooperative jurisdictions, what we really mean is will they cooperate with LE when LE moves through authorized channels. Let's get with the real world. LE doesn't need a a piece of paper to collect intelligence.

Plus, any person in the U.S. acting in concert with an offshore provider is open to a conspiracy charge. While I think Lana's article reaches the right conclusions, she does not highlight the complex legal and political issues that will drive the debate from this point forward, though I have no doubt she could do so in a longer piece.

Booz Allen has stated that attribution technology is first and foremost on the agenda: pinpointing any actor, anytime, anywhere, instantly. That's Mike McConnell's goal. But make no mistake: this drive toward attribution doesn't apply to LE, which in the U.S. is now housed all within the same office, the ODNI. Let's be clear: anonymity is the best tool for LE since firearms. It permits off-the-books sharing of prohibited evidence. Goodbye, civil liberties. Back door sharing between NSA and FBI? Done. Domestic military monitoring of U.S. citizens through USCYBERCOM and open source spying on the same? Done. All with anonymity technology. So you might be forced to give up anonymity, but they will never give it up in a million years. And that, my friends, is just the beginning.

And no problem with the locker room talk Poosey. It's nice to know you guys are human. And I agree that it's great to see women involved in the conversation. Plus, since I'm a lawyer, I love seeing an advantage I might be able to exploit.

 

XeroBank's TOS and LEA policies don't fall very short of that standard, IMHO. They cite the UN's Universal Declaration of Human Rights re prohibited activities. Even Freenet doesn't condone paedophilia.

BTW, have you read The Second Realm: Book on Strategy, Crypto-Anarchy, Tradecraft, TAZ and Counterculture? IMHO, that may provide useful context for XeroBank.

And, of course, it may all be lies. Only time will tell (or not).