HideMyAss provides FBI with logs for LulzSec

Discussion in 'privacy technology' started by SteveTX, Sep 22, 2011.

Thread Status:
Not open for further replies.
  1. VectorPrime

    VectorPrime Registered Member

    Joined:
    Oct 8, 2011
    Posts:
    2
    http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/
     
  2. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    Which VPN Providers Really Take Anonymity Seriously? How about ones that provide private DNS, protect against connection loss, offer anonymous payment options and whose servers are not in Sweden?

    Can we get a list VPNs who provide their own DNS server. The ones I know are Mullvad, iVPN and Insorg. Mullvad and Insorg also have their own custom clients which protect against connection loss. Mullvad is run by a couple of Swedish privacy activists and Insorg by the Russian mafia (okay maybe not, but they do advertise on hacker forums). As far as I understand, without a private DNS all your web browsing will be logged by either your ISP or a public provider like Google.
     
  3. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    If OpenVPN is configured correctly, your DNS requests should actually be sent down the VPN and resolved by the nameservers configured on the VPN server. These nameservers will generally be the standard ones that the server host provides to all of its customers. Your own ISP should not see DNS requests at all unless you're leaking requests outside of the tunnel. I am yet to see any VPN service that makes use of Google DNS but that does not mean there are none :)

    VPN providers with their own DNS service probably run BIND or Unbound on the same machine that is running OpenVPN. In this case, the nameserver IP should be the same as the VPN server. This has the advantage of making logging of DNS requests harder because the hosting provider cannot just enable verbose logging on their datacenter DNS but must instead monitor DNS traffic between the VPN provider DNS and the root nameservers.

    It is also possible, of course, for the VPN provider to actually set up their own discreet nameservers but this is unlikely if the provider has VPN servers in many different geographical locations. DNS should not introduce significant latency for lookup requests so it would need careful planning by the VPN provider (and more money for extra servers) to run their own nameservers in such a way that none of their VPN server locations would be adversely impacted by a nameserver that is "far away" (in network terms).

    Something to be mindful of is that it is possible for a VPN provider to say their own DNS server hostname is "dns.vpnservice.com" but that name could point to some other DNS server provided by their hosting provider or third-party DNS like Google/Comodo. Looking at the actual IP of the DNS server should reveal this fact quickly, though :)

    Those that are curious can run the DNS-OARC entropy test to determine what nameserver they are using for lookups. This will help determine whether lookup requests are being leaked to own ISP and, if not, whether the VPN provider has its own DNS or is using the datacenter nameservers.
     
  4. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    DNS is not capable of logging "all your web browsing". All DNS does is resolve domain names to IP addresses. This is not the sort of thing that could be reliably used against you by an adversary, so I wouldn't worry about it too much.
     
  5. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    Thanks for the explanations. With some VPNs I tested, my own ISP's nameserver or the ones I assigned with DNS Jumper showed in the results of DNS-OARC and DNS leak test. I just did this test with the Mullvad client (free trial) and both Mullvad and my own ISP showed.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Your DNS lookups are certainly crowded using public servers such as Comodo, Google and OpenDNS. Logging all requests might well be impossible. Yet I do not see why they couldn't log requests based on requested URL and source IP address. That information might draw attention to your VPN provider, and eventually maybe to you. Of course, if your VPN provider simply forwards requests to public DNS servers, it makes little difference.
     
  7. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    DNS queries don't require the full URL... only the "www.domainname.com" portion. Everything else in the URL string after the TLD (Top-level domain) is ignored. That way, the resolved domain-->IP can be cached locally, so your system doesn't have to re-query the DNS every time you navigate to a different page within the same domain. In other words, if you were to view 100 different threads/pages here on Wilders Security Forums during a browsing session, there should be only ONE entry in the DNS logs (if any)... and that still doesn't prove that you actually visited the site, because DNS queries can (and do) occur for a variety of reasons that don't necessarily involve a direct request from the user. Honestly, I've never seen a single documented case where someone's anonymity got compromised because of DNS. I'm not saying that it's absolutely impossible... just that it's not a realistic threat for the vast majority of people concerned.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    What you say is true, as far as it goes. Sometimes, though, domain names are enough to attract unwelcome attention.
     
  9. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    This is exactly the issue with leaking DNS. It doesn't need to be evidence (and generally will not be, as CasperFace already explained). It just needs to generate attention.

    Deanonymizing or putting together evidence against an entity is a series of steps and DNS lookups can be used as one of them.

    CasperFace makes another good point, though, that this is not a realistic concern for most people. Consider your threat model (honestly) and take appropriate steps to mitigate risk.
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    That's the biggest challenge... finding 1 solution that covers all of those criteria (and then some). Personally, I couldn't find one. Other things I was looking at were where they're based, non-US required, and preferably non EU too. A place that would be less likely to cooperate with the US. I do like Boleh's location in this regard. Where the servers are located, same idea, a place unlikely to cooperate with your govt. Private DNS, as you said.

    Anonymous payment, to me this may have been the most elusive thing. Some offer anonymous payment methods, but you can't use them in the US (Liberty Reserve, ect...), making it worthless to me. This was the case with iVPN, unfortunately. And they didn't accept prepaid Visa Gift cards either, which I was hoping for. ALL VPN's should do this. And I wish more would offer cash by mail as an option like Mullvad does. I agree, Mullvad has no equal as far as offering anonymous payment.

    In the end, NONE of them had all of those things. So you have to end up making concessions, and just picking what you thinks best. To me the great customer support I had with iVPN, and their multi-hop put them over the others. If they were based in a place like Malaysia, or Russia, and offered anonymous payment methods relevant to me (prepaid cards/cash), and had functionality in their client to terminate internet connection on VPN drop (like Mullvad)... then they'd be the holy grail VPN in my eyes. They are working on the last thing.

    If anyone finds one like that, you let me know. Personally, I think we'd sooner find the holy grail.
     
  11. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    I don't understand. Why can't you use Liberty Reserve? I tried creating an LR account and paying iVPN with a USA IP and didn't seem to have a problem.

    I find it disturbing that iVPN does not accept prepaid cards. It also bothers me that they don't tell upfront where their servers are located.

    Regarding customer support I contacted Insorg twice and they responded promptly on both occasions. I believe they are a Russian outfit and have many more multihop options than iVPN. They also seem to be regularly adding new servers which indicates a growing customer base. If anyone wants to try them out let us know how it goes. Just note that port forwarding will only work with their dedicated IP option.
     
  12. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I did a search for Insorg and see a red WOT donut beside it, and reports of malware & phishing. No thanks...

    Maybe I was doing something wrong but I couldn't even create an account for Liberty Reserve. Maybe the site wasn't working at the time. And how exactly do you use it? Do I have to download/run some software? If so I'd rather not.

    Everybody should accept prepaid Visa cards... period, and cash. Anonymous payment should never, ever be a problem with a VPN service. They should understand their customers are using them for, ta-da... anonymity in the first place. These people value their privacy, and in many cases are probably furthermore a bit paranoid about it. So not offering a "simple", anonymous payment method makes no sense to me considering the service they're providing. And when I say simple that doesn't apply to things you need to download software to use, or try to gather up a type of currency as rare as albatrosses (Bit Coin). Again, I'm talking prepaid cards & cold hard cash.
     
    Last edited: Oct 9, 2011
  13. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    http://www.mywot.com/en/scorecard/safe-inet.com
    Insorg is hosted in Switzerland. If WOT can't even get the location right why would you trust their reputation score?

    No software is required for LR. Just make sure you use an anonymous email and fake personal details. If you need help with that here are some links.

    http://www.fakenamegenerator.com/ (US site)

    http://www.fake-it.biz/ (Russian site)

    Create two separate and anonymous accounts. Transfer funds from one to the other using the private payment option. If you were investigated they could prove that you owned the first account since the exchanger would have your details. Proving that you own the second account, the one you use for making purchases, would be more troublesome. If you are going to buy prepaid cards with LR make sure the ID on this account is US.

    In other news FinCEN is turning the screws on prepaid cards.
    http://themonetaryfuture.blogspot.com/2011/10/us-fincen-director-expands-prepaid.html
     
  14. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    so funding goes like this?

    1st LR account:

    credit card/bank transfer > exchanger > LR account

    2nd LR account:

    1st LR account > transfer funds > 2nd LR account.


    by the way, is it advsable to fund the 1st account throu bank transfer or credit cards (not prepaid)
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    There are ways to interconvert cash, gold, WebMoney, Pecunix, Liberty Reserve, Bitcoin and so on. Best first step is cash or gold mailed to first exchanger in your true home country. Bitcoin can be good intermediate. As payment account, Liberty Reserve is most widely accepted, and they don't seem to check contact information. Use something that looks OK, even so.
     
  16. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    Yes. You can also convert between digital currencies with no ID requirement. The only ones I would bother with are LR, Pecunix and Bitcoin.

    It doesn't really matter. Some exchangers will also accept local bank or over the counter post office deposits depending on where you live. Make sure you know where the exchanger is incorporated and which country's laws apply.
     
  17. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    If the service is based in the UK, then it has to follow UK law - or at least claim to be, but in reality drag its heels when it comes down to it.

    They aren't going to say "We openly flout UK law. Registered as a UK business."

    Also, I can't imagine them getting a lot of court orders coming from Egypt, can you? Use a VPN in a country different to your country, and different to where you are planning on breaking laws.
     
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Thanks for explaining that. I noticed that websites can see it when I went here. http://www.ipaddresslocation.org/ But when I am at home, can websites see my Internal IP and does it ever change while I am using my own router?
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    In order to communicate with internet sites, computers must use public IP addresses. When your computer joins a LAN, it gets a LAN IP address (such as 192.168.1.2) and gets to use the public IP address of the LAN's router (such as 24.95.84.181). The router modifies packets sent by your computer, so that internet sites see them coming from the router's public IP address. When the router gets responses to those packets, it remembers where to send them. That's called network address translation (NAT). NAT is required whenever packets travel between networks with different address ranges.

    Anyway, your local aka LAN IP address is irrelevant for internet use, because internet sites never see it. What sites track is the public IP addresses of the routers that you have connected through. Of course, if it's your home router, there's a presumption that you or your family originated the traffic. If you share your WiFi with neighbors, you may get blamed for their sins.
     
  20. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Or maybe they're lying about their location? Or maybe it is a false alarm. In any event, it's just not worth the risk at all. I see nothing good about this company. In fact I don't see much anything at all other than those red WOT donuts. I wouldn't touch it.
     
  21. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    No one is lying about their location except WOT. Use the WorldIP Firefox add-on and see for yourself. Insorg used to be hosted in Netherlands but recently moved to Switzerland. WOT's ratings are rubbish.
     
  22. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    The safe-inet.com front-facing website is indeed hosted in Switzerland, while the underlying insorg.org domain/sub-domains are hosted in Russia. Easy enough to verify this independently with WorldIP (as nightrace mentioned) or RIPE database lookup, etc.

    I wouldn't be overly concerned about those "Web of Trust" ratings. The site could have terrible privacy rankings for all I care. If you're going to conduct business on that site in a manner that's not associated with your real-world identity anyway (which I hope you are), then all of that stuff is irrelevant. Besides, I'd rather rely on my own intuition and personal experience to determine if a site is trustworthy; I don't need a 3rd party "nannyware" service to make that decision for me. All I care about is this: does the site in question (safe-inet.com/insorg.org) provide a good quality product/service or not?
     
  23. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    That's not good. It didn't show up for me when I tried it a few months ago with Mullvad. I'll have to try it again a few more times. But if it shows your ISP, then it gives away your location.
     
  24. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Thanks for explaining that. I truly appreciate it.

    But if websites can't see the Internal IP, then how do these test sites see it?
     
  25. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Many WOT ratings are rubbish I'm sure, but I'm still not going to so easily disregard & dismiss them. With other options out there, if I see a red donut beside a site I'm going to explore those other options and move on, period. It may be misleading in that 1 instance, but in the grand scheme of things it's going to save people a lot more often.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.