Hypothetical: To what extent should you trust / distrust your VPN provider

Many people on these forums are very skeptical about the actual protection that VPN services provide. This caution is in many cases warranted and prudent. However, their argument is usually based on a worst case scenario. I.E. You subscribe to ExampleVPN, and ExampleVPN is located in a privacy friendly country (SE/NL/ME etc) and claims in their privacy policy to keep no logs. The argument would be that you cannot trust ExampleVPN's claim to not log and you cannot trust them not to rollover and give out your real identity if threatened by law enforcement. These vulnerabilities are real, and are good to keep in mind (especially if what you're doing is highly sensitive or highly illegal -- not the case for most of us), but in my opinion this risk can be overstated. I do appreciate the worst case scenario discussions as they are very real for some people and give all of us a better understanding of the security/privacy vulnerabilities in our systems. But sometimes taking every scenario to the Nth degree and pointing out all the vulnerabilities of 'acceptable' privacy solutions confuses the novice or keeps them from using the acceptable solution which is undoubtedly better than no solution at all.

My intention for this thread is to start a practical discussion aimed at a particular group of people, to discuss the realistic protection provided by VPN's or other privacy solutions.

The Scenario
Agent: Little fish in a big pond (P2P user, low level activist/dissident, privacy enthusiast, low level public figure, etc)
Potential Adversaries:Identity Thief, Hacker, MPAA/RIAA/Anti-piracy group, Tracking/Data mining corporation, etc.
Who is not an adversary in this scenario: NSA, High level U.S. Government, Hacker targeting a specific individual, etc
Goal: Sufficient (reasonable) protection against the adversaries outlined above.

Topics to discuss:
Is it a realistic concern that a VPN provider would claim not to keep logs in their privacy policy and in fact keep logs that could be retroactively used to tie your IP address to traffic routed through the VPN? Assuming the VPN is in a country that doesn't require logging and that the VPN is not a honeypot or run by a malicious admin.

Which countries are most privacy friendly?

Non-VPN privacy solutions?

Strategies for evaluating the trustworthiness and/or competence of a VPN provider?

Any and all feedback is welcome!


------------------------------------------------------------------------

This is intended to be a discussion regarding reasonable privacy for those with moderate to low levels of risk. If you are looking for discussion regarding near-absolute anonymity, worst case scenario vulnerabilities, or discussions of high security privacy setups see these links:
Dasfox's: Anonymous Services
This thread discusses a huge number of Anonymity services (VPN and otherwise), their vulnerabilities, trustworthiness, and discusses how you can assess the strength of a VPN service on your own.

Happyyarou666's: Best VPN / VPN Whitelist
This thread is a more pointed alternative to Dasfox's catch all anonymity thread. The thread discusses VPN's primarily and has a rudimentary 'VPN whitelist'

AirVPN's: Explanation of using a VPN over the TOR network
This thread (on the AirVPN forum) explains how to improve your anonymity through using a VPN over the TOR network. They explain that near-true anonymity can be accomplished through VPN over TOR using Bitcoin as payment and false registration information.

 

Recently I signed up for Mullvad.

Can I trust them? Probably, the guy running the site seems like a kind of internetactivist which is good for me because we both want unlimited and uncensored web access. I use the VPN to circumvent the EU data retention laws.

Do I trust them? Not really, I have no idea if this "company"/person even exists or is just a honeypot set up by some fishy organisation. Even if this person has good intentions, let's say I run a VPN provider and one day, the cops knock on my door. They tell me I have to trace a specific user distributing CP or else I'm responsible/accountable and could go to jail. Put yourself in that position and what would you do to prevent jail and lock up a person that should definitely be locked up?

So why do I use them? Because I can always choose another VPN provider or use Tor/Proxy/a haced box. I don't trust my government and I don't trust the EU with their data retention laws and local laws that can put a man in prison for "trolling" or "seriously offensing" people. So, I use a VPN that I can't fully trust to protect me from my government that I do not trust at all.

 

Except that YOU aren't responsible for what your users do .
EU ISP's and others providing net-services are protected by 'Safe Haven'-laws.
You ARE of course 'responsible' for refusing to comply with a lawful court-order and could get in trouble for that .
I don't think child-molesters should expect that anybody will go to prison
to 'protect their rights'.

I consider that rather paranoid .
Besides the fact that it would be illegal (false marketing etc etc etc)
why on Earth would they want to do that ?
'Sorry Officer, can't help you because we have no logs' vs
'Sure thing Officer, we tell our customers we don't log, but we do .
We exist for the sole purpose of helping you' .

Do you really think they even WANT to know what you are doing ?

 

Trusting your vpn provider, mine happens to be bwprivacy, is an exercise in mental appeasement. You want to be protected and secuure while online, you've read the TOS of a mulyiyude of providers(or you've read DasFox's posts), you've contacted them and asked tem about keys and logs and jurisdictional locations. You've picked one or two and then...you hold your breath and sign up for a month using Ukash or Liberty Reserve. In the end its all about trust. And trust is just an exercise mental appeasement. Like bwprivacy and bolehvpn.

 

Trust may be "just an exercise [in] mental appeasement". But maybe we should consider examples where trust was unwarranted, and ask what red flags were missed. How, for example, might Recursion have known that HideMyAss couldn't be trusted? What other examples are there?

 

You are very right. There are many horrible vpn providers that people seem to trust. There are many lessons for us to learn. I guess I have read so many posts, all the ones in this forum, and have learned so much That, in the end, it is a type of "leap of Faith" scenario. I remember reading one providers TOS, where on the main web page they swore allegiance to your privacy at all costs, but the TOS clearly stated that if requested by law enforcement they would hand over your logs. My current vpn providers, bolehvpn, which has a great record and many praises, even from from wilders memmbers, has me wondering do they really not keep logs? So Reuben, the owner of bolehvpn, is very open and responsive. But my other vpn provider, bwprivacy, is extremely elusive in that I have no idea who owns them, I only ever talk to one guy in an site messaging system. Both aspects of these providers give me "peace of mind", which is really what I am paying for. The pom that no logs of anykind are being kept. The pom that my connection IS being sent through AES-256-CBC encryption. I'll give you another example. When I first began using vpn's I blindly signed up for a year with a well known company anonymizer.com I found out after reading wilders posts that these are bad guys so I educated myself and hopefully, with knowledge, I have made the right choice.

 

Thanks, but HMA is the only clear VPN trust failure that I know about. Anyone want to share?

 

I wonder how this works, I think you are not responsible as long as you don't know what happens (DMCA-style). Let's say I am a VPN provider. One day I get a knock on the door from law enforcement, something illegal happened, and as you probably corrrectly point out, I'm not responsible.

But, to avoid future responsibility, I have to comply to monitor a suspect (not yet convicted) or give out his payment details and I am not allowed to inform the customer I am monitoring them. That leads to two questions:

1. The VPN provider does not log, is he required to log, in case of a court order?
2. If not, would the VPN provider break under legal pressure? Would you still protect the rights of a suspect (not yet convicted)

 

Awesome reply...brings perspective

 

UltraSurf should be added to the list.

http://www.fastcompany.com/1834428/ultrasurf-allegedly-unsafe?partner=gnews

https://blog.torproject.org/blog/ultrasurf-definitive-review

And also this post:

https://lists.torproject.org/pipermail/tor-talk/2012-April/024024.html

That's rather scary.

 

I actually like this thread a lot since it highlights potential adversaries.

I get a lot of questions like why don't you employ this super powerful encryption? Why don't you employ multi-hop?

Well cause they degrade performance and the average user doesn't really need this. There will be users requiring this sort of security but if you're paying ~USD10 a month for a service to a UNKNOWN THIRD PARTY, I don't think you should be doing anything that would be potentially so dangerous and your data so sensitive that would warrant this sort of level of security.

A funny comic (thought not strictly related) that puts some things into perspective:

http://imgs.xkcd.com/comics/security.png

Even with multi-hops VPNs, I wonder how many providers claiming multi-hop are actually implementing this? I know even XB has at least two independent reviews lambasting this claim though I haven't bothered to verify it myself and so I don't know if these reviews are true or are just XB haters.

 

It's easy to distinguish one-hop from two-hop by comparing the IP address that you connect to with that reported by what's-my-IP websites. You might think that traceroute would distinguish between two-hop and three-hop, but wise providers reset TTL. I can't imagine how one might test claims about crowding and multiplexing.

XeroBank seems down for the count Only CA-NL and NL-CA still work. But they work quite well, and reliably. Rope-a-dope?

 

Tunneling the VPN through Tor seems like a good multi-hop strategy. Obviously it won't be fast, but usually 'sensitive' stuff isn't very speed intensive. The VPN doesn't know where your coming from (absent any type of identifying log on info which hopefully, if there is, you faked it and paid in cash/bitcoin/liberty reserve, etc...), and the exit node can't sniff your traffic.

PD

 

Tor and VPN are a good combination. I connect to a VPN and after that start browsing with Tor. You can also do it the other way around like AirVPN recommends but the only advantage is end to end encryption after the Tor exit relay. Tor over VPN works pretty well because the speed reduction from a good VPN is almost none.

 

I'd like to see some comments on others' thoughts about Tor over VPN. I see no advantages, and a few disadvantages:

1. VPN see's where you're coming from.

2. Exit Node can see your traffic.

3. Slow (this applies next as well, but that's 3 disadvantages for this column).

The other way around:

1. VPN can not see where you're coming from.

2. Exit Node can not see you're traffic.

With the second, the VPN can see your traffic, yes, but the odds of a compromised VPN seem far less than a compromised Exit Node. Better the devil you know type of thing.

I'm not even a wee bit knowledgeable about about traffic correlation between the entry and exit nodes on Tor, is it a wash for both methods? I guess the first way, if both entry and exit are compromised, it just points back to the VPN...what about the second? This stuff is complicated

PD

 

That's true. But, if you tunnel Tor (or another VPN) through it, that doesn't matter much.

I worry more about my ISP, and those who might get information from it. I've been using VPNs for many years, and sometimes use them in my work, securely accessing my clients' resources. So for me, using VPNs is unremarkable. I've never used Tor, I2P, Freenet, torrent clients and so on except through VPNs. So for me, using Tor would be (at least potentially) remarkable.

That's true, but I mainly access hidden services with Tor, and otherwise I always use HTTPS.

That's just how it is with Tor. There's no free lunch

That's true, but I almost never use a single VPN. I tunnel another VPN, which I've purchased anonymously, through it. I always purchase “inner VPNs” through other VPNs, using various anonymous methods (such as Liberty Reserve, gift cards, and cash in the mail).

That's a good thing.

That's true.

No, if Tor were compromised, it would point back to you. But the VPN traffic would still be encrypted. That is, they'd have IP addresses for both you and the VPN access server, but wouldn't know what you're accessing through the VPN, or be able to read the traffic (unless they compromised the VPN too).

In the second scenario, you're connecting to Tor through the VPN. If Tor were compromised, it would point back to the VPN exit server. You would remain anonymous, and the VPN traffic would still be encrypted, unless they also compromised the VPN.

If you use VPNs on both ends of Tor, as I've described, you get most of the advantages, and avoid most of the risks. It is slow, but not that much slower than just using a VPN on one end of Tor or the other.

 

@PaulyDefran: That's an interesting subject you brought up (Tor over VPN vs. VPN over Tor).

I'll make the case for Tor over VPN:

1. Greater flexibility. This way, you can reserve your 'VPN --> Tor' configuration for dealing with only the most mission-critical/confidential data... while still being able to use the VPN by itself for the bulk of day-to-day activity (which probably isn't as privacy-sensitive).

2. Neither my ISP nor my VPN provider can see my final destination. Sure, there's always the risk that a rogue Tor exit node could be sniffing traffic... but as long as you are careful to keep your Tor activity 100% separate from your real-world identity, it isn't going to matter. I say, let the rogue exit nodes sniff all they want... they're not going to find anything useful anyway.

3. You keep your "expendable men" on the front lines. In other words, if a Tor node gets blocked by a remote site, so be it--there are plenty of others to choose from. But if one of your VPN servers gets blocked, it could potentially become much more of a hassle.

4. If an adversary tries to plant a "bug" on you in order to bypass your Tor connection, you still have the VPN as a last line of defense since it's protecting the entire network... as opposed to Tor, which only gives you application-layer protection.

Similarly, there are some disadvantages of VPN over Tor:

1. Less flexibility. If all traffic is being forced through Tor, it'll severely limit your ability to do P2P, audio/video streaming, or any other bandwidth-intensive activity... not to mention it's a waste of bandwidth in general for any activity where you don't really need that much protection.

2. My ISP can't see my traffic, but they can certainly see that I am using Tor... which might inadvertently make me a "person of interest" in the eyes of a strong adversary. Conversely, connecting to a VPN server in a relatively friendly jurisdiction won't look quite as suspicious... as there are seemingly more legitimate reasons for a "Westerner" to be connecting to a VPN as opposed to Tor. Maybe I am over-analyzing this, but that is just my personal opinion.

3. With your VPN on the front lines, you could still end up losing your VPN account due to complaints or TOS violations. When it comes down to it, I'd rather have an expendable Tor node take the "heat" for some frowned-upon activity, than to sacrifice my precious VPN.

4. Unless you're 100% certain that your financial transaction with the VPN cannot be traced back to you, there's a greater chance for the VPN to be linked to your real-world identity. If all an adversary has to do is "follow the money", it won't really matter how many of layers of anonymity (i.e., Tor) exist between you and the VPN server.

Having said all that, I do see where VPN over Tor can have its distinct advantages, too... as you've correctly pointed out. I guess it's just a matter of a person's particular objectives and risk model. Of course, for 99% of everyday privacy aficionados, just using one privacy/anonymity service (VPN or Tor) is more than enough, so the idea of combining the two is probably overkill... no matter which way you decide to go with it.

 

Okay Tor over VPN is the same as Tor through a VPN, right? When I am connected to a VPN and I fire up the Tor Browser Bundle, that's "Tor over VPN"?

I do this for message boards and social networks sometimes to create a different identity. Sure, the social networking site can't tell who I am with a VPN, but if I am the only one using a particular VPN and then another account popping up with the same VPN would give the appearance of the same person.

I don't think you are over analyzing that at all. It makes perfect sense.

 

Yes, that's correct. I admit, the wording can be confusing sometimes... which is why I usually just prefer to visualize it as:
VPN (first hop) --> Tor (second hop).

That's a good point also. Tor over VPN has an advantage of being able to use two concurrent anonymous identities: one through the 'regular' browser and another through Tor Browser.

 

Yeah that works out great for me. So if I am doing a blog or arguing some point, I can open up another browser and search more quickly for references.....or use the other browser to upload comment images to post more quickly etc.

Mirmir has talked about running tor through a vpn and then running another vpn through the tor connection. That sounds pretty fantastic but is too complicated for me at this point. I use to have an Iphantom though. I hooked it up to my rounter and everything automatically went through it. And I would fire up a VPN and then The Tor browser sometimes. It was really cool. But they discontinued Iphantom. I left the Iphantom on almost all the time so all that my ISP would see is an encrypted connection to Iphantom. Xerobank would see me as coming from Iphantom. And then Tor would go through Xerobank. I think Cryptohippie has a hardware device like that but it's really expensive and I think it is for businesses.

 

That's interesting. I have never heard of ProXPN. I just went to the website and it's free. Have you tried this with a VPN? If it just works through the browser that should be really cool.

I also use Returnil and Shadow defender. So I am thinking that maybe I could install it as needed and have it disappear when I restart my computer. Thanks for the tip.

And speaking of social networking sites and gmail etc... I am surprised that no one but you commented on my Priv.ly post.

https://www.wilderssecurity.com/showthread.php?t=321984

I think it sounds absolutely amazing. I haven't installed the addon yet but I will installing it be as soon as I get a chance to play around with it. I think it would be amazing to be able to post content in an email or on Facebook, Myspace etc and have the content encrypted, pulled in from a different location, and viewable only by those people that I choose. And having the control of deleting the content without even having to log into the social networking site is amazing. I hope those guys continue to develop that

 

Hi Jack, it's great you bring up a topic like this, of course things like this have also been discussed many times around here before, but your statement that I quoted above, you can't make claim to something like this and say this is not the case for most of us, unless you can back this up with some proven statistics...

The truth here about this Trust/Distrust game gets down to one thing --> EXPERIENCE!

Without any experience in a subject like this, OpenVPN, or any level of computing experience, then really how do you know how to trust or distrust when you have no experience in the matter? Does that make any sense?

Otherwise what is the end-user doing, just taking the word based on what others have to say, or looking at a company like Comodo as an example or OpenVPN, big companies that offer VPN and say these are reputable big companies therefore they can be trusted?

This is a computing technology we are dealing with and with no experience to understand what it is you're dealing with, then you're just running on BLIND trust/distrust!

So let's jump back here a few steps, the only way someone is really going to know whether they should trust or distrust, is to gain a certain level of experience that they are comfortable with to allow them to make a educated guess over this matter...

 

Thanks for posting DasFox, I've read all your post regarding choosing a proper vpn..including asking all the right questions. I did this several times...experience, and chose a few to try...more experience until I found one that I "trusted", but as you say, its just an educated guess but that is better than blindly following the claims made by some of these vpn providers on their glossy, flashy professional looking websites. Get past the glamour and glitz.

 

Sorry if I made it seem like I wasn't on the same page with the post...


JackerReacher you pretty much summed up what I was reaching at....

1. Gaining some level of experience...
2. Checking out the VPNs and the 4 files...
3. Reviews and Opinions, hopefully from experienced sources...
4. History, background, mission of the vpn...
5. Countries, laws, privacy, logging, etc...

To be honest, I think for someone that is looking at all this saying, this isn't my cup of tea and just want to find someone decent and be on my way in life, this can be accomplished with just a little effort...

I think some of it also gets down to having some smarts, trusting in your decision making after a little research, and then taking it from there and when all else fails and you're really not certain, it's best to stick to the big known names, like Comodo, OpenVPN, etc., and then moving down the road as you gain a little more experience...

So to SUMMARIZE, all this can be done within a few days to a week!

 

LOL, well I try, I hope that was better for everyone...