New Vpn Service

Discussion in 'privacy technology' started by badjoey, May 3, 2009.

Thread Status:
Not open for further replies.
  1. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128


    well i stopped using them yestaday anyway just incase i am just using the free JonDonym at mo was goner try there 3 mixes services

    i think with me personally i need either mixes price or if not mixes different servers you can select
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,320
    Location:
    Here, There and Everywhere
    You got that right. This is basic stuff which begs the question: Are these VPN providers who claim this truly in the dark and clueless or are they blatantly deceiving their customers? I have my opinion.

    I've seen this latest spate of new VPN providers and have wanted to try them out but I'm in the process of moving (nothing worse) and haven't had time to hardly turn around. I am also with Steve that I believe many of these new privacy services are simply reselling the services of others.
     
  3. blatnoy

    blatnoy Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    29
    Would this still be the case if you used only their SOLO? which is a server in Japan. They also have servers in maylaysia and panama. Would these servers be logged by the upstream provider? And if so would they not be encrypted and unknown to the Upstream provider. I understand the EU logs 100% but doesn't Xerobank have a server in the Netherlands? and for that matter the USA? So I am assuming they are making the same argument you make when people question you about why a server in the US. I thought your reasoning is that it is "hopped" from a "no logs" country and all traffic is encrypted and the USA server never see anything. Wouldn't this be the same as their DUO service? IE Japan hop to Austria
     
  4. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,320
    Location:
    Here, There and Everywhere
    I don't presume to speak for Steve, but I don't think he's necessarily talking about strictly legal, government-imposed logging. These upstream providers log for their own quality service and technical issues. I may be wrong, but I think that's what he's saying and he's right.
     
  5. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    All first-world and nearly all governments with tech infrastructure have data logging privately imposed, even if they don't have a Data Retention law imposed. Datacenters and IXs are also known to do this for datamining. This is what our blackhat talk is going to be about.

    We can have XeroBank in any country we want without being subject the same shortcomings as other VPN service providers. Why? Five simple things: 1. Multi-hop Network, 2. Jurisdictionally-Aware networking, 3. Multiplexing. 4. Crowding Optimization 6. Incorporation outside of the US/UK/EU.

    Nope. They are missing the most important things: multiplexing, so their traffic is easy to correlate, and crowding optimization which means if there are too few people using that route you are automatically deanonymized. Considering how foolish their network is setup, it would be safe to assume they do not have jurisdictionally aware networking either, which means they have no idea about the laws that affect their traffic, users, and upstream providers. Considering that they don't have any information about who designed the network, any reputable security researchers involved, nor any corporation, it might be inferred that it is a sole-proprietorship which renders users and anonymator defenseless against a court order. just another vpn gimmick.
     
  6. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Excuse me Steve,
    doesn't the "double-hop" vpn these guys sell require a cooperation of at least two different entities (the two ISP that give them connection) in two different countries to be broken?
    Considering that one of these two countries is Japan, wouldn't it be quite hard to do? I think that this shows some kind of "Jurisdictionally-Aware networking".
     
  7. Meitricsu

    Meitricsu Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    9
    I got a free account too. It's quite easy to install and use, but there is a very strange thing: in DUO, the speed is greater than in SOLO. What the fudge? I understand that in DUO it passes the same relay in Japan and it adds a second one, in Germany. So, how come in the same speed test (Giganwes test), SOLO has an average of 600-700 Kbps and in Duo has an average of 3700-4000 Kbps?? (Both in first and second test from Giganews)
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    No. That is simply node distribution, not jurisdictionally aware routing. I'll give you an example. We have a private node for Switzerland exits at XeroBank. However, we know the law in Switzerland, and we know what isn't in the law but is done anyway: Switzerland stores all email traffic, not just their own, but all email traffic routed across switzerland. So if say you had a node in France and one in Germany, you think you're smart and just send email through. Well, if the datacenter in france is peered to it's uplink in say Switzerland, or you use the switzerland exit directly, all your email just got intercepted. One live example you can see on XeroBank is email from Canada. If you try to send an email while connected through canada, it will automatically reroute to exit from Netherlands. Why? The uplinks in Canada have a very tight leash on email traffic. Another example is our Netherlands exit node. Want to exit through netherlands? Well the EU does data retention/logging. With the user in mind, we first route through a country that doesn't have data retention, either on the books, or off the books, multiplex the traffic so the two countries will have a hard time colluding, and then let it exit through Netherlands.

    You should presume that countries collude with each other on traffic analysis and share information/access to core level routers. Why? Because they do already. This is one reason why Russia is a terrible place for privacy. They have only two IXs in the whole country. Two central locations for tapping all the traffic. And they do and it is.
     
  9. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    If I don't get it wrong, when using Xerobank and exiting from Netherlands, the user is using a US gateway as first hop... the US "doesn't have data retention, either on the books, or off the books"?

    Excuse my ignorance, but I don't get what "We have a private node for Switzerland exits at XeroBank" means. Will you explain? Thanks.
     
  10. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    My understanding is that the US has a live correlation engine built on target escalation, but has not imposed retention/logging of all traffic. I'll get a confirmation of this shortly.

    Not all XeroBank nodes are open to all XeroBank clients. Some clients have private exit nodes and entry nodes available only to them, some are test nodes for peering or other internal uses. When we turn on a public switzerland node, you'll get that benefit as well. Knowing who does what, on and off the books, requires government intelligence and operational intelligence.
     
  11. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    US has wiretaps and routertaps, no datalog/dataretention.
     
  12. bodo

    bodo Registered Member

    Joined:
    May 6, 2009
    Posts:
    1


    I also noticed it.
    As I explained - 2 servers that are used to DUO located closer than one server is used to SOLO. Therefore, connection speed varies.
     
  13. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    Hmm. Did we just catch a sock puppet? Bodo - this was your first post, yet you write "As I explained....."
     
  14. blatnoy

    blatnoy Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    29
    Surely you're not that naive........

    Echelon
    Carnivore and those are old
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I stand by what I've said. Don't attribute supernatural power to any program. Government agencies and their programs are more incompetent than you realize. Echelon was a surveillance system in the 80s/90s as a joint program between the US and the UK, targeting primarily micro-wave and satellite transmissions, and not fiber-optic lines (the internet). Carnivore is simply a routertap aimed at a target user.
     
  16. blatnoy

    blatnoy Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    29
    Come on man it is common knowledge that the NSA is logging EVERYTHING in the USA.

    http://www.wired.com/science/discoveries/news/2006/04/70619

    First sentence of the article

    "AT&T provided National Security Agency eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation's lawsuit against the company."

    And this is from Xerobank's website

    http://xerobank.com/news/2009/bush-...fourth-amendment-did-not-apply-to-nsa-spying/
     
  17. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Access != Processing. Come to my blackhat talk, i'll be explaining the NSAs operation in depth.
     
  18. blatnoy

    blatnoy Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    29
    From the same article

    http://www.wired.com/science/discoveries/news/2006/04/70619

    "While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet (AT&T's internet service) circuits by splitting off a portion of the light signal," Klein wrote.
    The split circuits included traffic from peering links connecting to other internet backbone providers, meaning that AT&T was also diverting traffic routed from its network to or from other domestic and international providers, according to Klein's statement.
    The secret room also included data-mining equipment called a Narus STA 6400, "known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets," according to Klein's statement."

    And this is just the stuff we KNOW about...

    I probably can't make it to your talk but I would be very interested in watching it online.
     
  19. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I'll send you the video link of it when we do it. :)
     
  20. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Although I would really love to come to the BlackHat in Las Vegas and meet you in person, for this year I only got to attend the European edition. Will you post on here links to video/presentations you will use?

    Thanks a lot
     
  21. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128
     
  22. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    seems like we did see a gimmik. when did he explain earlier?
     
  23. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,352
    Location:
    Oz
    Will a video be available somewhere for download?
     
  24. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Naturally.
     
  25. CaixFang

    CaixFang Registered Member

    Joined:
    Mar 24, 2009
    Posts:
    72
    I'm just curious, and this is in NO way meant to incite a flame war, but I have a scenario that I have been wondering about:

    Mr X is involved in activities classified by the US as cybercrime, and the lines gray over into the patriot act and terrorism, but it is not clear cut, it is only suspicion and for the sake of the argument the govt is using the patriot act and terrorism claims to push a phishing expedition against Mr X, who may be doing illegal stuff or may not.

    The US tracks him to the xB network, and gets the State Dept to have all jurisdictions xB servers are in to serve warrants for not only the hardware, but also source code, full access, and cooperation "decoding" traffic.

    xB kindly says blow off, and we will assume so do the datacenters.

    Since xB is so "hidden" as to who they are, and you Steve are the face of xB for all practical purposes, the US govt serves you with warrants, which you refuse. A federal court in Dallas (I assume that's where you are) hauls you in and gives you the option to provide the data, help, etc in the warrants, or you can go catch 3 hots and a cot for contempt and then obstruction if you hold out on the contempt.

    How long are YOU, Steve, going to sit in Dallas county jail (one of the worst in the state next to maybe Denton - since they aren't likely going to hold you in a federal holding cell for months).

    How long can Mr X expect that you are going to sit and rot for him before you start giving up names, passwords, and other helpful information, esp considering Mr X may or may not be doing illegal stuff?
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.