paid vpn service recommendation as of august 2015?

Discussion in 'privacy technology' started by imdb, Aug 17, 2015.

  1. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Thanks mirimir as always, for your private stuff do you run a openvpn or vpn client ?

    I take it one can't use an unlicensed copy of windows 7/8/10 to prevent motherboard, machine or bios id tagging ? guess that would be too easy I guess !
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Mostly my VPN clients run in pfSense VMs. So that's somewhat custom, with pfSense wrapper scripts and GUI. Otherwise I use stock openvpn, not clients.

    New machines come with Windows, but I never register or use those copies. In my work box, I have retail versions of Windows and Office. So I can easily switch hardware. Still, this VM host did come with OEM Windows, so Microsoft could have its tags, even though I never used it. At worst, Debian repos might also know those tags, and an adversary could identify me by correlating data from it and Microsoft.

    If that's too great a risk, you could buy used computers for cash. If you got one with full retail Windows, you could use that copy anonymously in a VM, connecting via VPNs. Or maybe even a Tor gateway VM with transproxy, if Microsoft doesn't block Tor exits. But I wouldn't trust torrented copies, which might be backdoored.
     
  3. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Some intriguing points, have to confess never even considering the tagging aspect at all its perhaps more easier to believe or think MS use it for windows activation but that link is always present so a potential risk to security and privacy to us all.
     
  4. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    There are many potential tags in a computer system, both in the hardware and software. Windows PID is just one. There are also MAC addresses and other hardware identifiers. They can easily be combined to create a profile. I do agree that using VMs is the best and simplest solution if you are worried about this. OS installations that used mass deployment images created by a manufacturer are also good at minimizing the uniqueness of a Windows installation. Since Windows 8, this has been compromised by having unique product keys in the BIOS of any computer that came with Windows preinstalled. The actual installation will still be generic but the product key will exist in both the hardware and software. That combined with the MAC addresses of any network devices supplied with the computer create a unique hardware fingerprint that will exist regardless of the OS installed.
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    But to what extent is that really true? I mean, do they save logs of every user and where they go on the internet? If that were the case I would think that LE would just contact them if they wanted to know all of the people who went to Silk Road, or other such places.

    Also, I sometimes install Windows 7 with Virtual box inside of a TC container. It only lasts for a month though because I don't have a license for it. But what would they see? Two ID's even though I am using the VM with a different VPN connected? Or just the ID of the VM?

    That being said, after reading the privacy policy of W10, I think it is time to start learning Linux. It's a sad day when it gets this bad. I guess I just didn't take earlier reports seriously enough. I remembered that you recommended Ubuntu. Is that what you would recommend on a host machine? I may just buy a small, inexpensive used machine to experiment with.
     
  6. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Thanks for the info I already use VMs, mac address changers in all o/s and random agent spoofer addon's I also use oem keys that would be very hard to pin point ie nothing bought from cc or leaving a paper trail.

    And there I thought that was over kill ;)

    I still recall an MS employee suggesting if there ever was a back door within Ms products and any risk to ones privacy it would have been discovered and MS would not risk doing such if they wish to still have a customer base the next day.....

    naturally not to be taken lightly!
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I don't know what information Microsoft retains. I very much doubt that they get traffic logs. But Windows does log a lot locally. And Microsoft could easily log MACs and other hardware tags during the update process.
    They would see descriptive information about the CPU, how much physical RAM is present, etc. But I doubt that they would see any hardware tags from the host machine, or anything else very specific.
    For a host box, I recommend 64-bit Debian stable (now jessie).
     
  8. Yes Windows 10 does tag your hardware ID and that's how it registers the license key. Pretty devious I must say. Not impressed in the slightest.

    I'm currently using Qubes 3 RC2 but I think I'm going to change to Debian Jessie in a few days just because of quicker security updates.

    What I would be worried about HTML5 Canvas Fingerprinting. I've visited some sites on the TBB/Whoinx/Tails and luckily it's been blocked.

    Facebook uses Canvas Fingerprinting too so be warned. I have a Canvas Fingerprinting blocker extension on Chrome that I use often.

    Note Canvas Fingerprinting even defeats a VPN when your using one. Your unique hardware ID is there for all to see.
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    Sorry I have really busy the last few days. My suggestions for VM use started because most folks will never run the physical setup that Mirimir (and I) do. In fact most will never need such a thing. We might not either, but we build them just because we can. LOL!

    Starting your learning curve with basic linux VM's is a great place to begin. Any major OS such as windows, and almost any linux flavor, will fully support VirtualBox. VirtualBox is FREE and using it you can easily build virtual machines. These are functioning operating systems that run in a virtual environment on virtual hard drives. They are easy to clone, copy, snapshot, etc.... so once you build them you can test all sorts of things with impunity. Just blow them away if anything goes wrong and open a fresh clone and you are good to go! Whatever happens in the VM stays there and the host remains clean. Internet activity also remains in the virtual machine. That means the host isn't seen and so hardware items like physical ID's, and stuff are not on the radar.

    Start basic and simple with one linux VM and just take a look at how it works. Building it is easy, using it is easy, and go from there. Before you know it you'll be adding TOR and/or Whonix to the desktop and now you doing 3-4 node hops. Warning: once you start its addicting so be forewarned. LOL!!
     
  10. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    thanks palancar, will tinker with some VM linux distros and see how it goes this could get addictive as you say !
     
  11. rocky01

    rocky01 Registered Member

    Joined:
    Mar 23, 2008
    Posts:
    10
    I'm getting fed up with Windows, especially with the new telemetry issues - heck even on windows 7, software like Keyscrambler and DNScrypt seem to indicate something is accessing the internet even when IE 11 is closed (are some of IE optional updates to blame?); where's the best place to start with Linux? Is Ubuntu a good alternative if I want access to some games, say a la steam, and say Mass Effect series on Origin, or should games be kept on a windows platform? This security/spying is getting on my nerves. Looking to get more locked down, even though I have VPN4all (and use Hostman with MVPS hosts). I sure appreciate your input.
     
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    Well of course the best place to start is reading alot, but that is obvious for any new "toy". My suggestion is to have two OS's (at least) on your computer in separate partitions. One would be windows for your gaming needs and stuff you just don't care about "the world" knowing about. Sorry for the pun, but you know what I am trying to say there.

    See yourself using Windows as a gamer having lots of fun. Nothing wrong with that! Now you want to come here or just anywhere that maybe you feel like is YOUR business and not anyone else's. For that activity you shut down windows and then mount your linux OS. Its totally separate and if you are trying to be extra secure you can move /boot to a usb flash so that it isn't available when windows is running. BTW - /boot is used to mount linux, but it isn't needed after the linux system starts.

    To my mind it is imperative that you encrypt both operating systems so that there is NO cross talk possible. I use TrueCrypt to fully encrypt windows. While I trust TC I strongly suspect that any passwords I use while opening stuff in windows is being recorded somewhere on the system (by windows). I can't see it because many things are closed source encrypted. Call it a hunch. The only thing unencrypted on my drive is 512 bytes for the MBR. I monitor the MBR in linux when I boot my system. If even one byte changes I'll know it when I boot up and click my verification script.

    Just create maybe a 50-100 Gig partition on which to install Linux initially. Grab a common distro (Debian, Ubuntu, etc..) and use the installer to setup your system. You'll never get this perfect the first time you try it so don't worry about it. After a short time you will redo whatever you setup because you'll learn so much you will see numerous ways to improve what you have configured. Relax and have some fun.

    You still need to use common sense. Even if Linux is clean and secure (arguments to be made on both sides of the discussion), you still need to pay attention to the vpn, tor, whonix areas of connectivity.
     
  13. rocky01

    rocky01 Registered Member

    Joined:
    Mar 23, 2008
    Posts:
    10
    Even if one is just casually interested in privacy and security, these are good suggestions and a place to start.
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Thanks for the feedback.
     
  15. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I still like my good old reliable Mullvad & iVPN choices. PRQ in the past. I don't like how you can't seem to use Visa Gift Cards for overseas purchases now, unless anyone knows of any other gift cards that work? I can still use them when we go out and dine at Taco Bell... a 4 star luxury I'm rarely afforded ever since they survived the franchise wars. But can't seem to use them for VPN's anymore.
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I'm testing Freedome VPN right now and I must say I like it. A lot of servers to choose from and speeds are also great. After trailing I might just buy a subscription.
     
  17. Timok

    Timok Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    58
    Location:
    Germany
    of what speeds you are talking about - upstream / downstream 1 MBit 10 MBit 100 MBit?
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I have 4Mbit/512kbit connection speed. It is not affected by VPN. Can't say how it handles quicker connection.
     
  19. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    I think changes in the law forced many visa gift card companies to now enforce registration of name and addresses and then they activate your card before you can use it, so that option went dead pretty quick.

    Bitcoins which are made anonymous is still a top choice, if you can't try resellers or voucher codes if your provider allows it.

    Otherwise yeah I agree mullvad, bolevpn and air are all decent providers I still use mulvad myself after many years and never had any real issues.
     
  20. oblue

    oblue Registered Member

    Joined:
    Nov 13, 2010
    Posts:
    21
    Palancar, I am a bit confused about all these 'IDs'. Would you be kind to tell me what the difference is between the below:

    1. (physical) Machine ID,
    2. Motherboard ID,
    3. Computer name.

    Is it also possible to change the IDs to a different name or number?

    You mean mac address?
     
  21. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    I think:

    1. Physical/Machine ID is a combination of your hardware specs. I think it's possible to build an ID if that.
    2. Motherboard ID: Could be constructed over your Motherboard Serial number.
    3. Computer name: could be the "host" or "hostname" file. It's the name of your computer, it's useful when joining a LAN, for example.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I use Nordvpn. Many servers world wide, no logging, and it works very well. If I use local servers no speed degradation. Also a couple of the servers have no Reverse DNS which is also good.
     
  23. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402

    The post below yours answered this mostly.

    Speaking in generalities your computer has so many ID's that going online using a bare metal OS of any kind will still make it distinguishable to those looking for its certain characteristics. This is especially true if the machine is currently or has been used with a legal copy of Windows on it. At that point the machine's specific characteristics are known to M$ and they know YOU. Its simple math now to connect those "fingerprints/characteristics" to YOU even if you erase Windows and load Linux. A virtual machine allows you to fully escape that confinement. This could be a multi page post but I am not really going there. We have several threads around here detailing some of this.
     
  24. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    If I could make a little plug for external USB3 sticks and hard drives, this can be easier to manage than dual boot. It's possible to use LiveCD or have persistent operating systems on those external drives. @Palancar's advice on applying FDE to the main OS is important in those circumstances though (or even not having an internal drive as such). The nice thing about such things is that fast solid state memory has now got sufficiently cheap that you can use each one for a specific purpose, there is no risk of cross-contamination then (apart from the machine fingerprinting). Typical use for me is for online banking access, or password and certificate management/generation systems that never go on the internet.
     
  25. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    I have Mint on an SD card for one of my laptops. It is one of my more successful Linux installs. I partitioned the SD card with the first partition a Fat 32 partition that took up half of the card and put a Linux system partition and a swap partition on the other half. Speed is decent considering that the BIOS sees the card slot as a USB 2.0 drive. Windows just sees the Fat 32 partition.

    In the question of Windows VMs, I've found that activation is not always necessary and you will definitely be more anonymous without a unique product key in your system. Windows 7 and later will work without activation and what is disabled are desktop customizations. If you are using a Windows VM in seamless mode to run Windows apps on a Linux desktop, you will never be bothered by the activation nag or the inability to customize the desktop.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.