Perfect Privacy location

Hi, can someone fill me in where Perfect Privacy is located? It seems to be based in Liechtenstein, which makes sense as the apparent owner speaks german, but the billing location is in New Zealand? That last bit confuses me.

On the topic, on other thing that surprises me are some of the locations of their servers. I see Iran, Israel, Hong Kong, etc... Aren't those locations nightmares when it comes to censorship and government wiretapping and SIGINT in general?

On a related note, is there a list somewhere of VPN-providers that are resellers and whom product they are reselling?

 

Yup. Heavy censorship and monitoring.

 

Klaus, having a server in Iran or Russia is actually quite safe. It is highly unlikely that western authorities would go to Tehran or Moscow to investigate. If you combine Tor and Perfect Privacy you will achieve "nearly impossible to locate" privacy & anonymity.

 

Wanna bet?

 

I think you're just trying to promote your own company. Tor + SSH makes it very hard for the exit node to inject malware as traffic is encrypted end-to-end. Only final destination or SSH provider (you personally, or cops if they raid your headquarters) are able to attack.

 

Leonid, don't confuse disagreement with anything else. Tor + SSH will not provide anything that is nearly impossible to locate. That is just a way to secure yourself against exit node injection. Netflow / Linkwidth analysis will reveal your location even if you are using the above two.

 

Thanx for the comments everyone. But it still leaves the first question open :-( (Location of Perfect Privacy, Liechtenstein or New Zealand)

 

Steve, as said before, I am far from being a computer scientist. However, I've been reading a lot about privacy & anonymity. It's not impossible but highly unlikely. Who can attack? VPN Headquarters, final destination, who else? And there are also legal issues related to taking over VPN.

 

New Zealand might serve merely as a mail drop. Liechtenstein is where they are registered. It is very difficult to say where their informal "offices" are located at. Probably a good thing. If they can't keep their affairs secret would you trust them to keep yours?

 

Iran would be horrible for censorship. To them, a woman in a bikini would be pornographic trash coming through their servers. Iran has also blocked access to YouTube.

Hong Kong is a special administrative region of China and therefore would not be subject to the the Great Firewall of China. It may be fine, for now.

Israel? Considering the Mossad and the IDF have their hands in everything, I would never trust information passing through Israeli servers.

I think they also offer Venezuelan servers. No problem there. Chavez may be a socialist and is close to Cuba, but he has kept opposition press, TV, etc. and has not messed with the Internet.

 

I'd say it more an elaborate chain of addresses so noone really knows where it is. which is good to see a privacy/anonymous service do, better than just some whois privacy service doing the job for them.

i think the point of having servers in Iran, Israel, etc is to create a series of proxy chains, that Prefect Privacy do more than just hint is what your suspose to do with them.

edit: the address points to this 'drop box' at http://www.privatebox.co.nz/contactus.php

 

The problem is if you are trying to access certain sites and have servers in Iran, even if just "passing through" to add to a chain, if it's censored, it doesn't go any further. That server can't pass along the URL to the next server. At least that's the way I understand censorship to work. Maybe Steve or somebody that works with this can correct me if I'm wrong. And I might be!

 

Netflow / Linkwidth analysis? Is that what I have seen you refer to as traffic analysis? So you are saying that tor can be tracked through some well established techniques now?

 

LinkWidth attack will work on any network without lag obfuscation. That includes every public and private anonymity network such as Tor, Perfect Privacy, Swiss VPN, Anonymizer, etc. There are only two networks in the world with lag obfuscation. I'll give you three guesses who they are.

 

Hmmmm. Xerobank and Cryptohippie?

So is this method one that any company could use? Or just someone like ATT? I am a little shocked that this can be done on such a large scale. Sheese!

 

Nope in practice, yes in theory. Companies don't have the necessary resources.

Nope, Near Global Passive Observer. Only a limited number of organizations have that capability. AT&T is involved in such schemes, but they can't pull it off on their own.

You shouldn't. Things like this were employed even before the Internet, but it doesn't affect normal people. You need to be really interesting for someone to use this against you.

 

Linkwidth attacks can be performed by any government agency or ISP or international telecommunications company. All it requires is IX access, and those groups can get such access. In some cases, because of the centralization of IXs, you need not even be such a large group, you could be a private entity. The entire country of Russia has only two IXs. Google, Yahoo, MSN, AT&T, IBM, Nokia, Verizon and others are known to engage in widescale internet surveillance.

 

I have a financial interest in as much as i advise them on how to run operations. I have no financial interest in CryptoHippie. I would recommend either of the services, as those are the only serious players on the planet. It is my personal pleasure that both services should succeed wildly and increase global communication security for consumers.

Sure, here is a comparison from the XeroBank Service Summary: