Picking 1st VPN service

Discussion in 'privacy technology' started by securitynoob79, Feb 10, 2013.

  1. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207

    For VPNgate I think it is 3 or more months. Not just 2 weeks.
    If you do not connect to vpngate through outside chain, this probably not good option for anonymity or pseudonymity. (Unless it is only option you have for such like Chinese Great Internet Wall.)

    The 2 weeks is for logging data stored on servers of volunteers who host part of the chain.
     
  2. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,245
    Location:
    Southern Rocky Mountains USA



    I just read the logging policy on the VPNgate site and these are just connection logs. What they are logging is the connection from client to VPN server. They are not logs of what you are accessing through the VPN. A lot of commercial VPNs keep connection logs as well. The connection you make to a VPN can be logged at the ISP level as well so you will have to trust your ISP as well as VPN provider because all of the information in these logs could be logged and read by your ISP too. Your ISP wouldn't be able to read the encrypted traffic but it would be able to know that you connected to the VPN server and how much bandwidth that connection consumed during a given amount of time. This would be no different for a commercial VPN service.

    It is not just a question of logging but who can access the logs. The logs are still far away on a computer in a foreign jurisdiction that would take some serious legal action to get at. For torrenting and avoiding copyright trolls, which is one of the major reasons VPNs are so popular these days, the barrier is more than enough and VPNgate would be a great 1st VPN service. If you have reason to fear serious legal persecution on the part of a government or powerful corporation with money and resources, it wouldn't be.
     
  3. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Any informations about IronSocket?
    I do not find anything at Wilders by searching.
    Apparently previous name was HideMyNet.com, say TechDirt article. But now rebranded.
    When in the old name, they seem maybe had problems with what the rep told some people. Wrong facts about US DMCA law (or gave confused infos).

    However, more recent privacy policy is maybe little better, but is a little confusing.
    One section say this
    Another section say this
    At the link page ('HERE') there is list of countries where they have servers. How long they say they keep data on connections is different at different countries. Example: activity logs Data Retention Period in Argentina 0 days for incoming and for outgoing VPN activity. But in Germany, data retention is 0 days for incoming VPN but 30 days for outgoing VPN activity.
    https://ironsocket.com/data-retention

    It seem there is large enough room in such descriptions for lot of connection logging.
    'We may' could mean 'we always'. Or could mean 'we only in certain countries'.
    '0 days' could mean 23 hours.

    But positive: not too expensive and accept bitcoins and gift cards.
     
  4. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Some commercial VPNs say they log connections, yes. But others at least claim they do not even log individual users connections (see TorrentFreak survey from few months back) - or if they do log them, delete them very quickly (means hours or just few days, like 1 day).
    I mean to say that because vpngate does do logging and keeps logs, even if connection logs, for 3+ months, then if you want to improve your anonymity or pseudonymity, probably there are better choices.
     
  5. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,245
    Location:
    Southern Rocky Mountains USA
    There are aways choices. No packet logging is much more important than connection logging. The connection logs of VPNgate will be huge and not likely to give much information of interest to an outside party in most circumstances. When I think about it, a VPN can give you privacy but not necessarily anonymity. You don't want your VPN provider to keep logs of what you are doing at the exit node. Ideally, your data stream should be mixed with all the other client connections and there should be no way to know what client at the entry node connected to what site at the exit node. Those are logs I would worry about. If you want anonymity, TOR added to a VPN is much better but you will still have to be careful about what you do online and what information you give out.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    SecurityKISS wants to minimize resource use, I suspect.
     
  7. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,245
    Location:
    Southern Rocky Mountains USA
    Ok, here is real world example of copyright trolling in a court battle and what a VPN can protect you from.

    http://torrentfreak.com/comcast-mus...ings-with-copyright-troll-court-rules-140627/

    This particular copyright troll has a real bad reputation. They actually seed their copyrighted material and temp the innocent to download pirate copies of of content which is really vile. When they can trace it through an IP to a real person, whether that person had anything to do with it or not, they threaten lawsuits that could be so embarrassing and costly that many of the victims just end up paying the amount demanded to settle out of court. The words for this are "entrapment" and "extortion".

    An IP in Japan, Norway, France or anywhere outside the US would stop these people dead in their tracks. They wouldn't even look at it because it would be to difficult costly to persecute anyone outside their own jurisdiction, the US. VPNgate or any paid VPN based outside the US would be a good choice to protect you from this particular threat and others like it.


    Here is an interesting thread from the VPNgate forum which is answered by the Softether author himself.

    http://forum.vpngate.net/viewtopic.php?f=11&t=3177

    This is interesting because they are now randomizing certificates for each instance which makes the entry node more difficult to profile. This says that the great firewall of China is profiling entry node traffic to VPNs and once they have a signature, they can block access to that node. So VPNgate is actually really advanced in masking entry mode identity but at the same time, they are logging all connections and doing statistical analysis on it and maintaining a central log of all VPNgate server connections. Their terms of service are actually pretty straight forward: They don't want you doing anything illegal with the service even though most of the political dissident use will be considered illegal in the countries it originates from. There is also no real way they can enforce this because they have no means of disconnecting someone for violating the TOS. They will cooperate with law enforcement but for that to happen, I think it would have to involve terrorism or real serious crime. In that case, all they could give them from the logs is connection data and amount of bandwidth consumed .

    To sum it up, in addition to having a VPN you can trust, you also need an ISP you can trust. The entry node to your VPN is through your ISP. Your ISP can keep lots of data that can, at the very least, prove you are using a VPN and how much bandwidth passes through the VPN connection. Verizon is doing much more than this and is keeping data on customers suspected of copyright violation and its internal privacy policy on this data is being overridden by court order. Verizon is being compelled to give this information and they are opposing it and there is a good chance this ruling will be overturned on appeal but it would be better to have an ISP that didn't keep this kind of information at all. VPNgate is interesting because it is actually trying to mask the entry node and that is very much a weak point in the VPN chain.
     
  8. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    This post of CasperFace is more than 1 year old, so maybe those thing that were true then are different.

    TorGuard website claim they do not log, same they told TorrentFreak for the 2014 survey.
    Also, you can pay with bitcoins.

    http://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/

    https://torguard.net/faq.php

    So maybe worth considering trial of TorGuard.

    However, on the negative:
    (1) I am seeing a lot of negative comments about TorGuard customer service from users in different board posts. Several posts claim seem like TorGuard is a garage operation run by one or two people, not really professional.

    Just one example, this Julye 2013 post in the Comments section from someone claim to be TorGuard is very unprofessional:
    ' “Couldn’t get it working” ? 30GB+ of usage in under 5 days sure sounds like it was working. It is because of this reason, and the fact your an ass, that your refund was denied.'
    https://www.bestvpn.com/blog/3645/torguard-review/


    (2) When order service, even you can pay with bitcoins, TorGuard still ask for user's name, address and phone number. And ask for payment using the user's real IP address ('Please, use your real IP address if it's possible as we do not accept orders from Proxy or VPN IP.')
    If customer pay with bitcoins and TorGuard really value anonymity, why do they need so many detail and insist on using customers own IP address for order?
    All TorGuard should need is users email and bitcoins. If necessary, let customers who buy anonymously know they may be giving up option of refund if they do not provide more personal details.

    (3) TorGuard advertise high level of encryption, but reviews say actual level provided maybe not so high as advertised, or at least not consistently. This is somewhat misleading.
    http://www.reddit.com/r/VPN/comments/1iigzf/vpn_name_and_shame_part_1_torguard_vpn/
    https://www.bestvpn.com/blog/3645/torguard-review/

    So seem like maybe could be good service but a number of issues to fix. And need better customer support.
     
  9. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Another question for TorGuard.

    They say
    If it is true, then how is their refund policy possible?:

    How does TorGuard know if an account have exceeded 10GB in download volume if there truly is NO logging?
     
  10. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,245
    Location:
    Southern Rocky Mountains USA
    Here is another real world example:

    http://torrentfreak.com/140-u-s-internet-providers-disconnect-persistent-pirates-140705/

    You do need an ISP you can trust as well as a VPN you can trust. Even if your VPN doesn't know you used 10gb of bandwidth over the last few days, your ISP will even if it's encrypted. A VPN would save you from having your ISP or a 3rd party through your ISP from snooping on what you were downloading but they would still know how much traffic you were using.
     
  11. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Is there a list here at Wilders of level of encryption different VPN companies are using?

    What is bolehvpn using now? 1 or 2 year ago they said they were happy to use only blowfish 128.
    AirVPN say now using AES 256 (more detail: 4096 bit RSA keys size, AES-256-CBC Data Channel, HMAC SHA1 Control Channel).
    What about ivpn?
     
  12. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    Don't know about any list posted on Wilders of VPN companies strength of encryption.

    BolehVPN uses AES 128-bit SSL (configuration options - proxied, fully routed, surfing/streaming, TCP Server)
    and AES 256-bit SSL (configuration - xCloak)

    IVPN uses AES-256 with 2048-bit RSA keys.
     
  13. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Was going to trial Astrill VPN but even to get a 7 day test they require your name, address and mobile number which leads one to go insane!
     
  14. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
  15. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,245
    Location:
    Southern Rocky Mountains USA
    It depends on what you intend to use the VPN for and the degree of privacy/anonymity you need. The 5 best VPNs recommended by Torrenfreak apply to just that, torrenting. For that purpose, PIA is a good choice. So are many other VPNs. I don't think the NSA is interested in copyright violators. The US actually does have a very free and uncensored internet compared to many countries so, if you are mainly interested in bypassing censorship of any kind, it is also a good choice. I personally find censorship like the Piratebay blocking in the UK pretty silly and, ultimately, a total waste of public money and resources so I'm glad I don't live in a country that engages in that sort of censorship.
     
  16. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Max Privacy as always especially for the paranoid at heart :)

    I find it interesting how it often gets well reviewed and mentioned on here I think its the cheaper prices and fact you can use multiple devices perhaps.

    Either that or people are using it as one of their VPN chains !
     
  17. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    Yes, when you consider several important privacy conditions, you find you are left with just very few good choices.
    So many VPN companies, but only very few really good choices out of all of them.
     
  18. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,245
    Location:
    Southern Rocky Mountains USA
    Another factor that causes PIA to get good reviews is bandwidth. For the amount you pay, you get good bandwidth. Like I said, for torrenting, it is a good choice.
     
  19. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Yup looking into bole atm, I tried mulvad a very long time ago but not the best speeds really but europe based so feel much safer then anything with US at least.
     
  20. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Yes that is very true the bandwith is very good always hear people max out their speeds very easily as much as I wish to try them anything that comes out of a surveillance state am not sure could be safe at all.
     
  21. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,362
    Location:
    Oz
    They have to have some kind of account code to identify a subscription and how long it is good for. So the person with a login and password for an active account gets to use the service for a certain period of time. That doesn't mean that the servers are logging and storing IP addresses and DNS requests.
     
  22. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Odd question but wanted to ask you guys how you feel about bitcoin and dodgecoin and other virtual cash systems which you can pay for these VPN providers.

    I noticed many of these bitcoin and dodgecoin sites require you to enable 2 way authentication via an google app called google authenticator.

    This allows you to be more secure but at same time surely provides google your potential information ie what VPN you just paid for etc ?
     
  23. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,245
    Location:
    Southern Rocky Mountains USA
    Safety is relative. PIA is enough to keep the copyright trolls at bay but not necessarily the NSA. VPNs can give you relative privacy but not total anonymity. TOR plus a VPN is better for that but even if your technology is good, you still can make a stupid mistake. Human weakness and error has aways been a good way to get information that is hidden.

    The irony of the US being a surveillance state but not a censorship state amuses me. The US also doesn't have mandatory data retention laws which is good for a VPN. It is always best to use a VPN outside one's own jurisdiction because that complicates any legal maneuver to get access to whatever information the VPN provider has. Cross country legal cases are extremely expensive so anything less than a government or large corporation isn't likely to have the financial resources to do so.
     
  24. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    thanks good info but for now ill try others in europe etc
     
  25. buckslayr

    buckslayr Registered Member

    Joined:
    Jun 1, 2009
    Posts:
    484
    Location:
    Michigan, USA
    Just bought a license for spotflux premium. So far I really like it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.