Public IP Swiss VPN

Discussion in 'privacy technology' started by markoman, Dec 15, 2008.

Thread Status:
Not open for further replies.
  1. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    I was looking at the Swiss VPN service, and in the FAQ I read:

    Will I get a public IP address when I connect to SwissVPN?
    Yes, you will receive a (dynamically assigned) public IP address for the duration of your connection to SwissVPN.


    Does this mean that, when I am connected to their VPN, I will be reachable from the internet through a public IP?

    Thank you.
     
  2. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    i guess it would depend on your firewall settings if you are to be "reachable"
     
  3. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Sure! :)
    What I wanted to be sure is that I am reachable from the Internet, meaning that I have a public IP assigned only to my machine.

    Anybody has any experience with this?
     
  4. emmpe

    emmpe Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    118
    Hi, I'm in the process of testing SwissVPN and yes, as long as your firewall allows it you'll be reachable. You can surf, run bittorrent clients and whatever - but sending mails with Outlook won't work (server authentication issue). Hot- or Gmail is ok, though. In case you're particular about your privacy you should also know that connection is unreliable. It may work for an hour and then suddenly it's down, and you'll be standing there naked for those sick sick ISP and government voyeurs to behold. Maybe there's a way to configure a total disconnection. I haven't bothered to find out, I'm just evaluating.
     
  5. badjoey

    badjoey Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    50
    hi instead of paying 5 dollars to swiss vpn for a lousy service you can just go www.relakks.com and get a free 30 day trial of the exact same service.its a pptp vpn and you will notice very little difference in speed from your normal internet connection.and your ip will be based out of sweden.
     
  6. fuzzylogic

    fuzzylogic Registered Member

    Joined:
    Mar 12, 2008
    Posts:
    149
    and get actually the same problem's. its just too unrealible for serious privacy, 1/2 it will crash on good days and better days a few hours, bad don't ask.
     
  7. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Ok thanks for the info.
    Would it be possible to have a server connect through swissVPN and have it reachable from the internet (even without a DNS... the ip will be sufficient)?
     
  8. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    Yes.
    You can even use dynDNS on most VPN-services that gives you
    a private IP !
     
  9. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    A public IP is not a private IP. It even says it is dynamically assigned (it changes).
     
  10. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    In this case "private" means that you do not share the IP with other
    users during the time you are connected to the VPN-service ..
     
  11. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I find this to be unlikely for a couple of reasons. First off, IPs are considered a scare resource. A network with tens of thousands of public IPs allocated is considered very wasteful, and expensive. It is unlikely you are getting a unique IP that nobody else is using. Secondly, you wouldn't want to. Unique IPs mean traffic can be attributed to a single user's session, which is anti-anonymity, as it is uniquely identifiable it can be attributed to a single user: you. This would make it easier for them to track you, naturally, but it doesn't really make sense.

     
  12. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    This would suggest otherwise, wouldn't it ?
    Unlike some of the other VPN-services you are not restricted to certain ports
    or need to perform port-forwarding .

    look pptp.relakks.com ... found
    Name : pptp.relakks.com (.COM | US Commercial)
    Address : 83.233.182.2
    83.233.183.2
    83.233.168.2
    83.233.169.2
    83.233.180.2
    83.233.181.2


    Information related to '83.233.168.0 - 83.233.169.255'

    inetnum: 83.233.168.0 - 83.233.169.255
    netname: TRYGGHETS-NET-SE
    descr: RELAKKS
    country: SE
    admin-c: LR683-RIPE
    tech-c: LR683-RIPE
    status: ASSIGNED PA
    mnt-by: LABS2-MNT
    source: RIPE # Filtered

    Information related to '83.233.180.0 - 83.233.181.255'

    inetnum: 83.233.180.0 - 83.233.181.255
    netname: TRYGGARE-NET-SE
    descr: RELAKKS
    country: SE
    admin-c: LR683-RIPE
    tech-c: LR683-RIPE
    status: ASSIGNED PA
    mnt-by: LABS2-MNT
    source: RIPE # Filtered

    etc etc ...

    Now, relakks may be a bit different from most other VPN-services, one reason being that it is
    operated by/in co-operation with a "normal" Swedish ISP . Services like "Hotspot Shield" are actually
    proxy-servers you connect to over a VPN and you are sharing the proxy-IP with other users while connected.
    I have tried pay-vpn's that work in the same way btw ..
    With relakks you are actually buying a pre-paid Swedish internet-connection with a dynamic IP,accessible over pptp,
    and you don't share that IP with others for the time you are logged on .
    True, this makes it possible to attribute traffic to a single user, if you are monitoring all the traffic at the VPN-provider .
    Sweden isn't some third-rate dictatorship,they still require formalities like "probable cause","search-warrants" etc
    so unless you are doing something really bad and despicable it shouldn't be any major concern .
     
    Last edited: Dec 26, 2008
  13. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    This appears to be 6 class C subnets, presuming the had the whole subnets, which is equivalent to ~1500 IPs. If that is an exclusive list, then they can't have more than ~1500 clients at a single time without sharing IPs.

    That would again be bad anonymity (it already was), inefficient resource usage, and now a limit of 1500 clients at a time.

    Additionally, are you aware Sweden is a data retention country? That means that all of the traffic is being logged. Since Relakks uses a simple 1-hop network, with no anonymity, on a data retention / data logging country, that is like putting a copy of all your traffic directly in the hands of the people you are trying to prevent from having it.
     
  14. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128


    steve is that not the same for your shadow vpn because is the Netherlands
    a data retention country aswell or am i mistaken
     
  15. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104

    Correct.
    If i'm not mistaken data retention will be active from 2009.

    It logs the context of data streams, so the:
    - who (source ip address)
    - to whom (destination address)
    - what (ports, tcp/udp)
    - time (length? / date/time)
     
  16. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Netherlands is a DR country. However, ShadowVPN is mixed with XeroBank exit traffic. So while ShadowVPN users go in and out through those nodes, XeroBank users go in elsewhere, get their traffic multiplexed, come across, and go out through the nodes too. So the ShadowVPN users get 1) enhanced crowding 2) enhanced mixing, and 3) origination obfuscation, which are properties a one-hop system doesn't get in a natural environment.
     
  17. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I think I recall data-retention being performed voluntarily since 2007 in Sweden, but I'll ask one of the lawyers who is up to what in Sweden.
     
  18. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128
    steve why do you chose data centres in places that have to data-retention why not use places that are harder to talk to like panama Russia
     
  19. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    It's all about what the customer wants.

    Data retention only works when all nodes are 1) in data retention jurisdictions, 2) multiplexing isn't being used 3) data retention is shared between jurisdictions for correlation.

    For XeroBank, we can pick a datacenter anywhere because we use good anonymity techniques that defeat data retention through a multi-hop networking. For single-hop systems like ShadowVPN, we can mix it with XeroBank exit node traffic and increase the size of the XeroBank network. This provides new exit nodes to XeroBank users and superior one-hop anonymous vpn at discount for ShadowVPN users.

    So we go into any datacenter and set up shop. And that is what we are up to. We've got a bunch of other services that will be rolling out this year.
     
  20. emmpe

    emmpe Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    118
    Data retention isn't implemented yet in Sweden but will be in 2009 (EU directive says March 15). What's worse: From January 1:st all in- and outgoing traffic is expected to be wiretapped by FRA, a kind of partial equivalent to NSA. Later on, in April, there will probably be legislation that gives private organisations and even individuals the right to obtain your details from your ISP if they can claim a case of copyright infringement. Note that the definition of "ISP" is very very vague here. Note also that while spying copyright warriors need a permit from a court, that permit is not equal to a proper court order, which only a prosecutor can obtain. Thus we end up with a specialised private police force with more powers than the real police. Therefore: Beware of Relakks or any other Swedish service! Switzerland, on the other hand, is definitely non DR
     
  21. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128

    so do you think that swiss vpn is a good bet then and they deffo dont leak dns also to steve if what emmpe is saying is right could you not have had a swiss data centre instead of netherlands
     
  22. emmpe

    emmpe Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    118
    You can depend on the bad guys being bad but you can't trust the good guys to be good. Corruption is ubiquitous in this world, and anyway Switzerland may give in to pressure (as was the case with their secret bank accounts, remember?).
     
  23. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I'm afraid that isn't entirely correct. Switzerland logs ALL email traffic going across it's borders. Expanding their DL/DR collection is of little negative consequence, and large positive intelligence consequence. They will surely do so eventually, if they don't secretly do so already.
     
  24. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I'm afraid this is incorrect too. SwissVPN uses PPTP. PPTP can leak any traffic going through it, especially in Windows environments, and absolutely on wireless connections. That means not only will DNS leak, but so will your routing, so it isn't going to be very anonymous. The reason services use it is that it is cheap, has low stress on servers, and is built in to the operating system. For this you are the one paying the price. :(
     
  25. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128

    ahh ok the reason i said no dns leaks because i tested here
    https://www.dns-oarc.net/oarc/services/dnsentropy
    and it said i was not so might have to think about changing to another vpn company
     
Loading...
Thread Status:
Not open for further replies.