Trusting a proxy

I have been shopping for a proxy. Gathered as much information about the options as possible. Tuff job because i don't know anyone personally who is a subscriber so everything is based on web searches and forum posts. Considered these mostly these ones:

Secure-Tunnel.com

They have been around for a few years and seem to be staying = not an overnight proxy that disappers and you're left with endless emails to support asking for your money back. Read good reviews and bad reviews about the service. Haven't read an awful one yet. Price isn't that bad either. They seem to have a good image. I don't think a service can have a good image if they don't reply back, don't issue refunds or provide tunnels that don't work. Being US based is a minus. Probably not a stellar choice for a hardcore anonymity seeker. Its more like a privacy service against your isp, malicious websites and good for wireless.

Perfect Privacy

A very good site with comprehensive faq section. Loads of servers around the world. You get them all with a years subscription both vpn and ssh. Same ip for all users to make possible tracking more difficult. A bargain price considering the volume of servers you get along with possible upgrades. (Not sure i would have the guts to even connect to a server in Iran but what an option to have. Imagine someone trying to track a posting made from that ip!) Are they trustworthy? Tough call. Haven't found bad reviews and they even posted replies to a german forum (a little transparency goes a long way).

Trilightzone

This is the one i'm most conflicted about. The services and options are very good. At least on paper. Pricing is good too. Didn't find many reviews. Only some user postings which i took with grain of salt. When i read that they might be partners with another site privacy.li i naturally had to search for that. Regulars on this forum need no introduction to them . Their sites are completely different so its possible they are not run by the same person. They have admitted to sharing servers which is critical: just the doubt that folks behind privacy.li might monitor my traffic is enough to send me running as far away from this service. A damn shame considering the options they offer

The reason why i have procrastinated with my decion is the question of trust. Anyone can set up a service like this and you are supposed to trust them? If someone i know would say "Yeah, used them for 2 years. Connections are excellent with good speed, never has shown my ip when tested and support always replies within 24 hours" then decisions like this would be much easier. I know that the best way to evaluate a proxy is to try it out. Many providers could exhibit some transparency beyond "we are a group of experienced IT professionals committed to your privacy" and therefore they would look less.. shady.

 

'I can only trust you as far as I can throw you', something you have heard your parents say a million times and something that applies here as well. It doesn't matter how good of a system you employ it will only be as trustworthy with how much information you give it. If you don't trust it then your not going to use it, even for daily news and browsing, however if you trust it then you'll use it more and be more open with the information you give. Most third party commercial products are pretty reliable and and will only reveal information if you do something pretty illegal with it or are browsing stuff that looks suspectious.

As for you choices, don't use trilightzone, secure-tunnel is pretty good for general purposes and prefect privacy its a top notch provider, through have a look at xerobank and crytohippie as well.

 

There lies one potential future problem. How will the service operators decide what looks suspicious? Many mention prohibited activities in their tos. Hacking, spamming, child porn etc. All of those i understand. What if a US operator blocks someone from doing research on islamic fanatics and secretly reports you to Homeland Security? Fortunately i have not heard about paid proxies logging and giving up information like this. But who knows. I'm in Europe and soon some kind of logging of all electronic communications will start (if it already hasn't like in the UK). It is truly the beginning of the end when/if paid proxies start to spy on you. From then on my google searches have to be conducted from a cyber cafe where i pay with cash, wear a hat and transparent latex gloves. Hell lets go with a fake beard too.

 

Many if not most already do. They consider it an axiom of privacy services that they have to log so they can monitor and show due diligence to their upstream providers. Single-hop proxy services in europe should all shut down. For example, JonDoNym? Still has a backdoor tracking system and all nodes require data retention. Relax? Single hop system where all traffic is logged. SwissVPN? 100% of email is all logged.

 

Wait a minute. Does this mean that US proxies are actually better choices for us in the old continent?

 

Another thing which bothers me. There is conflicting information about logging. This is from the anonymouse.org website's faq:

What happens when the data-retention directive of the EU is coming into effect? The directive applies only to internet- and telecommunications providers, but not to services like Anonymouse. That means that with Anonymouse, the internet can still be used anonymously.

 

This appears to be 100% false.

Anonymouse may not log their own data, but that is because their ISP/Datacenter does it automatically under the eu directive.

 

Only slightly. All US proxies I know about engage in logging, overtly or covertly. You're best off with a non-US/EU/UK multi-hop multi-jurisdictional network. Decentralized. Distributed. There are only two that exist in the whole world.

 

I'm guessing you refer to Xerobank and Cryptohippie. Don't they both have part of their servers in Germany and Netherlands? Both are EU members = logging. What if all your traffic is routed through nodes in those countries?

 

That is correct. They are multi-hop networks, so it doesn't matter. For example, if Germany logs, they use an entry node to Germany where they don't log (let's say Canada). That means the logging trail is broken, and when tried to reverse it, the trail goes back to another anonymized machine (Canada) that has no logs. So, you -> Canada -> Germany -> Internet. Germany is unable to figure you out because they can't bust Canada.

 

Aaaaahh. It finally registers with me! I have read about the advantage of multihop proxies including many of your earlier posts. Been thinking too much about encryption and such when it is a keep it simple stupid explanation.

 

Well the multi-hop thing once more.

Sorry Steve, but as somebody who read all the threads beginning in Torpark times let me ask you: What is the big deal with multi-hop services like Xerobank and Cryptohippie compared to a VPN-service like Perfect Privacy in comparison?

In the end there the difference is close to none.

Why?

Because PP lets you cascade there services, which works somewhat like this:

First you connect to one of their servers via OpenVPN. Second you start their (portable) programm Privacy SSH client and route your Browser or E-Mail traffic through a - SSH encrypted - connection to another proxy server. You may then - third - route through another proxy server very easily if you like.

And best of all: In all three stages you can freely choose the server/country you wish your data to travel to. The servers are located all around the world, in Hong Kong as well as Canada, USA, Australia, Russia, Switzerland, Germany, France, Netherlands, Liechtenstein, Panama and even Iran).

And no, I am simply a quite satisfied customer of PP.
As well as I am a quite satisfied customer of Xerobank btw.

Their service maybe a bit overpriced but offers at least one advantage over PP: The OpenVPN connection builds up without being asked for a password...

 

I hope you don't mind me asking this here....but since the discussion has been started here.....how is blacknet different from the regular multihop network?

 

Chaining proxies, instead of using a well-designed multihop network means you don't get:

Traffic Padding
Traffic Mixing
False Traffic Generation
Jurisdictionally Aware Routing
Cryptographic Termination
Watermark Protection
Fingerprint Protection
Channel Multiplexing
Cascade Splitting
Traffic Crowding
Crowding Optimization

If you chain the proxy yourself, you have virtually no control of the network properties, only node selection. You get two fancy tin cans connected by a piece of string. Most importantly, you don't get optimized crowding.

If you are chaining the proxies yourself, you aren't defeating any adversaries or providing greater protection than you could if you had a single hop proxy. It may lead a foolish person to say "they are behind another connection!" but your connection is very easy to spot, and unravel back to it's source, for the same adversaries who could defeat a single hop network. Why? the connection is simple and has no context protection (anonymity), only content protection (encryption). It is building a chain of weak links. The strength is not derived from the nodes or the number of nodes: Net flow tracing is easy through a million nodes. The strength is derived from the communication properties.

You've heard the court-room phrase "a man who represents himself has a fool for a client"? It's like that with chaining proxies. You can't do it yourself and gain an advantage if the network isn't already multi-hop designed with the above features.

The bottom line is: Either stick with a 1-hop proxy and defeat the most simple of adversaries, or use a well-designed multi-hop network and defeat all but the most advanced adversaries. Or use XeroBank Onyx Advanced (codenamed blacknet) and defeat all adversaries.

How is Onyx different than other multihops? For a multi-hop to be successful, it must have 2+ hops out of different jurisdictions. Onyx is an exotic network that is always 3+ hops, 550Mbps speeds, with additional features like chaff traffic, watermark and fingerprint protection, decentralized ownership and operation of all nodes, closed group routing for anonymous peer controlled VPNs inside Onyx, and it is the only network in the world that is immune to timing attacks (when using XeroBank CryptoRouters).

 

LOL! That was funny. Thanks for the explanation. I am definitely going to figure out a way to swing a subscription for blacknet.