What Questions Should You Ask A VPN Service?

Discussion in 'privacy technology' started by DasFox, May 12, 2011.

Thread Status:
Not open for further replies.
  1. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Since Wilders has a lot of discussions going on over VPN services I thought it only appropriate to have a post discussing what questions one might ask before signing up with a VPN service.

    I've seen a lot of people sign up with VPN providers that have some really sad and shady looking sites, but even a good pro at scamming can really put up a good site too. I see a lot of people trust these sites just because they have a web presence and a few reviews floating around on the internet.

    I'd love to take Mr. Steve who we all know as a VPN professional and place him in the spotlight, sorry Steve, because I can't think of anyone more qualified to help us through this process.

    So Steve, I hope you'll jump on this post and tell us in your professional opinion and experience, what questions should a person ask and what things might they look out for when picking and choosing a VPN provider.


    THANKS
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Wow okay. Off the top of my head...

    Service
    0. Is the service anonymous or just pseudonymous?
    1. What anonymity technologies are employed?
    2. What transfer limits are there?
    3. How many concurrent connections are allowed per account?
    4. How many hops are there in a vpn connection?
    5. What operating systems are supported?
    6. Are smartphones supported?
    7. How do you cancel service?
    8. What exit countries are offered?
    9. what vpn protocols are offered?
    10. What makes your vpn service unique or better than others?
    11. What port speed is your server on?
    12. What is the maximum throughput rate?
    13. Where are your servers?

    Security
    0. How are servers protected?
    1. How is the communication protected?
    2. Are their servers encrypted?
    3. Are the communications encrypted?
    4. Do they have key exchange?
    5. Is the communication protected by perfect forward secrecy?
    6. how frequently do you update your servers?
    7. do you have any real security experts on staff? if so, who?
    8. From whom can the VPN provider protect against?
    9. Is port forwarding allowed? (bad)
    10. Are they running their network on VPS/cloud servers? (bad)
    11. What makes your vpn security better than others?
    12. Can you protect against government surveillance?
    13. How often do you switch encryption keys on the stream?
    14. What is your corporate structure?

    Policies
    0. Refund policy?
    1. Privacy policy?
    2. How long have you been in business?
    3. What security experts designed your network?
    4. Why should I trust you?
    5. Who is behind your corporation?
    6. Do you log? If so, what do you log and for how long?
    7. Where are you incorporated?
    8. What information do you have about your customers?
    9. Who administers your servers?
    10. Who has access to your servers?
    11. How are abuse complaints handled?
    12. How are subpoenas handled?
    13. How are law enforcement requests handled?
    14. Have you ever cooperated with law enforcement?
    15. Has any customer identity or traffic ever been compromised?
    16. Do you inform your clients if a subpoena for their information is served?
     
  3. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    WOW this is way more then I expected, so I'd be surprised if you could a quarter of these questions answered, because with my experience in the past when I have personally asked a quarter of this, I have gotten no reply back...

    Steve some of these questions definitely go beyond the technical understanding of most people so if you could please be so kind, where I asked, to go back and edit in a short description of what these are, that would be great!

    THANKS
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    99.9% of vpns claiming anonymity are not actually anonymous but pseudonymous. Pseudonymous means you are uniquely identifiable, but not expressly named. Anonymous means you are not unique identifiable. For example, iPredator or Relakks give you a unique IP address that nobody else but you uses. This is not anonymous, and makes you uniquely identifiable as the only person using that IP at that time. However, that IP does not express your real identity, thus it is pseudonymous but not anonymous. Pseudonymity is the weakest form of identity protection, it is the "fools gold" of anonymity claims.

    Crowding. Multiplexing. Latency normalization. Traffic Splitting / Mixing. Really technical stuff to be honest.

    ex: XeroBank used to offer 75GB/month of multihop traffic. We now do it unlimited.

    It allows you to share your account or have multiple machines using the same account.

    Depends on what you want and the network design and what is going on. Most VPNs are single-hop pseudonymous traffic aggregators. XB3 was a 2-hop multiplex crowded anonymous network. XB4 (Clarion) is a 3-hop ultra-high crowded anonymous network. Tor is a 3-hop low-crowded onion routing anonymous network. If you just want to send spam or do stuff without your ISP finding out, pseudonymity is fine. If you want protection from moderate or higher surveillance and privacy attacks, anonymity is needed.

    Depends to some people. It is good for circumventing blocking or censorship if you're in a blocked country and want to watch Hulu or read a newspaper. For others, they feel that having a specific exit country that isn't competent or friendly with the US is good because their anonymity is not strong. Truly it doesn't matter much if you have a real anonymity network unless you are trying to appear to be somewhere you aren't.

    OpenVPN + Key Exchange, L2TP/IPSec + IKE, IPSec + IKE, or Cisco VPN. Do not use PPTP unless it is PPTP/IPSec or the only option (like a phone).

    The nodes you connect to are ultimately limited in bandwidth by their port speed as their bottleneck. 10Mbps and 100Mbps are the most common. 1Gbps or higher is relatively rare. Having 1000 users on a 100Mbps line means if everyone is using it, you can't get more than 100Kbps in speed. So when services offer "unlimited" service, are they offering you true unlimited access to a fat pipe or are you drinking from a tiny spigot?

    Anonymity depends on making traffic conform. If everyone in the network has only say 5Mbps of speed, but one guy has 200Mbps of speed, then his traffic is easy to see as unique, and thus not anonymous. So some level of capping or traffic queuing is needed to make his traffic conform. On XB3, we had 100 Mbps burstable with 8 Mbps sustained throughput. On XB4 we have 1000 Mbps burstable with I think 50 Mbps sustained throughput possible.

    It is part of the big picture. If the service is incorporated, administered, operated, and located in the same location, that is very bad for anonymity and makes the service extremely vulnerable to government interference and influence.

    Physical protection. Electronic protection. Security designs. Are the servers tamper evident? Are they notified of all login attempts? How are the encryption keys protected? What OS? Updated how often? Defense in depth? Military, ISO, or other security specifications or best-practices?

    Or more likely... is it just the default OS that the datacenter loaded onto the machine, giving the datacenter monitoring capabilities and full access to the machine and all user traffic.

    Content or context protection, like crypto or any anonymity technologies. ex: encryption, authentication, verification/certificates, traffic mixing, firewalls, etc. This ranges the gamut of the traffic stream from the connection protocol to the network itself.

    Ask them, and ask them specifics. You would look for LUKS (AES) or something more.

    AES-128 or blowfish, possibly avoid AES-256 and anything below 128 bits.

    It is how you negotiate the encryption. Crypto without using keys is just encoding. Username & Password is bad bad bad bad.

    NOT having Perfect Forward Secrecy means that if someone captured your encrypted stream (like US or EU citizens), and later captured the username/password or your providers encryption secret, all your activities could later be decrypted back into plaintext. You want a provider who gives the advantage of PFS.

    Monthly at least for software updates. Daily for security updates.

    It takes a security expert to know if your network is 0) secure 1) under attack, and 2) compromised. If your VPN service doesn't have security experts, they don't know when they've been hacked! XeroBank now repels 60 million attacks per month, with many being very sophisticated or 0-day attacks that won't show up to a firewall or security analyzer. If your VPN provider doesn't have serious world-class security experts, you should consider them hacked / compromised.

    If they do have them, they should be able to disclose the identity of them so we can find out if the are respected and legit or a joke.

    Ex: XeroBank protects from local adversaries, network admins, ISPs, hackers, domestic surveillance, and international surveillance.

    Port forwarding allows an adversary to attack your computer or exploit torrent protocols to expose your identity. It also means that surveillance can send you watermarked traffic and trace it all the way back to you by watching where it goes.

    Big question. Simple answer: Cloud means you are giving up control to someone else. You give up your traffic control to your VPN provider. Your VPN provider is giving up control to the datacenter or cloud provider. So really, your VPN provider, if using a cloud or virtualized servers, has no integrity in their security. They can make all the promises in the world, but they gave up control already to the datacenter. It also makes it impossible to use for anonymity, because the memory and processes (including the security, crypto, and traffic streams) are all much more easily hijacked and viewed. If the provider isn't running the VPN on bare metal, it is weakly protected. Cloud is very anti-privacy technology.

    Do they do something amazing? Are they advancing the art of security or anonymity? Are they applying security practices across their entire infrastructure? Physical security like on-site staff with automatic rifles incase someone doesn't respect their property?

    They will have to explain what they are doing. There isn't just one way to do this.

    Encrypted communications streams are only as strong as the keys protecting it. If a key is compromised, so is the encryption. On an encrypted stream, the encryption keys are renegotiated every x minutes or hours. This means if one crypto key is cracked, then a new one gets negotiated. The end result is that it makes it very costly in resources for an attacker. Most systems don't need to negotiate any more frequently than 24 hours. XeroBank does key renegotiation every 10 minutes or so.

    V for VPN. I think this was just a kid trying to sell VPNs and got some good attention. no corporate structure = no protection, legal or otherwise. CryptoCloud had a US corp i think, but can't protect any stronger than a US corp can fend off a subpoena. CryptoHippie, on the other hand, has their operations segmented across multiple corporations in multiple countries. This provides very strong protection against surveillance societies and influence attempts.

    See above. If you are just a single corp, then you have no protection from the government where you are incorporated. If you are splitting across multiple corps, you have put your customer's eggs in multiple baskets.

    Compliance capabilities are a result of good or bad legal and security structures.

    For users:

    The bad reply: "We fully cooperate with all requests from law enforcement agencies." (ex: If you have nothing to hide, you have nothing to fear.)
    The OK reply: "We inform our customers that we've been served with a subpoena so they can object if the want to." (Twitter)
    The good reply: "We vigorously challenge all subpoenas"
    The best reply: "We are unable to comply with subpoenas because of xyz."

    See above for some good responses.

    Hushmail: Yes, we have and we will continue to do so. etc etc
    ThePirateBay: No, we laugh at them and post their demands online.

    You're looking for one answer: "YES"
     
    Last edited: May 13, 2011
  5. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    Thanks a lot Steve this is some pretty heavy information, good to know, now the big problem besides you, who else can we find to feel these big shoes? ;)


    THANKS
     
  6. nix

    nix Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    257
    Location:
    Miami
    You should be the expert by now, especially after that excellent tutorial. Maybe you can tell us.
     
  7. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Crowding users to the IP space is a contributing factor of anonymity, yes.

    You are mostly depending on reputation, but they should tell you exactly what technology or techniques they use, and should not be shy about it because it is something to be proud of. If they aren't mentioning it, they probably don't have it.

    It means how much you can upload/download through the service. AT&T internet now introduced 150GB caps via the ISP, users will soon enough learn about transfer limits.

    A VPN is a connection protocol used as a solution which can be applied to many problems or concerns. If the user wants:

    1. Privacy/Pseudonymity: 1-hop will do. But you are only shifting trusting your ISP to trusting your VPN service.
    2. Anonymity: 2-hops minimum, depends on the network design and your performance requirements.

    That is an outdated way of thinking. If it is an anonymity network, the entry country is not the same as the exit country. If it is just privacy or pseudonymity, then yes, it is a 1-hop design, and the entry node is the same as the exit node.

    Yes. And for smartphones, use only L2TP/IPSec or PPTP/IPSec.

    No. 10Mbps can only serve a few clients before becoming congested. Minimum should be 100Mbps. Look for 1Gbps or higher.

    Being that there are only about 5 publicly accessible anonymity networks in the world, I would say it is open to interpretation. If it is only a pseudonymous VPN, you want to be able to max out your internet bandwidth. More importantly, though, is latency. Latency is truly what is the speed of a network, bandwidth only tells you how many lanes on the highway. What you want is the lowest latency, which in turn is the fastest responsiveness. This means webpages load instantly just like you were surfing without the VPN.

    Yes.

    If you're getting a vpn for security, they better be able to tell you about it extensively. If they can't, it probably isn't secure. Security is a process, not a state. So if they are secure, they have a process and method.

    Security should be transparent, and if the company claiming security isn't transparent about their security, it casts reasonable doubt on their claims.

    If the company is claiming anonymity, they better be amazing security experts with histories of talks, works, or publications. You'll know a security expert by the fruit of their tree.

    Now why do you think that is? It's so hard to tell a lemon from legit, it's no wonder you have a million new vpn providers every day. Even datacenters themselves are all now offering vpns (Relakks) because so many people just buy a server or cloudserver and setup a "secure" vpn service (iPred). If it is legit, they will be proud to tell you who is working with them, whether it is the security expert themselves, or someone with a reputation in infosec.

    That doesn't mean they have to disclose the identities of their staff, but they do have to demonstrate there is at least someone there with expert skill or reputation, otherwise why should you trust them at all versus your ISP?


    Ex: XeroBank protects from local adversaries, network admins, ISPs, hackers, domestic surveillance, and international surveillance.


    Port forwarding allows an adversary to attack your computer or exploit torrent protocols to expose your identity. It also means that surveillance can send you watermarked traffic and trace it all the way back to you by watching where it goes.

    NW-DC.jpg
    Poor trigger control, what can i tell you?

    VPNs are where people go to hide, protect, or for peace of mind. This makes a very attractive target for government and hackers. This is why Tor Project is nervous every August, because that is when all the new tor exploits come out for Defcon and Blackhat hacker conferences. They at least know they are the target because they are the most publicly visible.

    The problem with VPN services in general is that they are smaller, and no news is good news to them. Surveillance and advanced hacking are generally invisible, as a bonus. If you aren't meticulously looking for it, you won't see it happening. It is a revolving door of don't ask / don't tell, just keep cashing the checks until they get caught/hacked (ex: Dropbox, Privacy.li, etc).

    Real security is rare, extremely difficult to develop and maintain, and very expensive. Advertising is cheap, and the consumer is the one who gets short-changed because an insecure service is indistinguishable from a secure one, and often even faster and always cheaper.

    I see this as two things: 1) a deterrant statement saying "don't use our service for crime", and 2) we don't keep logs but we can be forced to.

    Sounds good there.
     
  8. nix

    nix Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    257
    Location:
    Miami
    Regardless of which way you go, das Fox, this kind of rigorous exchange is pretty instructive. At least for me. I suppose we have your insatiable curiosity to thank for that.
     
  9. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    Well I'm still feeling out the VPNs, it's not easy to find one that answers all this...






    Thanks Steve this is great, now why I do get the feeling I'm going to have one HECK of a time getting these questions answered, LOL...

    I think we're all just going to have to sign up with Steve since he at least has the guns... :)





    Well I realized in a very short amount of time that most of these so called VPNs out there a just a bunch of BS, so I realized people needed to see some real answers to what they need to look for, those that want a real VPN....


    THANKS
     
    Last edited: May 15, 2011
  10. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    cut the story short......
    i intend to subscribe to 1...

    can list down your vpn recommendations?
     
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    View attachment 227043
    Your server security leaves room for improvement.
    If your going to use an AR-15 it should at least have an Armatac Saw-Mag.
    Server security could be improved by utilizing the MPS AA-12 / 32 rounds drum, 12 gauge titanium shot + 20 rounds drum, Frag-12 Fragmentation rounds.

    Remote administration security is availailable with the Hammer H2X-40 Turret System.
     
  12. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Everyone knows that Hammer H2X-40 is not enough firepower to deal with the multiple T-100s we encounter. Not to mention, remote administration is unneeded human intelligence resources when we can autoprogram motion-detecting sentries http://www.youtube.com/watch?v=RxBa5bQfTGc with NATO carbines. Let's call is "screensaver mode".
     
    Last edited by a moderator: May 17, 2011
  13. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    For starters you're being rude jumping into someone's post and tell then to cut it short and second this isn't a recommendation thread, please show some forum respect.

    This post is related to weeding out VPNs by the questions you ask to see how legit they are.

    There happens to be a post I made that is more appropriate to look for recommendations;

    https://www.wilderssecurity.com/showthread.php?t=285780
     
  14. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    So far I have been asking some of these questions and a few VPN providers have not replied so I'd stay away from them if they can't simply answer a few of these questions.

    Here are some VPN providers that have not replied:

    Mullvad
    Darknet VPN
    VPNTunnel

    Here was a reply back from Portlane in regards to Anonine;

    Hello!

    I am not even going to start answer all those condescending questions you have stated. Who do you think you are and who do you think we are? Portlane is a big well respected ISP in Sweden and if you dont think we know what we are doing then why bother?


    Med vänliga hälsningar / Best regards,
    --
    Christopher Segerberg
    Sales Manager

    Mind you know this is from a Manager in a company replying back in this manner, highly unprofessional! :thumbd:

    So Christopher Segerberg a manager at Portlane seems to have respect and knowledge confused because there are many respected companies around the world but that doesn't make them all knowing or with great knowledge...

    I have also asked these VPN questions; (But the questions I asked were very general and brief not relating to this topic and none of them replied to just some general questions so I'd stay away since they can't even answer a few simple questions about their business).

    Anonyproz
    Ipredator
    PRQ

    ======================

    Here is what appears to be one of the best FAQs I have seen, but then they mention port forwarding that Steve says as bad, so that makes me wonder;


    https://www.perfect-privacy.com/faq.html

    Steve I also thought that at Top Secret levels of information this requires 192 or 256 key lengths? I've never heard anyone suggest AES-128 over 256 before until now...

    THANKS
     
    Last edited: May 18, 2011
  15. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Here is a reply from HMA. :D

    Thank you for taking interest in our product. This is long list of
    questions, but we will try to answer.

    1. > Is the service anonymous or just pseudonymous?
    For a short period of time - call it pseudonymous as you are getting real
    public IP from our pools at your exclusive use for the time of the session,
    not NATed, all incoming traffic allowed. Though you can change IP address as
    frequently as you want, even every second if you manage to authenticate the
    session that quickly.

    2. > What anonymity technologies are employed? How is the communication
    protected? Are your servers encrypted?
    OpenVPN is using 128bit Blowfish, PPTP is using 128bit MPPE, we are also
    about to launch L2TP/IPSec and OpenVPN 320bit Blowfish-encrypted.

    3. > What transfer limits are there?
    No limit.

    4. > How many concurrent connections are allowed per account?
    As per our policy maximum of 2 concurrent sessions are allowed.

    5. > How many hops are there in a vpn connection?
    Single hop, see 1)

    6. > What operating systems are supported?
    Windows XP, Vista, 7, 2k3, 2k8, WM, Linux, Mac, Android, iOS, numerous
    routers(including DD-WRT flashed), etc

    7. > Are smartphones supported?
    Yes, Android, WM and iPhone

    8. > How do you cancel service?
    We offer a 30 days money back guarantee, in any case if you're not satisfied
    with our service, we will refund your payment in full.

    9.> What exit countries are offered? Where are your servers?
    For the up-to-date list of countries and servers, please go to this link:
    http://hidemyass.com/vpn/servers/

    10. > What vpn protocols are offered?
    OpenVPN and PPTP. Launching L2TP soon.

    11. > What makes your vpn service unique or better than others?
    For pricing starting at $6.55 per month you will gain access to 120 servers
    in 27 countries with over 12,000 IP addresses, more than any other provider.
    We do not package VPN servers into different payment plans, rather you
    simply pay one price and you'll gain access to everything. We also have the
    most advanced custom built VPN software on the market.

    12. > What port speed is your server on?
    Most servers are 1000mbit, where it's not possible they are 100mbit.

    13. > What is the maximum throughput rate?
    No limit. Personally I have seen 320mbps on practice.

    14. > How are servers protected?
    All servers have root password consisting of 101 characters, 22 of which are
    numbers, 37 are lower case, 41 are upper case and the rest are symbols. If
    seriously - it's a lol question, I don't think you really expect us to
    describe our protection techniques and I won't even dare to ask our security
    department to do so.

    15. > Are the communications encrypted?
    Dupe. See 2)

    16. > Do you have key exchange? ex. Diffie-Hellman Key Exchange.
    For OpenVPN - data channel keys are negotiated over TLS encrypted control
    channel.

    17. > Is the communication protected by perfect forward secrecy?
    Our L2TP servers have PFS enabled, they are about to become public soon.

    18. > How frequently do you update your servers?
    Do you mean server list? We add new servers weekly.
    Or do you mean like security updates? Immediately when available then.

    19. > Do you have any real security experts on staff? if so, who?
    Don't expect to see Krebs here, though we do employ
    some former (hopefully) hackers.

    20. > From whom can the VPN provider protect against?
    From anyone who would be prying on your network.

    21. > Is port forwarding allowed?
    Port forwarding from where? We do not NAT.

    22. > Are you running your network on VPS/cloud servers?
    No, all our VPN nodes are physical servers.

    23. > What makes your vpn security better than others?
    We do take care about security of our servers and our clients.

    24. > Can you protect against government surveillance?
    Yes, absolutely.

    25. > How often do you switch encryption keys on the stream?
    Once per 60 minutes

    26. > How is your corporation structured? Is it a single corporation in
    one jurisdiction?
    It is a Private Limited company. Wholly owned.

    27. > Where are you incorporated?
    We are in UK.

    28. > What is your refund policy?
    Please refer to:
    http://vpn.hidemyass.com/vpncontrol/refund-cancellation-policy.html

    29. > Privacy policy?
    http://vpn.hidemyass.com/vpncontrol/legal.html

    30. > How long have you been in business?
    Since 2005.

    31. > What security experts designed your network?
    see 19)

    32. > Why should I trust you?
    Because we're in the business since 2005 and is now one of the best VPN
    provider.

    33. > Who is behind your corporation?
    Like I said, no 3rd parties. We are wholly owned.

    34. > Do you log? If so, what do you log and for how long?
    See http://vpn.hidemyass.com/vpncontrol/legal.html for complete description
    of logging procedure.
    (They log your IP address at each usage and E-mail, from sign up, but do not specify how long they retain it.)

    35. > What information do you have about your customers?
    Clients only entered their email address and username when they sign up for
    a VPN account. And of course, their payment method. (Paypal, Google checkout
    etc)

    36. > Who administers your servers?
    Ourselves.

    37. > Who has access to your servers?
    Our customers have client access, of course. Only few trusted people in our
    company have access to admin section of our servers.

    38. > How are abuse complaints handled?
    If there's an abuse complaint from the upstream, we will notify our users
    about it. And if he/she doesn't acknowledge the complaint, we will suspend
    his/her account.

    39. > How are subpoenas handled?
    We are not a US company so we do not follow US law procedures.

    40. > How are law enforcement requests handled?
    We will cooperate with law enforcement after a court order has been issued.

    41. > Have you ever cooperated with law enforcement?
    Yes..

    42. > Has any customer's identity or traffic ever been compromised?
    No, not once.

    43. > Do you inform your clients if a subpoena for their information is
    served?
    See 39)

    Best regards,
    HMA Team
     
  16. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Thanks DasFox for this thread... alot of good information to arm ourselves with.
     
  17. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Searching___ that's one of the best replies I've seen from a VPN - HMA looks pretty serious from those replies...


    THANKS
     
  18. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    With regards to HMA I really don't know how I got this reply back from them because this is really stupid!

    Considering your privacy, we are using 128 bit AES encryption to ensure your anonymity. Moreover, when you connect you will get an IP address which is not shared at that moment with anyone. IP address is just yours as long as your session lasts.


    Encryption for anonymity, yeah right... :(

    You have your own IP, that is ridiculous... :thumbd:

    All I can say is whoever this person was that replied back to me has no clue about anonymity and security at HideMyAss and if HideMyAss you are reading this, someone better get in here and explain this stupidity!

    I posted some of Steve's questions at Perfect Privacy and no one replied;

    https://forum.perfect-privacy.com/showthread.php?t=2786

    There seems to be some sort of problem going on with a lot of trolling over VPNS and because I posted what look like very legitimate questions, we then start getting labeled as trolls, well I'm sorry Perfect Privacy if that's what you think if you're reading this, I have no affiliation with anyone, I'm just a member here that was looking for a good service.

    Look at how old that post is at Perfect Privacy and not one staff member ever took the time to answer questions. I also sent them an email and they never replied back.

    Yes Perfect Privacy has a lot of information that explains a lot of things but it does not explain a lot of what was being asked here, that they did not seem to want to answer...

    It's REAL SIMPLE people, as a business, don't assume anything about anyone asking questions, be professional and polite and do your best to answer questions to help gain more prospective business! Because they never, one answered in their own forum and two, didn't even reply then to an email request, STAY AWAY, this shows a lack of professionalism!

    A paying prospective customer should be able to ask questions and get a reply back in a timely manner, that's all there is to it, bottom line!

    P.S. Here's a question Steve didn't mention that seems very good to ask:

    Many might use what is called a radius server to authenticate all connections. If that radius server goes down then you cannot connect to any of the servers they offer. “Do you use a radius server for authentication?” is one of the questions you should always ask when signing up to any VPN service.
     
    Last edited: Jun 10, 2011
  19. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    DasFox, given your methodology, I'm not surprised by your results. As a prospective customer of a VPN service (or any company, for that matter), 43 questions is way too many to ask at one time... especially if many of these questions may have already been answered elsewhere on their respective websites. Keep in mind, these companies have other pre-sales inquiries to respond to on a daily basis (not just yours) so it makes good business sense for them to focus on those who are most likely to become actual paying customers... as opposed to those who seem to be just kicking tires.

    Rather than overwhelming them with such a huge list of inquiries, the better approach would be to do some due diligence on your end first (i.e., read each company's FAQ and TOS, browse their forums, etc.). That way, you can whittle down your list to just a FEW pertinent questions for each company... and try to keep the focus on the issues/concerns that are most important to your particular needs. IMHO, there is no "one-size-fits-all" model for deciding which VPN service is superior to another. Each of us has a different set of requirements, and that depends largely upon how one defines one's adversaries.

    I think if you were to keep your list of questions short, focused, and personalized, the quality of responses from the various VPN providers would be much better overall.
     
  20. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    I look for vpn that offerer encryption, got servers wide spread through out the world. The amount up and down streams they provide. Server port forwarding, manual selection of servers and a client that sets up easily. I've been at your-freedom for over 3 years now and can't complain.
     
  21. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Do you have servers in the UK?

    IS it SSL/TLS?

    What software do I need?

    What programming language is it written in?

    Are you a VPN or a connectivity service?

    Do you scan outbound mail for malware?

    Which football team do you support?
     
  22. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    You didn't tell me one thing I didn't already know.

    You don't know me or my methodology so please don't presume that you do, or how my results were based...

    I know how to ask questions, push buttons and feel a business out to know if it's worth anything or not.

    43 questions LOL...

    No one's asking 43 questions. ;)
     
  23. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Here's the question the avg joe will ask

    What is your service? VPN or connectivity service?

    What is it not?

    What can I use it for?

    How does it work?

    Is it secure? Is it anonymous? Does it compromise my security? Can I catch a virus?

    What does it cost?

    Do your products contain any Spyware or Adware?

    How many servers do you have? Where ate they situated? Are they all the same?
     
  24. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380

    come on.....whats your vpn recommendations?
     
  25. nix

    nix Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    257
    Location:
    Miami
    No, you don't. But you are skilled in machination. That is occasionally entertaining.
     
Loading...
Thread Status:
Not open for further replies.