why I use XeroBank

Discussion in 'privacy technology' started by hierophant, Dec 31, 2009.

Thread Status:
Not open for further replies.
  1. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    In choosing an online anonymity provider, I have two key concerns: (1) whether their service is secure against Eve, Isaac, Justin, Mallory and/or Plod; and (2) whether they are compromised by one or more of them. However, I possess neither the knowledge nor the resources to determine any of that. Therefore, I must rely on reputation.

    I've been using XeroBank for about two years. Before opening an account, I researched them extensively. That's how I found this forum. I've read virtually all the threads here that mention XeroBank, and virtually everything that they link to. I've probably read virtually everything indexed by the major search sites that mentions XeroBank, Xero Networks AG, Steve Topletz, Kyle Williams and/or issues to which they've been linked. And, in my spare time, I keep looking.

    In choosing to use XeroBank, I'm relying on its reputation, and the reputations of Steve Topletz, Kyle Williams and the various groups and projects with which they've been associated, such as cDc, Hacktivismo, Torpark and JanusVM. In my research, I've found nothing that concerns me. The lack of reliable public information about Xero Networks AG is not an issue. Indeed, it's reassuring. I don't care whether its address in Panama is correct or not, where its servers are hosted, or what other firms use those hosting services.

    However, relying on reputation can be risky. Before finding XeroBank, I used Anonymizer.com for many years (since the mid 1990s). I had read about it on Cypherpunks. Lance Cottrell had an excellent reputation (Mixmaster etc.). Everything seemed cool.

    What I didn't see anywhere was that Anonymizer.com received funding from the US DoD. Perhaps I should have been more suspicious about the Kosovo Privacy Project, even though I didn't see anything on Cypherpunks. Or perhaps I should have wondered more about how Toto went down, and almost took many others on the list with him.

    Anyway, I didn't. And so I was amazed to read in mid 2008 that Anonymizer.com had been acquired by the Abraxas Corporation, which is closely associated with the CIA <aconstantineblacklist.blogspot.com/2008/02/abraxas-names-former-cia-official-to.html>. Fortunately, I'd already moved on, because they didn't provide true VPN service (and also because Google periodically blacklisted their exit IPs).

    Finally, given all that, I am stupified by Lance Cottrell's blog post "Question from a long time customer" <theprivacyblog.com>. Really. WTF?

    Happy New Year.
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Wow. Muchos gracias!
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I just checked and I have had a Xerobank account for 2.5 years. Couldn't be happier.:D
     
  4. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    can steve or some one tell me can you connect to XeroBank's first proxy box by
    SSH encryption or can you only use SSL?

    also what countries are the last proxies in the chain are in, can you choose which country?

    I am considering signing up to XB at some stage.
     
  5. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    There's no SSL or SSH. XeroBank uses Open VPN with cipher AES-256-CBC.

    There are currently exits in Amsterdam, Montreal, Houston and Woodstock, IL. Although there used to be one in Paris, the authorities took it down. There are many more entrances.

    FWIW, I'd like to see exits in Mexico, Russia and Japan.
     
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    thanks for reply hierophant

    seen how it is open VPN wouldn't this make it easy to sniff peoples traffic? because it would be the same public key that every one uses all it would take is for some one to find out the public key to be able to sniff some ones traffic. wouldn't it be better if every one had their own separate encryption keys?

    are you able to choose which exit to use?

    also with regards to choosing a country for exit node, to get more anonymous wouldn't it be better to use a exit node where there is more traffic coming out of ? the reason why I say this is because it would be a lot harder for some one to perform entry/exit traffic correlation. It would be a lot harder to find which is your traffic details coming out of the exit node if there is also lots of other people coming out of the same exit node.
     
  7. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Based on a quick look at the certificates for particular paths from various accounts that I've had, it appears that each user has their own certificate for each path. That is, I don't believe that there are "public keys" common to multiple users.

    One can choose paths with various combinations of entry and exit countries. One can also choose one hop (very fast, unmetered, less anonymous) vs multi hop (not as fast, 75 GB/mo, more anonymous).

    Yes, that's a trade off. Although users like the freedom to pick particular paths, everyone's anonymity and bandwidth could be optimized by if Xero Networks could select paths. Currently, one can choose. I don't know what XB3 will allow, and what information about network status it will report. Perhaps Steve can comment.

    Also, FWIW, I believe that XeroBank traffic may be multiplexed and crowded with traffic from Xero Network's custom commercial services. I obviously don't know that for sure, or any specifics. Perhaps Steve can comment.
     
  8. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Actually thinking about it again it isn't much of a trade off because if XeroBank's network is all intertwined they would have to perform entry/exit traffic correlation on all of XeroBank's exit nodes.

    Perhaps steve can give us some figures as to how many people using XeroBank ? Because it would give us an idea as to how easy it is to perform
    entry/exit traffic correlation, the more people the better.
     
  9. noblelord

    noblelord Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    162
    Location:
    UK
    I can't imagine more than a few hundred people use Xerobank - there is no infrastructure to support more users than that. The helpdesk never answers any queries and the support on the forum is unreliable. I posted my issue there 50 hours ago and it's not been addressed at all - however I have seen some questions languish for three or four days before. The websites offers services to governments and businesses but these large customers would never accept that lack of support.
     
  10. Sheldon7

    Sheldon7 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    73
    Our (small to medium sized) company is very satisfied with service and reliability. I agree that service response times are not always ideal - but I have to add that every issue I can think of has always been solved for us in the end.
     
  11. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    How many XeroBank customers are there? I have no clue. The support forum notes "2847 Posts in 447 Topics by 415 Members". I've seen messages online from on the order of 50-100 customers. Steve's complained about having thousands of support requests to deal with. I'm guessing that there are hundreds to thousands of individual customers, and probably not tens of thousands or more. However, that estimate could be way low if most customers don't have problems and/or don't post online about them.

    Regarding major Xero Networks customers, and/or customers of service providers that it uses, I don't really want to know anything (although I must admit that I'm curious). Would it be reassuring or frightening to know that {insert name of your favorite notorious entity} is a customer? And in any case, I doubt that any such customers would be posting their support requests in public.
     
  12. JB007

    JB007 Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    18
    Does anyone experience problems in connecting to different servers? I am finding only one working, would like to keep the service, but if its not fully functioning....
     
  13. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    As far as I know, four exit nodes are up: Amsterdam, Montreal, Houston and Woodstock/Urbana. The Paris node was taken down months ago. In my experience, although nodes occasionally go down briefly, reliability has been very good.
     
Loading...
Thread Status:
Not open for further replies.