Why the overt concern about VPN payment method?

Discussion in 'privacy problems' started by Snowden, May 2, 2012.

Thread Status:
Not open for further replies.
  1. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    I'm doing research into getting my first VPN and I notice people keep talking about obscure payment methods. Money in envelopes, bitcoins etc etc.

    Isn't this the same company you're trusting with your entire internet life? (I understand it might be different for p2p only vpns but I'm talking personal)

    It seems paradoxical to me...seeing how many people are concerned about it is making me edgy. It's hard to tell who is being paranoid and who is simply being cautious.

    I'd appreciate any insight / methods that you use when subscribing that might help me.

    Thanks
     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Most VPNs despite what they tell you will have to corporate with their country's law enforcement if they are inquired to provide logs or financial information. I know in some countries the issue on data retention is still being developed or not enforced, which means you can have many "No logging" entities in that location. However these same countries for non targeting reasons may request companies to store financial information for a certain period of time. (Sweden is 2 weeks minimum)

    Financial tracking is simply another means an adversary could track your usage, at the very least associate you to a particular service for targeted tracking.
     
    Last edited: May 2, 2012
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,032
    If you're just using one VPN, it matters little how you pay. They know your IP address, and your ISP knows that you use them. Paying anonymously matters only for VPNs that you'll access through other VPNs, or through Tor (as AirVPN describes).
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    It really would not make any difference if you sent cash in the mail if they have logging. What they really want is to match your ISP IP with the account in question, amount of data downloaded or uploaded, time, date, IP's connected to, durations etc.. The payment method would mean nothing if they log. If they don't log then it would add extra security by having connection with the billing account with the VPN account itself. The most important though is that they do not log, and your DNS does not leak. This is if your using the VPN for anonymity.
     
  5. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    It's a layer, just like everything else in security. It's not even really anymore of a hassle then using a credit card. Cash in the mail will take a while, so plan ahead. The biggest delay in Bitcoin, if you have no coins in your wallet, is funding from your bank (about 3 days). After that (or if you already have coins in your wallet) it is almost instant if your Block Chain is up to date. If not, you're looking at 15-30 minutes, tops.

    Like the others above said, any VPN on the planet knows the IP you're connecting from. Mullvad just knows an account number, and Air just knows a screen name, for example. But they can see that Account Number or Screen Name xxx always connects from IP xxx.xxx.xxx.xxx, so you're back to logging. Air states that the minute you shut down the connection, the IP record vanishes, and I'm sure Mullvad does the same. If they do in fact, keep no logs, then an adversary working backwards from them would get nothing, even when going through the financial information.

    If *you* are the target, then the ISP records would be subpoenaed and they could tell that you use a VPN. But a scan of your financial records would show no payment, and while it *looks* easy to prove, an IP address isn't a person. Are there multiple people in your house? Do you have a weak or no protection on your access point? In a 'Due Process' society, not having payment info may save you...who knows.

    The best (for what us mere mortals can achieve) anonymity option is to connect to your VPN through Tor. Even if the VPN logged, if you *always* used the Tor option, it would take a very powerful adversary to dismantle that chain...without logging, it's even better.

    The best option (but more expensive), is to have two accounts, either with the same provider, or preferably different ones. Use one normally (single hop, from your house, for example) for the everyday stuff where speed is important...and *only* use the other one, through Tor (and preferably from an open access point not connected to you) for anything you're worried about.

    Most of us on here are concerned with privacy. There's only so much that we can do, but I consider it SOP to always sign up for VPN service through Tor or another VPN, and to pay with cash or Bitcoin/Liberty Reserve, etc... Why leave extra tracks that you have the power not to leave? Especially since it really isn't *that* much of a hassle to pay as anonymously as possible. I wouldn't get all tied in knots over it though...just using a VPN puts you ahead of the game. If you're a boring, 'average Joe', put it on the Visa. Any VPN is better than no VPN :)



    PD
     
    Last edited: May 3, 2012
  6. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    Thanks Pauly and all for the informative replies. Like I said earlier, I'm pretty new when it comes to this kind of stuff.. Particularly BitCoins, After browisng through here I've heard the FAQ and that's it.

    One question if this isn't too forward...let me try to word this. As far as layering goes... I'm assuming you should use an alias for name and contact information?

    But (and this is obviously depending on the provider) Do you trust your VPN client w/ logging into financial records (bank statements, paying credit card bills etc) Or do you leave your vanilla ISP connection just for those transactions? Or do you simply try to avoid as many of those transactions online as possible?
     
  7. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Bitcoin is a PITA to set up, but once done, it's pretty easy. There are 3 institutions that you have to deal with: Your bank, an intermediary such as Dwolla, and your exchange, such as Mt. Gox. The bank sends money to Dwolla, and Dwolla sends money to Mt. Gox. All three of those will know your real ID, so don't try to anonymize anything. Mt. Gox for example, will lock your account if they detect Tor or known VPN IP's, and require real ID documents to unlock it. I don't know if there are other ways to go about it, or what other trusted providers there are, I'm by no means a Bitcoin expert and just wanted to get up and running. The sending of coins to you're wallet is where the pseudo-anonymity comes into play. There is a "Green Address" option which I think helps a little more too.

    Yes, I'd sign up for a service over Tor or another VPN if they offer SSL/TLS on their account creation page. Most should, but check. Obviously, if you are going to pay with your real ID credit card, this may not do much, but it doesn't cost anything to do anyway.

    You *could* do bank transactions over the VPN, as you are still protected by SSL/TLS, but I just use my regular ISP for stuff where I'm "known", for the most part...connecting and disconnecting in OpenVPN is a quick process.

    PD
     
  8. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    There are faster ways for buying bitcoins; there are online exchangers who will give you bitcoins in exchange for a Ukash voucher (you can buy it anonymously for cash in the vast majority of European countries, as well as in the States and other places as well.) You will have to pay an exchange fee though, usually something around 10% of the ukash voucher's value.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,032
    For anything sensitive, Bitcoins must be anonymized (aka laundered). Google is your friend ;)

    It's best to keep sensitive stuff and non-sensitive stuff separate. Use different identities, use different VPNs, segregate interests, and so on. For example, have only one Wilders account, and only visit Wilders using that identity (be it true or fictional). Mixing identities weakens anonymity of sensitive identities.

    You could dedicate an inexpensive one-hop VPN to your true identity, if that's important for security where you are. But never mix identities. Mixing identities on a computer is also dangerous, in my opinion.
     
  10. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Trying it out now, thanks :)

    As for the rest, agree 100%. I don't *do* anything, so I don't go to that extreme, but if I did... :D

    PD
     
Loading...
Thread Status:
Not open for further replies.