Xerobank questions ?

I assume Das Fos expects clarification because he understands the power of the internet - being able to uncover anything capable of seeing the light of day, thus potentially embarrassing other parties.

 

Did you read what I said in my last reply?

No one is going to be embarrassed, what sort of embarrassment do you think is going to come of this? Again read my last reply for any clarifications, this will certainly cause no one harm...

 

The fact that Xerobank doesn't address that (and some other) outstanding question indicates to me that there may be some embarrassment lurking around somewhere, now that these things are seeing the light of day.

 

No that's called, an 'Assumption', what facts or information do you have to back up that claim with?

I'm not assuming anything I'm just showing facts, with information to back those facts up. So if we're going to start calling things something, then let's back it up with information like I have done, otherwise it's all just words...

Let's look at another fact, do a WHOIS on Xerobank;

http://www.networksolutions.com/whois-search/xerobank.com

Then look at their Legal Notices section;

https://xerobank.com/company/legal/

That's quite a bit of information between those two that doesn't shed any embarrassment.

So what are we saying, their embarrassed for what they've gotten themselves in between?

 

The issue of Roque was discussed (and not totally resolved to peoples' satisfaction) a couple years ago:

https://www.wilderssecurity.com/showthread.php?p=1344892#post1344892

 

This goes back to some old quotes from the critic Genady Prisnikov that I ran across today:

“You [Steve] have promised the moon with your variously named commercial product and have only provided molded cheese. Cheese, alright, but nothing close to the promised and ever changing dates for even the smallest of updates to that "perfect" privacy service. How about a little transparency with all the unmet promises?”


"This thousands of dollars a month "Onyx" service? Puhleassee! It doesn't exist. It is there to impress and make XeroBank look like this anonymity powerhouse in the shadows with intelligence service like capabilities. Hell, they run off leased servers in Germany. The same ones used by Metropipe and Cryptohippie. We've been there before. But to answer the question, yes, XeroBank is nothing but fluff, promises, more fluff and braggadocious talk."



Like lockbox, I find myself agreeing with Genady Prisnikov despite his acid rain postings. Certain criticisms obviously recur not because of trolling or multiple pen names by a single individual, but rather because people have converged in their assessments of the service.

Having spent a lot of time today reading through the hundreds of old xerobank postings, I suspect that Steve and Wizard no longer make appearances here on Wilders because they don't dare resurrect the old explanations (excuses?) that Xerobank used to provide to explain the delays, erratic service support, etc., and taking away those old explanations there's not much else they can say.

I must say that one gets a very different sense of some of the posters here that are now critics. Many once highly praised xerobank; I was surprised to see that even Grand Critic Prisnikov gave credit to Steve where it was due:

https://www.wilderssecurity.com/showpost.php?p=977912&postcount=21
https://www.wilderssecurity.com/showpost.php?p=1034810&postcount=124
https://www.wilderssecurity.com/showpost.php?p=1515625&postcount=127

 

A message from Steve from nearly 2 years ago, still relevant today?

I came across the following posting from Steve Topletz made nearly 2 years ago. It seems as timely now as it was then. I'm resurrecting the posting this time around but maybe Steve can re-post it every year or two in the future, when people are complaining they don't hear back from Xerobank. Ultimately that would save Steve some valuable time, plus it would allow Xerobank to appear deeply concerned about customer grievances:

https://www.wilderssecurity.com/showpost.php?p=1406094&postcount=16

 

I was saying before, 'HOSTING'...

Yes this looks very much like they all just use the same servers in Germany and it's nothing more then that and there's nothing big and fancy like Xerobank is trying to portray here with some great Panama offshore VPN business as one might think reading over the site.

And Germany on top of it, Europe is one of the most pathetic places in the world for internet privacy.

 

Curiously... I'm disappointed that SteveTx has been logging in to Wilders lately but not chipping in on this thread. I hold him in high regard, it would help clear up a lot of the speculation.

SteveTX: Last Activity: December 22nd, 2010 01:49 AM

 

Well here's something even better for your curiosity that no one seems to have mentioned...

Take a look again at this;

http://www.whoishostingthis.com/xerobank.com

(Click on the link that says Visit Roque Holding Inc now)
Clicking the link will take you to who is hosting or owning them, it's as simple as that and what URL do you get? ----> meshmx.com

Guess what information is listed for meshmx.com?

Meshmx.com is a domain controlled by five name servers at mydyndns.org. Having a total of ten IP numbers. Some of them are on the same IP network. The primary name server is ns1.mydyndns.org. Incoming mail for meshmx.com is handled by one mail server at meshmx.com themselves.

Do you guys even know what dyndns.org is?

Well let's make this simple, look at this Xerobank page;

https://xerobank.com/company/

XeroBank is a brand of Xero Networks AG, a privately held corporation formed in the Republic of Panama.

Well what other information do you have about where this company is or part of it?

So based on all the high tech talk Xerobank and Steve gives it leads many to believe it has the servers or services in Panama, after all why not and why even bring it up if you're not possibly trying to steer people to this belief?

So one fact we've just uncovered over meshmx.com, aka Roque Holding Inc, having their DNS controlled somewhere by dyndns.org. Do any of you know how stupid that is for this supposed High Tech VPN service?

Don't get me totally wrong here dyndns.org offers something good for what it is, but at the technical level of SECURITY we are talking about for what Xerobank is suppose to be representing you don't use dyndns.org

dyndns.org offers a professional service, yes, but the simplest way this can be explained is when you are at the supposed level, caliber of technical expertise of this Xerobank operation, then all I can really say to those that don't really know, is that Xerobank is suppose to be WAY BEYOND their level.

 

^DasFox, perhaps this is also security through ambiguity.

(OT; It would perhaps be suitable to mention Robtex.com as a source if that's what you use.
Using quotation marks and/or Italic text for quotes would perhaps make your posts even more solid.
-Only meant as constructive criticism, mind you).

 

That's good information and supports what I've come to believe -- that they're purposely staying off the forum because they know they'll likely get trounced if they dare appear! So they help you if you need help with using the product and e-mail them, while purposely ignoring everything else. It's very disappointing.

 

I share your disappointment. I infer that XeroBank apparently places a low level of importance upon the quality of their customers’ relationships with the company. Hopefully, they will soon come to recognize that their greatest (and most valuable) asset is their customers, and adjust their priorities accordingly.

 

One last thing, unless someone brings up something I may of overlooked.

WHAT DOES BASICALLY XEROBANK OFFER?

Well here is what their 'About' page says; (LOOK carefully at the words in BOLD

About XeroBank

XeroBank is a brand of Xero Networks AG, a privately held corporation formed in the Republic of Panama. We specialize in data privacy goods and services aimed at consumer, corporate, and government clients. XeroBank offers only the highest in quality, so it is created to be sound not only in security design, but also in corporate strategy, to protect the privacy of our clients. Our offerings include only the strongest and proven privacy technologies. We see no reason why security should be complicated or inconvenient, so we focus on hassle-free products for our clients.[/b]

Now look at the WHOIS for Xerobank;

http://www.networksolutions.com/whois-search/xerobank.com

Is anyone getting this, that WHOIS information you just read and HOW that does not even come close to what all the words in BOLD, read as, state?

Well, let's just break down those words and look them over...

1. A company that claims to SPECIALIZE in DATA PRIVACY, even for CORPORATE AND GOVERNMENT CLIENTS!

2. Highest in quality

3.Strongest and proven privacy technologies

Well, when you add up 1-3 and then do a WHOIS on a very specialized company at this level who does not even have their domain PRIVACY REGISTERED to protect the interest of this company and clients, even with a toll free number you can call, I'm sorry there is nothing special going on here at all.

What this boils down to, when you write up such an ELABORATE 'About' section of the HIGH LEVEL of TECHNICAL expertise that you claim and you don't even cover the absolute basics in your business by registering your domain privately that really goes to show absurd this really is.

For those reading, even if you have little to no computing experience to really understand this, then does this make sense? Do you really believe that a company of this HIGH LEVEL of TECHNOLOGY offering a PRIVACY business would not make their own DOMAIN information PRIVATE? Don't you think that makes absolute sense? Well it better because it's the absolute truth!

So here it is one last way. You say you offer privacy, then you start at the bottom like any business using the tools to your advantage, taking you to the top, and the absolute bottom in this situation is the registration of your domain, as PRIVATE, it doesn't get any lower then this.

And the unwritten rule here, for those concerned over matters of privacy, well this is just BASIC 101 Schooling of Domain Privacy, that some big hot shot company failed to follow?

 

Ok, I will do that.

1. PSPs
Most Payment Service Providers will not accept you as a customer if you're using anonymous domain or company information. And without a a serious PSP it's difficult to run an IT-company...

2. Certificates
Some certificates require company confirmation, both via domain address and phone call-backs.

3. Import/Export regulations
If your dealing with strong crypto products (in some countries) you need to sign a regulation contract, and confirm the company identity.

4. Conspiracy theories
If you have an anonymous domain it will just end up in speculations who's actually running the business, e.g., Truecrypt have some experience with this problem. It's also easier for someone to register anonymous domains as honeypots. That may have been the case in the Heartland-case below, the feds created their own VPN-service just to catch the bad guys
http://www.wired.com/threatlevel/2009/08/tjx-hacker-charged-with-heartland/

I would not recommend any company to use a privacy registrated domain, at least if they are operating in the security industry.

/Simon

 

This is good information, but having a privacy registered domain isn't about being anonymous it's about being private is all with company information. I don't see the relation fits with 1-3 in regards to 'Privacy Registration' and providing such information.

I would love to see actual information, links to such information that states you can't be 'Privacy Registered', especially in all parts of the world.

Please show some if you can...


THANKS

 

Here's something for everyone too see, so you know a little bit more about what I was talking about in regard to Privacy Registration.

https://www.domainsbyproxy.com/Default.aspx

 

Which VPN protocol does Xerobank use? I ask because I was looking at similar VPN's to see what they use, and I know Xerobank uses the best protocol for not leaking DNS.

 

XeroBank uses its own DNS servers -- 10.244.1.1 and 10.244.2.1 -- and, in opening the connection, pushes a "dhcp-option" to use one of them. I don't see anything else that's obviously DNS-related.

In order to prevent DNS leaks when there's no VPN connection, XeroBank provides instructions for hardening clients. AFAIK, with appropriate modifications, those instructions will work for any OpenVPN provider that uses its own DNS servers.

 

What is that protocol?


THANKS

 

My point was about a pricing structure, which they don't really have, I was not calling them a finely aged 15 year old Scotch.
They have 2 products business and personal. This model can not attract a large user base and will not.

Part of the goal stated for XeroBank is crowding to increase anonymity, without a crowd their is no crowding. Its current business model is limiting their ability to have a crowd.
XeroBank needs to provide a large userbase for itself to have a large crowd and effective crowding for improved anonymity.

By structuring the personal product similar to:

$5/month 5gb/300mb e-mail
$15/month 20gb/750mb e-mail
$25/month 50gb/1.5gb e-mail
$40/month 100gb/3gb e-mail
$50/month unlimited/unlimited e-mail

It would be competitive with the existing market.
It would attract more users and bring in more revenue.

Most people would tend to try the service at the $5 or $15 level.
By offering to upgrade their service at a discount rate you get them to upgrade to a higher service and bring even more revenue.

Combine that with a Yahoo/AOL style homepage with security and privacy news and you have a winner.
Until then, there is no value for me at Xerobanks current structure.
Though I would like to drink Old Petrero I can only afford Old Turkey.
Fascinating Fact #13-Rye Whiskey was the food group that helped the USofA to become a nation.

Will XeroBank change their current pricing structure?

 

Hierophant, thanks for the reply, but i was speaking of PPTP, L2TP, IPSec, SSL etc.. Which protocol does Xerobank use? I was thinking it was L2TP, but i'm not sure. I read PPTP cannot encrypt traffic so surely they are not using PPTP. That only leaves L2TP as the most logical to use for an anonymous VPN service. Their are anonymous VPN's using PPTP for greater speed through put, but I don't want to use it if it's going to blow my anonymity.
http://www.windowsecurity.com/articles/VPN-Options.html
http://bass.gmu.edu/courses/ECE543/project/specs-F01/AlArVe.PDF
http://www.metaswitch.com/download/vpntechwp.pdf
http://www.ibvpn.com/blog/tag/compare-vpn-protocols/

 

A few days ago I tried to define Xerobank's DNS sever on my NIC card as the primary, and secondary DNS server to use. I was not able to get an internet connection at all then. Is there a way to do this?

 

It uses OpenVPN, which quoting Wikipedia, "uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features." Based on the connection log, it uses OpenSSL with AES-256-CBC for the data channel, and TLSv1/SSLv3 with "DHE-RSA-AES256-SHA, 2048 bit RSA" for the control channel.

 

You need to do that after establishing the VPN connection. You also need to configure the firewall and routing tables to restrict traffic to the VPN connection. Once you do that, you'll have no internet connection if the VPN connection goes down. You'll need to revert to normal settings in order to re-establish the VPN connection.