Silk Road forums
Discussion => Security => Topic started by: impkin on January 10, 2013, 12:32 pm
-
Which service, and why?
-
privateinternetaccess.com
They are serious about your security, and don't keep logs. They allow up to 3 VPN connections on a single VPN account (that is high). So you can hook up your computer and your phone, and something else if you want. They allow you to pay anonymously with bitcoins, only requiring that you provide an email address so that they can send you the login information.
That is the company I use. I have 2 VPNs with them. I am not connected to the company in any way. I do endorse them.
-
+1 for privateinternetaccess.com. I just got an account with them last week and so far so good. Their prices are very reasonable too. Check out this article on torrent freak about what VPN services log IP addresses. http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/
-
+2 for privateinternet access. I have never had any issues with them and I use the OpenVPN client on all my devices, with no dip in VPN throughput. Plus you can pay in bitcoins.
-
HideMyAss is a much better product than privateinternetaccess to be honest and coupled with TOR you're safe as houses.
You can't run both of them at the same time because they both have their own TAP driver to work (you can use use TOR though as it works differently) but you can set one up instead at the router (I would suggest HMA) if you know how and don't mind sacrificing speed for regular tasks, and then use the other (i.e. privateinternetaccess) over the top using it's TAP driver.
People go on about the fact they gave one hackers details to the US government but what they fail to realise is it was a hacker who caused millions and millions of dollars damage and compromised innocent people, and even then they had to take HMA to court before they would hand over his details.
They got him by looking at user time logs and the original ip address not because HMA kept his internet usage.
They keep login times for users for a month for the convenience of if settings with updates or something and your internet fucks up you can change the settings back and other technical reasons for people who are in IT and need it for systems and understand the shit, but not because they monitor you for suspicion of being some sort of hacker extraordinaire.
People also don't realize that private internet access is also a US company and most certainly would have been approached for the same thing if it was one of their servers he did shit off and they wouldn't have had a legal team fight them prior to handing them over either because they're a fraction of the company HMA are.
You can however pay privateinternetaccess with Bitcoin and use a dodgy email and they give you a random username and password, but as I said before they got the guy from his ip address and not his username but they have no forum or 'community' so to speak and HMA has ip binding locking any program you want to only use the net when HMA is running. HMA you pay by conventional methods.
I have both and find them both to be good products, but you get two computers at the same time with HMA instead of 3 (and if you use more than that with a VPN you're doing something seriously suspect lol) but you can use it on numerous mobile devices, it has an infinitely better access program and access to 35,000 routers as opposed to 18 with PIA (only 8 of which aren't in the US or Canada), and customer service is better with regular security updates and a huge security forum where you can find any info you need on security and other shit.
Hope this helps you or anyone thinking about getting this sort of thing. It's really a necessity as far as I'm concerned and as important as anti-virus, and if you have $100 right now go and get HMA for $60 and PIA for $40 and be anonymous online. If you use Facebook and it hassles you every time using a VPN, go into your settings and turn location verification off.
- JWM
-
JezuzWazaMushroom, so HideMyAss is better than privateinternetaccess because they did turn in a hacker to authorities, while privateinternetaccess has done nothing of the sort? I don't understand that line of reasoning at all.
HideMyAss kept sufficient information to convict that hacker. Privateinternetaccess doesn't keep logs and uses shared IPs, so there is obscurity in numbers. HideMyAss you need to pay by a method that could lead back to you and so on. HideMyAss shouldn't be keeping any logs at all.
-
nmac, how about TOR -> VPN proxy? You start with TOR but your data transmissions are encrypted end to end from VPN to your computer as it goes through TOR. And the VPN will never know your originating address.
I would say that is the safest option.
-
If that works then that sounds like a good option, but my research this morning indicated that most of these VPN services require something like PPTP or IPSec to connect. AFAIK tor only routes TCP traffic. I would think there exist some VPN services that allow tunneling over TCP though.
privateinternetaccess.com allows OpenVPN.
-
I would like a single VPN service that I can trust without tor as there are a lot of sites that block the tor exit nodes... I would like a service that won't provide the US gov't with the information they want.
Unfortunately, this "privacy by policy" is not secure. How can you trust a VPN provider short of being given root access to their server and looking at the logs? Even then, how can you be sure they don't start logging as soon as you leave? VPN providers can see their whole network. They can see your IP address and the sites you're visiting, if they choose to look. That they don't look is just a promise.
The whole point of Tor is to send your circuits over independently operated relays, so nobody has a view of the whole network. The entry guard operator can see your IP address but doesn't know which site you're visiting. The exit node operator can see which site you're visiting, but doesn't know your IP address. In the case of a hidden service, nobody knows which site you're visiting. That's not a promise. That's privacy by design.
Furthermore, what's the point of hiding your IP address from PayPal unless you're using a stolen account?
-
HideMyAss is a much better product than privateinternetaccess to be honest and coupled with TOR you're safe as houses.
I read HMA works with LE and would suugest switching. Not sure VPNs do much at all though.
-
On the topic of multiple devices over the same VPN... I'm assuming it would be unsafe and not recommended to use the same VPN account for mixing personal (real ID) and SR purposes. Overkill, or justified paranoia?
-
Which service, and why?
None of them, that's who. ANY service that says it doesn't keep logs is lying. If the authorities approach the operators of the VPN service, they will begin logging and cooperate to the fullest, if only to avoid jail time for themselves as potential accessories or conspirators to criminal activity.
Nightcrawler <Nightcrawler@SR>
PGP-Key: 4096R/BBF7433B 2012-09-22
Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433B
http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
-
The number one rule about VPN's is that you should assume they are all entirely compromised. The second rule is that you should keep in mind asking for a VPN on a site like SR is essentially asking the feds if they would like your IP address. That said, JAP seems to be above average as far as VPN providers go. They will immediately start logging as soon as they get a court order to log traffic to a particular site or from a particular user, but they give you two or three hop cascades so usually two different court orders in two different countries are required. And they are very strict about not logging anything until they get a court order forcing them to do so. That is pretty much the best you can hope for.
Or you could go search around for some sketchy Russian service and buy a VPS from them. Personally I would be more inclined to buy a VPS to exit through if I wanted to have an exit IP address that didn't identify me as someone using an anonymity service. VPN services have their IP addresses on many of the same block lists as Tor exit nodes do.
-
JezuzWazaMushroom, so HideMyAss is better than privateinternetaccess because they did turn in a hacker to authorities, while privateinternetaccess has done nothing of the sort? I don't understand that line of reasoning at all.
HideMyAss kept sufficient information to convict that hacker. Privateinternetaccess doesn't keep logs and uses shared IPs, so there is obscurity in numbers. HideMyAss you need to pay by a method that could lead back to you and so on. HideMyAss shouldn't be keeping any logs at all.
No, you don't know what you're talking about and I'm not going to elaborate on it, like I said I have both but HMA is a far better program, company and has thousands of servers as opposed to 18 with PIA and as I said only 8 of theirs are outside the US.
PIA is still a US company subject to the same rules and restrictions as any other VPN and they WENT TO COURT on behalf of their client to stop the Feds and TBH I have litt;le sympathy for the cunt because if I was one of the people who's money and information he stole I would feel absolutely violated.
Ever been phished? Know how that feels? Now try and imagine 10's of 1000's of peoples $ and info being stolen and you see why they went to such lengths to get him!
Finally, not everyone lives in the Jew-SA and has to live in fear of Jew-S cops coming after them for buying some weed and shit online, plus when you use TOR on top of a VPN you're sweet as, like I said.
If you're using a VPN and thinking that will protect you if you're doing shit like hacking major corporations you're a clown and should not be using computers. When you're doing that sort of shit yu should also know about phone phreaking and many other things to hide you, not a VPN.
Last but not least, there are always ways to pay for HMA without letting them know all your details, but you must also realise millions of people use it, hence the better product also, as opposed to PIA which I suspect is predominantly criminally inclined people and therefore much more likely to be run by the FEDS.
I have both for the last time, and therefore I KNOW what is better and if you took the time to buy both you would know this also.
If you're just using SR (that uses TOR as well) and surfing, FUGGETABOUTIT!
-
tor is great for being anonymous but understandably there are some limitations. Maybe there's a way to get tor to stick to the same exit node for certain sites? That might alleviate the problem. Connecting through tor into a VPN service might work as well as was suggested.
You have a couple of options. You can set this in your torrc
StrictNodes 1
ExitNodes node1,node2,node3 <- where these are exit node fingerprints, nicknames or country codes
Or you can you use the .exit extension. First set this in your torrc
AllowDotExit 1
Then you can visit a site with the url domain.com.nodename.exit. For example, www.google.com.TorLand1.exit
-
Which service, and why?
None of them, that's who. ANY service that says it doesn't keep logs is lying. If the authorities approach the operators of the VPN service, they will begin logging and cooperate to the fullest, if only to avoid jail time for themselves as potential accessories or conspirators to criminal activity.
US based services have to keep logs AFAIK (at least EU services say they have to on their US servers). I wouldn't call them liars though, if they don't have to log, why would they? But you're right, once authorities demand logging, only a handful of providers would not kneel and give in. Some countries are notorious though for keeping their integrity when it comes to privacy. Privacy is valued very differently in different places in the world.
@OP: why would anyone give decent info away publicly?
-
Unlike the EU, the US doesn't have a data retention law believe it or not.
That doesn't mean they won't start logging following an LE request.
-
thanks astor, I'll check out those options.
Which service, and why?
None of them, that's who. ANY service that says it doesn't keep logs is lying. If the authorities approach the operators of the VPN service, they will begin logging and cooperate to the fullest, if only to avoid jail time for themselves as potential accessories or conspirators to criminal activity.
US based services have to keep logs AFAIK (at least EU services say they have to on their US servers). I wouldn't call them liars though, if they don't have to log, why would they? But you're right, once authorities demand logging, only a handful of providers would not kneel and give in. Some countries are notorious though for keeping their integrity when it comes to privacy. Privacy is valued very differently in different places in the world.
@OP: why would anyone give decent info away publicly?
Unlike the EU, the US doesn't have a data retention law believe it or not. http://en.wikipedia.org/wiki/Telecommunications_data_retention#United_States
Perhaps the EU law applies to EU companies operating servers in the US.
This! People quite frequently are paranoid as shit about US servers, I have even seen people who wanted to prevent Tor from using any US nodes. They don't realize that the US currently has no laws regarding the mandatory retention of logs by proxy services, whereas many countries in the EU require logs to be kept for six months to two years. On the other hand, in the US the feds can legally passively monitor whatever proxy they want, without alerting the proxy operator and without a warrant. But at least the people providing the service are not required to keep logs. Germany is one of the best countries actually, their 'supreme court' (whatever it is called there) has determined that it is strictly against their 'constitution' (I imagine it is called that?) for the government to mandate the retention of logs. For a brief period of time they were following the EU directive that mandated such logging, but then it was deemed to be illegal under German law and they mandated that all data logged under the original mandate be destroyed.
As far as HMA goes it seems rather pointless to use their services imo, they have admitted publicly that they keep logs (not just that they will log if ordered to) and will cooperate with LE.
-
This! People quite frequently are paranoid as shit about US servers, I have even seen people who wanted to prevent Tor from using any US nodes. They don't realize that the US currently has no laws regarding the mandatory retention of logs by proxy services, whereas many countries in the EU require logs to be kept for six months to two years. On the other hand, in the US the feds can legally passively monitor whatever proxy they want, without alerting the proxy operator and without a warrant. But at least the people providing the service are not required to keep logs. Germany is one of the best countries actually, their 'supreme court' (whatever it is called there) has determined that it is strictly against their 'constitution' (I imagine it is called that?) for the government to mandate the retention of logs. For a brief period of time they were following the EU directive that mandated such logging, but then it was deemed to be illegal under German law and they mandated that all data logged under the original mandate be destroyed.
As far as HMA goes it seems rather pointless to use their services imo, they have admitted publicly that they keep logs (not just that they will log if ordered to) and will cooperate with LE.
On the case in Germany - http://www.linklaters.co.uk/Publications/Publication1403Newsletter/20100317/Pages/Germany%E2%80%93ConstitutionalCourt.aspx . I'm sure that by now they have a law in place that is compatible with their constitution as EU law has supremacy.
-
According to one of my German friends they still have not complied with the EU law and it doesn't appear as if they have any plans to.
-
According to one of my German friends they still have not complied with the EU law and it doesn't appear as if they have any plans to.
My German is only passable so I can't check up on this (and there's rarely English language news on such a thing) but unless your friend is a lawyer or has a need for current legal knowledge then I'd suggest they are wrong. Germany are very good about compatibility with EU law and it's a requirement that they implement directives.
-
never was entirely sure about germany, but i know some russian datacenters are as corrupt as they come.
a lot of carding and CP sites were hosted on bulletproof russian servers, but they'e not cheap. making your own VPN on a hardened linux server that you rooted or is BP would be the only way you could trust it, instead of putting your faith and identity in the hands of a stranger because it was cheap, convenient, and made a lot of false promises. perhaps make a script that re-directs all logs to /null? :P
-
Better yet, distribute the trust. Make your connection pass through several servers, operated by independent people in diverse jurisdictions, so that nobody has a view of your entire circuit.
If only there were an anonymity network like that... :)
-
According to one of my German friends they still have not complied with the EU law and it doesn't appear as if they have any plans to.
My German is only passable so I can't check up on this (and there's rarely English language news on such a thing) but unless your friend is a lawyer or has a need for current legal knowledge then I'd suggest they are wrong. Germany are very good about compatibility with EU law and it's a requirement that they implement directives.
My friend is one of the leading experts on anonymity networks and stays in regular touch with lawyers who monitor data retention laws. If anyone knows the status of data retention in Germany, it is him.