Silk Road forums
Discussion => Security => Topic started by: Burning Babylon on June 26, 2013, 08:09 pm
-
This thread will be based on the article VPN Services That Take Your Anonymity Seriously, 2013 Edition from TorrentFreak: https://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/ Now I've done some searching and there are plenty of VPN forum threads up, but they ask far too open ended questions to my liking. The scope of this thread will be all VPN providers in the TorrentFreak article and no others whatsoever, here they are sorted alphabetically:
AirVPN: https://airvpn.org/
Anonine: https://www.anonine.com/en
BlackVPN: https://www.blackvpn.com/
BolehVPN: http://bolehvpn.net/
BTGuard: https://btguard.com/
Faceless.me: http://faceless.me/
Ipredator: https://ipredator.se/
IPVanish: http://www.ipvanish.com/
IVPN: http://www.ivpn.net/
Mullvad: https://mullvad.net/en/
NordVPN: http://www.nordvpn.com/
Privacy.io: https://privacy.io/
Private Internet Access: https://www.privateinternetaccess.com/
PrivatVPN: https://www.privatvpn.se/en/
Proxy.sh: https://proxy.sh/
PRQ: http://www.prq.se/?p=tunnel&intl=1
Torguard: http://torguard.net/
TorrentPrivacy: https://torrentprivacy.com/
Of these 18 providers I will personally only consider those who accept Bitcoin as payment:
AirVPN: https://airvpn.org/
BlackVPN: https://www.blackvpn.com/
BolehVPN: http://bolehvpn.net/
BTGuard: https://btguard.com/
Ipredator: https://ipredator.se/
IVPN: http://www.ivpn.net/
Mullvad: https://mullvad.net/en/
Private Internet Access: https://www.privateinternetaccess.com/
Proxy.sh: https://proxy.sh/
PRQ: http://www.prq.se/?p=tunnel&intl=1
Torguard: http://torguard.net/
So we're down to 11 providers now, for the next column I will link any information from http://www.bestvpn.com/ and http://www.bestvpnservice.com/
AirVPN: http://www.bestvpn.com/blog/4486/airvpn-review/ | http://www.bestvpnservice.com/providers/97/air-vpn.html
BlackVPN: http://www.bestvpn.com/blog/6346/blackvpn-review/ | http://www.bestvpnservice.com/providers/69/black-vpn.html
BolehVPN: N/A | http://www.bestvpnservice.com/providers/156/boleh-vpn.html
BTGuard: http://www.bestvpn.com/blog/3563/btguard-review/ | http://www.bestvpnservice.com/providers/262/btguard.html
Ipredator: N/A | http://www.bestvpnservice.com/providers/126/ipredator.html
IVPN: N/A | http://www.bestvpnservice.com/providers/62/ivpn.html
Mullvad: http://www.bestvpn.com/blog/4565/mullvad-review/ | http://www.bestvpnservice.com/providers/181/mullvad-vpn.html
Private Internet Access: http://www.bestvpn.com/blog/3711/private-internet-access-review/ | http://www.bestvpnservice.com/providers/139/private-internet-access-vpn.html
Proxy.sh: http://www.bestvpn.com/blog/5544/proxy-sh-review/ | N/A
PRQ: N/A | http://www.bestvpnservice.com/providers/157/prq-vpn.html
Torguard: http://www.bestvpn.com/blog/3645/torguard-review/ | http://www.bestvpnservice.com/providers/246/tor-guard.html
I have no experience with any of these so I'm going to do some reading and come back to this thread when I've decided, hopefully a few can chime in with experiences with some of these providers before that. :)
-
Thanks. Will read
.
-
+1
Great list!!
-
I have my own dedicated server so I just set up OpenVPN on there so I know 100% that it's secure.
I'd take payments for it, but unfortunately I can't give any of you access because you'd have my IP address, from that you could request who owns it from the hosting company (with a warrant) and bam, I'm fucked (I'm a vendor).
-
What do u think of cyber Ghost? It has a free download you can use also.
-
Sk0rt... if you own the VPN, where is your plausible deniability?
I presume it's offsite, so do you anonymously rent a server?
It's not the nature of VPN that gives you extra security over TOR, it's the fact that you're obscuring TOR access from an ISP that would be willing to work with LE to track you down. (let's say, by giving LE a list of IP's that regularly use TOR, how often, and for how long.) Heck they don't even need a warrant for that part, they only need one to resolve those IPs into names.
If you VPN from one PC to another, and you own both, there is no obscurity except for what TOR does for you naturally.
-
This is a cool thread! Thank you!!!
-
I actually have used PrivateInternetAccess for torrenting and accessing TOR. Paying with bitcoins was fairly easy. I did some research a while back and determined that they were the best option for me. I have to say I am fairly impressed with the service. You can connect to a wide variety of servers in the US and Canada, and it doesn't slow down my internet at all. I'm not sure what other information you may want, so feel free to ask questions and hopefully I'll be able to answer them 8).
-
I've also used PIA - excellent in my book!
pb.
-
subbed
-
What about HMA/HideYourAss?
-
one2bcurious,
HideMyAss gave up a hacker to the government. No no no.
I personally use Private Internet Access and will never go back. They have servers all over the world. I've downloaded and uploaded hundreds of GBs through their servers with no data stalls.
I paid with BTCs so they don't even know my first name. $33 in BTC for a year of service is a deal to me.
-
Quick question. To what extent does PIA hide you? Downloading files and browsing tor, yeah. If I wanted to buy postage for shipments with a gift card how secure am I as long as the little green fat man in the corner is bright green? Can I threaten political figures?
Also while we are on the topic of PIA, whats the opinion on VPN kill switch and DNS Leak Protection that is offered in the settings
-
HMA gave up and was responsible for the arrest of Recursion of Lulzsec
-
I feel reassured after reading many of these posts that I did indeed make the right decision when after researching several VPN services, I decided to go with PrivateInternetAccess. Paid for a year in BTC a couple of months ago, and have been happy with them for the most part. Only thing, unlike what a couple of people mentioned where they said that it didn't slow down their browsing at all, unfortunately I've not had that much luck. It definately slows down my Firefox on the clearnet as well as slows down already very slow TOR even more so. Still, I figure a little inconvenience is worth it for the extra layer of security....
-
I hear PIA is quite nice.
-
So no one knows how good or bad CYBER GHOST IS? I'v always heard it was really good, but i was just wanting to know what SR members thought.
Like i said you can download it free then they offer the Pro with more features.
-
is there any benefit to using a vpn paid by bitcoin as an extra layer before using obfs3 bridges? would that be considered paranoid mode or standard practise?
-
Got nothing but good things to say about Airvpn. Open source, accept BTC, lightening fast, disconnect protections. I could go on. Excellent service.
-
Great thread thanks
-
Thanks! Nice list.
-
I will also vouch for PIA - does not affect my speeds at all
-
is there any benefit to using a vpn paid by bitcoin as an extra layer before using obfs3 bridges? would that be considered paranoid mode or standard practise?
There isn't really any advantage, and in fact it kind of destroys the purpose of using and obfsproxy bridge as now your ISP can still detect that you are connecting to an anonymizer, just not to Tor. People shouldn't be saying the VPN they are using, you are all allowing LE to start tracing you past Tor.
-
Great post!!
-
good list thanks
-
Good job.
Thanks
-
Nice ... ty
-
Took the leap and got a yr subscription with VIP.. Paid bitcoins. Can't get it to work with my Ubuntu.. but works perfect with my Mac. Their support has been great with the chat but just can't get it to work with my Ubuntu 12.04.. I'm running Ubuntu through my USB..
-
is there any benefit to using a vpn paid by bitcoin as an extra layer before using obfs3 bridges? would that be considered paranoid mode or standard practise?
There isn't really any advantage, and in fact it kind of destroys the purpose of using and obfsproxy bridge as now your ISP can still detect that you are connecting to an anonymizer, just not to Tor. People shouldn't be saying the VPN they are using, you are all allowing LE to start tracing you past Tor.
Deep packet inspection can still find obfsproxy bridges isn't China still nulling them 20 seconds after people there connect to an obfs3 bridge? I haven't been paying attention to the Tor blog but last time I checked they couldn't keep up with the China arms race to disrupt Tor obfs bridges.
Also agreed kind of stupid to discuss what VPNs you are using. Discuss VPN reliability on a clearnet non illegal forum like Wilders Security or something. Remember Topiary lamenting how shitty HideMyAss VPN is in IRC and then he gets arrested?
-
is there any benefit to using a vpn paid by bitcoin as an extra layer before using obfs3 bridges? would that be considered paranoid mode or standard practise?
There isn't really any advantage, and in fact it kind of destroys the purpose of using and obfsproxy bridge as now your ISP can still detect that you are connecting to an anonymizer, just not to Tor. People shouldn't be saying the VPN they are using, you are all allowing LE to start tracing you past Tor.
Point VERY well taken, kmfkewm. I'm not sure if I can get the remainder of my year paid susbscription to PIA refunded or not, nor do I really care. I read the last part of your reply here and uninstalled it and am currently looking into other options... and won't be making my decision public. I know the tip wasn't meant for me, but I'm real glad I read it anyway and have taken your advice to heart on this totally. Thanks :)
-
Well firs of all thanks to the OP for the list very useful. However i have a question that may seem fairly basic. Im using Tails with a persistent volume, So it is of course on its own an operating system that forces everything to connect through tor anyway, Is a VPN reccommeded even though i am using tails? or is it for if you are using an OS like Linux or windows with the Tor browser bundle, even if it is on a USB.
Anyone know?
Thanks all
-
http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/ (clearnet)
Interesting read some coply with DMCA or equivalent others just shut that server and move i really like privacy.io answers short and sweet
-
These guys look pretty badass: http://cryptohippie.com
Any opinions on them?
Service is $275/year all upfront. They do take bitcoin but you have to ask....
mm
-
These guys look pretty badass: http://cryptohippie.com
Any opinions on them?
Service is $275/year all upfront. They do take bitcoin but you have to ask....
mm
NO! Terrible VPN provider. Do not want. Trust me when I say AVOID!
-
Found in the XKEYSCORE presentation:
* Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the users
Source:
http://arstechnica.com/tech-policy/2013/08/nsas-internet-taps-can-find-systems-to-hack-track-vpns-and-word-docs/
I don't think this means they can generally decrypt VPN traffic, but it probably means that they more often than not know when someone is connecting to a VPN.
-
NO! Terrible VPN provider. Do not want. Trust me when I say AVOID!
Thanks for the warning. Just curious as to why so bad?
-
Watch out for PIA. I use them and frequently am not connected even when it says I am. I use an ip location web site to check every single time I use the internet which is a pain...
mm
-
torguard is great. paid with btc, easy to configure and megabytes per second MUST BE IN THE MILLIONS. WE GETTIN EXTREME DOWNLOADS TONIGHT.
but with that new 0day exploit i wouldnt use javascript at all while doing the sketchness on a vpn, it can make using it pointless. that shit will send yo IP to a government database so fast
-
Can someone add what countries each vpn is located in?
-
torguard is excellent. I too paid in btc. But, I use several VPN services not just one. So, giving a good review to a vpn service isn't any worse then giving a review to a vendor here.
-
NO! Terrible VPN provider. Do not want. Trust me when I say AVOID!
Thanks for the warning. Just curious as to why so bad?
I am curious as well, I have talked online with some of the people who run cryptohippie and they seem like nice libertarian fellows. I wouldn't trust them with my own traffic, but I don't see any reason to trust them less than any other random VPN provider, other than the fact that they associate with Topletz perhaps. JonDoNym is another VPN provider that looks less evil than most. But I wouldn't really use a VPN if it can be avoided, obfsproxy bridges look like a better idea for hiding that you use Tor imo.
-
torguard is great. paid with btc, easy to configure and megabytes per second MUST BE IN THE MILLIONS. WE GETTIN EXTREME DOWNLOADS TONIGHT.
but with that new 0day exploit i wouldnt use javascript at all while doing the sketchness on a vpn, it can make using it pointless. that shit will send yo IP to a government database so fast
Using a VPN in addition to Tor would have actually prevented that specific not-a-zero-day from getting your real IP address.
-
So whats better for using tor undetected, obfsproxy or VPN?
-
found this, looks like obfsproxy is way better than vpn cause vpn can be unusual for individuals to use and obfsproxy makes stuff look like normal http traffic.
http://www.dlshad.net/?p=135
Bypassing censorship by using obfsproxy and openVPN , SSH Tunnel
Dlshad | geekers, My Syria | 0
Dlshad Othman
@dlshadothman
Syrian ISPs are using sophisticated technologies to monitor and filter traffic. These boxes are DPI (Deep Packet Inspection) and what they do is sniff out every little packet flowing through them to find specific patterns and then they provide their administrator with the option to block traffic that matches these patterns. These boxes are very sophisticated and they don’t just filter traffic by src, dst or port, they filter traffic by the content the packets carry.
Since August 2011 Syrin regime applied the DPI and they start blocking OpenVPN – L2TP/IPSec and sometimes TOR connection , in order to not allow any user has a secure connections.
Tor Action :
Tor as one of the main anonymity providers , DPI was able to block its traffic over the “Digital fingerprint of it’s traffic “
Tor said “ An increasing number of censoring countries are using Deep Packet Inspection (DPI) to classify Internet traffic flows by protocol. While Tor uses bridge relays to get around a censor that blocks by IP address, the censor can use DPI to recognize and filter Tor traffic flows even when they connect to unexpected IP addresses. “
In response to that, Tor deployed a technology called Pluggable Transports which it can obfuscate the traffic to looks like “nothing!” that will drive the DPI evil boxes to go Crazy! The traffic is not easy recognizable! :D
Digram 1 ( DBI Box allows http traffic to pass , and blocks openvpn )
How can we use it?
In Syria for the last 2 years , people were able to use ( openvpn and SSH ) connections in order to encrypt their traffic , and now only SSH connection is working ,and other encrypted connections “through obfsproxy” I don’t think they will block ssh , because (SEA) need it to do their operations -_- also the government has servers around! need to be managed!
-
found this, looks like obfsproxy is way better than vpn cause vpn can be unusual for individuals to use and obfsproxy makes stuff look like normal http traffic.
VPN's are not uncommon. If you work for a large company and work from home sometimes, they all require you to access their intranet with a VPN. Now I suppose they could flag connections to known anonymous VPN providers, that would be a different story.
-
In countries where it's not illegal to use Tor, why do people trying to hide it (with Tor + VPN combos, obfsproxy etc?) We should instead be encouraging EVERYONE to use Tor, as much as they can. I do almost all of my day-to-day browsing through Tor and so should you - you can also run as a relay to help mask your own traffic. It's a good 'Fuck You!' to governments too!
If we can get lots of people using Tor, it becomes more anonymous and faster for all of us, and will be more thoroughly tested.
I'm not convinced VPN is any use in terms of true anonymity any more since the NSA leaks, although I realise they're quite good for Bittorrent etc still.
-
In countries where it's not illegal to use Tor, why do people trying to hide it (with Tor + VPN combos, obfsproxy etc?) We should instead be encouraging EVERYONE to use Tor, as much as they can. I do almost all of my day-to-day browsing through Tor and so should you - you can also run as a relay to help mask your own traffic. It's a good 'Fuck You!' to governments too!
If we can get lots of people using Tor, it becomes more anonymous and faster for all of us, and will be more thoroughly tested.
I'm not convinced VPN is any use in terms of true anonymity any more since the NSA leaks, although I realise they're quite good for Bittorrent etc still.
cause if ur a vendor and a cop buys from u then they just need to get a list of tor users in ur area to determine ur identity out of that pool. or if u want to connect to a site that flags blocks tor then u ur vpn sits at the exit node and covers 4 u
-
Posted today on torblog:
Welcome to the eighth issue of Tor Weekly News, the weekly newsletter that covers what is happening in the great Tor community.
Future of pluggable transports integration
While David Fifield was busy updating the Pluggable Transports Bundle to match the “classic” bundle version 0.2.4.16-beta-1, several discussions took place on how to better integrate pluggable transports in the future.
bastik opened #9444, pointing out that “currently TBB with Pluggable Transports are build separately, thus lagging behind”. Having two separate bundles is also a long standing usability issue, as often users have tried to add “obfs” bridges to their normal TBB.
Mike Perry is fully aware of the issue and stated in the discussion that his “long term goal is to try to cram all of the pluggable transports into The One True Bundle.”
This will require modifications to the new “Tor Launcher” component of the TBB 3.x series in order to allow users to select the bridges and pluggable transports they wish to use. Compromises might be needed on how users should input bridges. BridgeDB recently stopped having the “bridge” keyword in front of the addresses it replies with as Vidalia would not understand it. Mike Perry was thinking in exactly the opposite direction: “take bridge lines directly from bridgedb […] verifying only that they start with ‘bridge’”. Maybe the transition could be easier if Florian Stinglmayr’s patch to Vidalia was merged so that current bundles would ignore the “bridge” keyword when entering bridges.
In any case, Mike wants to solve these issues “before we release as beta/stable, to minimize user confusion.”
Another tricky part of the “One True Bundle” solution is the bundle size, making it harder to circumvent download restrictions through email. But, as Mike said, “even if they don’t, we’ll probably have to find some other solution anyway for gettor, because the intersection of gettor users and PT users is probably high.”
Extended ORPort land in tor 0.2.5
After more than a year and a half in the making, the Extended ORPort mechanism has been merged by Nick Mathewson into the tor master branch. This will allow pluggable transport proxies to exchange arbitrary operational information and metadata with tor clients and bridges.
Such plumbing was needed in order to make some pluggable transports easier to use or to allow Tor to gather more data about the state of the transports used.
obfsproxy has supported this new communication channel for a little while and was only waiting for tor to catch up. George Kadianakis thus asked obfsbridge operators to upgrade their tor to git master to enable client statistics.
Once they do, their bridges will send statistics on users per transport to the bridge authority, and they will be published on metrics.torproject.org. This helps track deployment of pluggable transports in the future.
-
+1
I keep on saying to have the extra layer of protection that a VPN offers (provided it keeps no logs and allows for payment with bitcoins). I don't know why there's any resistance to using a good VPN or two for this purpose.
Using a VPN in addition to Tor would have actually prevented that specific not-a-zero-day from getting your real IP address.
-
Mullvad is the best. They don't keep logs. I know this because I've gotten multiple free trials from the same ip addy.
-
Mullvad is the best. They don't keep logs. I know this because I've gotten multiple free trials from the same ip addy.
delete your comments and shut the fuck up. don't draw attention to your VPN provider.
Seriously.... get a brain transplant you need one.
-
Hi all, Think it's time to make the jump and go for a vpn.
Been looking at 3 and was wondering which ones people would reccommend, Or if there are any problems with any I say point them out to me.
1) AirVPN
2)EarthVPN
3)PIA (Private Internet Access)
Any advice is appreciated. Also anything that works well with tails is a plus.
Im sort of leaning towards earthVPN, however Im not sure, They seem to be very good, cheap and proffesional all in the one package.
-
Can't speak for any of the others, but I can definitely reiterate the praises of PIA that many others have given here. It's incredibly fast and it's one of the cheapest services out there if you buy a year.
-
Does anybody have any knowledge/experience with free OpenVPN services, to be used in conjunction with either TOR by itself or with another paid OpenVPN in tandem with TOR?
I figure this would save some money, either way, although of course the second option would be the more secure one.
goblin
-
DO NOT USE BTGUARD. I signed up for them and their service is terrible. They do not respond to support tickets, and I was getting very frequent disconnects. Also, their speeds are terrible.
I also would not recommend PIA because they are based in the USA, and if the Lavabit fiasco has taught us anything, it is that US companies are most likely under serious pressure from the government to install wiretaps.
I personally like AirVPN and IVPN. I have tried them both, and they are both fantastic. Neither of them are based in the USA, and I was able to get 4+ MB/s on both of them.
-
Im personally leaning towards air or earth or something similar, however is there something you need to do to specifically set them up to be used with tails? by that I mean how the hell would you set up a router to be used with tails.?
-
Im personally leaning towards air or earth or something similar, however is there something you need to do to specifically set them up to be used with tails? by that I mean how the hell would you set up a router to be used with tails.?
Newer routers should support the OpenVPN protocol, so you can add your VPN server in the router config to route everything through the VPN.
Other than that, a router does not need to be set up to be used with Tails. Any router connected to the internet will work.
You can also use the OpenVPN software for Linux to just route your computer through the VPN, not all traffic on the router.
If you're already using Tails, you probably don't really need a VPN. If you're using Tor, a VPN is just another point of failure. It's a gamble whether you think it is more likely that your VPN will tap you under government pressure, or whether you think that one or multiple governments has broken tor anonymity by controlling enough exit nodes.
However, I suppose unless you're a drug or kiddie porn kingpin, or a terrorist leader, the government probably wouldn't want to risk acknowledging they have broken tor just to get you.
-
The speed of PIA is great BUT it's a USA company. No logs?? Remember trust no one.
I recently moved to AirVPN out of italy the connection is slower but I feel more confident with AirVPN holding up the no logs statement.
Be aware your service provider knows when you tunnel under and go dark. Just like if you live in a rural area you'd be easy to identify if you were running Tor.
Atleast I used a VPN for work so I've a small amount of pluasable of liability.
Both of the VPN provider take BTC which I like
-
these vpns, do they give you your own fixed ip or do you share ips with others?
-
these vpns, do they give you your own fixed ip or do you share ips with others?
the ones I've used have been shared.
-
Im personally leaning towards air or earth or something similar, however is there something you need to do to specifically set them up to be used with tails? by that I mean how the hell would you set up a router to be used with tails.?
I use a router that accepts opensource firmware, like Tomato (clearnet: http://tomato.groov.pl/) or DDWRT (clearnet: http://www.dd-wrt.com). I prefer tomato.
These firmwares will support Openvpn, and with a little fiddling you can set up your router to handle the VPN connection on it's own. A lot of VPN providers provide setup instructions for open source routers, if not the linux config files can be used to figure out the proper settings with a little common sense.
The advantage of this setup is, if you are subject to a browser exploit like they used re: Freedom Hosting, they will only get your shared VPN ip address instead of your true IP.
-
Im personally leaning towards air or earth or something similar, however is there something you need to do to specifically set them up to be used with tails? by that I mean how the hell would you set up a router to be used with tails.?
Newer routers should support the OpenVPN protocol, so you can add your VPN server in the router config to route everything through the VPN.
Other than that, a router does not need to be set up to be used with Tails. Any router connected to the internet will work.
You can also use the OpenVPN software for Linux to just route your computer through the VPN, not all traffic on the router.
If you're already using Tails, you probably don't really need a VPN. If you're using Tor, a VPN is just another point of failure. It's a gamble whether you think it is more likely that your VPN will tap you under government pressure, or whether you think that one or multiple governments has broken tor anonymity by controlling enough exit nodes.
However, I suppose unless you're a drug or kiddie porn kingpin, or a terrorist leader, the government probably wouldn't want to risk acknowledging they have broken tor just to get you.
So how do I cnfigure my router though? I must be missing something.
I was under the impression that You can't run a VPN safely on Tails. It's not installed by default, so you have to boot Tails, log onto the internet directly, install OpenVPN, then configure and turn it on, and you have to do that every time. The only good way to use a VPN with Tails is to set it up on your router. that was astor that told me that.
So i just dont know how to set it up on my router.
Well, when using tails, unless you connect from public places your ISP can still see that you are running tor. They cant see what you are doing but they can see you are running tor. So if I were to use a VPN it would hide it from them. That way if any tor users in my city were investigated then I would be "Safe"
-
Im personally leaning towards air or earth or something similar, however is there something you need to do to specifically set them up to be used with tails? by that I mean how the hell would you set up a router to be used with tails.?
Newer routers should support the OpenVPN protocol, so you can add your VPN server in the router config to route everything through the VPN.
Other than that, a router does not need to be set up to be used with Tails. Any router connected to the internet will work.
You can also use the OpenVPN software for Linux to just route your computer through the VPN, not all traffic on the router.
If you're already using Tails, you probably don't really need a VPN. If you're using Tor, a VPN is just another point of failure. It's a gamble whether you think it is more likely that your VPN will tap you under government pressure, or whether you think that one or multiple governments has broken tor anonymity by controlling enough exit nodes.
However, I suppose unless you're a drug or kiddie porn kingpin, or a terrorist leader, the government probably wouldn't want to risk acknowledging they have broken tor just to get you.
So how do I cnfigure my router though? I must be missing something.
I was under the impression that You can't run a VPN safely on Tails. It's not installed by default, so you have to boot Tails, log onto the internet directly, install OpenVPN, then configure and turn it on, and you have to do that every time. The only good way to use a VPN with Tails is to set it up on your router. that was astor that told me that.
So i just dont know how to set it up on my router.
Well, when using tails, unless you connect from public places your ISP can still see that you are running tor. They cant see what you are doing but they can see you are running tor. So if I were to use a VPN it would hide it from them. That way if any tor users in my city were investigated then I would be "Safe"
-
https://forum.openwrt.org/viewtopic.php?id=27354
this is all i could find about setting up tor on a router. this seems to be the optimal way of doing things cause theres absolutely no way you could be deamonynized under this setup and you'd get persistent entry guards if u were using a live os and u'd be able to run as a relay 24/7 masking your traffic/connection patterns and helping the network. your nfo could still get jacked though if u get hacked.
-
Since my Last Post which was made 2013-06-26 they've added an additional three Providers to the list:
Boxpn: https://www.boxpn.com
EarthVPN: http://www.earthvpn.com
VikingVPN: https://vikingvpn.com
This puts the total number of Providers at 21, while the number of Providers who accept Bitcoin Only has gone up to 13:
AirVPN: https://airvpn.org
BlackVPN: https://www.blackvpn.com
BolehVPN: http://bolehvpn.net
BTGuard: https://btguard.com
EarthVPN: http://www.earthvpn.com
Ipredator: https://ipredator.se
IVPN: http://www.ivpn.net
Mullvad: https://mullvad.net/en
NordVPN: http://www.nordvpn.com
Private Internet Access: https://www.privateinternetaccess.com
Proxy.sh: https://proxy.sh
PRQ: http://www.prq.se/?p=tunnel&intl=1
Torguard: http://torguard.net
I'm personally the most interested in VPN Providers who provide a Dedicated IP so I'm going to contact the above 13 Providers and see what they have to say on the matter. :)
Regarding Routers and VPNs the following articles give some suggestions:
http://www.bestvpn.com/blog/5820/5-best-routers-for-dd-wrt-with-vpn/
http://www.bestvpn.com/blog/6232/5-best-vpns-for-tomato-routers/
http://www.bestvpn.com/blog/4057/best-logless-vpn/
http://www.cactusvpn.com/dd-wrt-routers/
----------
Thought I'd repost something I posted in the Vendors Roundtable which might be of interest. It's about Seedboxes which can be used as VPNs as well but the point would be to remotely control a Seedbox and use a VPN on it:
A small update to the list, the following Seedbox Providers have Confirmed Bitcoin Support:
ByteSized: https://www.bytesized-hosting.com - Remote Control Support for all Packages. [ Recommended ]
CUtorrent: http://www.cutorrent.com - Unknown Capabilities.
DTSLeech: http://www.dtsleech.com - Remote Control Support for Higher End Packages. [ Recommended ]
GBox: http://www.gbox.me - Unknown Capabilities - Does offer the option of Dedicated IPs though.
Seedboxes: https://www.seedboxes.cc - VPN Capabilities for all Packages at the very least.
Seedhost: http://www.seedhost.net - Remote Control Support for all Packages. [ Recommended ]
SeedStuff: http://www.seedstuff.ca - Some kind of Proxy Support on some Packages.
YourSeedbox: http://www.yourseedbox.com - VPN Capabilities on some Packages at the very least.
I managed to find a sub-section on the Bitcoin Wiki called Virtual private server: https://en.bitcoin.it/wiki/Virtual_private_server
It seems it might be somewhat viable after all, sorting alphabetically and removing those who have issues of some kind:
AllGamer, LLC: http://www.allgamer.net
Bitcoin Networks: http://www.bitcoinnetworks.com
BitronicTech: http://www.bitronictech.net
BitVPS: https://www.bitvps.com
BuildYourVPS: http://www.buildyourvps.com
Cinfu Hosting Solutions: http://www.cinfu.com
Cosmic Fantasia: http://www.cosmicfantasia.net.au
CrownCloud: http://www.crowncloud.net
Dehost VPS Servers: http://www.dehost.org
Dewlance Windows VPS and Hosting: http://www.dewlance.com
Exoware: http://www.exoware.net
FUSA: http://www.fusa.be/en
Incloudibly: https://www.incloudibly.com
Microtronix Hosting: http://www.microthosting.com
MomentoVPS: https://www.momentovps.com
Optical Cube Web Hosting, VPS and IT consulting: http://www.opticalcube.com
OrangeWebsite: http://www.orangewebsite.com
Smart Weblications: http://www.smart-weblications.com
SnelServer: https://www.snelserver.com
Tailored VPS: http://www.tailoredvps.com
UNIXy: http://www.unixy.net
Yoku Cloud Hosting and Cloud Servers: http://www.yokuhosting.com
-
Question for all you cryptos out there. Any advantage to using two VPNs together. Double secret?
-
What about Security Kiss? Any thoughts on this service? I have a paid package that I paid with Btc.
-
Trying to decide which VPN to pull the trigger on...
Right now I've been looking at AirVPN, and they seem pretty legit?
Any other recommendations that I should look into?
TLDR - Which VPN should I use?
Vanquish
-
This puts the total number of Providers at 21, while the number of Providers who accept Bitcoin Only has gone up to 13:
AirVPN: https://airvpn.org
BlackVPN: https://www.blackvpn.com
BolehVPN: http://bolehvpn.net
BTGuard: https://btguard.com
EarthVPN: http://www.earthvpn.com
Ipredator: https://ipredator.se
IVPN: http://www.ivpn.net
Mullvad: https://mullvad.net/en
NordVPN: http://www.nordvpn.com
Private Internet Access: https://www.privateinternetaccess.com
Proxy.sh: https://proxy.sh
PRQ: http://www.prq.se/?p=tunnel&intl=1
Torguard: http://torguard.net
I'm personally the most interested in VPN Providers who provide a Dedicated IP so I'm going to contact the above 13 Providers and see what they have to say on the matter. :)
So finally getting around to posting the results about which VPN Providers provide Dedicated IP Addresses. First those that simply said no, just offered their dedicated IP addresses in one country only or those I found no simple way of contacting:
AirVPN: https://airvpn.org ( Answer: We're sorry, we do not offer such a service. )
BlackVPN: https://www.blackvpn.com ( Answer: currently we don't offer static IPs on any servers as we believe that compromises your anonymity )
BTGuard: https://btguard.com ( Answer: We only offer dynamic Ip addresses. )
EarthVPN: http://www.earthvpn.com ( Answer: Thank you for your interest.We will offer dedicated IP with port forwarding enabled soon. )
Ipredator: https://ipredator.se ( Only Contact is via IRC. )
IVPN: http://www.ivpn.net ( Answer: No, we use shared IP's to ensure sufficient interface crowding on the servers. )
Mullvad: https://mullvad.net/en ( Answer: No, sorry. We only have servers with shared IPs. )
Private Internet Access: https://www.privateinternetaccess.com ( Answer: All of our servers are shared servers. )
PRQ: http://www.prq.se/?p=tunnel&intl=1 ( Answer: We only have servers in Sweden. )
Torguard: http://torguard.net ( Didn't find any easy way of contacting them. )
----------
Worth keeping in mind all VPN Providers who were willing to offer Dedicated IP Addresses required a minimum of 6 months pay upfront as they "reserve" the IP Address for such a duration.
BolehVPN: http://bolehvpn.net
To clarify, you need to pay a total of $75 + $46 per account/ip for usage of 1st 6 months and if you decided to renew further, you just need to pay $25+$46 for another 6 months.
Once expired, the IP will be freed and allocate to another account if any. If during its active period, the account/ip are tied to each other unless instructed by the account holder to give it or assign to someone else or if its terminated due to abuse.
There is no limit to monthly bandwidth but subject to a maximum speed of 100mbit/s speed. The speed may varies on certain conditions.
As for ordering process, you may order and pay for our 6 months package from the portal and we will issue a paypal invoice for the setup and rental fees once everything is setup properly. You can pay either by paypal balance or credit card.
You can choose from Luxembourg, Sweden and Switzerland and USA (limited).
As for the IP, we have a few IP in Los Angeles, San Jose, Kansas City that we can allocate to you.
1) We can only assigned ONE IP per account and the setup is fee is for per account.
2) Once you made the order, you account will be activated automatically once payment is confirmed by your payment methods. However this activation allows you to access all our VPN servers without the dedicated IP. You will need to open a support ticket to notify us that you have already made the payment for the normal 180 days package.
3) Once we received the ticket, we will proceed to setup the dedicated IP for you and this will be done within 24 hours upon receiving the ticket. You will received further instructions to connect with that dedicated IP.
4) Invoice for the additional setup and IP rental will be sent to your registered email address that you used for the registration, once no 3 is completed.
NordVPN: http://www.nordvpn.com
It is possible to do it. But is very expensive and costs around 45 Euros per month.Most of them cost around that price. The price may differ from 43 to 47 euros.
Proxy.sh: https://proxy.sh
Australia - $79 per month
Belgium - $59 per month
Canada - $22 per month
Czech Republic - $29 per month
Finland - $39 per month
Germany - $17 per month
Netherlands - $11 per month
Poland - $29 per month
Spain - $39 per month
Sweden - $24 per month
Switzerland - $24 per month
United Kingdom - $17 per month
United States - $11 per monthThis is basically a dedicated package. You can feel free to order a dedicated package and then specify the IP addresses you need. The price will always be higher than $25 considering we would only propose such service if you take at least 2 or 3 IPs. We will just give you a second invoice manually to cover the rest of the money owed. Note that this package, in addition to your dedicated IPs, will give you access to all $10 packages.
Unfortunately the IP will be restricted by packages. So if you need 1 IP for each user, you will need to make separate orders for each users.
Finally, to make a custom order, well, just order the $25 package from our pricing page. A support ticket will pop up and we will ask you for your custom choice. Paying upfront makes sure that you actually need something and we do not waste time searching for it on your behalf.
-
Forget Torguard.
From experience, I can assure you that Torguard asks too much information during registration. They require you to prove you can access a cell phone number: they call you and play an automated voice reading a temporary four character code that you have to enter.
If you are interested in bullshitting all the fields needed for registration, do NOT use Torguard.
-
Boys an girls
Be very careful using any of these services - some run very loose operations, some are probably run by LE. Some are OK but very hard to know which is which.
Use them as a layer in your onion skin but do not rely on them alone for anonymity or confidentiality - i.e. assume they are compromised when you use them and take steps accordingly then all will be OK.
-
i.e. assume they are compromised when you use them and take steps accordingly then all will be OK.
Would you expand on the take steps accordingly in more detail part?
I'm using Air VPN right now, only doing the trial though and it's about to expire.
Should I quit using it entirely or what's next?
Based on the logs it looks like it's encrypting everything fine with 2048 bit RA.
But hey you never know.
Vanquish
-
Would you expand on the take steps accordingly in more detail part?
I'm using Air VPN right now, only doing the trial though and it's about to expire.
Should I quit using it entirely or what's next?
Based on the logs it looks like it's encrypting everything fine with 2048 bit RA.
But hey you never know.
Vanquish
I suppose in this case it would mean not sending anything over that VPN link that I would not want snarfed by the operators of said VPN service.
Much like with TOR - You (hopefully) wouldn't use TOR to get to a clearnet site unless either
1) The site you are accessing is encrypted (e.g HTTPS only) and you can validate the certificate
or
2) You don't mind that somebody running the TOR exit node can capture (and modify) your traffic
The reason you wouldn't do it is because some/potentially all TOR exit nodes can be used by their operators to sniff and snarf your traffic when it leaves TOR. This does not apply to hidden service bound traffic such as .onion sites (we trust!)
A VPN can have a part to play - just don't rely on it completely. So perhaps establish VPN from your endpoint and then once it is up, bring TOR up on top of it. I don't think that buys you much in general but it might hide TOR traffic from your immediate ISP if that were beneficial. If the VPN is compromised then impact is significantly reduced as all they can see is your encrypted TOR traffic.
If you exited the VPN into a shared IP address (e.g. shared with the other VPN users) then again that buys you some benefit in the form of noise in which to hide.
I do use a VPN myself dependent on where I physically am but that is usually to allow me to tunnel back to a known (semi trusted) network and from there I go back on to the Internet rather than connect directly to Internet services from a 'roaming' network such as 3G/GPRS or wireless hotspots etc. Arguably however this may end up reducing my anonymity but it does increase the confidentiality of my shit to prying eyes in the Cellular provider or wi-fi hotspot operator. Point is that is my VPN I run it - not some unknown third party. (OpenVPN)
An update to the post but probably something to bear in mind - PPTP based VPNs are often not very strong and an adversary who is able to monitor the initial key exchange can, if they choose to expend some resource (not too much), gain access to your plaintext traffic. Assuming your passphrase doesn't change then they only need to do this once. This is because most PPTP VPNs use MSCHAP or similar for authentication which is not that strong.
So if you do have a VPN that you rely on and it is of the PPTP variety then ensure you use a stronger authentication mechanism such as EAP-TLS. WIndows and Linux both support this - just depends on your VPN provider as to whether they do. Better though to use a VPN based on IPSec or SSL VPN (Like OpenVPN)
-
Would you expand on the take steps accordingly in more detail part?
I'm using Air VPN right now, only doing the trial though and it's about to expire.
Should I quit using it entirely or what's next?
Based on the logs it looks like it's encrypting everything fine with 2048 bit RA.
But hey you never know.
Vanquish
I suppose in this case it would mean not sending anything over that VPN link that I would not want snarfed by the operators of said VPN service.
Much like with TOR - You (hopefully) wouldn't use TOR to get to a clearnet site unless either
1) The site you are accessing is encrypted (e.g HTTPS only) and you can validate the certificate
or
2) You don't mind that somebody running the TOR exit node can capture (and modify) your traffic
The reason you wouldn't do it is because some/potentially all TOR exit nodes can be used by their operators to sniff and snarf your traffic when it leaves TOR. This does not apply to hidden service bound traffic such as .onion sites (we trust!)
A VPN can have a part to play - just don't rely on it completely. So perhaps establish VPN from your endpoint and then once it is up, bring TOR up on top of it. I don't think that buys you much in general but it might hide TOR traffic from your immediate ISP if that were beneficial. If the VPN is compromised then impact is significantly reduced as all they can see is your encrypted TOR traffic.
If you exited the VPN into a shared IP address (e.g. shared with the other VPN users) then again that buys you some benefit in the form of noise in which to hide.
I do use a VPN myself dependent on where I physically am but that is usually to allow me to tunnel back to a known (semi trusted) network and from there I go back on to the Internet rather than connect directly to Internet services from a 'roaming' network such as 3G/GPRS or wireless hotspots etc. Arguably however this may end up reducing my anonymity but it does increase the confidentiality of my shit to prying eyes in the Cellular provider or wi-fi hotspot operator. Point is that is my VPN I run it - not some unknown third party. (OpenVPN)
An update to the post but probably something to bear in mind - PPTP based VPNs are often not very strong and an adversary who is able to monitor the initial key exchange can, if they choose to expend some resource (not too much), gain access to your plaintext traffic. Assuming your passphrase doesn't change then they only need to do this once. This is because most PPTP VPNs use MSCHAP or similar for authentication which is not that strong.
So if you do have a VPN that you rely on and it is of the PPTP variety then ensure you use a stronger authentication mechanism such as EAP-TLS. WIndows and Linux both support this - just depends on your VPN provider as to whether they do. Better though to use a VPN based on IPSec or SSL VPN (Like OpenVPN)
Fantastic post my friend it was interesting to read.
Thanks for posting such a detailed response.
There is lots of good information here for everyone.
Cheers,
Vanquish
-
PIA is a very reliable service... been using it for over a year and they just updated their encryption techniques
<clearweb> https://www.privateinternetaccess.com/pages/vpn-encryption
PIA recommends the following setups for speed, safety and best trade-off performance.
Data encryption AES-128 v AES-256 v Blowfish
Data authentication – SHA1 or SHA-256
Handshake – RSA-2048 v RSA-3072 v RSA-4096
- Default Recommended Protection — AES-128 / SHA1 / RSA-2048
- All Speed No Safety — None / None / ECC-256k1
- Maximum Protection — AES-256 / SHA256 / RSA-4096
- Risky Business — AES-128 / None / RSA-2048
Lee says that PIA have included the extra options for those who want to feel extra secure or may want to experiment a little more with cryptography. He adds that for those looking for the ultimate in protection, frequent changes of setup within the client could lead to an almost impossible situation for would-be attackers.
“With control of one’s level of encryption, even if someone were utilizing advanced alien technology, they would have a tough time if you changed your encryption settings every time you connect. But we recommend choosing the encryption strength/mode you desire and sticking with it,” Lee concludes.