![]() |
#61
|
||||
|
||||
Quote:
https://www.informationweek.com/secu...scom/231602248 Now, let me first say this: I don't like criminals either. I fully understand that a business has to follow the laws of their jurisdiction. BUT, that doesn't mean they have to do one iota more, to make it easier. HMA, despite "no logs" in their marketing material, obviously logged. There is no requirement to log that I have seen, anywhere...even in the US (which is sadly funny to even have to say...wherefore art thou Thomas Jefferson?). Technically, the only time your IP address should be visible to the VPN operator, is when you are actually connected to it. After that, it should disappear. HMA obviously decided to keep records, despite the marketing spiel. HushMail is the same way - great rep, but they stated that they will infect you with malware, to get your pass, if asked by a court. You need to use systems that are designed to make that stuff technically impossible. Now, is there still trust involved? Of course. Unless you run the service yourself, trust is needed. Mullvad said they don't log, and I believe them. But am I *sure*? Nope, because I don't work there. You have to go on reputation and past performance. The 3 VPN providers that always rise to the top from actual customers, are: Mullvad, Air, and Boleh. Are there others? Probably. Read the terms of service as far as logging, and look at where the HQ is located as far as internet privacy laws go, and what it would require from a court, to roll over. Mullvad takes cash - cool. Air takes Bitcoin, and allows connections via Tor - cool. I think Boleh takes Bitcoin too. Also, if you *are* a crook, and can be presented with proof of that, by a court, it *is* possible for a VPN to re-configure your account *to log*, and provide real-time connection data to LE. They may not be able to read your traffic, but they can tell when you are on. No business is going to go to bat for a crook. But other than actual proof, a good VPN will should be able to say "we have nothing to give you" during fishing expeditions. P
__________________
What, you want to be part of a choir in an echo chamber? Provocate! Last edited by Polypro; 19 June 2013 at 10:35. |
#62
|
|||
|
|||
CV, thanks a ton, very much appreciated and noted.
Quote:
Quote:
|
#63
|
||||
|
||||
Yes, VPN and email providers are not ISP's...different rules apply.
But, say for example a new law is passed. Well, VPNs that allow connection via Tor still couldn't give your location away. ![]() P
__________________
What, you want to be part of a choir in an echo chamber? Provocate! |
#64
|
||||
|
||||
Mullvad uses OpenVPN (OpenVPN using 2048-bit RSA and 128-bit Blowfish encryption). It's my choice at the moment. Subscription based.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo |
#65
|
|||
|
|||
Startmail, startpage
I see that Poly mentioned startpage once before over in the Verizon thread but I now see they are working on startmail as well "worlds most private email"
https://startmail.com/ anyone familiar with either of those? |
#66
|
||||
|
||||
I know nothing of it, but I am signed up for the beta. I'll be checking it out once it's released. There's a few things to look for but knowing Ixquick, it should be a competitive product to the others.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo |
#67
|
|||
|
|||
I've also come across DNSCrypt, which will (if I understand it correctly) will encrypt the look-up for an internet address, so that even if you're hidden your glance to the 'yellow pages' will not reveal who and what you are. It prevents 'man-in-the-middle' attacks where someone could mis-direct you from the internet location you wish to obtain (looking up in the yellow pages) to the internet location *they* wish you to obtain. It complements, if I understand correctly, VPN use.
|
#68
|
||||
|
||||
Kind of - DNSCrypt does do what you say, but you have to use OpenDNS. They are US based, so if you are worried about a server raid, or co-operation...there's that. They know where you are, unless you choose them as the DNS for your VPN (not sure if both can co-exist)...but see below.
A good privacy oriented VPN, will route all DNS requests through the VPN tunnel with this command: Quote:
A VPN almost does the same thing, and your request doesn't point to your location...so in some ways, it's better, IMO. P
__________________
What, you want to be part of a choir in an echo chamber? Provocate! |
#69
|
||||
|
||||
Just so nobody thinks I forgot about this thread after starting it, I've been trying to play around a bit with the *free* VPN options out there, in order to give a recommendation. Sadly, a lot of them require the user to use *their* VPN client, which I already don't trust, but since I run Linux, not Windows, I can't test them out. I'll still get back in with a good free option, and a rundown on how to set it up.
__________________
"...for those who man the battle line, the bugle whispers low, and freedom has a taste and price the protected never know..." While true: Continue |
#70
|
|||
|
|||
Poly--thanks for that clarification.
Just signed up for a pay VPN (Private Internet Access). Works very easily, and has tools to allow for different flexible usages (like a dead-switch to cut the internet usage off if the VPN is disconnected). The only issue that has come up and that is apparently a common one is that GMail is not happy when I attempt to access my email (POP, but also a problem with IMAP apparently) through the VPN. It wants to see me coming from my usual location, not Loki-like from different places. There is a solution I'm exploring (among others) other than switching out from GMail. I thought those on here learning about VPNs would like to know of this. |
#71
|
||||
|
||||
GMail may have an option to disable the strict checks, don't know. I have my phone pull all Gmail (it's all BS email anyway, I don't use PrismMail.
If they offer a US server, that may stop the checks as well...people travel. I would never trust a free VPN, JMO. And you need to read the privacy policy. If you see anything about logs or data retention, I'd be wary. Read this one, from a popular option...no thanks ![]() Quote:
__________________
What, you want to be part of a choir in an echo chamber? Provocate! Last edited by Polypro; 3 July 2013 at 11:26. |
#72
|
||||
|
||||
Haven't used this yet, but something to check out. Based on the Bitcoin style network, Bitmessage:
https://bitmessage.org/wiki/FAQ Downloads up 10x since June ![]() P
__________________
What, you want to be part of a choir in an echo chamber? Provocate! |
#73
|
||||
|
||||
Quote:
![]() I'm learning to overcome my fear of big words in order to beef up my infosec. Next thing you know I'll be typing about md5 unsalted hash algorithm's and rainbow tables. ![]() ![]() |
#74
|
||||
|
||||
Quote:
1 - PyBitmessage doesnt work with python-3, at least, master.git doesn't. 2 - requires a port forward for normal usage, OR, it does support Tor 3 - watching the exchanges flying across your terminal is very, very entertaining The echo test did not appear to work. I'm going to leave it running for a bit unless it starts leaking memory, if anyone else is playing with this and wants to do a test message, BM-2D8wKcn8JMjZTujkmuPeY4wHtopDAMLXP3 Obviously, one wouldn't necessarily share this publicly if it were meaningful. But, well, entropy is cheap, and the above can be discarded at will. Not sure if I have to do the port forward to get it to work or not (or, I guess I could route it through Tor, but that's just one more thing to go wrong). The rates/stats for anyone interest, for roughly ~20 minutes runtime http://i.imgur.com/P2Cz3OU.png CPU-wise it's using 70-100% of one core, on a quad core, ETAwhen doing any cryptographic work, it's nice and quiet at the mo, but it seems to play nicely when I run another CPU-intensive task, so no worries there. (hope that's useful to any interested folks - this thing is still way in its infancy, and hasn't really been vetted or audited, but it's a neat concept I'd sorta been wondering when would show up) Last edited by assertnull; 4 July 2013 at 04:06. |
#75
|
||||
|
||||
Plans for taking over the world, sent.
![]() My addy: BM-GtXfTfbCRKnEi6aSVcWh7sgeNpK8mHDe You don't need to forward any ports. That is only if you want to help the network (you will see a green traffic signal). It will work fine with a yellow traffic signal. Starting up Tor Browser Bundle and pointing it to that, allows operation through Tor if you want. All messages expire after 2 days, so you need to check at least that often. I may need to transfer this to one of my always on servers. The "USB" option allows you to take this from machine to machine - it just runs out of a folder by double clicking the .exe (Windows), which makes running it out of a TrueCrypt container, easy. The Windows version worked without a hitch. Hopefully a security audit comes out rosey. P
__________________
What, you want to be part of a choir in an echo chamber? Provocate! |
#76
|
||||
|
||||
Messages sent. Reply once you get them. I'm curious about a few things.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo |
#77
|
||||
|
||||
Got it, and replied.
P
__________________
What, you want to be part of a choir in an echo chamber? Provocate! |
#78
|
||||
|
||||
I'm damn near sold on this.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo |
#79
|
||||
|
||||
Yup. Portable option is convenient as hell. If this makes it to Android....look out
![]() Edit: messages.dat is at 24 Megs, I think this is like the BTC Blockchain. It'll be interesting to see just how big it gets. BUT, if messages expire every 2 days, it may stay small, which is awesome. P
__________________
What, you want to be part of a choir in an echo chamber? Provocate! |
#80
|
||||
|
||||
I'm so new at this and reading this stuff has reinforced what I have read over the last few months.
I'm not ready to spring for a VPN as I have two kids in private school and as they say about free services....you get what your pay for. I did register an email with TorMail and also through Tor, as a goof, I set up an email through Yahoo India. I test email myself between these two addresses and don't use them to email anyone I know, or anyone really. I know there are differences between VPN and Tor but it is what it is at this time.
__________________
Freedom costs a Buck 0-5 |
![]() |
Thread Tools | |
Display Modes | |
|
|