Go Back   DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts > World News/Sport/Weather > Piracy/Warez/Legal/Hackers/Scams & Internet News

Piracy/Warez/Legal/Hackers/Scams & Internet News Anything Related to Piracy, Warez, Legal Matters, Hackers, Internet News & Scams and How it Affects Sites/Members Can Be Read Here. Please do NOT post links to other Sites, but you May Name Them if They are Scam Sites

IMPORTANT ANNOUNCEMENT
Hallo to All Members. As you can see we regularly Upgrade our Servers, (Sorry for any Downtime during this). We also have added more Forums to help you with many things and for you to enjoy. We now need you to help us to keep this site up and running. This site works at a loss every month and we appeal to you to donate what you can. If you would like to help us, then please just send a message to any Member of Staff for info on how to do this,,,, & Thank You for Being Members of this site.
Post New ThreadReply
 
LinkBack Thread Tools Display Modes
Old 16-04-12, 18:16   #1
 
Ladybbird's Avatar
 
Join Date: Feb 2011
Posts: 34,555
Thanks: 23,336
Thanked 12,711 Times in 8,551 Posts
Ladybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond repute

Awards Showcase
Best Admin Best Admin Gold Medal Gold Medal 
Total Awards: 6

Default How To Make VPNs Even More Secure

How To Make VPNs Even More Secure

Posted: 15 Apr 2012 06:09 AM PDTorrent Freak



While simple to set up and use out of the box, it may comes as a surprise that the security of VPN anonymity services can be improved. Of course, when things run absolutely to plan there’s little to worry about, but there are occasions where there may be a hiccup or where an extra level of security is needed.

Securing your privacy when your VPN fails

Ok, so you’ve purchased your VPN subscription, enabled the service, and you’re enjoying your new found levels of privacy. Then – disaster strikes. While you were away from your machine somehow and for some unknown reason your VPN disconnected and now snoopers have a clear view of your IP address.

Fortunately, there are solutions.

“To protect against the event of VPN failure/disconnection, disable any internet access that does not tunnel through your VPN service provider,” Andrew from PrivateInternetAccess told TorrentFreak. “This can be achieved using specific Firewall rules (Ubuntu) or by changing TCP/IP routes.

But of course, not everyone wants to spend time with these manual configurations that could potentially cause problems if they’re not done properly. So, TorrentFreak spoke with the creators of two free pieces of software that do the job more easily.

VPNetMon

“VPNetMon continuously watches the IP addresses of your PC. If the IP address of your VPN is not detected anymore, VPNetMon closes specified programs instantly. The program reacts so quickly that a new connection through your real IP will not be established by these applications,” creator Felix told TorrentFreak.

VPNetMon (Windows) can be downloaded here;

http://vpnetmon.webs.com/
VPNCheck

“VPNCheck helps you to feel safe if your VPN connection breaks, this is done by shutting down your main network connection or programs of your choice and showing a notification box,” Jonathan from Guavi.com told TorrentFreak. “Basically it constantly looks for a change in your VPN network adapter. You can connect to either PPTP or L2TP with VPNCheck.”

VPNCheck (Windows/Linux) can be downloaded here;

http://www.guavi.com/vpncheck_free.html
Stop DNS Leaks

When using a VPN service one might expect that all of the user’s traffic will go through the privacy network, but on rare occasions a phenomenon known as “DNS leakage” might occur. This means that rather than using the DNS servers provided by the VPN operator, it’s possible that the user’s default DNS servers will be used instead or otherwise become visible.

“A DNS leak may happen whenever a DNS query ‘bypasses’ the routing table and gateway pushed by the OpenVPN server. The trigger on Windows systems may be as simple as a slight delay in the answer from the VPN DNS, or the VPN DNS unable to resolve some name,” explains Paolo from AirVPN.




A tool for checking for leaks can be found at DNSLeakTest, here;

http://www.dnsleaktest.com/
and a solution for fixing any problems can be found here;

http://www.dnsleaktest.com/how-to-fix-a-dns-leak.php
Alternatively, anyone using the pro version of VPNCheck will have this feature built in.

Double up your security for extra sensitive data transfers



What if you don’t have 100% trust in your VPN provider and worry that even they might snoop on your communications? Admittedly it’s a very unusual hypothetical situation, but one with an interesting solution.

“If you don’t trust your VPN provider 100%, use two VPNs,” explains Felix from VPNetMon. “This way you are tunneling your already encrypted connection through another tunnel.”

In Windows this is easily achieved. First, simply set up at least two VPN accounts as normal (if you’d like an extra one for testing purposes you can get a free limited account from VPNReactor)here;

VPNReactor

Then connect to one VPN, and when complete connect to another without disconnecting the first. Like magic, a tunnel through a tunnel.

Its also possible to VPN over TOR, but please please don’t use TOR for file-sharing traffic, it’s not designed for it.

“VPN over TOR gives several security advantages, for a performance price, above all partition of trust,” explains Paolo from AirVPN. “In case of betrayal of trust by one party, the anonymity layer is not compromised in any way.

A VPN over TOR tutorial can be found

Here


Fix the PPTP / IPv6 security flaw

People using a PPTP VPN and IPv6 are vulnerable to a nasty security flaw which means that Windows and Ubuntu users could leak their real IP addresses. The following fix comes from Jonathan at VPNCheck.

For Windows Vista and above:

Open cmd prompt and type:
netsh interface teredo set state disabled.

For Ubuntu 10+:

Copy and paste all four lines into a terminal:
echo “#disable ipv6″ | sudo tee -a /etc/sysctl.conf
echo “net.ipv6.conf.all.disable_ipv6 = 1″ | sudo tee -a /etc/sysctl.conf
echo “net.ipv6.conf.default.disable_ipv6 = 1″ | sudo tee -a /etc/sysctl.conf
echo “net.ipv6.conf.lo.disable_ipv6 = 1″ | sudo tee -a /etc/sysctl.conf

Pay for your VPN with untrackable currency.




“When anonymity is a factor, pay with an un-trackable currency,” explains Andrew from PrivateInternetAccess.

“For example, signup for an anonymous e-mail account using Tor and use a Bitcoin Mixer to send Bitcoins to a newly generated address in your local wallet. Alternatively, use the Bitcoin-OTC to purchase Bitcoins ‘over the counter’ from a person, rather than an exchange.

“Then, use a patched Bitcoin client, such as coderrr’s anonymity patch to avoid linking the newly generated address to any of your pre-existing Bitcoin addresses.”

Only use VPN providers that take your privacy seriously

We’ve said this before but it’s worth repeating. VPN providers who heavily log are useful if all you’re concerned about is securely communicating with the Internet through an open public WiFi connection, but not beyond that.
END

For a run down of providers who do not log any data which would enable a 3rd party to identify a user, see my next post in this thread.
__________________
Nil Carborundum Illegitemi My Advice is Free My Friendship is Priceless

FREEBIES Continue to be a BURDEN on Our Increasing Server/Privacy Costs. Please DONATE Something to HELP...PM an Admin for Further Info.



& Thanks to Those That Have Taken The Time to Register & Become a Member of ... 1...
Ladybbird is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote
The Following User Says Thank You to Ladybbird For This Useful Post:
ifonlyihad1 (16-04-12)
Old 16-04-12, 19:05   #2
 
Ladybbird's Avatar
 
Join Date: Feb 2011
Posts: 34,555
Thanks: 23,336
Thanked 12,711 Times in 8,551 Posts
Ladybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond repute

Awards Showcase
Best Admin Best Admin Gold Medal Gold Medal 
Total Awards: 6

Default Re: How To Make VPNs Even More Secure

Which VPN Providers Really Take Anonymity Seriously?

It became apparent that not all VPN providers live up to their marketing after an alleged member of Lulzsec was tracked down after using a supposedly anonymous service from HideMyAss. We wanted to know which VPN providers take privacy extremely seriously so we asked many of the leading providers two very straightforward questions. Their responses will be of interest to anyone concerned with anonymity issues. If a VPN provider carries logs of their users’ activities the chances of them being able to live up to their claim of offering an anonymous service begins to decrease rapidly.
There are dozens of VPN providers, many of which carry marketing on their web pages which suggests that the anonymity of their subscribers is a top priority. But is it really? Do their privacy policies stand up to scrutiny? We decided to find out.

TorrentFreak contacted some of the leading, most-advertised, and most talked about VPN providers in the file-sharing and anonymity space. Rather than trying to decipher what their often-confusing marketing lingo really means, we asked them two direct questions instead:

1. Do you keep ANY logs which would allow you or a 3rd party to match an IP address and a time stamp to a user of your service? If so, exactly what information do you hold?

2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?

This article does not attempt to consider the actual quality of service offered by any listed provider, nor does it consider whether any service is good value for money. All we are interested in is this: Do they live up to claims that they provide a 100% anonymous service? So here we go, VPN providers in the file-sharing space first.


P2P Supporting VPN providers


BTguard




Response to Q1: “It’s technically unfeasible for us to maintain log files with the amount of connections we route,” BTguard explain. “We estimate the capacity needed to store log files would be 4TB per day.”

Response to Q2: “The jurisdiction is Canada. Since we do not have log files, we have no information to share. We do not communicate with any third parties. The only event we would even communicate with a third party is if we received a court order. We would then be forced to notify them we have no information. This has not happened yet.”

BTguard website (with discounts)


TorrentPrivacy



Response to Q1: “We have connection logs, but we don’t store IP addresses there. These logs are kept for 7 days. Though it’s impossible to determine who exactly have used the service.”

Response to Q2: “We have servers in Netherlands, Sweden and USA while our company is based on Seychelles. We do not disclose any information to 3rd parties and this can be done only in case of a certain lawsuit filed against our company.”

TorrentPrivacy website


Private Internet Access




Response to Q1: “We utilize shared IP addresses rather than dynamic or static IPs, so it is not possible to match a user to an external IP. This is one of the many solutions we have implemented to enable the strongest levels of anonymity amongst VPN services. Further, we would like to encourage our users to use an anonymous e-mail and pay with Bitcoins to ensure the highest levels of anonymity. Since we allow up to two (2) simultaneous connections, users using OpenVPN can also multi-hop which enables the highest levels of anonymity in VPN, period. Our core verticals are privacy, quality of service, and prompt customer support. We maintain logs describing the time at which a client connects, length of connection time, source IP, as well as payment information. We use custom hashing to maintain a degree of separation between our payments database and user database.”

Response to Q2: “Our company currently operates out of the United States (for the time being) with gigabit gateways in the US, UK and Switzerland. We will not share any information with third parties without a court order. With that said, it is impossible to match a user to any activity on our system since we utilize shared IPs, especially when using multi-hop.”

Private Internet Access


ItsHidden



Response to Q1: “No logs, they are not kept. Even system logs that do not directly link to users are rotated on an hourly basis.”

Response to Q2: “The company has recently been sold and falls under the Jurisdiction of the Seychelles. As such there is no requirement [to log] within that jurisdiction.”

ItsHidden website


Ipredator



Response to Q1: “We don’t store the IP at all actually. It’s in temporary use for the session you have when you’re connected but that’s it. We’ve had very few issues with not having logs, but not keeping them makes it safer even for us since we can’t accidentally give out information about anyone.”

Response to Q2: “We fall – mostly – under Swedish jurisdiction when it comes to the service. When it comes to organisational stuff (who keeps the data, who owns the service, who owns the server, who owns the network etc etc) it’s very mixed, intentionally. This is to make it hard and/or impossible to legally bully us around if that would be the case.”

“We can’t be easily shut down, and we can’t be pressured by courts to implement stuff we would oppose. For end-users this is not affecting them in a negative way at all, only the opposite.”

Ipredator website


Faceless



Response to Q1: “We do not log any IP addresses and no information about what data is accessed by our users, so we have no information that could be interesting to third-parties.”

Response to Q2: “We have servers in The Netherlands and our company is based in Cyprus. If authorities would contact us we would have to tell them that we have no connection logs or IP-addresses saved on our systems.”

Faceless website


General VPN providers



AirVPN




Response to Q1: The company carries no identifying logs.

Response to Q2: “Jurisdiction is in the EU, under most circumstances Italy (country of the company and home of the person legally responsible for data protection), but applicable law may be one of the EU Member States where the servers of the network are physically located (no servers are in Italy),” AirVPN told us.
“We don’t share any information with anyone.”

AirVPN website


VPNReactor



Response to Q1: “Only for 5 days to stop abuse[..]. After 5 days we have absolutely no way to match any IP address or time stamp to any users. Privacy and Security is further enhanced for individual users because their VPN connections are basically lost in the crowd.”
“Our free VPN users share a block of IPs when they connect to the internet via VPNReactor. So at any given time hundreds/thousands of our VPN users that have active connections could all be sharing a single IP address. None of our VPN users are assigned individual public IPs.”

Response to Q2: “We strive to be upfront and transparent with our logging policies for the benefit of our VPN users.” Logs seen by TorrentFreak seemed to confirm no identifiable information being stored.
“We are a U.S. based company and are bound by U.S. based court orders,” VPNReactor continued. “However, if a U.S. based subpoena comes in requesting info for activity that occurred more then 5 days prior, we have absolutely nothing to provide as our logs would have expired off. Request for connection details outside a U.S. based court order will be fully ignored.”

VPNReactor website


BlackVPN



Response to Q1: “We do not keep any logs about our users internet activities including which sites they access or what data they transfer. We also run log cleaners on our systems which removes the IPs from logs before they are written to disk,” the company told TorrentFreak.
“For tax and legal reasons we do store some billing information (name, email, country), but it is stored with a third-party and separate from the rest of BlackVPN.”
BlackVPN say they hold a username and email address of their subscribers and the times of connection and disconnection to their services along with bandwidth consumption. Logging is carried out as follows:
“On our Privacy Servers, NL & LT we don’t log anything that can identify the user, but on our US & UK server where we don’t allow sharing copyrighted materials we do log the internal RFC1918 IP that is assigned to the user at a specific time,” BlackVPN explain.
“So to clarify, we don’t log the real external IP of the user, just our RFC1918 internal one, this we have to do to comply with local laws and to be able to handle DMCAs.”

Response to Q2: “We operate under the jurisdiction of the Netherlands and we will fiercely protect the privacy and rights of our users and we will not disclose any information on our users to anyone, unless forced to by law enforcement personnel that have produced the proper legal compliance documents or a court order. (In which case we don’t really have a choice).”

BlackVPN website


PrivatVPN



Response to Q1: “We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user our service. The only thing we log are e-mails and usernames but it’s not possible to bind a activity on the Internet to a user.”
Please note: PrivatVPN also offer use of a US server for watching services like Hulu. IP logs are kept when users use this service.

Response to Q2: “Since we do not log any IP addresses [we have] nothing to disclose. Circumstances doesn’t matter in this case, we have no information regarding our customers’ IP addresses.”

PrivatVPN website


Privacy.io



Response to Q1: “No logs whatsoever are kept. We therefore simply are not able to hand data out. We believe that if you are not required to have logs, then you shouldn’t. It can only cause issues as seen with the many data leaks in recent years. Should legislation change in the juristictions we operate in, then we’ll move. And if that’s not possible, then we’ll shut the service down. No compromises.”

Response to Q2: “We span several jurisdictions to make our service less prone for legal attacks. Servers are currently located in Sweden. We do not share data because we don’t have it. We built this system because we believe only when communicating anonymously, you can really freely express yourself. As soon as you make a compromise, you are going down a slippery slope to surveilance. People will ask for more and more data retention as seen around the world in many countries recently. We do it because we believe in this, and not for the money.”

Privacy.io website

Mullvad



Response to Q1: “No. And we don’t see why anyone would. It would be dishonest towards our customers and mean *more* potential legal trouble.”

Response to Q2: “Swedish jurisdiction. We don’t know of any way in which the Swedish state in practice could make us behave badly towards our clients and that has never happened. Another sign we take privacy seriously is that we accept payments in Bitcoin and cash in the mail.”

Mullvad website


Cryptocloud



Response to Q1: “We log nothing at all.”

Response to Q2: “We don’t log anything on the customer usage side so there are no dots to connect period, we completely separate the payment information,” they told us.
“Realistically unless you operate out of one of the ‘Axis of Evil Countries” Law Enforcement will find a way to put the screws to you,” Cryptocloud add.
“I have read the nonsense that being in Europe will protect you from US Law Enforcement, worked well for HMA didn’t it? Furthermore I am pretty sure the Swiss Banking veil was penetrated and historically that is more defend-able than individual privacy. The way to solve this is just not to log, period.”

Cryptocloud website


VPN providers who log, sometimes a lot


VyprVPN



VyprVPN is the VPN service connected to and offered by the Giganews Usenet service, although it can be used completely standalone. In common with many other providers we contacted, VyprVPN acknowledged receipt of our questions but then failed to respond. We’ve included them here since they have such a high-profile.
The company policy says that logging data “is maintained for use with billing, troubleshooting, service offering evaluation, [Terms of Service] issues, [Acceptable Use Policy] issues, and for handling crimes performed over the service. We maintain this level of information on a per-session basis for at least 90 days.”
On Usenet forum NZBMatrix several users have reported having their VyprVPN service terminated after the company processed “a backlog” of DMCA notices which pushed them over the “two-strikes-and-out” acceptable use policy.
So, does VyprVPN log? You bet.


SwissVPN



We included SwissVPN in our survey because they are well known, relatively cheap and have been used by those on a tight budget. To their credit, they were also the fastest company to respond. They are one of the few companies that do not make anonymity claims.

Response to Q1: “SwissVPN is being operated based on Swiss Telecommunications and Personal Data Protection Law. Session IP’s (not visited content, websites, mail, etc.) are being logged for 6 months,” the company told us.

Response to Q2: The company responds to requests from 3rd parties under Swiss criminal law (pdf).

SwissVPN website



StrongVPN



This company did not directly answer our questions but pointed us to their logkeeping policy instead.

StrongVPN do log and are able to match an external IP address to their subscribers. We have included them here since they were the most outwardly aggressive provider in our survey when it came to dealing with infringement.
“StrongVPN does not restrict P2P usage, but please note sharing of Copyrighted materials is forbidden, please do not do this or we will have to take action against your account,” they told us, later adding in a separate mail: “StrongVPN Notice: You may NOT distribute copyright-protected material through our network. We may cancel your account if that happens.”

StrongVPN website


Disappointing: VPN providers who simply failed to respond

In addition to the above, TorrentFreak also approached a number of other fairly well known VPN providers. It’s not clear if our questions were simply too tricky to answer in a positive light or whether there was some other reason, but disappointingly none of them responded to our emails, despite in some cases having acknowledged receipt of our questions.

They include Blacklogic.com, PureVPN.com, VPNTunnel.se [Update: VPNTunnel.se have now responded, Bolehvpn.net [Update: Boleh responded after publication - they carry no logs] and Ivacy.com.

Apologies to the providers who contacted us at the last minute but were too late to be included in the report – we had to stop somewhere.

Final thoughts

When signing up to a VPN provider it really is evident that their their logging and privacy policies should be read slowly. And then read again, even more slowly than at first. Many are not as straightforward as they first appear (some even seem to be deliberately misleading) and that is the very reason why we asked our own questions instead.
__________________
Nil Carborundum Illegitemi My Advice is Free My Friendship is Priceless

FREEBIES Continue to be a BURDEN on Our Increasing Server/Privacy Costs. Please DONATE Something to HELP...PM an Admin for Further Info.



& Thanks to Those That Have Taken The Time to Register & Become a Member of ... 1...
Ladybbird is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote
The Following User Says Thank You to Ladybbird For This Useful Post:
ifonlyihad1 (16-04-12)
Post New ThreadReply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
SEO by vBSEO 3.5.2
Designed by: vBSkinworks