What about all of the terrorist organizations who can communicate with each other across the world and hatch their deadly plans undetected? Or perverts putting our children at risk? We must take responsibility for our actions on the Internet as we would on the world stage.
if you lived in Wollongong you’d understand why!
A conspiratorial analysis of Bruce’s list of service claims:
"1. We absolutely do not log any traffic nor session data of any kind, period. "
Believe this is you will. I simply don’t. Wrapped up in such statements is always definition of terminology. What does “Session data” actually mean? Whose definition of “session data” is being used here. The need to state specifically “traffic or session data” rather than saying “we do not log ANY data at all” is suggestive that something else is being logged.
"2. We operate out of the US . . . "
Oh dear ! The snoop capital of the world !! This is laughable imo. Where shall I hide my data hmmm let me think, Outer Mongolia? The Outer Hebrides? A small islet in the middle of the Pacific? . . . . Oh I know. . . The USA ! Yeah that’ll be safe !
"We severely scrutinize the validity of any and all legal information requests. "
Really? So you don’t just route traffic through your infrastructure indiscriminately then? You are actually scrutinizing it in some way ? How do you determine a legal request from an illegal request? What kind of scrutiny is involved here?
“3. We do not monitor any traffic, period. We block IPs/ports as needed to mitigate abuse when we receive a valid abuse notification.”
Hmm ok so you ARE looking at IPs and ports. So you know my IP then and that of everyone using your service. I wonder how you are able to verify a valid abuse notification from a non-valid one. You must be looking at something !
“4. . . we’re unable to identify any users of our service.”
Pretty sure this contradicts item 3. An IP address is identification. Also, if this is a paid for service then you MUST be able to identify who your customers are otherwise anyone could use the service without paying. Thus there must exist some user authentication (login/password) which I have to assume gets linked to the IP address and/or the traffic being sent/received.
“5. Once again, we do not log any traffic or session data.”
Yep but you are clearly logging something. Why not say what you DO log rather than what you don’t?
"For this reason, we’re unable to identify any user of our service.
As above, nonsense. Otherwise anyone could use it.
“6. We do not discriminate against any kind of traffic/protocol on any of our servers, period. We believe in a free, open, and uncensored internet.”
Well, except if there is a valid abuse notification then we do actually have the ability to block specific IPs/ports even though we’re not monitoring anything of course , and we can’t see those IP addresses, or the ports because we can’t identify anyone using our service. Actually the whole thing is done by magic . . . it’s really cool actually !
"8. We’re the only provider to date that provides a plethora of encryption cipher options. We recommend, mostly, using AES-128, SHA1 and RSA2048. "
Yes please use one of the standard encryption algorithms because it’s then so much easier for the powers that be to decrypt the traffic. They have super computers running gazillions of MIPS (Millions of Instructions Per Second) which can crack these encryptions in no time. It’s really not rocket science. We’ve been breaking codes since the 2nd World War you know !
Summary - Not convinced
.
.
.
in the least!
Sorry, but I am a bit simple, when you pay for your VPN, you leave a categoric audit trail start point. How does this appear on you Bank Statement, or is this a cash transaction?
It maybe all depends on if the authorities want to make the effort to find a VPN user. The way you have pointed out could be the one they’d use if they really wanted to. It looks like you have to make a real science of the subject to overcome that:
Not for me.
Edit: Deleted link because it only points out how to be even more evasive, which I don’t agree with.
I suppose if you want to be that evasive Paypal or a cash transfer via Western Union or gift tokens would hide it to a greater or lesser extent. Personally I am not worried to that extent, security of bank accounts when travelling and being able to access services normally barred by geolocation are my main uses of VPN (though MKJ touched on one handy use after the recent court case about Dallas Buyers Club)
It is much more reliable than the VPN I set up at home for when I travel which has failed when I have been away.
History is now replete with examples of security breeches for things that were thought to be . . . well . … secure !
Last Oct JP Morgan Chase suffered cyber attacks which compromised the personal information of 76 million households inc names, addresses, phone nos and email addresses.
Similar security breeches were suffered by other US Retail giants like Walmart, The Home Depot and Target.
In the world of online poker, the general (naïve) populous believed that the online systems surely had to be secure because if they weren’t the whole industry would simply collapse. Then a scandal happened, one poker site was found out to be cheating and it was blamed on one of it’s employee administrators abusing his position and thus seeing everyone’s hands whilst playing. He had stolen £100,000s from unwitting players.
Did the poker industry collapse on this “shock horror” revelation that in fact crooks are running the show and abusing positions? Nope. The industry is alive and strong.
Other major incidents have since happened in the poker world since that scandal with 3 of the largest sites being raided and shut down by the Feds, yet many months later, back they appeared as if nothing had happened.
The issue of Private Networks, VPNs and encryption is no so much about the technical and mathematical aspects of it, but rather about the ability of the “powers that be” to bully their way into companies and acquire knowledge or data.
The following article is worth a read:
It highlights the above issue well and cites the role of “NSA Security Letters” and the fact that if you are relying on using servers in foreign lands, there may be little to stop authorities sweeping in and taking what they want. Some quotes from the article:
"The NSA has attempted to undermine VPN encryption not by brute force or mathematics, but by sabotaging secure technologies at the corporate level.”
“A big misconception going around is that one’s data is far safer from scrutiny with foreign based corporations. Unfortunately, the US isn’t the only country with a spy agency and they certainly are not confined by domestic borders. We’ve seen countless incidents in the recent past where both domestic and international surveillance agencies abused power to gain access to servers and customer data – no gag order required.”
“Just because a company is incorporated in ‘Timbuktu’ doesn’t mean the third-party data centres they lease servers from won’t open the door when federal agents come knocking.
The article concludes that:
“even if people pick the strongest encryption possible, one still has to trust VPN providers to keep his or her data safe, regardless of where the company is located”
I’ve tried the free version just to see what happens. I felt rather cool posting from California
In reality it doesn’t help me any atm, but who knows…maybe one day I’ll need it
I have Netflix, the new series and films don’t come around often enough for my liking so I use a VPN. Netflix runs different programming throughout the world so if I use the servers for Holland, Canada & USA I get all the newest programmes available from my own account it just automatically upgrades you to the country your logged in from.
No-one is disputing that you can fool systems by pretending to be from another country using private VPN.
The point being made is that if you do it, it is highly likely that someone knows you are doing it. So if you were to use VPN to say download a film that you ought not to, then imo it is naïve to believe no-one is watching or to believe that there is no trail to your PC. Whether a company chooses to do anything about that is a different matter.
I’m nipping in late on this thread, but can paedophiles use that?
My apologies, I completely misunderstood the thread topic.