Slashdot Mirror

← Back to Stories (view on slashdot.org)

HideMyAss.com Doesn't Hide Logs From the FBI

Posted by timothy on from the technically-sir-you-were-being-a-donkey dept.

An anonymous reader writes "People use VPN services to hide their identities online, right? And a UK-based service called HideMyAss would seem to fit that bill perfectly. Not so, unfortunately: they have to hand over the logs to the FBI when a UK judge tells them to." Reader wiredmikey points to a story at SecurityWeek, too.

4 of 233 comments (clear)

  1. This is what you do to truly hide your ASS! by MindPrison · · Score: 5, Informative

    Not everyone understands computers, that doesn't mean they're incompetent, wikileaks, openleaks and other needs to help their submitters keep anonymous, and there are better ways to do this, follow my instructions below, and you'll be as safe as you CAN be in this world:

    1) First of all, you need to download TAILS

    http://tails.boum.org/download/index.de.html

    2) Burn this .ISO on a CD

    3) Get a second computer

    4) Tear out its harddisks

    5) Make sure there are NO USB-memory sticks either.

    6) Make it boot from the CD only, (enter the bios and set Boot Priority to CDROM)

    7) Now you can surf relatively safely, but you're not done yet!

    8) When surfing, do NOT surf into familiar places of yours, do NOT use your real name, do NOT search for your real name or even your internet alias, if it's known in combination with your name (if you surfed with it on your computer, google already knows your IP, so forget it!)

    TAILS uses TOR, google it if you're truly curious. It can't keep you 100% anonymous but it's the safest "service" out there, and it's only relatively safe if YOUR SURFING HABITS ARE SAFE TOO.

    Good luck!

    --
    What this world is coming to - is for you and me to decide.
  2. Re:Who would have thought so.... by qbast · · Score: 3, Informative

    You are right, in UK data retention is voluntary. And here I thought that all members already got pressured to implement EU Directive 2006/24/EC .

  3. Re:Who would have thought so.... by lseltzer · · Score: 3, Informative
    In addition to that, from TFA:

    Why do we log the above^ information? Being able to locate abusive users is imperative for the survival of operating a VPN service, if you can not take action to prevent abuse you risk losing server contracts with the underlying upstream providers that empower your network. Common abuse can be anything from spam to fraud, and more serious cases involve terrorism and child porn. The main type of logging is session logging – this is simply logging when a customer connects and disconnects from the server, this identifies who was connected to X IP address at X time, this is what we do and all we do. Some providers choose not to do session logging and instead try to locate the abusive customer by using the intelligence from the complaint, for example if someone hacks XYZ.com they may monitor traffic to XYZ.com and log which customers have a connection to this website. Ask yourself this: if a provider claims not to do any form of logging, but is able to locate abusive customers, how are they able to do this without any form of logging?

  4. Lol indeed by siddesu · · Score: 5, Informative

    Actually, there is a ton of things the government will attempt to do to try to get you, even if it is a puny, pariah, poor government. I was helping a few friends of mine who live in a country, where people who laugh at politicians are still beaten up, to publish some funny videos about their top politician. Since I also visit there occasionally, we took full precautions. Private VPN to a foreign country, rather unfriendly to the regime, chained proxies, then TOR, new email addresses and video upload accounts, different chained proxies to access each of those, etc.

    Once the videos hit the tubes,some people got mightily pissed off, and started an official, but silent investigation. Imagine my surprise, when two of our e-mail accounts (free, with a large US-based web mail provider) that we used for the services were blocked, and login attempts redirected us to customer support barely a day into the operation. Since the investigation in these countries tends to leak like a sieve, we got info that that particular country was paying someone mid-level in customer support dept. to give them data on customers.

    They hit the video upload sites with official requests and apparently tried to hack into one, obtained logs from the ISPs of all online forums that we used to advertise the videos to, had videos deleted and did other funny things. They persisted into this business for about 18 months until they decided to close it down.

    Given this much effort about a few videos from a near-third world country, imagine what a really powerful government can do to you, and despair :)