Phony VPN Services Are Cashing In On America's War On Privacy (vice.com)

← Back to Stories (view on slashdot.org)

Phony VPN Services Are Cashing In On America's War On Privacy (vice.com)

Posted by msmash on Wednesday April 5, 2017 @08:00AM from the be-cautious dept.

Reader Freshly Exhumed writes: Nicholas Deleon at Motherboard reveals a run-in with scammers who are already hard at work taking advantage of newly signed legislation that allows Internet Service Providers to sell your online privacy, including your web browser history, to the highest bidder without your consent. Relatedly, Tim Berners-Lee would prefer people to protest in the streets rather than take technical measures such as TOR and VPN. For those intent on using VPN, TorrentFreak has their latest reviews of VPN anonimity practices, with the caveat that the info is submitted by the VPN companies themselves on a "trust us" basis.

69 comments

Min score:

Reason:

Sort:

Only LUDDITES use VPNs. by Anonymous Coward · 2017-04-05 08:02 · Score: 0, Offtopic

Modern app appers use AppPNs to app apps while apping other apps!

Apps!
1. Re: Only LUDDITES use VPNs. by Anonymous Coward · 2017-04-05 10:42 · Score: 0
  
  As long as it wasn't encoded using APK APKers encoding, I am fine with it.
2. Re: Only LUDDITES use VPNs. by Anonymous Coward · 2017-04-05 15:16 · Score: 0
  
  Wouldn't a Luddite just "telnet in as root" instead of this so called VPN the kids are using?
3. Re: Only LUDDITES use VPNs. by thomn8r · 2017-04-06 02:28 · Score: 1
  
  A true luddite uses cu and uucp
ToR is slow by Anonymous Coward · 2017-04-05 08:04 · Score: 1

TOR is so slow.
1. Re:ToR is slow by malditaenvidia · 2017-04-05 10:50 · Score: 1
  
  TOR was made to be slow. That's why it works.
Cryptostorm VPN by Anonymous Coward · 2017-04-05 08:10 · Score: 0, Insightful

I'll just leave this right here. Anything less is unacceptable.
Cryptostorm VPN
1. Re:Cryptostorm VPN by Anonymous Coward · 2017-04-05 08:17 · Score: 0
  
  How do we know that this isn't one of the ones the article is warning us about?
2. Re:Cryptostorm VPN by Anonymous Coward · 2017-04-05 08:22 · Score: 0
  
  WARNING!
  I just used this and it locked up my other computer, saying I now owe them Bitcoins. This is a fraud VPN!!!!
3. Re: Cryptostorm VPN by Anonymous Coward · 2017-04-05 08:34 · Score: 0
  
  That's the storm part...
4. Re:Cryptostorm VPN by boohoohoo · 2017-04-05 08:47 · Score: 1
  
  CryptoStorm was created and is partially run by previously convicted drug smuggler and known zoophile, Douglas Spink, He is known for running a bestiality farm.
  
  http://www.nydailynews.com/new...
  http://www.seattletimes.com/se...
  
  There have been concerns about his involvement with CryptoStorm for a while.
  
  https://www.bestvpn.com/blog/8...
  https://www.wilderssecurity.co...
5. Re:Cryptostorm VPN by Anonymous Coward · 2017-04-05 08:58 · Score: 0
  
  CryptoStorm was created and is partially run by previously convicted drug smuggler and known zoophile, Douglas Spink, He is known for running a bestiality farm.
  A guy like that obviously has a lot to hide. Probably runs a decent VPN service.
6. Re:Cryptostorm VPN by unrtst · 2017-04-05 08:59 · Score: 0
  
  Replying to remove incorrect mod
7. Re:Cryptostorm VPN by Thud457 · 2017-04-05 09:40 · Score: 2
  
  give me BONESTORM or GO TO HELL!
  
  --
  the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
8. Re:Cryptostorm VPN by phantomfive · 2017-04-05 11:27 · Score: 2
  
  If you have tech skills, the easiest thing to do is set up your own VPN on an AWS box. Cheap, not too hard, you can use SSH or you can use openSwan.
  
  --
  "First they came for the slanderers and i said nothing."
9. Re:Cryptostorm VPN by Anonymous Coward · 2017-04-05 11:48 · Score: 0
  
  Lol, yeah only a simple subpoena to Amazon and they know exactly who you are, they have logs out the ass. They may not log at the app level (since you own the app/router/VPN server) but they have everything coming in and out.
10. Re:Cryptostorm VPN by phantomfive · 2017-04-05 12:10 · Score: 1
  
  Lol, yeah only a simple subpoena to Amazon and they know exactly who you are,
  
  If you're trying to hide from the government, VPN isn't going to save you.
  
  --
  "First they came for the slanderers and i said nothing."
11. Re:Cryptostorm VPN by Anonymous Coward · 2017-04-05 13:23 · Score: 0
  
  Huh. Sounds to me like someone you could trust to have a genuine interest in privacy!
  (I have an account, but am posting AC because I don't feel I can afford to have this tacit acceptance of bestiality associated with it. Chilling effects, yo.)
12. Re:Cryptostorm VPN by admin7087 · 2017-04-05 19:58 · Score: 1
  
  Good, that makes it more likely that he offers real anonymity and is not in bed with the feds.
Answer is simple by Anonymous Coward · 2017-04-05 08:14 · Score: 0

Someone needs to sue the first ISP caught selling information for identity theft. This practice will end rapidly.
1. Re:Answer is simple by rhazz · 2017-04-05 08:28 · Score: 1
  
  That's not what this is about. This is a phishing attempt directed at the customer base of some companies whose forums were hacked. The only link to the policy changes is that the email claims to be a VPN service saying you need them more than ever due to the policy changes.
Mullvad by Anonymous Coward · 2017-04-05 08:22 · Score: 0

Anyone have any thoughts on Mullvad?
1. Re:Mullvad by Anonymous Coward · 2017-04-05 09:49 · Score: 0
  
  I use them. They have been fairly reliable. They take cash in the mail.
All my data is double-encrypted with ROT-13! by Fringe · 2017-04-05 08:24 · Score: 3, Funny

Sometimes people don't even realize encrypted data is present.
1. Re:All my data is double-encrypted with ROT-13! by Anonymous Coward · 2017-04-05 09:38 · Score: 3, Funny
  
  ROT-26 is faster than running ROT-13 twice, and is just as secure.
  But the modern recommendation is ROT-416. It's well established that the NSA has been able to break double-ROT-13 and ROT-26 for a long time now. There are also rumors of them secretly injecting vulnerabilities into the ROT standard, so be careful out there!
"anonimity"? by Anonymous Coward · 2017-04-05 08:25 · Score: 0

Learn how to spell, you fucking retards.
1. Re:"anonimity"? by tsqr · 2017-04-05 10:30 · Score: 5, Funny
  
  Learn how to spell, you fucking retards.
  Now, dont curl up into a feeble position, or run around like a bowl in a china shop. No need for ad homonym attacks. Its the 21st century, and for all intensive purposes, its a far-gone conclusion that society has bid ado to gramer; speling - and punkshuation (ect). As long as you can pack up the meening from contacts, you shouldnt go on and nauseum about this sort of thing. In the end, its all for knot anyways, so dont ball your eyes out over it. In stead, you should cease the opportunity to except the inevitable and be internally grateful at being liberated.
2. Re:"anonimity"? by grep+-v+'.*'+* · 2017-04-05 12:02 · Score: 1
  
  NO, I don't think so, You can have my grammar and punctuation only when you pry it from my cold, dead ... pencils?
  
  Wait, let me come in and try that again.
  
  --
  If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
3. Re:"anonimity"? by Anonymous Coward · 2017-04-05 13:40 · Score: 0
  
  Awesome, I'm stealing that.
4. Re:"anonimity"? by Anonymous Coward · 2017-04-05 14:17 · Score: 0
  
  Faintly valid: Don't ball your eyes out
  Somewhat valid: Feeble position; internally grateful (should've wrote greatful)
  Pretty much valid: In stead
5. Re: "anonimity"? by Maritz · 2017-04-05 19:45 · Score: 2
  
  You'd gotten as far as 'gramer' before you noticed anything was up? lol. Woosh city.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
6. Re:"anonimity"? by Maritz · 2017-04-05 19:46 · Score: 1
  
  They are all eggcorns. Ball = Bawl. Feeble position should be 'foetal' position. Eternally grateful instead of internally. "In stead?" Have a word with yourself.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Can you daisy chain VPNs? by Anonymous Coward · 2017-04-05 08:26 · Score: 0

If you connect through a VPN into another VPN, it seems like things would be pretty untraceable, if not in theory then in reality.
1. Re:Can you daisy chain VPNs? by Anonymous Coward · 2017-04-05 09:17 · Score: 2, Interesting
  
  Some folks seem to be doing that with VMs. They will run VPN A on the main OS, then run a VM and inside that VM open VPN B's connection. Idea is that VPN B will tunnel through the VPN A connection to VPN B's exit point.
  How well that works or how effective it is, I could not say. At least to a first glance it does not seem like too bad an idea though.
2. Re:Can you daisy chain VPNs? by Anonymous Coward · 2017-04-05 09:32 · Score: 0
  
  Same AC poster as parent post: thinking about it some more, if the outer VPN provider identifies you by more than just an IP address, the inner one wouldn't really help you much. So maybe this doesn't accomplish as much as it sounds like it would.
  In principle they could do so, because they give you a unique login and password. So maybe the nesting idea is not ideal.
3. Re:Can you daisy chain VPNs? by Anonymous Coward · 2017-04-05 10:35 · Score: 0
  
  Yes, you can.
  You can even alternate in layers between two VPN providers...
  * connect to VPN-A over the internet
  * connect to VPN-B over VPN-A
  * connect to VPN-A(2nd account) over VPN-B
  * connect to VPN-B(2nd account) over VPN-A(2) ... etc ...
  The secondary connection could even be your own home.
  Packet fragmentation and overhead is going to get really awful though.
4. Re:Can you daisy chain VPNs? by Anonymous Coward · 2017-04-05 12:03 · Score: 0
  
  Can you explain more about that or provide some link describing it? Not doubting you, but I don't know how to do that so it would be useful to learn. I can alter my local machine's route to send traffic over a VPN to provider A, but I don't control the machine at provider A's end, so I have no idea how it would be possible to route from there to another VPN.
  thanks
5. Re:Can you daisy chain VPNs? by AHuxley · 2017-04-05 12:20 · Score: 1
  
  Re " it seems like things would be pretty untraceable, if not in theory then in reality."
  The police or security services who detected a criminal matter would track the first VPN.
  International paperwork would be requested for the VPN owners/host nation showing a real crime in that nation.
  A local court in the VPN's own nation would see that evidence and then the VPN would be contacted.
  The VPN would have no logs but the user of interest has a pattern of access. So every packet in and out is looked for a time on that VPN.
  The details of one user are recovered. The VPN did not log users, the police have an IP of the user of interest.
  If its a second VPN, the same request is made. The user is seen using the service in real time and ISP packets collected.
  The ISP is contacted in the user of interests own nation. Takes twice as long but the results are the same. A VPN gives a user some privacy.
  Using an ISP at home is still easy to track back once the police get interested and have court support in different nations.
  
  --
  Domestic spying is now "Benign Information Gathering"
6. Re:Can you daisy chain VPNs? by Falos · 2017-04-05 14:22 · Score: 1
  
  If you're moving highly mission-critical data or trade secrets or something, sure. Or selling drugs.
  Most of us are satisfied with basic concealment, because it's enough to beat automated snooping, whether it's the ISP or your government.
  If you're on a list (the real kind) it may not be enough, but the rest of us will be casually safe against the casually invasive. If you've a determined actor, the genuine "someone is watching" that normies conflate with mass logging, you expect to take additional measures.
Re: RaceRelationsDot by Anonymous Coward · 2017-04-05 08:38 · Score: 0

You posting threads on a forum is not you providing a forum asshat.
There are good ones if you do your research. by waspleg · 2017-04-05 09:04 · Score: 2

I did quite a bit. I've been using AirVPN (based in Italy) for several years without any issues beyond ones I caused myself; and without any love letters from Comcast.
(no I'm not affiliated just a satisfied customer - check my post history)
1. Re:There are good ones if you do your research. by Anonymous Coward · 2017-04-06 02:17 · Score: 0
  
  I'm a happy airvpn customer as well.
The article is either ignorant or misleading by Anonymous Coward · 2017-04-05 09:08 · Score: 0

There is no "newly signed legislation that allows [US] Internet Service Providers to sell your online privacy"!
1. Re:The article is either ignorant or misleading by Anonymous Coward · 2017-04-05 09:40 · Score: 0
  
  The article is both ignorant and misleading. The bill that was signed by Der Trumpenfurher simply prevents new rules from taking effect later this year.
  If that new bill had never been signed, it still would have been perfectly legal for ISPs to sell your personal data, until December of this year when the new rules went into effect.
VPN comparison on That One Privacy Site by worf_mo · 2017-04-05 09:20 · Score: 4, Informative

That One Privacy Guy maintains a detailed VPN comparison chart. The chart lists the results for a number of criteria for each VPN provider. Information is gathered from public sources and by contacting the respective hotlines. There is also an article about choosing a VPN, and a review section.
The site is a bit slow to load, but if offers some good information. I like the fact that no recommendation is given, everyone can come to their own conclusions based on their requirements and the available data. From the FAQ:.

Q: Can you give me a recommendation?
A: Sorry, but to be unbiased, I created my project for others to make this determination for themselves. Everyone’s needs and threat models are different as well, so if I made a suggestion that conflicted with your needs, it could very well have the opposite effect as intended.
1. Re:VPN comparison on That One Privacy Site by radarskiy · 2017-04-05 14:34 · Score: 1
  
  That comparison site is only useful if you are assuming that the VPN itself cannot be a threat, a point which is refuted by the very article we are posting about.
  The site even includes this disclaimer, which you have glossed over: "including if a given VPN service is not transparent and does not make the data available on their official site."
Definition by Anonymous Coward · 2017-04-05 09:36 · Score: 0

It is a misconception that the Luddites protested against the machinery itself in an attempt to halt progress of technology. However, the term has come to mean one opposed to industrialisation, automation, computerisation or new technologies in general.[3]
Worthless by rudy_wayne · 2017-04-05 09:47 · Score: 2

Over the past few years there have been many articles written about VPNs but they all suffer from the same problem, and this article is no different:

their latest reviews of VPN anonimity practices, with the caveat that the info is submitted by the VPN companies themselves on a "trust us" basis.

There is absolutely no independently verified information. The only information provided in the articles comes directly from the VPN companies themselves, making it completely useless. More lazy journalism.
1. Re:Worthless by Anonymous Coward · 2017-04-05 10:19 · Score: 2
  
  That may be true, but it's still a step up from the ISP situation, which are known to look at traffic. The VPNs at least promise not to, and if they get caught out in a lie they can lose their entire business, because there is real competition for them.
  So it's not perfect by a long shot, and we can and should wish for better. But if you have to pick something to put your trust in, better the VPN company than the ISP company. And you can also pick your VPN: change if the old ones breaks your trust, or pick one in a different country from you.
  Not perfect. But better than nothing, so I would not call it "worthless".
2. Re:Worthless by AHuxley · 2017-04-05 12:34 · Score: 2
  
  A VPN offers a nice encryption layer that hides all plain text from local police, local gov, lawyers, health services, your ISP.
  That is great given how much is now been collected in many nations over months and can be searched and requested by a gov, local gov, public private partnership contractors or a lawyer for a civil matter in some nations.
  In the UK "As the Investigatory Powers Bill passes into law, internet providers will be required to keep a full record of every site that each of its customers have visited" (24 November 2016)
  http://www.independent.co.uk/l...
  In Australia "Here's Every Australian Government Agency That Wants Your Data" (Jan 18, 2016)
  https://www.gizmodo.com.au/201...
  In the USA? Some legal changes that have been suggested over the years https://www.eff.org/issues/man...
  
  --
  Domestic spying is now "Benign Information Gathering"
3. Re:Worthless by Nethead · 2017-04-05 14:06 · Score: 1
  
  I'm lucky that my ISP is a Native Sovereign Government (Indian Tribe) with a small user base and an attitude that anything like a DCMA just looks like extra work and screw that shit. Not the greatest speed (25/3) but damn good ping times. I even get a static IP which is really handy. That said, I do have PIA that I fire up from time to time and a few BSD boxen VMs scattered around the world.
  
  --
  -- I have a private email server in my basement.
4. Re:Worthless by Anonymous Coward · 2017-04-05 18:13 · Score: 0
  
  it's still a step up from the ISP situation, which are known to look at traffic. The VPNs at least promise not to, and if they get caught out in a lie they can lose their entire business
  Also, it's in their economic best interest not to keep logs, provided that the law allows it and I believe that it does in the United States, because it's both cheaper not to keep logs, since no logs require no storage, and it's easier to comply with subpoenas when there's nothing to give because of the legal "no logs" policy. As you said, it's not perfect, they could still get a warrant for a live tap and force the VPN provider to cooperate, but it's a damn site better than the situation at your ISP which is not only keeping logs but selling them on to advertisers and would be only to happy to share them with the Feds whenever they asked..
5. Re:Worthless by Anonymous Coward · 2017-04-05 18:20 · Score: 0
  
  In the USA? Some legal changes that have been suggested over the years
  Here in the United States it seems like it's the Democrats more than the Republicans who pass laws to enhance law enforcement spying and electronic surveillance. Republicans largely don't understand technology and really cannot be bothered if their big business allies don't care either. Big business wants to be able to keep logs, sure, but they don't want more "job killing" government regulations forcing them to keep logs if they don't want to or hand them over to help lawsuits that generally waste money on shit they don't care about and that doesn't increase their profits. That's maybe one good thing about having Republicans in office, they're going to roll back technology regulations, not add new ones like forcing companies to keep logs.
See! by Altrag · 2017-04-05 10:13 · Score: 1

Innovation! Look at all the new ways companies are figuring out to screw customers over! The possibilities are endless! MAGAMAGAMAGA!
go with nsa.gov for your vpn by Anonymous Coward · 2017-04-05 10:29 · Score: 0

It's the best.
(there might be a few tradeoffs though.)
Honeypots by Anonymous Coward · 2017-04-05 10:32 · Score: 2, Interesting

Just remember, most of the "private", "secure" email services turned out to be either direct honeypots or, even if legit at first, taken over later by the NSA or other agencies, with money and/or threats, and turned into a honeypot, as revealed by wikileaks papers. VPN will probably be the same
Roll your own by DaMattster · 2017-04-05 10:59 · Score: 2

It's not difficult to roll your own VPN solution if you have some knowledge of BSD/Linux. This is really and truly the only way to ensure trust and even then it is not 100%. OpenVPN is not hard to install and configure but I am sure it is not immune from would-be intruders.
1. Re:Roll your own by Anonymous Coward · 2017-04-05 13:48 · Score: 0
  
  I use an encrypted OpenVPN tunnel to connect back to my home network to secure my traffic over open hotspots as well as when I need to access resources on my local network at home (cameras, etc.). But for most people, they use a VPN to shield their identity from (whoever) and rolling your own would just point back to you in the end.
2. Re:Roll your own by R.Mo_Robert · 2017-04-05 14:54 · Score: 3, Interesting
  
  It's not difficult to roll your own VPN solution if you have some knowledge of BSD/Linux. This is really and truly the only way to ensure trust and even then it is not 100%. OpenVPN is not hard to install and configure but I am sure it is not immune from would-be intruders.
  Umm, how does that help? I do have a VPN server to remote in to my home network and access services, shares, and other resources I don't make publicly visible (which is almost everything--that I don't, I mean), but you seem to be missing the part where the type of VPN this article is talking about is for people who wish to disguise their network traffic from home (and elsewhere) by sending it over a VPN to a remote server, often in another country--the problem being that it's not always apparent if you can trust that server.
  
  --
  R.Mo
3. Re:Roll your own by Anonymous Coward · 2017-04-06 02:32 · Score: 0
  
  Right. If I set up a VPN server on AWS or DO or whatever, that server is tied to me/my credit card. If I use a VPN service, my traffic is mixed with all the other customers so it is impossible to say what traffic is mine vs someone else's. Assuming the vpn does not keep logs. Yes, that's an assumption, but you should assume that AWS and DO are keeping logs (if for no other reason than they are billing you for usage).
streisand by Anonymous Coward · 2017-04-05 11:24 · Score: 0

Can't decide on a VPN service?
No problem, roll your own... streisand
"Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists."
"Guard your Grill" fools... apk by Anonymous Coward · 2017-04-05 19:01 · Score: 0

See my subject: That's the best thing one can do & always should. IF you do open your piehole? Be damn sure you can back it up ala e.g. https://tech.slashdot.org/comments.pl?sid=10454033&cid=54183171/
APK
P.S.=> It's that simple & "The FOOL chatters while the WISE MAN, listens"... apk
The law cancels a future regulation by Attila+Dimedici · 2017-04-06 00:38 · Score: 1

The summary continues to play into the hype about a law which merely cancels a regulation which had not yet gone into effect. The passage of the law changed NOTHING with regard to consumer privacy. It merely prevented a regulation from going into effect in December, which it was claimed would increase protections for consumer privacy (I have not studied the regulation in question, so I do not have much of an opinion of whether it would have actually done so. I am however skeptical about whether it would have made much difference based on my experience with similar previous regulations).

--
The truth is that all men having power ought to be mistrusted. James Madison
Got to do something by Wowsers · 2017-04-06 01:27 · Score: 1

We've got to do something to stop Internet Providers criminal activity. In the UK, ISP BT hacked their customers website traffic, changing the pages they were expecting to see, and inserting the adverts BT wanted you to see instead. This went to court, and despite this practice breaking many laws in hacking / interception of communications, identity fraud etc, somehow, the court let off BT with a slap - no prison time for anyone involved in this criminal activity. Read the saga about Phorm https://en.wikipedia.org/wiki/...
So, the courts side with the criminal activity of ISPs, we better educate people to wise up on their privacy online, not just from the state / spies, but their own ISPs.

--
Take Nobody's Word For It.
Speed Of VPNs and My Take On The OP by AleksK · 2017-04-10 23:17 · Score: 1

I think it's not just tor... i've used hss proxy, ib and ivacy vpn too and pretty much every vpn is slow when it comes to encryption, including others too. it just shouldn't cross that line where it becomes downright unusable. the foregone speed is a trade-off for the encryption you get. about the OP, i read that thing over motherboard as well as troyhunt and i'm not sure if it's funny or ironic but in any case, these scams almost seem to leave users with more questions.