Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phony VPN Services Are Cashing In On America's War On Privacy (vice.com)

Posted by msmash on from the be-cautious dept.

Reader Freshly Exhumed writes: Nicholas Deleon at Motherboard reveals a run-in with scammers who are already hard at work taking advantage of newly signed legislation that allows Internet Service Providers to sell your online privacy, including your web browser history, to the highest bidder without your consent. Relatedly, Tim Berners-Lee would prefer people to protest in the streets rather than take technical measures such as TOR and VPN. For those intent on using VPN, TorrentFreak has their latest reviews of VPN anonimity practices, with the caveat that the info is submitted by the VPN companies themselves on a "trust us" basis.

32 of 69 comments (clear)

  1. ToR is slow by Anonymous Coward · · Score: 1

    TOR is so slow.

    1. Re:ToR is slow by malditaenvidia · · Score: 1

      TOR was made to be slow. That's why it works.

  2. All my data is double-encrypted with ROT-13! by Fringe · · Score: 3, Funny

    Sometimes people don't even realize encrypted data is present.

    1. Re:All my data is double-encrypted with ROT-13! by Anonymous Coward · · Score: 3, Funny

      ROT-26 is faster than running ROT-13 twice, and is just as secure.

      But the modern recommendation is ROT-416. It's well established that the NSA has been able to break double-ROT-13 and ROT-26 for a long time now. There are also rumors of them secretly injecting vulnerabilities into the ROT standard, so be careful out there!

  3. Re:Answer is simple by rhazz · · Score: 1

    That's not what this is about. This is a phishing attempt directed at the customer base of some companies whose forums were hacked. The only link to the policy changes is that the email claims to be a VPN service saying you need them more than ever due to the policy changes.

  4. Re:Cryptostorm VPN by boohoohoo · · Score: 1

    CryptoStorm was created and is partially run by previously convicted drug smuggler and known zoophile, Douglas Spink, He is known for running a bestiality farm.

    http://www.nydailynews.com/new...
    http://www.seattletimes.com/se...

    There have been concerns about his involvement with CryptoStorm for a while.

    https://www.bestvpn.com/blog/8...
    https://www.wilderssecurity.co...

  5. There are good ones if you do your research. by waspleg · · Score: 2

    I did quite a bit. I've been using AirVPN (based in Italy) for several years without any issues beyond ones I caused myself; and without any love letters from Comcast.

    (no I'm not affiliated just a satisfied customer - check my post history)

  6. Re:Can you daisy chain VPNs? by Anonymous Coward · · Score: 2, Interesting

    Some folks seem to be doing that with VMs. They will run VPN A on the main OS, then run a VM and inside that VM open VPN B's connection. Idea is that VPN B will tunnel through the VPN A connection to VPN B's exit point.

    How well that works or how effective it is, I could not say. At least to a first glance it does not seem like too bad an idea though.

  7. VPN comparison on That One Privacy Site by worf_mo · · Score: 4, Informative

    That One Privacy Guy maintains a detailed VPN comparison chart. The chart lists the results for a number of criteria for each VPN provider. Information is gathered from public sources and by contacting the respective hotlines. There is also an article about choosing a VPN, and a review section.

    The site is a bit slow to load, but if offers some good information. I like the fact that no recommendation is given, everyone can come to their own conclusions based on their requirements and the available data. From the FAQ:.

    Q: Can you give me a recommendation?

    A: Sorry, but to be unbiased, I created my project for others to make this determination for themselves. Everyone’s needs and threat models are different as well, so if I made a suggestion that conflicted with your needs, it could very well have the opposite effect as intended.

    1. Re:VPN comparison on That One Privacy Site by radarskiy · · Score: 1

      That comparison site is only useful if you are assuming that the VPN itself cannot be a threat, a point which is refuted by the very article we are posting about.

      The site even includes this disclaimer, which you have glossed over: "including if a given VPN service is not transparent and does not make the data available on their official site."

  8. Re:Cryptostorm VPN by Thud457 · · Score: 2

    give me BONESTORM or GO TO HELL!

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  9. Worthless by rudy_wayne · · Score: 2

    Over the past few years there have been many articles written about VPNs but they all suffer from the same problem, and this article is no different:

    their latest reviews of VPN anonimity practices, with the caveat that the info is submitted by the VPN companies themselves on a "trust us" basis.

    There is absolutely no independently verified information. The only information provided in the articles comes directly from the VPN companies themselves, making it completely useless. More lazy journalism.

    1. Re:Worthless by Anonymous Coward · · Score: 2

      That may be true, but it's still a step up from the ISP situation, which are known to look at traffic. The VPNs at least promise not to, and if they get caught out in a lie they can lose their entire business, because there is real competition for them.

      So it's not perfect by a long shot, and we can and should wish for better. But if you have to pick something to put your trust in, better the VPN company than the ISP company. And you can also pick your VPN: change if the old ones breaks your trust, or pick one in a different country from you.

      Not perfect. But better than nothing, so I would not call it "worthless".

    2. Re:Worthless by AHuxley · · Score: 2

      A VPN offers a nice encryption layer that hides all plain text from local police, local gov, lawyers, health services, your ISP.
      That is great given how much is now been collected in many nations over months and can be searched and requested by a gov, local gov, public private partnership contractors or a lawyer for a civil matter in some nations.
      In the UK "As the Investigatory Powers Bill passes into law, internet providers will be required to keep a full record of every site that each of its customers have visited" (24 November 2016)
      http://www.independent.co.uk/l...
      In Australia "Here's Every Australian Government Agency That Wants Your Data" (Jan 18, 2016)
      https://www.gizmodo.com.au/201...
      In the USA? Some legal changes that have been suggested over the years https://www.eff.org/issues/man...

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:Worthless by Nethead · · Score: 1

      I'm lucky that my ISP is a Native Sovereign Government (Indian Tribe) with a small user base and an attitude that anything like a DCMA just looks like extra work and screw that shit. Not the greatest speed (25/3) but damn good ping times. I even get a static IP which is really handy. That said, I do have PIA that I fire up from time to time and a few BSD boxen VMs scattered around the world.

      --
      -- I have a private email server in my basement.
  10. See! by Altrag · · Score: 1

    Innovation! Look at all the new ways companies are figuring out to screw customers over! The possibilities are endless! MAGAMAGAMAGA!

  11. Re:"anonimity"? by tsqr · · Score: 5, Funny

    Learn how to spell, you fucking retards.

    Now, dont curl up into a feeble position, or run around like a bowl in a china shop. No need for ad homonym attacks. Its the 21st century, and for all intensive purposes, its a far-gone conclusion that society has bid ado to gramer; speling - and punkshuation (ect). As long as you can pack up the meening from contacts, you shouldnt go on and nauseum about this sort of thing. In the end, its all for knot anyways, so dont ball your eyes out over it. In stead, you should cease the opportunity to except the inevitable and be internally grateful at being liberated.

  12. Honeypots by Anonymous Coward · · Score: 2, Interesting

    Just remember, most of the "private", "secure" email services turned out to be either direct honeypots or, even if legit at first, taken over later by the NSA or other agencies, with money and/or threats, and turned into a honeypot, as revealed by wikileaks papers. VPN will probably be the same

  13. Roll your own by DaMattster · · Score: 2

    It's not difficult to roll your own VPN solution if you have some knowledge of BSD/Linux. This is really and truly the only way to ensure trust and even then it is not 100%. OpenVPN is not hard to install and configure but I am sure it is not immune from would-be intruders.

    1. Re:Roll your own by R.Mo_Robert · · Score: 3, Interesting

      It's not difficult to roll your own VPN solution if you have some knowledge of BSD/Linux. This is really and truly the only way to ensure trust and even then it is not 100%. OpenVPN is not hard to install and configure but I am sure it is not immune from would-be intruders.

      Umm, how does that help? I do have a VPN server to remote in to my home network and access services, shares, and other resources I don't make publicly visible (which is almost everything--that I don't, I mean), but you seem to be missing the part where the type of VPN this article is talking about is for people who wish to disguise their network traffic from home (and elsewhere) by sending it over a VPN to a remote server, often in another country--the problem being that it's not always apparent if you can trust that server.

      --
      R.Mo
  14. Re:Cryptostorm VPN by phantomfive · · Score: 2

    If you have tech skills, the easiest thing to do is set up your own VPN on an AWS box. Cheap, not too hard, you can use SSH or you can use openSwan.

    --
    "First they came for the slanderers and i said nothing."
  15. Re:"anonimity"? by grep+-v+'.*'+* · · Score: 1

    NO, I don't think so, You can have my grammar and punctuation only when you pry it from my cold, dead ... pencils?

    Wait, let me come in and try that again.

    --
    If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
  16. Re:Cryptostorm VPN by phantomfive · · Score: 1

    Lol, yeah only a simple subpoena to Amazon and they know exactly who you are,

    If you're trying to hide from the government, VPN isn't going to save you.

    --
    "First they came for the slanderers and i said nothing."
  17. Re:Can you daisy chain VPNs? by AHuxley · · Score: 1

    Re " it seems like things would be pretty untraceable, if not in theory then in reality."
    The police or security services who detected a criminal matter would track the first VPN.
    International paperwork would be requested for the VPN owners/host nation showing a real crime in that nation.
    A local court in the VPN's own nation would see that evidence and then the VPN would be contacted.
    The VPN would have no logs but the user of interest has a pattern of access. So every packet in and out is looked for a time on that VPN.
    The details of one user are recovered. The VPN did not log users, the police have an IP of the user of interest.
    If its a second VPN, the same request is made. The user is seen using the service in real time and ISP packets collected.
    The ISP is contacted in the user of interests own nation. Takes twice as long but the results are the same. A VPN gives a user some privacy.
    Using an ISP at home is still easy to track back once the police get interested and have court support in different nations.

    --
    Domestic spying is now "Benign Information Gathering"
  18. Re:Can you daisy chain VPNs? by Falos · · Score: 1

    If you're moving highly mission-critical data or trade secrets or something, sure. Or selling drugs.

    Most of us are satisfied with basic concealment, because it's enough to beat automated snooping, whether it's the ISP or your government.

    If you're on a list (the real kind) it may not be enough, but the rest of us will be casually safe against the casually invasive. If you've a determined actor, the genuine "someone is watching" that normies conflate with mass logging, you expect to take additional measures.

  19. Re: "anonimity"? by Maritz · · Score: 2

    You'd gotten as far as 'gramer' before you noticed anything was up? lol. Woosh city.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  20. Re:"anonimity"? by Maritz · · Score: 1

    They are all eggcorns. Ball = Bawl. Feeble position should be 'foetal' position. Eternally grateful instead of internally. "In stead?" Have a word with yourself.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  21. Re:Cryptostorm VPN by admin7087 · · Score: 1

    Good, that makes it more likely that he offers real anonymity and is not in bed with the feds.

  22. The law cancels a future regulation by Attila+Dimedici · · Score: 1

    The summary continues to play into the hype about a law which merely cancels a regulation which had not yet gone into effect. The passage of the law changed NOTHING with regard to consumer privacy. It merely prevented a regulation from going into effect in December, which it was claimed would increase protections for consumer privacy (I have not studied the regulation in question, so I do not have much of an opinion of whether it would have actually done so. I am however skeptical about whether it would have made much difference based on my experience with similar previous regulations).

    --
    The truth is that all men having power ought to be mistrusted. James Madison
  23. Got to do something by Wowsers · · Score: 1

    We've got to do something to stop Internet Providers criminal activity. In the UK, ISP BT hacked their customers website traffic, changing the pages they were expecting to see, and inserting the adverts BT wanted you to see instead. This went to court, and despite this practice breaking many laws in hacking / interception of communications, identity fraud etc, somehow, the court let off BT with a slap - no prison time for anyone involved in this criminal activity. Read the saga about Phorm https://en.wikipedia.org/wiki/...

    So, the courts side with the criminal activity of ISPs, we better educate people to wise up on their privacy online, not just from the state / spies, but their own ISPs.

    --
    Take Nobody's Word For It.
  24. Re: Only LUDDITES use VPNs. by thomn8r · · Score: 1

    A true luddite uses cu and uucp

  25. Speed Of VPNs and My Take On The OP by AleksK · · Score: 1

    I think it's not just tor... i've used hss proxy, ib and ivacy vpn too and pretty much every vpn is slow when it comes to encryption, including others too. it just shouldn't cross that line where it becomes downright unusable. the foregone speed is a trade-off for the encryption you get. about the OP, i read that thing over motherboard as well as troyhunt and i'm not sure if it's funny or ironic but in any case, these scams almost seem to leave users with more questions.