Phony VPN Services Are Cashing In On America's War On Privacy

Reader Freshly Exhumed writes: Nicholas Deleon at Motherboard reveals a run-in with scammers who are already hard at work taking advantage of newly signed legislation that allows Internet Service Providers to sell your online privacy, including your web browser history, to the highest bidder without your consent. Relatedly, Tim Berners-Lee would prefer people to protest in the streets rather than take technical measures such as TOR and VPN. For those intent on using VPN, TorrentFreak has their latest reviews of VPN anonimity practices, with the caveat that the info is submitted by the VPN companies themselves on a "trust us" basis.

All my data is double-encrypted with ROT-13!

[Fringe]

Sometimes people don't even realize encrypted data is present.

Re:All my data is double-encrypted with ROT-13!

ROT-26 is faster than running ROT-13 twice, and is just as secure.

But the modern recommendation is ROT-416. It's well established that the NSA has been able to break double-ROT-13 and ROT-26 for a long time now. There are also rumors of them secretly injecting vulnerabilities into the ROT standard, so be careful out there!

There are good ones if you do your research.

[waspleg]

I did quite a bit. I've been using AirVPN (based in Italy) for several years without any issues beyond ones I caused myself; and without any love letters from Comcast.

(no I'm not affiliated just a satisfied customer - check my post history)

Re:Can you daisy chain VPNs?

Some folks seem to be doing that with VMs. They will run VPN A on the main OS, then run a VM and inside that VM open VPN B's connection. Idea is that VPN B will tunnel through the VPN A connection to VPN B's exit point.

How well that works or how effective it is, I could not say. At least to a first glance it does not seem like too bad an idea though.

VPN comparison on That One Privacy Site

[worf_mo]

That One Privacy Guy maintains a detailed VPN comparison chart. The chart lists the results for a number of criteria for each VPN provider. Information is gathered from public sources and by contacting the respective hotlines. There is also an article about choosing a VPN, and a review section.

The site is a bit slow to load, but if offers some good information. I like the fact that no recommendation is given, everyone can come to their own conclusions based on their requirements and the available data. From the FAQ:.

Q: Can you give me a recommendation?

A: Sorry, but to be unbiased, I created my project for others to make this determination for themselves. Everyone’s needs and threat models are different as well, so if I made a suggestion that conflicted with your needs, it could very well have the opposite effect as intended.

Re:Cryptostorm VPN

[Thud457]

give me BONESTORM or GO TO HELL!

Worthless

[rudy_wayne]

Over the past few years there have been many articles written about VPNs but they all suffer from the same problem, and this article is no different:

their latest reviews of VPN anonimity practices, with the caveat that the info is submitted by the VPN companies themselves on a "trust us" basis.

There is absolutely no independently verified information. The only information provided in the articles comes directly from the VPN companies themselves, making it completely useless. More lazy journalism.

Re:Worthless

That may be true, but it's still a step up from the ISP situation, which are known to look at traffic. The VPNs at least promise not to, and if they get caught out in a lie they can lose their entire business, because there is real competition for them.

So it's not perfect by a long shot, and we can and should wish for better. But if you have to pick something to put your trust in, better the VPN company than the ISP company. And you can also pick your VPN: change if the old ones breaks your trust, or pick one in a different country from you.

Not perfect. But better than nothing, so I would not call it "worthless".

Re:Worthless

[AHuxley]

A VPN offers a nice encryption layer that hides all plain text from local police, local gov, lawyers, health services, your ISP.
That is great given how much is now been collected in many nations over months and can be searched and requested by a gov, local gov, public private partnership contractors or a lawyer for a civil matter in some nations.
In the UK "As the Investigatory Powers Bill passes into law, internet providers will be required to keep a full record of every site that each of its customers have visited" (24 November 2016)
http://www.independent.co.uk/l...
In Australia "Here's Every Australian Government Agency That Wants Your Data" (Jan 18, 2016)
https://www.gizmodo.com.au/201...
In the USA? Some legal changes that have been suggested over the years https://www.eff.org/issues/man...

Re:"anonimity"?

[tsqr]

Learn how to spell, you fucking retards.

Now, dont curl up into a feeble position, or run around like a bowl in a china shop. No need for ad homonym attacks. Its the 21st century, and for all intensive purposes, its a far-gone conclusion that society has bid ado to gramer; speling - and punkshuation (ect). As long as you can pack up the meening from contacts, you shouldnt go on and nauseum about this sort of thing. In the end, its all for knot anyways, so dont ball your eyes out over it. In stead, you should cease the opportunity to except the inevitable and be internally grateful at being liberated.

Honeypots

Just remember, most of the "private", "secure" email services turned out to be either direct honeypots or, even if legit at first, taken over later by the NSA or other agencies, with money and/or threats, and turned into a honeypot, as revealed by wikileaks papers. VPN will probably be the same

Roll your own

[DaMattster]

It's not difficult to roll your own VPN solution if you have some knowledge of BSD/Linux. This is really and truly the only way to ensure trust and even then it is not 100%. OpenVPN is not hard to install and configure but I am sure it is not immune from would-be intruders.

Re:Roll your own

[R.Mo_Robert]

It's not difficult to roll your own VPN solution if you have some knowledge of BSD/Linux. This is really and truly the only way to ensure trust and even then it is not 100%. OpenVPN is not hard to install and configure but I am sure it is not immune from would-be intruders.

Umm, how does that help? I do have a VPN server to remote in to my home network and access services, shares, and other resources I don't make publicly visible (which is almost everything--that I don't, I mean), but you seem to be missing the part where the type of VPN this article is talking about is for people who wish to disguise their network traffic from home (and elsewhere) by sending it over a VPN to a remote server, often in another country--the problem being that it's not always apparent if you can trust that server.

Re:Cryptostorm VPN

[phantomfive]

If you have tech skills, the easiest thing to do is set up your own VPN on an AWS box. Cheap, not too hard, you can use SSH or you can use openSwan.

Re: "anonimity"?

[Maritz]

You'd gotten as far as 'gramer' before you noticed anything was up? lol. Woosh city.