I understand they need security but sureley if you got caught doing something you shouldn't your VPN IP would relate back to your VPN account which would lead to you real IP?

It's about picking a provider which says no logs are kept in their TOS as VPN providers aren't regulated and don't need to keep logs.

If they fuck you over and log+give the info away: 1) it's very very bad PR for the company, 2) you could potentially sue them for privacy invasions/breaking their TOS and 3) the evidence wouldn't necessarily hold in court as they're "eavesdropping" you without your permission.

- Say you're from the EU and you want an American only game from Steam.
- Or you want to stream some video that has location restrictions.
- Or you're trying to bypass your ISP's throttle

I consider the VPN to be protection against the ISP. Not as an all in one security thing.


It's about picking a provider which says no logs are kept in their TOS as VPN providers aren't regulated and don't need to keep logs.

They can say what they want. You're better off assuming they log everything and take additional measures. SSL through the VPN for instance. Any company will turn on you if the government leans on them. It doesn't even have to be that overt, a phone call and a suggestion that the IRS might be looking into their books.

Look at the US. The telecoms helped the government perform illegal wire taps. Instead of anyone going to jail, congress just gave the telecoms retroactive immunity. Or look a Wikileaks, a couple phone calls and their funding was turned off.

- Say you're from the EU and you want an American only game from Steam.
- Or you want to stream some video that has location restrictions.
- Or you're trying to bypass your ISP's throttle

I consider the VPN to be protection against the ISP. Not as an all in one security thing.


It's about picking a provider which says no logs are kept in their TOS as VPN providers aren't regulated and don't need to keep logs.

They can say what they want. You're better off assuming they log everything and take additional measures. SSL through the VPN for instance. Any company will turn on you if the government leans on them. It doesn't even have to be that overt, a phone call and a suggestion that the IRS might be looking into their books.

Look at the US. The telecoms helped the government perform illegal wire taps. Instead of anyone going to jail, congress just gave the telecoms retroactive immunity. Or look a Wikileaks, a couple phone calls and their funding was turned off.

Luckily not every company is based in the US. And don't forget your http://helvetin16.com/666/images/foliohattu.jpg

- Say you're from the EU and you want an American only game from Steam.
- Or you want to stream some video that has location restrictions.
- Or you're trying to bypass your ISP's throttle

Those by themselves are valid answers to the question in the thread title.

A friend of mine used to say there's no 100% bulletproof way of concealing what you do on the Internet, short of using multiple offshore VPNs over stolen Wi-Fi from different hotspots every day. Of course, that has other implications, specially if you "steal" from a residential customer.

On a sidenote, how does this question relate to newsgroups? Since you created the thread in this section, I assume it does in some way.

Well, I assumed it was related to Giganews "free" VPN.

This story made news headlines all over the internet when it happened years ago. Surfola.com - one of the first anonymous proxy services - promised absolute user privacy. When it came time to prove that promise, Surfola instead opened its books to the FBI without even a warrant or court order.




Seeking to conceal his identity when visiting the car ad, the blackmailer used an anonymiser called surfola.com.

The Florida-based service allows e-mails to be sent and postings to news groups to be made anonymously. Its site reassures users, "We will not give out your name, residence address, or e-mail address to any third parties without your permission, for any reason, at any time, ever."

However, as EDRI explains, when the FBI came calling, surfola.com spilled the beans.




full story at http://www.out-law.com/page-3854


The Surfola anonymous proxy service closed down sometime after that incident.

Well, I assumed it was related to Giganews "free" VPN.
hell no
anonine ftw
no logs, no monitoring, no traffic shaping
some still do t the right way

You can be anonymous with a VPN ! ! And ISP's won't keeps logs of your activities

Well, you're just moved the monitoring point. When you don't use a VPN, your ISP can monitor you. When you do use the VPN, the people running the VPN can monitor you because they own the exitpoints. That's why I consider it worthwhile to prevent ISP monitoring but, not all that from a total security perspective.

When you don't use a VPN, your ISP can monitor you. When you do use the VPN, the people running the VPN can monitor you because they own the exitpoints.

And if they really want to, your ISP can still monitor what you do - they're your gateway to the Internet, and they can see the encryption handshake/SSL negotiation which easily enables a middleman attack.

Of course, the vast majority of providers will never do this, and depending on your country's laws you may even be able to sue them if caught, but nothing is enough for the truly paranoid.

When you don't use a VPN, your ISP can monitor you. When you do use the VPN, the people running the VPN can monitor you because they own the exitpoints.

And if they really want to, your ISP can still monitor what you do - they're your gateway to the Internet, and they can see the encryption handshake/SSL negotiation which easily enables a middleman attack

Uh....no.

The SSL connection is, with a VPN, encapsulated WITHIN the VPN. There is, if the VPN is of the PPTP variety and using older handshaking (VERY old, say circa 1990's), it could be attacked in a way that would cause the VPN connection to drop, but no actual data stream would continue, however.

But VPN utilizing OpenVPN, no, not even that. The encryption code sequence is way too large, and it was specifically coded to completely resist those types of PPTP attacks (updates to PPTP circa y2000 did render PPTP much harder if not impossible to disrupt).

Certainly if one utilized SSL over an 'open' circuit, disruptions of many types are possible, most obviously since the destination IP address is 'in the clear', the 'circuit' can be disrupted. Again, however, SSL encapsulated within OpenVPN only lists the VPN companies destination IP.

Most news servers are using self signed certs too. At least it used to be that way.

Uh....no.

The SSL connection is, with a VPN, encapsulated WITHIN the VPN. There is, if the VPN is of the PPTP variety and using older handshaking (VERY old, say circa 1990's), it could be attacked in a way that would cause the VPN connection to drop, but no actual data stream would continue, however.

But VPN utilizing OpenVPN, no, not even that. The encryption code sequence is way too large, and it was specifically coded to completely resist those types of PPTP attacks (updates to PPTP circa y2000 did render PPTP much harder if not impossible to disrupt).

Unless I misunderstood you, I'm talking about initially connecting to a VPN, not establishing an SSL connection to another host when you've already connected to it (the virtual private network).

That would fall on the category of your third paragraph, SSL over "open" circuits, as far as my knowledge goes, if we're talking about an OpenVPN server.

I interpret his comment as saying that the VPN itself doesn't use SSL to establish and maintain a secure tunnel to the exit point. So, it's not vulnerable to the same man in the middle attacks that SSL is. Then if you SSL through the VPN tunnel, you have both the encryption of the VPN which protects the secure tunnel AND SSL encryption through the VPN to basically give 2 layers of encryption. A Man in the middle attack would then have to be someplace between the exit point of the VPN and the endpoint (news server).

So, the scenario of the ISP using a Man in the Middle to attack the SSL connection couldn't happen if you were using the VPN too. It also secures the connection from the VPN exit point to the news server.

Wonder if my router could establish the VPN connection so, my whole network would be both behind a router and encrypted to the VPN exit point? Using the PC to VPN seems to put the PC on the open internet which I think is a bad idea.

I interpret his comment as saying that the VPN itself doesn't use SSL to establish and maintain a secure tunnel to the exit point. So, it's not vulnerable to the same man in the middle attacks that SSL is.

OpenVPN uses SSL as far as I know, but there are other protocols as well.


Wonder if my router could establish the VPN connection so, my whole network would be both behind a router and encrypted to the VPN exit point? Using the PC to VPN seems to put the PC on the open internet which I think is a bad idea.

I think some routers were able to do that, maybe with custom firmware? It depends on which one you have. About putting your PC on the open Internet, you can destroy the routing tables for it after you connect, and add a single one just for the VPN server so that you can reconnect. That also prevents programs from "leaking" your real address in the event of a drop-out.

I'm more thinking I don't trust Windows enough to put a windows box on the open Internet.


OpenVPN uses SSL as far as I know, but there are other protocols as well.

Wonder if it's possible to the attacker to handle two layers of MITM attack. Haha. Hack the outer connection, then hack the inner SSL connection.

VyperVPN supports PPTP for the "free" version.

"VPN Passthrough (IPSec, PPTP, and L2TP)" My router does this. Need to dig up the manual I guess.

Wonder if it's possible to the attacker to handle two layers of MITM attack. Haha. Hack the outer connection, then hack the inner SSL connection.

Unless they really want to snoop on you, I doubt someone would already bother to do one middleman attack - it's merely a possibility.


"VPN Passthrough (IPSec, PPTP, and L2TP)" My router does this. Need to dig up the manual I guess.

I think the passthrough only temporarily forwards a port that must be reachable in order to connect.

I
Wonder if my router could establish the VPN connection so, my whole network would be both behind a router and encrypted to the VPN exit point? Using the PC to VPN seems to put the PC on the open internet which I think is a bad idea.

DD-WRT is the s/w that can morph a router to encrypt an entire network; there are several 'flavors' that work with a wide variety of router types, depending on the amount of ram and cpu types that the h/w has.

Over the past few years, as the router manufacturers have upgraded their boxes, DD-WRT has increased it's capability as well. As that has happened, many 3rd party folks (including VPN vendors themselves) have offered routers already modified to work with either their systems or particular VPN's as well.

Nice. Thanks.

The most obvious reasons would be avoid hot spot sniffing, access websites that are being blocked by the ISP or government, watch movies or videos that are not available to your region.
See Top 5 reasons why everyone should use VPN (http://bit.ly/pNwMzL)
Hope this helps. :happy:

The most obvious reasons would be avoid hot spot sniffing, access websites that are being blocked by the ISP or government, watch movies or videos that are not available to your region.
See Top 5 reasons why everyone should use VPN (http://bit.ly/pNwMzL)
Hope this helps. :happy:

Congratulations on your first 2 posts. It's an amazing feat, because neither of it was spam or drivel, instead you've managed to respond in a manner that shows you either read the subject and first post, or some part of the ongoing thread. This isn't sarcastic condescension mind you, just letting you know that post counts below 6 and above 10,000 are typically meaningless. This is me making a dig at older members for fun.

But since I'm still a dick, I need to point out that the Apple focus at the link you mentioned made my current post-200g-mayonnaise-ingestion nausea act up a little. That is all

It's interesting to see how that blog post only refers to the HideMyAss VPN and contains what seem to be a bunch of referral links.


post counts below 6 and above 10,000 are typically meaningless.

That's just jealousy. :angry:

It's interesting to see how that blog post only refers to the HideMyAss VPN and contains what seem to be a bunch of referral links.


post counts below 6 and above 10,000 are typically meaningless.

That's just jealousy. :angry:

I only saw that there was some list, but noticing the Apple stuff I left immediately. Don't confuse jealousy with envy

Well, I assumed it was related to Giganews "free" VPN.

Giganews VPN is not free - you can only get the Giganews VPN by subscribing to their most expensive plan ($35/month) basically you get unlimited Usenet + VPN connectivity which actually no better than standard SSL that most other provider actually do offer completely free with their standard unlimited Usenet plans - Example - Newshosting($10/month), Astraweb($11/month) do not be mislead make you check things out before you jump in - there are many Usenet providers who offer a fantastic downloading experience at a very fair price because there are companies out there who actually care about seeing the Usenet grow and then there are those who don't care and are only out for the money.

Well, I assumed it was related to Giganews "free" VPN.
Giganews VPN is not free - you can only get the Giganews VPN by subscribing to their most expensive plan ($35/month) basically you get unlimited Usenet + VPN connectivity which actually no better than standard SSL that most other provider actually do offer completely free with their standard unlimited Usenet plans - Example - Newshosting($10/month), Astraweb($11/month) do not be mislead make you check things out before you jump in...

What on earth does AW SSL have to do with VPN?

If you're going to compare GN's VPN service with anything it should be other VPN services.

Giganews VPN is not free - you can only get the Giganews VPN by subscribing to their most expensive plan ($35/month) basically you get unlimited Usenet + VPN connectivity which actually no better than standard SSL that most other provider actually do offer completely free with their standard unlimited Usenet plans - Example - Newshosting($10/month), Astraweb($11/month) do not be mislead make you check things out before you jump in...

What on earth does AW SSL have to do with VPN?

If you're going to compare GN's VPN service with anything it should be other VPN services.

VPN is nothing more than a secure tunnel that your computer uses to talk to the rest of the internet, my point was that SSL (which is free for most if not all Usenet providers) does the same thing and gets you there securely :) SSL offers the same (at least 256bit) encryption as most VPN tunnels - SSL is nothing more than an encrypted path from your computer to whatever you are connecting to and so to it is the same with VPN, you have and encrypted path from your computer to the VPN house that then shoots you out to internet. Since SSL is free IMHO it's the best way to go :)

What on earth does AW SSL have to do with VPN?

If you're going to compare GN's VPN service with anything it should be other VPN services.

VPN is nothing more than a secure tunnel that your computer uses to talk to the rest of the internet, my point was that SSL (which is free for most if not all Usenet providers) does the same thing and gets you there securely :)

The only thing you can use that SSL for is to connect to the news server.
You get SSL no matter what you sign up for at GN and if you choose the diamond package you get VPN too so I don't get your point.

VPN is nothing more than a secure tunnel that your computer uses to talk to the rest of the internet, my point was that SSL (which is free for most if not all Usenet providers) does the same thing and gets you there securely :)

The only thing you can use that SSL for is to connect to the news server.
You get SSL no matter what you sign up for at GN and if you choose the diamond package you get VPN too so I don't get your point.

What I mean is, no one really uses the VPN for anything more than to make the traffic between their computer and the Usenet provider(example Giganews) private because they are really only concerned about hiding the traffic they are downloading so they can download in peace - well SSL which is free accomplishes the exact same goal :) - so why pay for VPN...just trying to save some folks a little money :)

What I mean is, no one really uses the VPN for anything more than to make the traffic between their computer and the Usenet provider(example Giganews) private because they are really only concerned about hiding the traffic they are downloading so they can download in peace - well SSL which is free accomplishes the exact same goal :) - so why pay for VPN...just trying to save some folks a little money :)

Wrong. So wrong, I'll come visit you in the hoosegow.

Hiding the traffic is not the only thing. Hiding the ROUTE is much more important, which is what a VPN will do.

Most ISP's (in America at least) are much more interested in WHERE the traffic is coming from and going to; that, and the protocol.

Most if not all AUP's (Acceptable Use Policies) specifically list Usenet and P2P as 'infringing uses and traffic hogs' that will get your account pulled if 'overused'; exactly at what level that is, is hazy, but may be less than the stated 'cap' on the account. A user some 30 miles from me on the same ISP got his account yanked (and made the national news by complaining very loudly) while using about 1/10th of his 'cap', but the majority of his traffic was deemed 'infringing' simply by the protocol used.

SSL hides NEITHER the eventual destination IP address OR the protocol used.

VPN's do. In the age of most ISP's utilizing 'deep packet inspection' and other odious spying techniques, it's better to be safe than sorry.

What I mean is, no one really uses the VPN for anything more than to make the traffic between their computer and the Usenet provider(example Giganews) private because they are really only concerned about hiding the traffic they are downloading so they can download in peace - well SSL which is free accomplishes the exact same goal :) - so why pay for VPN...just trying to save some folks a little money :)

Wrong. So wrong, I'll come visit you in the hoosegow.

Hiding the traffic is not the only thing. Hiding the ROUTE is much more important, which is what a VPN will do.

Most ISP's (in America at least) are much more interested in WHERE the traffic is coming from and going to; that, and the protocol.

Most if not all AUP's (Acceptable Use Policies) specifically list Usenet and P2P as 'infringing uses and traffic hogs' that will get your account pulled if 'overused'; exactly at what level that is, is hazy, but may be less than the stated 'cap' on the account. A user some 30 miles from me on the same ISP got his account yanked (and made the national news by complaining very loudly) while using about 1/10th of his 'cap', but the majority of his traffic was deemed 'infringing' simply by the protocol used.

SSL hides NEITHER the eventual destination IP address OR the protocol used.

VPN's do. In the age of most ISP's utilizing 'deep packet inspection' and other odious spying techniques, it's better to be safe than sorry.

You are right on as far as hiding the route, as the VPN acts as a front end that your computer connects to to send all traffic through so the ip that shows up is the ip of your VPN provider because all of your traffic goes through the VPNs front ip and then gets sent out to the internet. SSL does hide the protocol however because when you get on the Usenet over SSL a secure socket layer wrapper is created (usually 256bit encryption) that encapsulates all network traffic including the protocol layer. So with SSL you can download all day long and it just looks like gibberish to you ISP - this is the same reason that SSL is used to secure and hide banking transactions - so all your info stays secure. One other important thing to think about is most VPN providers keep logs of everyone who gets on including their IP address - they do this for law enforcement purposes. SSL however is a different story - there are so many connections happening at the same time to a usenet provider that logs are not kept of peoples IP address etc because the logs would be enormous - depending on the newsreader, sometimes a new connection will be created each time a single article is grabbed and most downloads are made up of 100s or 1000s of individual articles, and if one person makes 100s or 1000s of connections for a single download you might as well multiply that times all the others users that get on at the same time multiplied by a whole bunch because most people download more that one file at a time because a single download - video etc can be and usually is made up of 50+ individual RAR files. Keeping up with all those logs would make the servers freeze. So to sum up SSL completely hides your traffic and protocol and no connection logs are kept because most Usenet service providers want their servers to work so you can actually connect and get your downloads :)

So to sum up SSL completely hides your traffic and protocol and no connection logs are kept because most Usenet service providers want their servers to work so you can actually connect and get your downloads :)

Again, keep thinking that and I'll visit you in the super-max, or give you a high salute as the ISP's (if you have more than one, which most don't) in your area give you a lifetime ban.

So to sum up SSL completely hides your traffic and protocol and no connection logs are kept because most Usenet service providers want their servers to work so you can actually connect and get your downloads :)

Again, keep thinking that and I'll visit you in the super-max, or give you a high salute as the ISP's (if you have more than one, which most don't) in your area give you a lifetime ban.

If and when I do I will share my boiled carrots and vanilla cake with you because seem like a really nice fellow who gave me a warning and tried to get me to go the way of the VPN :)

since were on the topic of Vpns would anyone have a good recommendation on one?

since were on the topic of Vpns would anyone have a good recommendation on one?

I use HMA vpn (http://bitly.com/I0Thgm) because I like its client software. I can randomly change IPs or do speed test to find the fastest VPN servers. However, HMA does keep logs so it is not 100% anonymous. I am testing a few other alternatives. B4 I can find something better I will stick with HMA VPN, at least it is reliable...... :D

HideMyAss should definitely be avoided. They "keep logs and as a UK company when given a court order to cough up information, they do so. (http://torrentfreak.com/vpn-providers-mull-fraudster-database-in-wake-of-lulzec-fiasco-111006/)"

This list: Which VPN Providers Really Take Anonymity Seriously? (http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/) makes a good starting point for your search. Note that you should always choose a VPN provider from outside the legal jurisdiction you reside in.