I've been out of the scene for far too long...

I used to use Newshosting, but back then they had 45 days binary retention and no SSL. :\

So my question is this: With the addition of the SSL encryption, would also using a VPN service be overkill?

If you are only downloading, SSL is all you need. Usenet providers do not keep logs of downloads and SSL will prevent your ISP from inspecting your downloads.

If you are only downloading, SSL is all you need. Usenet providers do not keep logs of downloads and SSL will prevent your ISP from inspecting your downloads.

<Insert extreme laughing here>

SSL is now known to be completely broken by the use of deep packet inspection and other techniques, and has been for a fairly long time. So any ISP that wishes to put the resources to bear on it, it's cracked.

Plus, even if they don't, they know where the packets are going to (insert your favorite news server here) and can therefore know what you're doing. This includes web browsing and such, so that means that if you're using any searching service, they know that as well.

So utilizing a VPN service fills at least two goals, keep folks like Google AND your ISP off your trail, for either commercial purposes or more nefarious reasons. Utilize both SSL in conjunction with your VPN, and you're getting the best of both worlds. In my case, the small (one hop) distance between my VPN output port to either Astraeb (SF/SJ) or to Giganews (LA) are multi-gigabit links on major (non-ISP) transmission companies, like Level3.

The cost is fairly minimal, and just to keep my browser out of Goggle's greedy DPI algorithms (not to mention a certain cable ISP that starts with the letter 'C') is great (i.e., I've never had to deal with 'targeted' adverts an my email spam is about as close to zero as one can get).

Nobody in this day and age not using a VPN service of some kind is simply asking for trouble.

SSL is now known to be completely broken by the use of deep packet inspection and other techniques, and has been for a fairly long time. So any ISP that wishes to put the resources to bear on it, it's cracked.

So utilizing a VPN service fills at least two goals, keep folks like Google AND your ISP off your trail, for either commercial purposes or more nefarious reasons. Utilize both SSL in conjunction with your VPN, and you're getting the best of both worlds. In my case, the small (one hop) distance between my VPN output port to either Astraeb (SF/SJ) or to Giganews (LA) are multi-gigabit links on major (non-ISP) transmission companies, like Level3.

Thanks for that!
We still install SSL certs for clients almost every day, so I imagine they must be just for the illusion of security on 443 connections at this point.

I definitely will look further into the VPN route. Do you have any suggestions on providers?

In a deep packet inspection, only the source and destination IPs and ports of the packets are known to the ISP. The data is fully encrypted. Nobody really cares. Downloading is not a criminal matter.

I use a VPN but that is no guarantee even if they don't keep logs. Example: Somebody is using the VPN to upload child porn. That's a serious criminal matter. The VPN owner could be raided, slapped with a gag order and the authorities could log it.

Nothing is impossible, but even if the SSL was cracked , it's not going to be used to prosecute Usenet downloaders.

I definitely will look further into the VPN route. Do you have any suggestions on providers?

Bottom line is, all (repeat: ALL) VPN providers log traffic. They have to either by law, or to simply protect themselves if a user/subscriber tries to become the next spam hub of the universe. The difference is, most don't sell that data to (insert GOOGLE or others here) to make more bucks.

The best way to go is via a s/w modified router, that way ALL traffic from your network can be protected without having to deal with clients on every machine or device (some of which you can't put a client on to begin with); with a good setup, you can 'toggle' between the VPN tunnel and a non-tunnel route if you wish.

A good company to look into (they partner with several providers) is:

http://www.sabaitechnology.com/

Low to High end setups. Many of the best/fastest are currently operating on FIOS systems around the country. I haven't run into any on 1Gbit as of yet, but that such a thin edge of the wedge that it's very slim number of potential users.

Hope no one minds if I just answer the basic question:
"With the addition of the SSL encryption, would also using a VPN service be overkill?"

Yes.
Use one or the other.
Using both is unnecessary and will most likely result in a large loss of speed.

Wrong on every account.

First, I have no loss of speed whatsoever. And this is with a 'last gen' setup (four years old at this point), not the newest or greatest or fastest. My hardware and VPN provider quite easily maxes out my current connection, which is a commercial 25m/25m. I hope (one can dream, right?) that I may move next year and get on fiber that stopped expanding right at 4 blocks from my current home. Thank you, Verizon/Frontier. Before I do, I'll upgrade my h/w to better/faster stuff (will be about a $600 upgrade).

So that is cowpucky, probably because poor VPN providers and even poorer folks keep repeating it.

Secondly, if you rely on SSL only, that means your ISP sees, at a minimum, every site you're connecting with. They gather that info and SELL it to all comers (or GIVE it to folks who are in the position to give them regulatory passes on things, like the GOVERNMENT). Just because they MAY not see the payload within it (but then again, they MAY), doesn't mean that they don't gather the METADATA (the sites you're connecting to and for how long and how much data transferred), and either pass on that data or SELL it.

That's the reason for VPN's. Nobody, my ISP and everyone between myself and the VPN outport, can't tell whom I'm connecting to or for how long or for how many bits/bytes. And if they don't know, then they can't SELL (or give) that information to whomever.

Most decent smartphones (my Android does) have built in VPN capability, and I can secure my mobile data as well. So both operators (wireline and wireless) don't get ANY internet metadata from me. Pound sand.

So you'll blithely give that metadata out to whomever.

>Bottom line is, all (repeat: ALL) VPN providers log traffic. They have to either by law, or to simply protect themselves if a user/subscriber tries to become the next spam hub of the universe. The difference is, most don't sell that data to (insert GOOGLE or others here) to make more bucks.<


BY LAW, they have to log? What countries have such laws. Not even the states have such laws. Many block port 25 to prevent common spam. They do not all keep logs. Before laughing at others, you might want to get your facts straight. Better yet, cite the laws of Western World countries that require logging.


>Just because they MAY not see the payload within it (but then again, they MAY)<

They may? Tell us how they can know for sure what you downloaded. I like how you hedged your bets. Can they see exactly what you downloaded? You said they MAY or MAY not! Either they can or they can NOT!

I think the OP is only concerned with his ISP KNOWING FOR SURE what was downloaded from Usenet. Therefore SSL is fine for that.

Once again, your ignorance of basic USA laws and regulations are breathtaking. So, you've never heard of or seen a thing called a NSL? (National Security Letter, primary part of the Patriot Act). Virtually every telecom provider in the US has been operating under the provisions of this act for close to 10 years now, REQUIRES that logs be keep of every 'transaction' that occurs over their system(s). If you don't, you will get forced out of business, and many have been.

Get your head out of your behind and get real.

Once again, your ignorance of basic USA laws and regulations are breathtaking. So, you've never heard of or seen a thing called a NSL? (National Security Letter, primary part of the Patriot Act). Virtually every telecom provider in the US has been operating under the provisions of this act for close to 10 years now, REQUIRES that logs be keep of every 'transaction' that occurs over their system(s). If you don't, you will get forced out of business, and many have been.

Get your head out of your behind and get real.

Then why don't Usenet service providers keep track of downloads? Many have an American presence. There is little point in trying to reason with your tinfoil hard hat. They have bigger fish to fry than trying to bust some guy downloading a TV show.

I asked you about the requirements of VPNs. Most are not located in the states and I've yet to read a specific law that requires them to log. Are you saying that a VPN in Switzerland is required to follow US Patriot Act laws? LOL

Even in the US: http://torrentfreak.com/proof-that-using-a-vpn-keeps-piracy-lawsuits-and-strikes-away-131207/

Even in the US: http://torrentfreak.com/proof-that-using-a-vpn-keeps-piracy-lawsuits-and-strikes-away-131207/

Beck was unable to provide proof that an ISP could tell what you are downloading from Usenet if you used SSL. The OPs original question was if he needed a VPN to download from Usenet.

Now Beck has claimed that BY LAW all VPNs must keep logs. Here is the Torrentfreak article in regards to what VPNs do NOT keep logs. Normally, I don't like Torrentfreak but they have this one right.

http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/

When Beck can't prove his case, He goes off on tangents and tries to win His arguments with deflection techniques. Beck loves to say how much He laughs at people. Does He have any idea how much people laugh at him?

http://en.wikipedia.org/wiki/National_security_letter

Now go laugh at them; then we can come visit you in one of the Super-Max prisons.

I could list all the recent Ars Technica or Wired articles as well, or give you the address to the EFF or ChillingEffects listings, or many many others, that have been listed here ad infinitum. But since your mind is closed, keep going on you present path until your ISP yanks your feed or something worse happens.

Simply stop giving out incorrect and misleading information to folks like the OP who originally asked a good question, who didn't need more stunningly wrong info that both you and others jumped on the thread with.

You are a sick man Beck. I've read those articles. You claimed that SSL is not safe for Usenet downloading. You then claimed that ALL VPNs keep logs. You are unable to prove your assertions so you come up with another deflection.

A Super-Max prison for downloading a TV show? LOL. Perhaps there is a Super-Max nuthouse for you.

If you are only downloading, SSL is all you need. Usenet providers do not keep logs of downloads and SSL will prevent your ISP from inspecting your downloads.

<Insert extreme laughing here>

SSL is now known to be completely broken by the use of deep packet inspection and other techniques, and has been for a fairly long time. So any ISP that wishes to put the resources to bear on it, it's cracked.



If that were true, every Tom, Dick, and Harry would be hacking Bank websites and getting account information hand over fist. SSL has it flaws but it isn't "broken".

I thought the consensus was the certificate authorities were the real weak link in the SSL chain?

Also, isn't NZBget the only client that even bothers to scrutinize the certificate? I know it has a pretty exhaustive choice of cipher suites etc.

I thought the consensus was the certificate authorities were the real weak link in the SSL chain?


Uh... Yep.

What's interesting in all this back and forth, is that it goes along the same path as the same 'discussions' a year or two back. At that time, the main contention was ISP's that were either blocking or slowing down certain protocols (read: torrents) and perhaps a couple here and there usenet. Very few were talking about metadata collection, the sale (or free transfer) of that to or from whomever, for whatever purpose.

That, in fact, was the primary reason, when I switched from one provider (telco, Verizon DSL ir anyone really wants to know) to Comcast, which was well known in my corner of the country in being loose with their interpretation (if any) of so-called 'net neutrality' (or lack thereof).

So, now we're here in 2013, and the big question is Metadata. But gee, going to VPN's a few years back, to achieve some semblance of 'net neutrality', accomplished the denial of that already, two birds with one stone, so to speak.

The Big players' (from banks to internet companies to Microsoft) are getting ansy, really ansy, about internet privacy all of a sudden (see news just today). Wonder why....

My guess (just a guess!) as to 'Time' person of the year: Edward Snowden. Note I'm typing this well before the 'official' announcement.

I thought the consensus was the certificate authorities were the real weak link in the SSL chain?


Uh... Yep.

What's interesting in all this back and forth, is that it goes along the same path as the same 'discussions' a year or two back. At that time, the main contention was ISP's that were either blocking or slowing down certain protocols (read: torrents) and perhaps a couple here and there usenet. Very few were talking about metadata collection, the sale (or free transfer) of that to or from whomever, for whatever purpose.

That, in fact, was the primary reason, when I switched from one provider (telco, Verizon DSL ir anyone really wants to know) to Comcast, which was well known in my corner of the country in being loose with their interpretation (if any) of so-called 'net neutrality' (or lack thereof).

So, now we're here in 2013, and the big question is Metadata. But gee, going to VPN's a few years back, to achieve some semblance of 'net neutrality', accomplished the denial of that already, two birds with one stone, so to speak.

The Big players' (from banks to internet companies to Microsoft) are getting ansy, really ansy, about internet privacy all of a sudden (see news just today). Wonder why....

My guess (just a guess!) as to 'Time' person of the year: Edward Snowden. Note I'm typing this well before the 'official' announcement.

What's wrong with you? Do you have to fill some consummate fanboy snark quota or are you just filled with repressed rage? The OP just asked for some simple advice. Period. No reason for your garbage. Even when your replies are on point they are obfuscated by your nastiness. If you toned down the snark you might actually contribute something relevant to the forum rather than just have people ignore you.

What's wrong with you? Do you have to fill some consummate fanboy snark quota or are you just filled with repressed rage? The OP just asked for some simple advice. Period. No reason for your garbage. Even when your replies are on point they are obfuscated by your nastiness. If you toned down the snark you might actually contribute something relevant to the forum rather than just have people ignore you.

Stick around a while, your skin will thicken. This is barely scratching the surface of the snark around here. :blink:

I do actually appreciate the debate. After all, information like that is why most of us came to this forum in the first place. Honestly it's helped me to decide to go ahead and shell out for the VPN service. It's a small price for the added security. I'm just on the fence on which to go with at this point. PrivateInternetAccess looks to be decently priced, and reportedly keeps no logs at all. Any others you would suggest?

well yes SSL is broken for usenet in a way because no clients actually check the certificate, yes everyone keeps logs otherwise their network will be abused until it is unusable.

Does it matter? No, unless you are uploading copies of technical books sent to you for a review.

Once again, your ignorance of basic USA laws and regulations are breathtaking. So, you've never heard of or seen a thing called a NSL? (National Security Letter, primary part of the Patriot Act). Virtually every telecom provider in the US has been operating under the provisions of this act for close to 10 years now, REQUIRES that logs be keep of every 'transaction' that occurs over their system(s). If you don't, you will get forced out of business, and many have been.

Get your head out of your behind and get real.

Then why don't Usenet service providers keep track of downloads? Many have an American presence. There is little point in trying to reason with your tinfoil hard hat. They have bigger fish to fry than trying to bust some guy downloading a TV show.

I asked you about the requirements of VPNs. Most are not located in the states and I've yet to read a specific law that requires them to log. Are you saying that a VPN in Switzerland is required to follow US Patriot Act laws? LOL

I actually did hear from a lawyer a while ago that they are required to log traffic. Obviously different countries have different laws, and the laws aren't always followed, but the US does have treaties with other countries. I believe the Secret Service/FBI also have offices in just about every country to help making solving crimes in the US easier.