I've been out of the scene for far too long...
I used to use Newshosting, but back then they had 45 days binary retention and no SSL. :\
So my question is this: With the addition of the SSL encryption, would also using a VPN service be overkill?
OTL
BT Rep: +6
I've been out of the scene for far too long...
I used to use Newshosting, but back then they had 45 days binary retention and no SSL. :\
So my question is this: With the addition of the SSL encryption, would also using a VPN service be overkill?
If you are only downloading, SSL is all you need. Usenet providers do not keep logs of downloads and SSL will prevent your ISP from inspecting your downloads.
<Insert extreme laughing here>Originally Posted by user3240
SSL is now known to be completely broken by the use of deep packet inspection and other techniques, and has been for a fairly long time. So any ISP that wishes to put the resources to bear on it, it's cracked.
Plus, even if they don't, they know where the packets are going to (insert your favorite news server here) and can therefore know what you're doing. This includes web browsing and such, so that means that if you're using any searching service, they know that as well.
So utilizing a VPN service fills at least two goals, keep folks like Google AND your ISP off your trail, for either commercial purposes or more nefarious reasons. Utilize both SSL in conjunction with your VPN, and you're getting the best of both worlds. In my case, the small (one hop) distance between my VPN output port to either Astraeb (SF/SJ) or to Giganews (LA) are multi-gigabit links on major (non-ISP) transmission companies, like Level3.
The cost is fairly minimal, and just to keep my browser out of Goggle's greedy DPI algorithms (not to mention a certain cable ISP that starts with the letter 'C') is great (i.e., I've never had to deal with 'targeted' adverts an my email spam is about as close to zero as one can get).
Nobody in this day and age not using a VPN service of some kind is simply asking for trouble.
OTL
BT Rep: +6
Thanks for that!
We still install SSL certs for clients almost every day, so I imagine they must be just for the illusion of security on 443 connections at this point.
I definitely will look further into the VPN route. Do you have any suggestions on providers?
In a deep packet inspection, only the source and destination IPs and ports of the packets are known to the ISP. The data is fully encrypted. Nobody really cares. Downloading is not a criminal matter.
I use a VPN but that is no guarantee even if they don't keep logs. Example: Somebody is using the VPN to upload child porn. That's a serious criminal matter. The VPN owner could be raided, slapped with a gag order and the authorities could log it.
Nothing is impossible, but even if the SSL was cracked , it's not going to be used to prosecute Usenet downloaders.
Bottom line is, all (repeat: ALL) VPN providers log traffic. They have to either by law, or to simply protect themselves if a user/subscriber tries to become the next spam hub of the universe. The difference is, most don't sell that data to (insert GOOGLE or others here) to make more bucks.
The best way to go is via a s/w modified router, that way ALL traffic from your network can be protected without having to deal with clients on every machine or device (some of which you can't put a client on to begin with); with a good setup, you can 'toggle' between the VPN tunnel and a non-tunnel route if you wish.
A good company to look into (they partner with several providers) is:
http://www.sabaitechnology.com/
Low to High end setups. Many of the best/fastest are currently operating on FIOS systems around the country. I haven't run into any on 1Gbit as of yet, but that such a thin edge of the wedge that it's very slim number of potential users.
Hope no one minds if I just answer the basic question:
"With the addition of the SSL encryption, would also using a VPN service be overkill?"
Yes.
Use one or the other.
Using both is unnecessary and will most likely result in a large loss of speed.
Wrong on every account.
First, I have no loss of speed whatsoever. And this is with a 'last gen' setup (four years old at this point), not the newest or greatest or fastest. My hardware and VPN provider quite easily maxes out my current connection, which is a commercial 25m/25m. I hope (one can dream, right?) that I may move next year and get on fiber that stopped expanding right at 4 blocks from my current home. Thank you, Verizon/Frontier. Before I do, I'll upgrade my h/w to better/faster stuff (will be about a $600 upgrade).
So that is cowpucky, probably because poor VPN providers and even poorer folks keep repeating it.
Secondly, if you rely on SSL only, that means your ISP sees, at a minimum, every site you're connecting with. They gather that info and SELL it to all comers (or GIVE it to folks who are in the position to give them regulatory passes on things, like the GOVERNMENT). Just because they MAY not see the payload within it (but then again, they MAY), doesn't mean that they don't gather the METADATA (the sites you're connecting to and for how long and how much data transferred), and either pass on that data or SELL it.
That's the reason for VPN's. Nobody, my ISP and everyone between myself and the VPN outport, can't tell whom I'm connecting to or for how long or for how many bits/bytes. And if they don't know, then they can't SELL (or give) that information to whomever.
Most decent smartphones (my Android does) have built in VPN capability, and I can secure my mobile data as well. So both operators (wireline and wireless) don't get ANY internet metadata from me. Pound sand.
So you'll blithely give that metadata out to whomever.
>Bottom line is, all (repeat: ALL) VPN providers log traffic. They have to either by law, or to simply protect themselves if a user/subscriber tries to become the next spam hub of the universe. The difference is, most don't sell that data to (insert GOOGLE or others here) to make more bucks.<
BY LAW, they have to log? What countries have such laws. Not even the states have such laws. Many block port 25 to prevent common spam. They do not all keep logs. Before laughing at others, you might want to get your facts straight. Better yet, cite the laws of Western World countries that require logging.
>Just because they MAY not see the payload within it (but then again, they MAY)<
They may? Tell us how they can know for sure what you downloaded. I like how you hedged your bets. Can they see exactly what you downloaded? You said they MAY or MAY not! Either they can or they can NOT!
I think the OP is only concerned with his ISP KNOWING FOR SURE what was downloaded from Usenet. Therefore SSL is fine for that.
Last edited by user3240; 12-08-2013 at 10:41 AM.
Once again, your ignorance of basic USA laws and regulations are breathtaking. So, you've never heard of or seen a thing called a NSL? (National Security Letter, primary part of the Patriot Act). Virtually every telecom provider in the US has been operating under the provisions of this act for close to 10 years now, REQUIRES that logs be keep of every 'transaction' that occurs over their system(s). If you don't, you will get forced out of business, and many have been.
Get your head out of your behind and get real.
Posting Permissions
Reply With Quote
Bookmarks