Jump to content
Displayed prices are for multiple nights. Check the site for price per night. I see hostels starting at 200b/day and hotels from 500b/day on agoda.

"Which VPN Providers Really Take Anonymity Seriously?" - good article


Recommended Posts

A good article worth the read

 

Last month it became apparent that not all VPN providers live up to their marketing after an alleged member of Lulzsec was tracked down after using a supposedly anonymous service from HideMyAss. We wanted to know which VPN providers take privacy extremely seriously so we asked many of the leading providers two very straightforward questions. Their responses will be of interest to anyone concerned with anonymity issues.

 

http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/

Link to post
Share on other sites

A VPN has an IP address. If they want to track you, they will track you. These Anyonymous and Lulzsec groups, they did stuff that the very top people WANTED to track them. So they did. It's not easy to track this sort of thing, but it is NEVER impossible.

 

If you want to be anyonymous, get the hell off the Internet. Now.

 

.

  • Upvote 2
Link to post
Share on other sites

Most of my customers are very security conscience where it comes to their internet identity, and that has forced me to learn quite a bit about how proxies and VPNs work, how they are run, etc.

 

The long and the short of it is that if you commit a crime on the internet, no public VPN provider will keep you safe. Period.

 

Even the VPN providers in 3rd world countries that do not keep logs can be gotten around. THEIR isp will have logs, and those logs can be used with timestamps to find you.

 

That said, if you are not committing a crime but want your identity to be kept private, there are ways. One of the better ones is HideMyAss.com - a good 50% of my customers use that one, and I have very good reports about it. They will not hide info from Law Enforcement, but do not divulge info to anybody else. Moderate spam is permitted as well. For heavy spam, better to go for SquidProxies - they do not care about spam at all, but you are very easy to track with a proxy, as your original IP address is usually embedded in the headers of every request under the header "X-FORWARDED-FOR".

 

If you want real protection, throw some money in a throwaway Visa card (the anonymous type) and order a VPS server from a russian provider... there are dozens of them for about $30 a month. Get a techie to set you up a VPN tunnel thru that VPS. The traffic will be tracked to the VPS easily enough, but its not likely to get any further than that. Its still not fool proof... the russian VPS provider may log your login attempts to the VPS... tho being a VPS provider myself, I think thats unlikely. I do not monitor the IPs my customers use to sign in to their VPS via tunnels... only the IP used to register and pay for the service or RDP (Remote Desktop) connections.. You can do that part from a internet cafe, then just use the VPN tunnel from your home or office computer. Still not foolproof, but it would take a very very good tech and a shitload of cooperation between different companies to track you down.

Link to post
Share on other sites

HideMyAss doesn't sound like good option based on the other article

 

HideMyAss (HMA) keep logs and as a UK company when given a court order to cough up information, they do so. After matching timestamps to IP addresses, in the blink of an eye Luzlsec member ‘Recursion’ became 23-year-old Cody Kretsinger from Phoenix. The FBI had their man.

 

http://torrentfreak.com/vpn-providers-mull-fraudster-database-in-wake-of-lulzec-fiasco-111006/

 

These articles are interesting also from their deep comment threads.

Link to post
Share on other sites

HideMyAss doesn't sound like good option based on the other article

 

You're ignoring the basic point - if you think you can hide illegal activities on the Net, you're wrong. If you want to keep your regular activities confidential, then HMA is quite good. Even Frosty's throwaway accounts and throwaway Visa cards and throwaway computers (he forgot to mention that; using cybercafes and business centres) won't HIDE you if "they" want to track you.

 

.

  • Upvote 2
Link to post
Share on other sites
  • 1 month later...

You're ignoring the basic point - if you think you can hide illegal activities on the Net, you're wrong. If you want to keep your regular activities confidential, then HMA is quite good. Even Frosty's throwaway accounts and throwaway Visa cards and throwaway computers (he forgot to mention that; using cybercafes and business centres) won't HIDE you if "they" want to track you.

 

.

 

You can infact hide everything on the net if you know how! You need to be a techy/hacker to understand how. as far tracking you down goes they have to start with the endpoint ip address and can track you back to your computer not just your isp. if the track it back the vpn, they can't logs that never existed, they can sapeana the info but that don't matter. The fbi can not force a vpn that operates in another country to give up anything. mostly people get caught becuase they make a mistake not becuase the fbi always get there guy. becuase when it comes to tech mostly there are bunch of bozos, and tracking of outlaws is done by another hacker, then people get caught.

Link to post
Share on other sites

You can infact hide everything on the net if you know how! You need to be a techy/hacker to understand how. as far tracking you down goes they have to start with the endpoint ip address and can track you back to your computer not just your isp. if the track it back the vpn, they can't logs that never existed, they can sapeana the info but that don't matter. The fbi can not force a vpn that operates in another country to give up anything. mostly people get caught becuase they make a mistake not becuase the fbi always get there guy. becuase when it comes to tech mostly there are bunch of bozos, and tracking of outlaws is done by another hacker, then people get caught.

 

I'm sorry, but thats one of the stupidest things I have ever read.

 

Sure, there are some fairly gifted hackers out there... But to suggest that the FBI does not have techies that are just as smart and just as talented is just stupid.

 

On top of that... I challenge you to name one - ONLY one - VPN or proxy provider or lets make this easy - a VPN/Proxy provider OR any other method you can think of, that would keep your connection private from law enforcement. Only one.

 

I have been in the IT industry for many years, and count myself as a expert in TCP/IP communications... and I cannot think of any way that would be foolproof.

 

As to the FBI not having power to get the info they want... thats just as dumb. Just about every country in the world (with very very few exceptions) have policies in place to deal with international information requests from law enforcement. In most cases, the request to the ISP does not come from the FBI - it comes from that countries government, security service or whatever they have. Thailand for instance has the Ministry of Information - which will share info with the USA quickly and easily when needed.

 

The long and the short of it is: if you do something illegal online, there WILL be logs that can point right to you. Those logs may or may not ever be looked at.. but they will exist.

 

Here's a little thought to keep you busy. Lets say you open a VPN tunnel from Thailand to Russia, then do something illegal to a computer in the USA.

 

In order to establish the VPN tunnel your computer must make a request across many routers... for me for instance to hit Moscow its 23 routers. Then from Russia to the USA its an additional number - tho less, probably 10 or so. Thats 30 different computers that can potentially log a footprint of your traffic.

 

After the VPN tunnel is established most routers cannot read the data being transferred, but they CAN read the fact that it was transferred, where it came from and where its destination was. Even if the VPN logs at the VPN provider were deleted, the ISP of the VPN provider could use timestamps to check their logs. And the international carrier could do the same. Its a lot of work, but its not very hard work.

 

Its stupid to think that you can get away with anything on the internet these days.

 

Use your friends computer. Much better that way :D

  • Upvote 1
Link to post
Share on other sites

You can infact hide everything on the net if you know how! You need to be a techy/hacker to understand how.

 

Tell it to the Anonymous guys eating at the Greybar Hotel. Tell it to Kevin Mitnick. Tell it to the Stuxnet uploaders.

 

Your claims are quite fantastical. Literally. You can hide everything you do on the net - in your dreams.

 

.

  • Upvote 1
Link to post
Share on other sites

I'm sorry, but thats one of the stupidest things I have ever read.

 

Sure, there are some fairly gifted hackers out there... But to suggest that the FBI does not have techies that are just as smart and just as talented is just stupid.

 

On top of that... I challenge you to name one - ONLY one - VPN or proxy provider or lets make this easy - a VPN/Proxy provider OR any other method you can think of, that would keep your connection private from law enforcement. Only one.

 

I have been in the IT industry for many years, and count myself as a expert in TCP/IP communications... and I cannot think of any way that would be foolproof.

 

As to the FBI not having power to get the info they want... thats just as dumb. Just about every country in the world (with very very few exceptions) have policies in place to deal with international information requests from law enforcement. In most cases, the request to the ISP does not come from the FBI - it comes from that countries government, security service or whatever they have. Thailand for instance has the Ministry of Information - which will share info with the USA quickly and easily when needed.

 

The long and the short of it is: if you do something illegal online, there WILL be logs that can point right to you. Those logs may or may not ever be looked at.. but they will exist.

 

Here's a little thought to keep you busy. Lets say you open a VPN tunnel from Thailand to Russia, then do something illegal to a computer in the USA.

 

In order to establish the VPN tunnel your computer must make a request across many routers... for me for instance to hit Moscow its 23 routers. Then from Russia to the USA its an additional number - tho less, probably 10 or so. Thats 30 different computers that can potentially log a footprint of your traffic.

 

After the VPN tunnel is established most routers cannot read the data being transferred, but they CAN read the fact that it was transferred, where it came from and where its destination was. Even if the VPN logs at the VPN provider were deleted, the ISP of the VPN provider could use timestamps to check their logs. And the international carrier could do the same. Its a lot of work, but its not very hard work.

 

Its stupid to think that you can get away with anything on the internet these days.

 

Use your friends computer. Much better that way :D

a hacker wouldn't use a vpn provider anyways, as far as the fbi goes they hire hackers to track down hackers but these people are former hackers. I am not going to spend a lot time on this subject but only to say that the better hacker is the one that wins. you might be right about thailand but not all coutries cooperate with the u.s. others do sometimes. that all depends on current politics. FBI is not infallable, they have had very public defeats.

Link to post
Share on other sites

Tell it to the Anonymous guys eating at the Greybar Hotel. Tell it to Kevin Mitnick. Tell it to the Stuxnet uploaders.

 

Your claims are quite fantastical. Literally. You can hide everything you do on the net - in your dreams.

 

.

 

I said if you knew how, what your you can hide your doing. the answer isn't subscribing to some service unless you want to be caught. kevin mitnick is the one the most famous hackers that got caught. your claims are equally fantastical as you put it. your saying that if I commit a crime on the internet that i have 100% chance being arrested, no law enforcement agency is this effective

Link to post
Share on other sites

Some guys have seen too many Hollywood films where some kid hacks into the secure network, fingers flashing over the keyboard and the clock ticking.

My neighbours seem to think the same of their geeky son, and I said if he can hack into my wireless network before tomorrow I will believe them.

Of course I just turned it off.

  • Upvote 1
Link to post
Share on other sites

I said if you knew how, what your you can hide your doing. the answer isn't subscribing to some service unless you want to be caught. kevin mitnick is the one the most famous hackers that got caught. your claims are equally fantastical as you put it.

 

You CAN NOT hide your presence or what you have done on the Internet.

 

your saying that if I commit a crime on the internet that i have 100% chance being arrested, no law enforcement agency is this effective

 

Is there some reason you didn't quote me saying that?

 

Answer: Yes, there's an excellent reason. Because I didn't say it.

 

Since you're posting here about how it's so easy to not get caught, it's obvious you aren't important enough to look for. If you ever are, you will be found out. If you're going to do something really, really bad, my advice would be to do it in "real life". If you do it on, or through the Net, you're just making it easy for them.

 

.

  • Upvote 1
Link to post
Share on other sites

Some guys have seen too many Hollywood films where some kid hacks into the secure network, fingers flashing over the keyboard and the clock ticking.

 

The typing is what gets me. In Hollywood, you have to type about the equivalent of this post to do what I already do with a mouse click or a hot key.

"Open the gate!"

"Yes sir"

clickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clickety

 

"Gates's open!"

"Start the coffee maker!"

 

clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clicketyclickety clickety

 

"10 minutes to hot latte, sir!"

 

.

Link to post
Share on other sites

I work in the business as well (don't necessarily claim to have ff's TCP/IP expertise), and it's just a given that practically speaking (if not absolutely) anonymity, like security, is a relative term on the Internet. Yes, like security, it can amount to a battle of resources (in other words, how well you cover your tracks vs how badly they want you), but the lengths to which an individual would have to go to hide himself from a determined enforcement effort would be beyond the means of anyone short of being state-sponsored (in which case there'd be no govt reciprocity or cooperation). So, if you're into, say, child porn - they'll find you. If you're disseminating classified govt docs - it depends (on the governments that might be involved), but you'd better be in a country with no extradition treaties... If you're operating a large-scale online criminal enterprise - once they decide they want you and are able to identify and allocate the needed resources, they'll get at least some of you. If you're just trying to hide online activity from you wife's divorce attorneys or a discovery order - if you're willing to do what it takes and aren't too big a fish you MIGHT get away with it (although the consequences of failure may be some hard time...).

 

It's a question of staying beneath the radar, not of having access to some bullet-proof technology that will keep you concealed no matter what.

Edited by tomcat76
Link to post
Share on other sites

On top of that... I challenge you to name one - ONLY one - VPN or proxy provider or lets make this easy - a VPN/Proxy provider OR any other method you can think of, that would keep your connection private from law enforcement. Only one.

 

I have been in the IT industry for many years, and count myself as a expert in TCP/IP communications... and I cannot think of any way that would be foolproof.

 

 

IP cloning.

 

Google it.

Link to post
Share on other sites

IP cloning.

 

That just means they have one additional step to narrow it down from two suspects instead of one. You might have said "be born as a twin," same thing. Or "steal a set of licence plates". Spoofing and IP hiding and cloning are pretty standard hacker tools.

 

.

Link to post
Share on other sites

That just means they have one additional step to narrow it down from two suspects instead of one. You might have said "be born as a twin," same thing. Or "steal a set of licence plates". Spoofing and IP hiding and cloning are pretty standard hacker tools.

 

.

 

I like the direction Frosty was going in..use a friend's computer. But, to take it another step, use a free wifi provider .. a coffee shop, a bar (like FLB), somewhere where you don't have to register your id.

 

That at least adds a little footwork to the chase for them to find out who was piggybacking on their signal.

 

Oh, and it doesn't require a high-tech solution either.

Link to post
Share on other sites

I like the direction Frosty was going in..use a friend's computer. But, to take it another step, use a free wifi provider .. a coffee shop, a bar (like FLB), somewhere where you don't have to register your id.

 

Now you're getting' somewhere! There have been more than a couple of promising leads that ended in a Peshawar cyber shop.Plus encryption of course, which is cheap and easy. *People* make an error by getting into a habit. Somewere around 10 out of 9 people who use a Pattaya Starbucks for their "private" Net activities would be found because they keep using the same one or two of them - 500 baht to the staff, and they call the nice police the next time you go in. If you're trying to beat the CIA, you'd better fly to Hat Yai, use one Starbucks one time and get back. Next time, don't fly but drive to Phuket and ditto. But they'll trace you to the Starbucks easily enough, and they'll get all the records of what you did there and who you emailed or where you uploaded files or whatever. After that it's not cyber tag at all, you're just another human fugitive on the run. Computers don't commit crimes, they're just evidence.

 

But again, it depends on the enormity of the crime. The fact *of* Net activity is fairly easy. Then tracing it to the origin is *reasonably* easy. After that, it's more like regular detective work. If necessary, they go to the cyber shop and, um, conduct inquiries.

 

There's a bit on this in the 9/11 Commission report, on the bin Laden folk using Net commo. And the (fairly) recent Russian spy network in the US was almost *all* on the Internet. That was their downfall, not because the Americans traced it all back to Moscow (which they did) but US agents convinced a couple of the Russians that they were high qualified repair people who could fix their broken laptops. After that, it was just gathering evidence until time to wrap it up.

 

.

  • Upvote 1
Link to post
Share on other sites

Now you're getting' somewhere! There have been more than a couple of promising leads that ended in a Peshawar cyber shop.Plus encryption of course, which is cheap and easy. *People* make an error by getting into a habit. Somewere around 10 out of 9 people who use a Pattaya Starbucks for their "private" Net activities would be found because they keep using the same one or two of them - 500 baht to the staff, and they call the nice police the next time you go in.

well, of course, if you are carrying on criminal activities on the internet, you have to be somewhat circumspect about where you are jacking into. But, lots of places have virtually public wifi access, and you don't even have to be a customer of the place to connect.

 

If you are really concerned, then move around. It stands to reason. IP addresses are easy to get and use when so many businesses are providing free internet. Why bother with vpns from your own home?

Link to post
Share on other sites

well, of course, if you are carrying on criminal activities on the internet, you have to be somewhat circumspect about where you are jacking into.

 

Isn't that the subject? Why else would a person want total, guaranteed anonymity from the forces who tracked Lulzsec? I don't think we're talking about hiding surfing tracks from the missus here. You don't want total security against joint US-European-Asian security agencies because you looked at a pr0n site.

 

.

Link to post
Share on other sites

Isn't that the subject? Why else would a person want total, guaranteed anonymity from the forces who tracked Lulzsec? I don't think we're talking about hiding surfing tracks from the missus here. You don't want total security against joint US-European-Asian security agencies because you looked at a pr0n site.

 

.

 

Oh, pardon me. I only read the OP as the topic. I was not aware that total anonymity because of criminal activities was the obvious subject.

 

As someone who vocally values their privacy, I would think the subject would be of importance to you as well. Are you only engaging in criminal activities?

Link to post
Share on other sites

Oh, pardon me. I only read the OP as the topic. I was not aware that total anonymity because of criminal activities was the obvious subject.

 

As someone who vocally values their privacy, I would think the subject would be of importance to you as well. Are you only engaging in criminal activities?

 

Fair go, but anonymity for surfing on Net forums is a far, far different thing than *total* anonymity. I have no misconceptions about *how* anonymous I am. There's a big difference between "anybody can find out who you are" (they can't) and "there isn't anybody who can find out who you are" (there is). It all depends on who wants you identified. If "they" want you, then "they" will identify you Net-wise. Which implies you've done something pretty naughty.

 

I can't see that you would be striving for *total* anonymity without you'd done something naughty. I think you're entitled to do it, don't get me wrong about that, but it's a hell of a lot of work, and hardly worth it for what we do.

 

Anyhow. This is kind of the other side of the issue in a way, about how companies can protect themselves from hacking, but it has a few points. This one is pretty relevant and discusses the extremely silly myth that you can click a button and be secure. It's very related to the OP, which suggested that a VPN should (or can) keep you *totally* anonymous.

 

Top 10 Dumb Computer Security Notions and Myths

One Tool to Defend Them All

Pick the security technology, and there's someone out there convinced that it is the cure-all and the only thing needed for security utopia. It doesn't exist. While there are excellent antivirus, intrusion prevention, network monitoring and forensics tools available, none of them can do everything. Security tools are specialized, and there is no silver bullet. Focus on layered security, not a one-size-fits-all approach.

 

.

  • Upvote 1
Link to post
Share on other sites

I like the direction Frosty was going in..use a friend's computer. But, to take it another step, use a free wifi provider .. a coffee shop, a bar (like FLB), somewhere where you don't have to register your id.

 

That at least adds a little footwork to the chase for them to find out who was piggybacking on their signal.

 

Oh, and it doesn't require a high-tech solution either.

 

 

'Not sure whether this will persuade anyone one way or the other concerning the use of free wife providers, but for what it's worth...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...