VPN's

vbimport

#1

Has anyone had any experience with using a “VPN” which hides your IP Address to prevent malware and hacking. I don’t know much about it or if it is legal. Any info would be appreciated.
Thanks, Phil


#2

VPN’s are definitely legal and used by businesses all the time. Finding a secure one that keeps your identity safe is not simple however. Ars Technica did an article on this just recently: http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-in-2016/


#3

[QUOTE=ptfitzy;2776293]Has anyone had any experience with using a “VPN” which hides your IP Address to prevent malware and hacking. I don’t know much about it or if it is legal. Any info would be appreciated.
Thanks, Phil[/QUOTE]
This depends on what VPN operates in your location and what they offer in services. This can only be answered by the VPN themselves as to what services they sell or offer. There is nothing illegal to get a VPN-it is more based on what the VPN services consider illegal traffic on their bandwidth.


#4

[QUOTE=Kerry56;2776295]VPN’s are definitely legal and used by businesses all the time. Finding a secure one that keeps your identity safe is not simple however. Ars Technica did an article on this just recently: http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-in-2016/[/QUOTE]

Great article Kerry.


#5

Thanks for the info. It sounds like VPN’s don’t do much.
ptfitzy


#6

[QUOTE=ptfitzy;2776341]Thanks for the info. It sounds like VPN’s don’t do much.
ptfitzy[/QUOTE]

It really depend on usage. The article mostly discuss the FUD of it all, but concludes:

…after surveying the state of such offerings in 2016, there may only be one truly universal rule: What to look for in a VPN depends on what you’re using it for in the first place. A user looking for local network security has different needs than someone using a VPN for geoshifting, for example, so these decisions can get complicated fast. But being aware of the limitations of VPNs in general and knowing what specific weaknesses and pitfalls to avoid can at least help you make a more [I]informed [/I]complicated decision.
Thanks Kerry, I’ll second Alan, this really is an interesting article :flower:


#7

You should not use VPN’s for privacy or security. Read this.

Especially read this article where the VPN provider HideMyAss gave all the information the government asked for.

VPN’s are nice to gain access to services you are used to. You can use a VPN when you are on a public (thus very hostile) network. For that purpose VPN’s are awesome.

And you can make your own free VPN very very easy. Configuring and hardening it will take several days, but it’s worth the time.

I have my own OpenVPN access server at home. I use a free personal official worldwide recognized 4096 bitsStartSSL certificate for the website. My website has a A- score on the famous SSL Labs test website. You should test this at least twice a year.

OpenVPN comes with free client access software for most mobile devices and a lot of operating systems. Therefore i can use my VPN practically anywhere in the world where internet access is available to me.

For free. And as safe as your home connection. (Which may not be very safe, but that’s up to you and your provider).


#8

[QUOTE=Mr. Belvedere;2776346]You should not use VPN’s for privacy or security. Read this.

Especially read this article where the VPN provider HideMyAss gave all the information the government asked for.

VPN’s are nice to gain access to services you are used to. You can use a VPN when you are on a public (thus very hostile) network. For that purpose VPN’s are awesome.

And you can make your own free VPN very very easy. Configuring and hardening it will take several days, but it’s worth the time.

I have my own OpenVPN access server at home. I use a free personal official worldwide recognized 4096 bitsStartSSL certificate for the website. My website has a A- score on the famous SSL Labs test website. You should test this at least twice a year.

OpenVPN comes with free client access software for most mobile devices and a lot of operating systems. Therefore i can use my VPN practically anywhere in the world where internet access is available to me.

For free. And as safe as your home connection. (Which may not be very safe, but that’s up to you and your provider).[/QUOTE]

The picture is getting very complicated, true as stated. The same goes for hosting your own server which by far is the cheaper solution when in hostile environments. Then you got Tor which was also compromised by a few bad exit nodes a while back.

Still this is international politics based on what you do from where. I do agree that you should not VPN your network as a whole, you should VPN one computer/node, no more as you are a product of all your activities combined out here.
Then you should also check Mutual Legal Assistance Treaty for a sneak peak of what, where and how to go about it.

There are no shortcuts for knowledge in this game, only forever learning and while I agree to some of the FUD - there are views that trespasses well into paranoia :flower:


#9

[QUOTE=Xercus;2776352]

Then you should also check Mutual Legal Assistance Treaty for a sneak peak of what, where and how to go about it.[/QUOTE]
Weird. Both internet explorer and firefox reported this site as having a bad ssl certificate.
Ah, i see… the certificate is without the www part.

Seems i’m perfectly safe in … congo… or niger … yeah… no thanks … mali… nope … not gonna happen.


#10

Well its all got to true, its on the internet right? Bonjour. :bigsmile::bigsmile::bigsmile:


#11

[QUOTE=Mr. Belvedere;2776354]Weird. Both internet explorer and firefox reported this site as having a bad ssl certificate.
Ah, i see… the certificate is without the www part.

Seems i’m perfectly safe in … congo… or niger … yeah… no thanks … mali… nope … not gonna happen.[/QUOTE]

Sorry :o, the link was written, not copied, the correct is MLAT. What we choose to do as an individual will always be down to personal preference and choice out here :iagree:

Even if a MLAT exist between two countries, it is a question of what is considered illegal in various countries. One example is the Russian equivalent of FaceBook where VK users shares videos which the US views as a copyright issue, but is viewed as sharing culture there. When VK was sued by the leading Russian TV-channel, the court ruled in favor of VK, noting the website could not be held responsible for the individual user’s content.

Checking MLATs is the first step, then we must check into what the MLAT contains and how it has worked in the past. On the other side, even if an MLAT does not exist, it does not mean that the other country will not hand over info, hence the need for knowledge in every decision.


#12

One thing to beware of is that some VPNs can make the PC/device more vulnerable to incoming attacks that normally are blocked by most NAT routers and hardware firewalls.

For example, HMA’s VPN service assigns a public IP address to the connected device with most of its servers. This means that even if the NAT router does not have any ports forwarded or even if the ISP operates a carrier grade NAT, the VPN connection itself will allow incoming connections to the public IP address it assigned for the VPN connection.

I have been able to test this by setting up a virtual PC with a web server that allows web access and connecting to HMA. The PC running the virtual PC was connected to the web with a 3G connection. With my laptop connected to my home DSL connection, I entered the public IP address HMA assigned into Firefox and up came the test webpage I placed on the web server. Once I disconnected the VPN, I could no longer load the webpage, but once I reconnected the VPN and entered the new IP address HMA assigned, up came the webpage again.

So for anyone planning on signing up to a VPN service, check whether they allow incoming connections as no amount/level of firewall protection between the PC’s network port and the web and will do much good if the VPN connection circumvents it all. :wink:


#13

[QUOTE=Seán;2776550]One thing to beware of is that some VPNs can make the PC/device more vulnerable to incoming attacks that normally are blocked by most NAT routers and hardware firewalls.

For example, HMA’s VPN service assigns a public IP address to the connected device with most of its servers. This means that even if the NAT router does not have any ports forwarded or even if the ISP operates a carrier grade NAT, the VPN connection itself will allow incoming connections to the public IP address it assigned for the VPN connection.

I have been able to test this by setting up a virtual PC with a web server that allows web access and connecting to HMA. The PC running the virtual PC was connected to the web with a 3G connection. With my laptop connected to my home DSL connection, I entered the public IP address HMA assigned into Firefox and up came the test webpage I placed on the web server. Once I disconnected the VPN, I could no longer load the webpage, but once I reconnected the VPN and entered the new IP address HMA assigned, up came the webpage again.

So for anyone planning on signing up to a VPN service, check whether they allow incoming connections as no amount/level of firewall protection between the PC’s network port and the web and will do much good if the VPN connection circumvents it all. ;)[/QUOTE]

When and if I want to be anonymous I use Tails based on Debian GNU/Linux. Its a full Operating System, and its totally anonymous. All you need is a USB stick and you are in. Best of all the Operating system is totally free.


#14

[QUOTE=alan1476;2776558]When and if I want to be anonymous I use Tails based on Debian GNU/Linux. Its a full Operating System, and its totally anonymous. All you need is a USB stick and you are in. Best of all the Operating system is totally free.[/QUOTE]

TOR on steroids, installed v2.0 as a VM in January, but only took it for one or two spins and forgot about it. Installing v2.4 now / thanks for reminding me :wink:


#15

[QUOTE=Xercus;2776562]TOR on steroids, installed v2.0 as a VM in January, but only took it for one or two spins and forgot about it. Installing v2.4 now / thanks for reminding me ;)[/QUOTE]

I would like to know your opinion on whether this is a secure internet option? I think it is.


#16

I think you’re right Alan :slight_smile:

I have to admit that this version looks really good and while I have not had too much time to play around with it, this message is written using it :flower:
I was fooled by the ‘so called’ VM download though as that is no installer, but a live CD and so it has to get the usual treatment… ISO->USB->VHD->VMDK just like I did with 2.0 (could just as well have downloaded the USB version and saved a step).
I’ve tested a few malicious sites already to see how it would react, but so far not any fun stuff happening (I’m all in for destruction) :wink:
I’ll get on with a proper install tomorrow and do some serious testing on privacy issues if any and should return with a separate thread in a day or three depending on how it goes.

Until then, it looks very good to start off with :flower:


#17

[QUOTE=Xercus;2776572]I think you’re right Alan :slight_smile:

I have to admit that this version looks really good and while I have not had too much time to play around with it, this message is written using it :flower:
I was fooled by the ‘so called’ VM download though as that is no installer, but a live CD and so it has to get the usual treatment… ISO->USB->VHD->VMDK just like I did with 2.0 (could just as well have downloaded the USB version and saved a step).
I’ve tested a few malicious sites already to see how it would react, but so far not any fun stuff happening (I’m all in for destruction) :wink:
I’ll get on with a proper install tomorrow and do some serious testing on privacy issues if any and should return with a separate thread in a day or three depending on how it goes.

Until then, it looks very good to start off with :flower:[/QUOTE] I am going to do the same thing with V2.4 and we will compare notes.


#18

[QUOTE=Seán;2776550]So for anyone planning on signing up to a VPN service, check whether they allow incoming connections as no amount/level of firewall protection between the PC’s network port and the web and will do much good if the VPN connection circumvents it all. ;)[/QUOTE]

Totally true. This is also why some malware programmers hopped on the TeamViewer train to inject crypto viruses.

It’s also one of the reasons to run my own server, since i can kinda trust myself more than all other people and companies. Other reasons include educating myself about SSL/TLS and ciphers, setting up fully automated vm’s, trying what i can do on a network and what i can’t, etc. etc.


#19

[QUOTE=alan1476;2776576]I am going to do the same thing with V2.4 and we will compare notes.[/QUOTE]

I think I’ll skip Alan. I’ve done many tests, but to even offer a ‘Virtual Machine’ download for this is just a joke. They mention VirtualBox with ‘Shared folder’ which is a security threat in it self, which they mention (I use VirtualBox on my control-center only to run various trusted old programs and not to connect to the outside world)

[ul]
[li]It will not support VMWare Workstation’s VNC connect without me logging on to the host system and activate the mouse in the screen first. Unnecessary complicated :rolleyes:[/li][li]It will not let you configure persistent storage as it complains about not being run from a USB disk even if another USB has been exclusively assigned to the virtual machine along with a small dedicated harddrive :([/li][li]The way I have been able to get it to work is to configure a Debian 8 machine and attach the converted USB disk to it, then hook up the finished boot USB to it an boot from that, now that’s VM-support :confused:[/li][/ul]
So in other words, I’ll await further development and a real VM download before testing further. The finished USB stays in my toolbox but I hardly ever boot from such devices apart from demonstration and so it will not be often enough… I have my own PE harddrive for my booting needs :iagree:
While I do not remember, it may as well have been the cause why I stopped using it in January.

I have tested the USB on 5 different laptops (Dell, Hp, Acer, Lenovo) and it supports even wireless in all of them and so as a live boot from USB it is great :flower:


#20

I wonder what I am doing differently that makes it so easy? Its my only way to enter a part of the .net that I know of.