Can Commercial VPNs Really Protect Your Privacy?
from the it-depends dept
Nick Pearson is the founder of IVPN – a privacy-focused VPN service, and Electronic Frontier Foundation member.
As Techdirt readers are no-doubt well aware, online surveillance laws are undergoing a major revamp across the western world. From
Australia</a> to <a href="http://www.bigbrotherwatch.org.uk/home/2012/04/ccdp-what-we-know.html" target="_blank" rel="noopener">the
UK</a>, law enforcement agencies are
taking the opportunity to gain unprecedented powers over the
data they can monitor, and are blaming the crackdown on
everything from illegal file-sharing to terrorists. With western
nations becoming increasingly hostile toward the concept of
online anonymity, it's not unreasonable to suggest the use of
commercial VPNs will likely gain more traction (indeed, there's
already <a href="http://torrentfreak.com/six-strikes-boosts-demand-for-bittorrent-vpns-and-proxies-130311/" target="_blank" rel="noopener">some
evidence supporting this</a>). But can VPNs really safeguard
your privacy today and, in the future, what kind of protection
can you expect with the legal landscape changing so rapidly?
VPNs under fire
VPNs have come under serious scrutiny since mid-2011 after one of the leading services on the market played a pivotal role in the arrest
and prosecution of a member of hacker group Lulzsec</a>.
This kicked off the debate amongst filesharers and privacy
groups over whether VPNs offered any real protection to their
users at all. As TorrentFreak pointed out, many are <a href="http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/" target="_blank" rel="noopener">no
more
effective than a regular ISP</a> due
to self-imposed data retention policies.
It’s certainly true all VPNs have the ability to track users and log their data. Many do so because they don’t consider themselves privacy services and logging helps identify repeat DMCA infringers and quickly troubleshoot network issues. Others do so seemingly because of
a poor grasp of their country's laws</a>.
Of course, anyone concerned about privacy should not sign-up to a service that’s retaining data. Most privacy-orientated VPNs approach this issue by using a non-persistent log (stored in memory) on gateway servers that only stores a few minutes of activity (FIFO). That time window gives the ability to troubleshoot any connection problems that may appear, but after a few minutes no trace of activity is stored.
As you may know the EU’s Data Retention
Directive</a> came into effect in
2006, requiring “public communications services” to hold web
logs and email logs, amongst other data. IVPN, along with a
number of other EU based VPNs, believe our services are excluded
from this requirement and we do not abide by it. So far there's
been no cases we're aware of compelling VPNs to retain this
information. Indeed, from a user perspective, the presence or
absence of retention laws seem rather arbitrary, given how many
US-based VPNs willingly retain data, despite no
government-mandated policy being in place (<a href="http://news.cnet.com/8301-31921_3-20029423-281.html" target="_blank" rel="noopener">at
least
not yet</a>).
When law enforcement and VPNs collide…
So what happens if a law enforcement agency approaches a VPN, serves a a subpoena, and demands a the company trace an individual, based on the timestamp and the IP address of one of their servers? VPN services, like all businesses, are compelled to abide by the law. However, there is no way of complying with the authorities if the data they require does not exist.
One of the few ways law enforcement could identify an individual using a privacy service, without logs, is if they served the owners a gag order and demanded they start logging the traffic on a particular server they know their suspect is using. We would shut down our business before co-operating with such an order and any VPN serious about privacy would do the same. So unless law enforcement were to arrest the VPN owners on the spot, and recover their keys and password before they could react, your privacy would be protected.
A changing landscape…
But the biggest threat to VPN usage is the changing legal landscape. The waters around the issues presented by VPNs are still being tested and laws may indeed be amended in the future to prevent such services operating in certain jurisdictions. So how do you navigate all this?
In all honesty, there are no easy answers. Picking a host country based on their current laws isn’t going to help much in the long term. By far the best measure you can take is to choose a VPN that demonstrates a commitment to user privacy. Examine the company’s small print, or, better yet, contact the owners and ask them upfront how far they go to protect your personal data. Ensure the company is committed to keeping users informed of any emerging threats to its service and – before buying any lengthy subscription – make sure the VPN is willing to re-domicile should its host country change any relevant laws.
Filed Under: local laws, privacy, vpn
Comments on “Can Commercial VPNs Really Protect Your Privacy?”
Most VPNs will have a list of which countries make them retain data and for how long. It’s something everyone should look at for sure especially if they’re concerned about their privacy.
A VPN that holds your data for two years is pretty much the same as not using a VPN.
Re: Re:
It all depends on where the server is. They only have to obey the laws of whatever country a particular server is in. So, Prefect Privacy, for example, only has to obey Chinese laws, on their Chinese servers, and their Chinese servers are not subject to any US laws.
Re: Re:
You are correct, we always go with a no log vpn. I personally use boxpn (https://www.boxpn.com). They have NO LOG keeping policy to take privacy seriously.
Well I’m not an illegal activity user but still If I’m paying for a service I at least expect something more 🙂
Re: Re:
You are correct, we always go with a no log vpn. I personally use boxpn (https://www.boxpn.com). They have NO LOG keeping policy to take privacy seriously.
Well I’m not an illegal activity user but still If I’m paying for a service I at least expect something more 🙂
the whole point of a VPN service is to protect users anonymity. if a user specifically wants that and the service doesn’t do that, then the user should move providers. as user anonymity is the main reason for using a VPN service, what is the point of having it if it doesn’t protect users privacy? i am sure that VPN providers will be targeted very soon, simply because the USA entertainment industries dont like them. given how there is nothing more important to the USA government than doing whatever it takes to protect an early C20 business and helping it to remain as that, the VPN providers will be forced to keep all logs. that will mean a drastic loss of business and in a lot of cases. total collapse and shut down. that will bring more unemployment but it wont matter because, according to the bull shit reports put out by half-wits like Dodd, there are a gazillion people working in the movie industry who are losing their jobs every day because of ‘piracy’. if anyone here believes that, you are a bigger fucking idiot than Dodd!!
Re: Re:
Yeah, I’m certain copyright cartels will go after VPNs and even encryption in general at some point in the not so distant future.
But I don’t think that could could be difficult for them, as I mentioned in another post a few months ago, if they go after that what they need is to render it illegal to have administrative rights over your own computer,and that would make a pan-global treaty where China, Russia, the third world and the western world all bent over backwards in order to accomodate a rather small portion of the western industry.
Banning encryption or making it hard/impossible to use proxies/VPN is possible ONLY if a new standard is implemented globally where no person can be allowed to be administrator on their own computer.
Even trying is highly likely to harm or even remove a lot of business relying on VPN’s, cloud services and proxies from the market. If that happens, https has to go as well so say fare-thee-well to any service using encrypted login. Banks, amazon, online franchises, personal cloud storage, etc.
But knowing how stupid(?) the thugs at the MAFIAA are, I wouldn’t be surprised if they try to do that.
Re: Re: Re:
You have been following the whole HTML5 standard thing, right?
Re: Re: Re: Re:
You have been following the whole HTML5 standard thing, right?
I haven’t particularly. Why, what does that have to do with administrative rights, VPNs, and HTTPS?
Re: Re:
Can someone who has fooled so many into believing his wild and unsubstantiated lies really be classified as an idiot?
Re: Re: Re:
Re: Re: Re:
Yes.
They just have bigger idiots that are believers in what they say.
What does that say about many governments around the world?
Re: Re:
“the whole point of a VPN service is to protect users anonymity.”
Uh, no it’s not. It’s to set up an encrypted link between your machine and the server you’re connecting to.
Never once does a VPN imply protection of anonymity, but rather, protection of data.
I concur with the other post in this thread: expectation of privacy on the internet no longer exists.
For those who use the internet every day, “privacy” isn’t a concern. More people are worried their hidden personal information can be “hacked” on a site than they are about being tracked.
Hell, most are being tracked now thanks to ad cookies.
Re: Re: Re:
“expectation of privacy on the internet no longer exists.”
So the EFF, EPIC, and all the other privacy activist groups should just pack up bags and go home then? No one has expectations of privacy? Lets just roll in CISPA… sheesh
Re: Re: Re: Re:
How things should be and what really is are 2 different matters. I agree with Akari, that’s the way things really is. That doesn’t mean EFF, EPIC, etc, should “pack up and go sulk in the corner”. They’re the vanguards fighting for what things should be, and play important role if we are to have things really is closer to what it should be.
Re: Re: Re:
Speak for yourself. I use the internet every day, and privacy is in the top three of my concerns.
Re: Re: Re: Re:
I use the internet every day, and privacy is in the top three of my concerns.
What is it, porn, privacy, porn, or porn, porn, privacy, or what? 😉
Re: Re: Re:2 Re:
Ok, top four. porn, privacy, porn, porn, screen cleaners.
Re: Re:
I have been using VPNs for many years now. But I would never trust a VPN provider which is headquartered in the USA. And if all these US based providers will be forced to log user data or are forced to stop operations you should look for some offshore providers like yourprivatevpn or purevpn.
Re: Re: Re:
In general europe and most other countries have much worse data retention laws than the US.
The reality is that US providers are not forced to retain data. My lawyers tell me that we can not be forced to do so.
Re: Re:
Well piracy is definitely a bad thing. They wouldn’t be complaining if it didn’t affect their earnings. Piracy is bad. Imagine you made a software/ music/ movie/ book/ silly emoticon and persons were pirating your idea. Using your work for free, or even downloading it and earning money from your work.
Piracy is bad. But I do it anyway because I can’t do any better. I am not rich. But that doesn’t make it right.
There's no such thing as "privacy" OR "security"
“We would shut down our business before co-operating with such an order and any VPN serious about privacy would do the same.”
Frankly, I call BS. I’ll believe that statement when I see it happen. No one who has invested significant funds in a business or worse owes investors is going to shut down that business over a court order even if that order contradicts the very basis of the business.
“So unless law enforcement were to arrest the VPN owners on the spot, and recover their keys and password before they could react”
Which is exactly what they can do. You’ve obviously never been raided by the Secret Service or the FBI. They will kick your door down, point a 9mm firearm in your face, and tell you to stand still. And you will.
Anyone using a commercial VPN to conduct illegal business – without further methods for obfuscating their identity – is an idiot. Anyone using a commercial VPN to protect their privacy should realize that even if THEY are not subject to a government authorized raid, someone else on that server may be. And when that happens, their privacy is over.
I have a meme about security which goes like this:
You can haz better security, you can haz worse security. But you cannot haz “security”. There is no security, Deal.
The same applies to privacy. A VPN is merely a tool. Relying on any one tool to provide security or privacy is a fool’s game.
Re: There's no such thing as "privacy" OR "security"
http://i1.kym-cdn.com/photos/images/original/000/515/890/1e3.jpg
Re: There's no such thing as "privacy" OR "security"
To me it seems quite logical to shut down should they forced to give up a customers private information since they would loose all reputation anyway. Rather save face and startup somewhere else.
Re: Re: There's no such thing as "privacy" OR "security"
I’d hate to have a ‘loose’ reputation.
Re: There's no such thing as "privacy" OR "security"
“Which is exactly what they can do. You’ve obviously never been raided by the Secret Service or the FBI. They will kick your door down, point a 9mm firearm in your face, and tell you to stand still. And you will.”
I dunno, I think a company could quite easily set up systems to very quickly shut servers down in such an event. And I don’t think its the case that law enforcement always busts in with a 9mm, certainly not outside of the US. They never did that when twitter was refusing to hand over details of suspects.
But youre right. If you’re doing something seriously shady then relying on a single tool to provide security isnt smart.
Re: Re: There's no such thing as "privacy" OR "security"
If you’re doing something seriously shady then relying on a single tool to provide security isnt smart.
Bingo. In military and security terms, its referred to as ‘defense in depth’. Depending on how secure you want a system, you rely on multiple layers of security. Worried that a VPN is keeping logs on you? No problem, route your traffic through multiple VPNs – and change them regularly. Find an open proxy out on the internet and route through that, too. It’s just like using shell companies for legal games, but it’s tech, so can be automated and done much cheaper and faster. It’s not that hard to do, just requires some knowledge and planning.
Re: Re: Re: There's no such thing as "privacy" OR "security"
No problem, route your traffic through multiple VPNs – and change them regularly.
How do you do that? Do you set up one VPN connection, then once you’re connected, set up a second and it automatically goes through the first? I thought each VPN connection was separate, not nested.
Find an open proxy out on the internet and route through that, too.
A usable open proxy is harder to find than a flying pig. Seriously, I’ve searched for open proxies and they either outright don’t work, or they’re so slow that it takes several minutes just to load the Google home page, after it’s timed out 2-3 times.
Sure, there are a few free proxy services on the net which claim to hide your identity, but they’re only for simple web browsing and they’re so limited that you can’t even use most of them to post on forums.
Re: Re: Re:2 There's no such thing as "privacy" OR "security"
A single computer can use a single VPN at a time, you are correct. However, if you get a remote seedbox and route your traffic over the VPN to that seedbox and then from that seedbox you use a separate VPN to connect to yet another seedbox using a 3rd VPN you have your defense in depth.
Not trivial in setup or cost, but if you truly want defense in depth that shouldn’t be a concern.
Re: Re: Re:3 There's no such thing as "privacy" OR "security"
I wouldn’t say it’s costly really. VPS boxes are relatively cheap nowadays, so that could be one route. TOR is freely available as one type of proxy/vpn. There is also the Public VPN project: http://www.vpngate.net/en/about_overview.aspx. Setup is the real issue, as you would have to tweak default routes around, and the really paranoid would want to purchase anything in their own name. For most illegal purposes, I’m sure they would simply use hijacked C&C or webservers.
Re: Re: Re:2 There's no such thing as "privacy" OR "security"
You can absolutely tunnel VPN connections through other VPN connections, to any depth you wish. Each layer impacts performance, of course.
Re: There's no such thing as "privacy" OR "security"
I do not think that word means what you think it means.
Re: Re: There's no such thing as "privacy" OR "security"
I do not think that word means what you think it means.
Inconceivable!
Re: There's no such thing as "privacy" OR "security"
Nothing is foolproof, but some protection is better than none. A .32 isn’t exactly the best gun in the world, but I’d rather have that than no gun at all.
Re: There's no such thing as "privacy" OR "security"
I totally sgree, I have had over the last 4 months an invader that keeps sending me MULIPLE emails with ALL of the X’s in the corner of the page OFF the page so I cannot just close them or move them…and they are all in Korean or Chinese so I cannot read them and they are all sex related sites or at least look like they are. Normally when I get crap like this….I just resend it back to the sender and after a while they realize what is happening and finally stop sending it to me. BUT these are extremely puzzeling as they do not have a visisble ISP or a point of origin and are driving me nuts, I won’t send them to you unless you wish me as I have now opened about 12 of them and have them in an email…. but I sure wish I could find a simple answer “as my ISP” “SHAW” won’t help me as they say it is MY FAULT for recieving and opening this material…”BUT HOW Am I to know” as it just passed by their supposed security to. Let me know if your interested in seeing this stuff as I am extremely PO’d and will eventually find somone out there that IS smarter than these guys…
Thanks
God Bless
Freddy
It isn’t smart to EVER rely on a single tool to provide security. It is called defense in depth.
Re: Re:
It isn’t smart to EVER rely on a single tool to provide security. It is called defense in depth.
Nor is it smart to rely on the fact that you have multiple layers of defence unless you treat each layer as if it were the only one.
Re: Re:
One example is disabling Javascript and Active X. If Active X and/or Javascript are enabled, your real IP address could be read even if you are going through a proxy.
There cannot be a single solitary communication between human beings that the government cannot snoop on. That seems to be their position.
Who would’ve thought just a decade ago that security would become the single greatest threat to privacy on the internet?
Re: Re:
A decade? That’s funny. That’s like saying WW2 started at the Battle of Midway or on D-Day. 20 years ago we were already fighting the encryption wars. It was clear way back then. Do some research on the clipper chip, key escrow, and import/export controls. EFF and EPIC were founded on this stuff.
Re: Re: Re:
Yes, but it was nowhere near this widespread. It seems as though there’s a definite trade-off between security and privacy, yet is not privacy security?
Re: Re: Re: Re:
Er, no. Burglars, carjackers, pickpockets, et al victimize people they don’t know every day. Privacy is pretty much security through obscurity, which isn’t security.
Re: Re:
Pretty much everybody, that’s who.
Dunno, maybe it’s just me, but that sentence alone made the entire article feels like an advert.
Re: Re:
Came here to post this, so I’ll just agree.
But now ISP man-in-the-middle watches every byte.
) The ISP doesn’t have to trace you: KNOWS exactly who and where you are; signed up and gave ’em name and credit card #, remember?
) ISPs are now definitely unreliable if not hostile MITM, a key point that isn’t even mentioned here. It’s easily possible to log all your keystrokes: they may get passwords in plain text, or be able to deduce them in short order.
) Any activity from your end that starts in plain text, such as normal browser use, may be collected by the ISP, and eventually collated with Google queries and/or website visits; route obscured between known points doesn’t necessarily hinder the surveillance state.
) You don’t know that any given VPN or its software isn’t totally compromised, literally owned as a commercial front, by nat sec, from the start not just after a court order.
) Nor do you know whether your Windows or Apple OS aren’t actively backdoored, rendering VPN futile.
) (More for TOR) You don’t want to be exit node of criminal activity and be left holding the bag with just a lame story that you’ve no idea of the original IP.
And the grandiloquent claim of would shut down the biz to preserve privacy of one client is just baloney; I wouldn’t trust the biz that claims it.
Re: But now ISP man-in-the-middle watches every byte.
Except for the fact that someone who uses TOR in Europe was approached by the police, who promptly left him alone once they found out that he was running TOR and wasn’t the man that the authorities were after.
Nice try, but your writhing is useless. You’re willing to say that every VPN is compromised, but not the monitoring systems your heroes in the RIAA and MPAA use?
Re: But now ISP man-in-the-middle watches every byte.
) Any activity from your end that starts in plain text, such as normal browser use, may be collected by the ISP, and eventually collated with Google queries and/or website visits; route obscured between known points doesn’t necessarily hinder the surveillance state.
This is not quite true. Once you start your encrypted VPN tunnel all your ISP is aware of is the VPN server you are connected to. The data is encrypted and they have no way of knowing where your connection goes from there or what the data is aside from the volume.
You don’t know that any given VPN or its software isn’t totally compromised, literally owned as a commercial front, by nat sec, from the start not just after a court order.
Yes, it’s true that the VPN itself could be a honeypot. That’s is definitely something to be aware of. I don’t worry about the software on my side because I don’t use any specialized VPN software and use only the protocols supplied with Debian.
And the grandiloquent claim of would shut down the biz to preserve privacy of one client is just baloney; I wouldn’t trust the biz that claims it.
Bizarre statement, Blue. So you would trust the companies that are blatant about violating your privacy over the ones who claim to stand firm for your rights?
Interesting.
Re: But now ISP man-in-the-middle watches every byte.
“And the grandiloquent claim of would shut down the biz to preserve privacy of one client is just baloney; I wouldn’t trust the biz that claims it.”
So when companies like MarkMonitor are running around accusing people willy-nilly through six strikes, and then demanding subscriber’s bandwidth data, we don’t hear a peep from you. But the instant some guy promises to shut down his service should he be approached for subscriber data, that’s when you’re concerned about privacy?
Re: But now ISP man-in-the-middle watches every byte.
You don’t understand how computers work, do you? The ISP can “watch every byte” all it wants. With VPN, the data is encrypted before ISP even sees it.
Re: But now ISP man-in-the-middle watches every byte.
ISPs are now definitely unreliable if not hostile MITM, a key point that isn’t even mentioned here. It’s easily possible to log all your keystrokes: they may get passwords in plain text, or be able to deduce them in short order.
You think ISPs are installing keyloggers on their customers’ computers?
Re: But now ISP man-in-the-middle watches every byte.
When I signed up with my ISP, I didn’t have to give them any credit card info. Also, it is possible to sign up with a small-town ISP under an alias and other fake info (at least, it was years ago). It also helps to pay your bill in cash. 😉
Re: Re: But now ISP man-in-the-middle watches every byte.
That is fine if you have an older computer that can dial-up. Virtually all new computers cannot dial-up, because they cannot use a dial-up modem
That not withstanding, they can still trace the call to your phone.
Re: Re: Re: But now ISP man-in-the-middle watches every byte.
Yes, my computer is 10 years old and I have dial-up. Primitive, I know, but it works. When I need high-speed for downloading, I use a public access computer.
VPNs are not going to hand out your information unless they are required by law. So as you don’t do anything illegal, they should do quite a lot toward protecting your privacy. But don’t expect them to protect you against your crimes.
Re: Re:
This sounds a lot like “if you aren’t doing anything wrong, you don’t have anything to worry about.” Which is simply incorrect, as has been demonstrated repeatedly for pretty much as long as civilization has existed.
The need for strong privacy and encryption is independent of whether or not you’re engaging in criminal activities.
What if you’re saying things that are making the government, or powerful corporations, or your employer/landlord/etc. really angry? What if you are supporting an unpopular, but legal organization? And so on and so forth.
Can you trust VPN’s for privacy and security?
If the VPN is from a third party that you don’t personally know or have any relationship other than business.
No, you cannot trust that, they will and many actually do cooperate above and beyond with law enforcement.
Now if you set up your own VPN and know where it is and how the data goes from point A to point B than yes.
Here is a treat for the tinfoil crowd or for those wanting something to go with the popcorn.
http://www.zeropaid.com/news/103429/full-dotcom-spying-documents-released/
The documents about the planing and cooperation among law enforcement agencies was released and it appears that the New Zealand police knew they would be in trouble, they knew it was against their own laws, now that is some private crap that should not be protect ever.
NO THEY CAN'T unless paid cash
I think its gonna take a very public show of a privacy case, for the majority who care about anoniminity, to believe
“Hey, i trust this guy, he belives in the same things we do, not through words, but through actions”
Well, maybe not so articulate, but the gist of it, none the less
One will rise, or never come at all
Me, i hope one rises, to make this a public discussion, and thus hopefully, more people……givin a damn………the way it should be with everything
There is an article on invisibler, http://invisibler.com/lulzsec-and-hidemyass/ talking about this matter as well. The author of that article basically called “it’s a lie” for vpn providers promising 100% anonymity while pure anonymity hardly exists at all.
well then do what most people do if they require it and create a Private Network, not virtual, not even connected to the internet.
in other words the IP address of the computer on your private network are not available or accessible on the internet. Thousands of businesses use this, it uses some of the same hardware you use to get on the internet, but it is a private network, apart and disconnected to the network..
Do you think a banks national network that their staff uses is connected to the internet ?? or ATM machines ?
those systems are separate from the internet, and cannot be hacked from the internet, because they don’t exist there, they use privately leased dedicated data lines.
Plausible deniability.
touch “/etc/As long as this file exists, you may be assured we’ve not been issued a subpoena to retain VPN usage history”
When the subpoena arrives, rm …
Re: Plausible deniability.
When the subpoena arrives, rm …
A) rm is not going to cut it against forensic techniques
B) after the subpoena arrives is too late. You can go to jail for destruction of evidence at that point.
Re: Re: Plausible deniability.
That’s why we have encryption. As long as you’re not in Britain, they don’t get your encryption key.
That was just a suggested course. There’s far sneakier ways to implement it. “Your honour, I didn’t even login that day. How could I have destroyed evidence?” Well, via a cron shell script that checks whether you’ve “touch”ed that file less than 24 hr. ago and if not, deletes it.
Besides, it’s abundantly clear that judges and juries are utterly clueless about technical computing gibberish like this. Good luck educating that imbecile IQ level jury you picked, Mr. Prosecutor.
Re: Re: Plausible deniability.
I have 3 cleaning programs installed, and I use them after each and every use of my computer.
Short Answer: No
No commercial service provider can really protect your privacy, including VPNs. They all are subject to surveillance laws and the whims of their own management.
VPNs can be a huge help in safeguarding your privacy, but only if you don’t use a third-party VPN provider. They’re necessary anyway.
Reality of subpoenas
Having founded anonymizer.com in 1995 and being actively involved with it to the present day, I have some first hand experience with this issue. Our business and servers are all located in the US, so this may not apply in other countries.
Over the years the number of subpoenas we have received has varied significantly, but has never really been less than several per month. As we have no logging that would connect our users to their actions, we can’t be responsive to that kind of request. As a subscription service, we could be (and have been) asked if a given person is a customer, but that would not say anything about what they had done.
We have been asked to set up ongoing monitoring that would allow us to capture this kind of information, but we have declined, and no legal force has been brought to bear that could force us to do so.
The real problem is that your computer and browser are probably so well profiled, and full of tracking elements, that you are likely to be identified even while using a privacy VPN, unless you take significant additional steps.
Re: Reality of subpoenas
thanks for your response, the insights of people who actually use (or make) these tools is ALWAYS invaluable to us who know little about the subject…
to that end, do you have link/source for reasonable, affordable steps that can be taken to increase privacy and make surveillance more difficult for the ‘good’ (sic) guys ? ?? (and, yes, i will look up your s/w and website to both see what it does, as well as for additional info)
further, (even though you didn’t talk extensively about this) are there VPNs which are -relatively speaking- trustworthy in regards to either not tracking stuff, or that have a record of telling the kops, etc to go piss up a rope ? ? ?
thanks again for your insight…
art guerrilla
aka ann archy
eof
Re: Re: Reality of subpoenas
A good privacy oriented VPN is a good start. Obviously I am partial to Anonymizer.com. TOR can work well, but I worry that many node operators may be sniffing any and all traffic in the clear.
I suggest using virtualization. VMWare or Virtual Box can give you a disposable environment that you can reset after each use. That provides a lot of protection, in conjunction with the VPN.
As to trustworthy, it is hard to say. One can’t really prove a negative. Look at the privacy policies to see that they at least SAY they don’t keep logs. Then look for cases where users have been compromised. That almost always gets out. Hide My Ass was shown to keep logs when it lead to the arrest of a member of LulzSec.
I have written quite a bit about this on my blog http://www.theprivacyblog.com
Re: Re: Re: Reality of subpoenas
thanks again…
following up on info you provided…
art guerrilla
aka ann archy
eof
Yes if used correctly.
The trouble is that a VPN service operating, say, out of Europe could never be subject to US laws, as long as they obey European laws.
There are many reasons why business has left some countries and the lack of privacy is a large one. If a country does not respect even its own citizens privacy all complaints about lost GDP/business/trade is just whining. And if such records are required to do business then expect higher prices as it only adds to operational costs. (again driving business overseas)
Many times its impossible to collect such data as the volume makes it prohibitive. Its normal that a popular VPN generates 2-4 plus terrabytes a day.
The best way to keep data leaks from happening is not to keep it or collect it at all. Its the only way so much so that it would be nice to see legislation that ensures such (non) action. For now, even if it would be a form of civil disobedience, its probably best to randomize/anonymize posts in logs/blogs/bbs/forums were possible. (there are troubleshooting and maintenance concerns) It’s best to dispose of them before any errant court order demanded them because its worse to knowingly destroy evidence.
There are good exceptions like Wikipedia revision history. Its been great fun knowing who attempts revisionist history. To be honest it might be nice for Wikipedia to offer a corporation sponsored (not the front page but only a tab or button) page if the user wanted to click on it. I just love to read clashing viewpoints and when discovered they raise red flags and loud sirens of incongruity. (lies)
US (and potentially European) law has basically gone crazy with unavoidable felonies committed every day just for backing up data and other stupider things too. At the present conversion rate Jaywalking and parking tickets will soon be added to the death penalty also. Since copytight (right) law is broken almost every time a phone camera is clicked is hard to take them seriously especially when more law is broken just to send it to a friend.
Because of the above obvious legal abuse it makes warrants and gag orders a potential way to abuse law. In fact considering the silly drug laws and ridiculous copyright laws the law is starting to look lawless.
A VPN with a data retention policy of any time length beyond maintenance is as good as not having one at all. A legitimate VPN is becoming almost as normal as an Internet connection.
Clean every time when you turned on your pc will help to leave footprint to anyone and its free download from here http://www.piriform.com/ccleaner.
Also i suggest hidemyss vpn service because, they have more IPs than any other vpn providers read review here
http://www.cpmu.org/hidemyass/
More IP addresses != more privacy
More IP addresses in a privacy service does not lead to more privacy, in fact the opposite is true. Privacy is provided by the “anonymity group”, which is the number of other people who could have produced the traffic that you actually produced. The more people in your group, the better protected you are.
If everyone is coming from a single IP, it maximizes the anonymity group and the associated privacy.
The only advantage of more IP addresses is commercial large scale information harvesting. This is generally a very different kind of service.
Geographically diverse (but perhaps not numerous) IP addresses can be useful in bypassing location based access restrictions or pricing, but don’t impact privacy.
I absolutely agree that VPN can be a disaster. There are people out there who utilize computers to prey on children or commit horrendous crime that can prevent the authority to detect them. This case should be exempted from privacy rights. Any VPN company should be able to turnover the information to the authority, so no users like me ever get affected. These people don’t deserve privacy at all.
I use Internet for good purposes and I never committed crime that can cause problem in my community.
Re: Re:
Then they came for me—and there was no one left to speak for me. That is the problem with your assertions. In order for anyone to have a right to privacy everyone does. when privacy is taken away from a group it takes it away from the whole all too easily. I’ll be the one to say the child predators have the exact same privacy rights as us until convicted. Because if I don’t hen I won’t have those rights either. maybe not today or tomorrow but it will happen
VPN Services
You should always choose a reliable VPN provider that doesn’t track his client’s usage. You can search for the same on internet.
vpn
Goghost Personal VPN service. Connect your computer, laptop, smartphone and tablet to our VPN network to unblock websites and protect yourself from snoops
hidemyass vpn
i am recommend hidemyass vpn it’s best vpn service on the world …. i am use this service since 4 years .. it’s very helpful service and i am get comment from
http://www.hideipsoftwares.com/hide-my-ass-review