Jump to content
Not connected, Your IP: 18.206.14.135
Sign in to follow this  
Quallian

There is no such thing as perfect privacy

Recommended Posts

This is a recollection of my attempts (and failures) in getting an anonymous VPN service. I thought others may find this useful as when I first started this there were no general information on this topic that I could find.

 

1. Picking a VPN service

 

There are a ton of different providers that sell VPN as a service, finding the truly good ones is like finding the needle in a haystack. I started out at TorrentFreak as they had a very useful review of different VPNs that very privacy oriented. Further this was narrowed down by those providing a decent amount of bandwidth as well as a stable and good service (OpenVPN is also very nice). This left me with 3 or 4 to consider more carefully. Long story short I chose to try out AirVPN since they had a good reputation and at least seemingly rational and reliable stance on privacy.

 

2. Paying for your VPN service of choice

 

Financial transactions have to be considered public even if not widely accessible information. Paypal may keep logs of transaction indefinitely, banks are required to keep them for at least a number of years and Bitcoin transactions are public. Cash is the only truly anonymous way of payment and even that may be traced because of surveillance and transaction records. Being able to link a person to a payment of  VPN service directly reduced privacy greatly. You are still paying for a privacy service but there is a connection between you and your VPN provider. This reduces the usefulness of a VPN as you have basically moved the trust from your ISP to the VPN provider.  It is possible to argue the use of Bitcoin mixers for increased privacy however there are practical problems with this to be considered that will be discussed later. As options were limited I opted for a prepaid VISA which could be bought for cash. This is where the troubles start.

 

PayPal does not always offer the option to pay without an account, this seems very random. I do not have accurate statistics on the topic however for me it would seem one out of 4-7 days it is possible to pay without creating an account (your mileage may vary). Why this is is anyone's guess. To make matters harder PayPal is known to disallow prepaid VISA cards in general. I was unable to pay without a PayPal account. This led me to trying to create a PayPal account, this worked fine until I tried to pay. PayPal has a limit on how much you can transfer without verifying you account. The exact value of this limit is not known to me however it is more than 1 euro and less than 15 Euros. Verifying your account involves PayPal charging small transaction to the registered card with a verification code in the description. You provide PayPal with the verification code to verify your account. Prepaid cards do not get a bank statement and as such this information is hard to come by.

 

Bitcoins is the solution! Uhm, well no. Bitcoin transaction are public information, so people may not know who sent the money (as there usually isn't a link between the person and the wallet) but that you sent money to someone is known to all. So having an anonymous wallet could help, however getting your cash converted to Bitcoins is not easy. MtGox is often considered the safest and easiest way of doing this. When signing up for an MtGox account they require you to verify your account before you can trade (buy or sell) Bitcoins. To verify your account involves sending MtGox a copy of a valid identification papers issued by your country of origin. Needless to say this links your Megon account to yourself going back to square #1. There are also options to buy Bitcoins with wire transfers or similar, problem is that when sending a wire transfer you are required to present your identification so that the company can keep a record of the transaction (required by law). I have not investigated other ways of purchasing Bitcoins.

 

Last option that some VPN providers allow is a wire / bank transfer, again countries require companies to keep a record of the transactions meaning that there is a link between yourself and the payment.

 

 

I have found that it is very hard to not directly link your VPN service to yourself, if at all possible. This does however not mean that VPNs are useless. VPNs provide the same kind of anonymity that a Bitcoin mixer would do in combining the traffic / transactions of many users to make it harder to distinguish the origin and the destination. You are however giving the VPN provider your information making them able to directly compromise any and all anonymity even if it is unintentional. It should be said that, even if you were able to distance yourself from the payment of the service, a VPN provider is always able to see the originating IP address of the connection. If the IP address of the originating connection was to be known, someone could use this information to find out who you are.

 

Personally I find it useful to see a VPN for what it is and not to think it is a magic bullet making you instantly invisible to anyone else. For most people VPN may give a sufficiently increased privacy, however against a dedicated opponent with large resources it will not help. TOR is better in this regard, but bandwidth is a severe limitation. Could this be solved with more payment methods? Maybe, a payment preprocessor that allows prepaid VISA cards would do the trick, however I am not aware if this exists.

 

If there are inaccuracies or ideas I have overlooked feel free to comment

Share this post


Link to post

Hello,

 

the solution seems quite simple and straightforward, or anyway much simpler than you think.

 

Just run the Bitcoin client behind TOR and earn BTC without passing through any official exchange agency based on money issued by central banks (for example sell services or goods in BTC etc.). Use different wallets just for additional security (with Bitcoin you can of course have as many wallets as you wish).

 

Kind regards

Share this post


Link to post
Guest Chaf

Concerning payment

 

You can use bitcoin through a mixer after you have bought it via exchange sites. In combination with TOR you would be OK.

The ultimate but less easy solution is refered above by the admin.

 

Concerning privacy in general

 

If you use a VPN to do nasty stuff, nasty things will happen to you as nobody, even the best VPN provider with all the efforts they might have put in privacy standards will help you if someone nasty knocks & threatens them at their door.

Not to mention all the combinations of OS / Firewall settings / trojans / scripts than can reveal in one way or another your identity.

 

That's my point of view, just use a VPN for hiding your browsing at work or bypass firewalls/rules in hotels, abroad, do some slight torrenting and the provided privacy will be more than ok ;-)

Share this post


Link to post

Hello,

 

in particular, you should be aware of the maximum power of the adversary you have to face in order to understand if it possible to defeat it with our service. For example an adversary with the power to wiretap your line can be easily defeated. An adversary with the power to wiretap simultaneously your line and all of our servers can still be defeated, but it will require additional, external to our service countermeasures. Potentially, with our service you have the power to defeat easily the service operators themselves (if you can't afford to trust us).

 

Please see here:

 

https://airvpn.org/topic/54-using-airvpn-over-tor/?view=findpost&p=1745

 

and always keep in mind that a VPN protects your line, not your computer (so a VPN can't help you if you have a spyware in your computer or if your system is internally compromised) or your behavior (so a VPN will not protect you against "social engineering" when it is aimed to steal your private data surreptitiously with your consent).

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...