Jump to content
Not connected, Your IP: 3.149.242.223
Sign in to follow this  
Guest

Air on torrentfreak

Recommended Posts

Guest
Posted ... (edited)

WHICH VPN SERVICES TAKE YOUR ANONYMITY SERIOUSLY? 2015 EDITION

 

http://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/

 

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?

 

2. Under what jurisdiction(s) does your company operate?

 

3. What tools are used to monitor and mitigate abuse of your service?

 

4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users?

 

5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

 

6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened?

 

7. Does your company have a warrant canary or a similar solution to alert customers to gag orders?

 

8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

 

9. Which payment systems do you use and how are these linked to individual user accounts?

 

10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches” if a connection drops and DNS leak protection?

 

11. Do you use your own DNS servers? (if not, which servers do you use?)

 

12. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located?

 

Answers by Air:

 

1. No, we don’t keep such logs.

 

2. Italy.

 

3. We use internally written tools to mitigate attacks against our VPN servers as well as DDoS attacks originating from clients behind our servers.

4. No, we don’t.

 

5. They are ignored, except when they refer to web sites running behind our VPN servers. Due to our service features, it is perfectly possible to run web sites from behind our servers: we also provide DDNS for free to our customers. For these specific cases, we can act similarly to a hosting provider and we verify that the web site is compliant to our Terms of Service. We have had web sites spreading viruses and other malware (verified without any doubt) and we intervened to quickly stop them when we were warned about the issue.

 

6. Since we can’t provide information that we don’t have, an “ex-post” investigation is the only solution, if and when applicable. So far we have had no court orders of this kind.

 

7. No, we don’t. While a warrant canary’s effectiveness is questionable, we recommend to use technical means to solve the problem at its roots. When a customer can’t afford to trust us for the sensitivity of his/her activities, he/she can simply use Tor over OpenVPN, or OpenVPN over Tor, to get an immediate protection which a warrant canary, not even if updated every day, will never be able to provide.

 

8. Yes, it’s allowed on every and each server. We do not discriminate against any protocol or application and we do not monitor traffic or traffic type.

 

9. We accept Bitcoin, a wide range of cryptocoins, PayPal and major credit cards. About PayPal and credit cards, the usual information pertaining to the transaction and account/credit card holder are retained by the financial institutions, and it is possible to correlate a payment to a user (which is good for refund purposes when required). When this is unacceptable for security reasons, then Bitcoin or some other cryptocoin should be used. Bitcoin can also be provided with a strong anonymity layer simply by running the Bitcoin client behind Tor.

 

10. Our service setup, based on OpenVPN, is the following: 4096 bit RSA keys size, AES-256-CBC Data Channel, 4096 bit Diffie-Hellman keys size, HMAC SHA1 Control Channel, TLS additional authorization layer key: 2048 bit.

Perfect Forward Secrecy through Diffie-Hellman key exchange DHE. After the initial key negotiation, re-keying is performed every 60 minutes (this value can be lowered unilaterally by the client). Due to the serious doubts about NIST standard Elliptic Curves parameters being manipulated by NSA, we feel to share Bruce Schneier’s considerations to not use ECC.

Our free and open source client Eddie (under GPLv3) for Linux, Windows, OS X Mavericks and Yosemite, implements features which prevent the typical DNS leaks in Windows and any other leak (for example in case of unexpected VPN disconnection). Leaks prevention, called “Network Lock”, is not a trivial kill-switch, but it prevents various leaks that a classical kill switch can’t block: leaks caused by WebRTC, by programs binding to all interfaces on a misconfigured system and by malevolent software which tries to determine the “real” IP address. In the future, probably before the end of 2015, our client will be available, as usual free and open source according to our mission, for other VPN services too.

We provide guides, based on firewalls and not, to prevent leaks on various systems for all those persons who can’t or don’t wish to use our client Eddie.

 

11. Yes, we use our own DNS servers.

 

12. Our servers are housed in datacenters which we have physical access to, provided that the access is arranged in advance for security reasons. Datacenters must comply to some technical and privacy requirements. With rare exceptions, a datacenter must have a PoP to at least one tier1 provider. Without exceptions, datacenter must be network neutral, must provide bandwidth redundancy, minimum uptime of 99.8% and our servers must have a dedicated port and a guaranteed bandwidth. We have servers located in Canada, France, Germany, Hong Kong, Latvia, Netherlands, Portugal, Romania, Singapore, Spain, Sweden, Switzerland, Ukraine, USA. We work or have been working with big and small providers, such as Amanah, IBM, Leaseweb, Voxility, HugeServers, Serveria, YesUp, Teknikbyran, just to name a few.

Edited ... by ZPKZ

Share this post


Link to post

Notice how a number of VPNs answer the very first question with anything but a yes or no. They are playing Googles game. They say they do not log "any personally identifying information" or some other paraphrase cop-out to keep from admitting that they are in fact logging. There are a goodly number who admit they do log, and the only good thing I can say is that they were honest. That is better than the jerks who want to pretend that unspecified connection data cannot be used to make a clear and obvious identification possible for any government or ISP on Earth.

 

Think of how Google does this? They claim to "anonymize" people by removing a single octet of the IP they log. But we know that this means they can easily reconstruct who in this known IP range did what at what time and make that "anonymity" as hollow and sad as the fake services out there.

 

Well done AirVPN. Keep up the good work.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...