Jump to content
Not connected, Your IP: 18.117.188.105
victorab

New intelligence law in France and AirVPN

Recommended Posts

Hi,

You certainly know that after the terrorist attacks in France, the government have voted an "NSA like law" witch force ISPs and datacenters to install "black boxes" witch keep meta-datas like IPs, time of connections, etc without any court order and judge authorization.

 

Many french hosting compagny like OVH threatened to relocate their servers (https://eu.ovh.com/fr/news/articles/a1743.le-gouvernement-veut-il-contraindre-les-hebergeurs-internet-a-l-exil) (https://www.nbs-system.co.uk/blog-2/french-hosting-providers-against-black-box-project-of-french-intelligence-law.html) (https://edri.org/france-legalise-unlawful-surveillance/) but at this time, I don't know where is it.

 

In top of that, an algorithm will be created to detect and identify suspicious actions on all citizens.

 

When this will be applied in France, what AirVPN will do on french servers ? (because it' not on your side but on the datacenter that hosts you)

 

Also, does any other country where AirVPN have servers is in a similar case?

Thanx
 

 

 

Share this post


Link to post

Even if this will be implemented, I guess it would take months if not years for all hosts to deploy such equipment.

 

The connection itself is unlikely to be broken, the crypto is very strong when it comes to User > Air Server.

One thing that can be logged are destinations that you access from the French server, but that is not enough to identify

you personally (assuming 10 or more users are currently connected to the same server).

Right now the FR server, which is only 100Mbit, has 41 connected users.

If Air will add more servers in the future, you will be "mixed" in much more traffic obviously. 

 

In general we will probably see that FR will be more like UK with it's mass surveillance on all communications by the GCHQ. 


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Even if this will be implemented, I guess it would take months if not years for all hosts to deploy such equipment.

 

The connection itself is unlikely to be broken, the crypto is very strong when it comes to User > Air Server.

One thing that can be logged are destinations that you access from the French server, but that is not enough to identify

you personally (assuming 10 or more users are currently connected to the same server).

 

In general we will probably see that FR will be more like UK with it's mass surveillance on all communications by the GCHQ. 

But these boxes will intercept the incoming meta-datas too. Yes it's crypted but they will have access to the incoming IPs.

Share this post


Link to post

There is no meta-data associated with you during an OpenVPN connection. Each device and OS looks exactly the same on that level.

The only difference is the type of protocol (UDP/TCP) and the port, which by itself is not relevant thus cannot be called meta-data.

 

The incoming and outgoing IPs on all Air servers are different, which is a good advantage against network forensics based on IP correlation.

Now imagine how many actual incoming/outgoing connections those 41 connected users generate.

Assuming that 90% of them are idle, and 10% download/upload something with P2P, you still have at least 400 connections in/out.

Given that number, it is impossible to know which incoming connection originated an outgoing connection from the VPN server, only from a

box on the network.

This information can be only known to AirVPN staff (by using logging on the server itself) which they probably don't do.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

As a relative newbie, can i ask a simple question..

 

I am based in the UK and often use UK servers. For general privacy issues, is it wise to use non UK servers (GCHQ etc) ?

Share this post


Link to post

 

Even if this will be implemented, I guess it would take months if not years for all hosts to deploy such equipment.

 

The connection itself is unlikely to be broken, the crypto is very strong when it comes to User > Air Server.

One thing that can be logged are destinations that you access from the French server, but that is not enough to identify

you personally (assuming 10 or more users are currently connected to the same server).

 

In general we will probably see that FR will be more like UK with it's mass surveillance on all communications by the GCHQ. 

But these boxes will intercept the incoming meta-datas too. Yes it's crypted but they will have access to the incoming IPs.

 

There is nothing any VPN provider can do to eliminate the original IP on node one (vpn1).  Your ISP will always see the first node (VPN, TOR, etc) you connect to and there is no way around that.  What is stressed around here is the idea of a "partition of trust", where you the responsible user, deploy your activities across multiple nodes.  I see staff talk about using TOR post VPN and I can tell you first hand that it works slick as can be.  Just that simple design is four relays/hops and is a formidable anti-adversary circuit.

 

What you are worried about coming to pass in the future is in fact already here.  The "powers that be" are already at the datacenter level monitoring IP's without fail.  Your ISP is doing the same thing but using Air shows only a vpn connection and nothing else to the ISP.

Share this post


Link to post

There is no meta-data associated with you during an OpenVPN connection. Each device and OS looks exactly the same on that level.

The only difference is the type of protocol (UDP/TCP) and the port, which by itself is not relevant thus cannot be called meta-data.

 

The incoming and outgoing IPs on all Air servers are different, which is a good advantage against network forensics based on IP correlation.

Now imagine how many actual incoming/outgoing connections those 41 connected users generate.

Assuming that 90% of them are idle, and 10% download/upload something with P2P, you still have at least 400 connections in/out.

Given that number, it is impossible to know which incoming connection originated an outgoing connection from the VPN server, only from a

box on the network.

This information can be only known to AirVPN staff (by using logging on the server itself) which they probably don't do.

 

Sorry but this is a stupid post. It would actually be trivial to identify users if you can watch packets coming in and out, which they can.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...