Jump to content
Not connected, Your IP: 18.221.238.204
bobber6

Dutch government’s new internet tap plans , worse than the NSA

Recommended Posts

"non-specific interception power includes mandatory cooperation"

which could possibly include supplying software with backdoor/logging access, so raises question whether own build of openvpn and no airvpn client is better for privacy protection ?;

or similarly compromised vpn servers wherever they are deployed ?;

and usually as in the USA FISA ambit there are severe penalties for disclosing such secret police operations - so maybe the airvpn staff posting is deleted and they are already under detention and interrogation and silenced .... ?

8-0 Only half joking/surreal/pessimistic.

Another unpleasant thought is that the focus is usually on interception and monitoring, but some capabilities would allow fabrication of "evidence" and insertion of "disinformation".

Maybe not so likely in Netherlands or our glorious "Free World", but state apparatus is corrupt in many countries such as Russia or Turkey, or ....

Share this post


Link to post

"non-specific interception power includes mandatory cooperation"

which could possibly include supplying software with backdoor/logging access, so raises question whether own build of openvpn and no airvpn client is better for privacy protection ?;

or similarly compromised vpn servers wherever they are deployed ?;

and usually as in the USA FISA ambit there are severe penalties for disclosing such secret police operations - so maybe the airvpn staff posting is deleted and they are already under detention and interrogation and silenced .... ?

8-0 Only half joking/surreal/pessimistic.

Another unpleasant thought is that the focus is usually on interception and monitoring, but some capabilities would allow fabrication of "evidence" and insertion of "disinformation".

Maybe not so likely in Netherlands or our glorious "Free World", but state apparatus is corrupt in many countries such as Russia or Turkey, or ....

Wow. Even if half-joking, you are suggesting collusion on the part of AirVPN. I rather doubt this.

 

Regardless of any of this, the ideal security is just like the way you dress for cold weather. Loose and in many layers.

 

Use HTTPS Everywhere and disable cookies on any site that you do not implicitly trust. Universally you are the weak link in your own security. (Even if you are paranoid and take ample precautions.)


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

I think you are missing the point that it´s not about the encryption from your computer to the server, but what you will do when you already are in that server browsing.

Share this post


Link to post

I think you are missing the point that it´s not about the encryption from your computer to the server, but what you will do when you already are in that server browsing.

I am not missing that point. As I said, disable cookies on sites you do not trust. And only make accounts via the VPN and only log into those accounts via the VPN. This way, even if they track everything back to the IP, it ends at the VPN server.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

It amuses me to use a vpn server in Hong Kong (Hadar) because HK has its own legal system and policing, but also connections back to the British colony days, and national security and "political stability" the responsibility of the Peoples Republic of China. So it is a sort of "no mans land"/"contested territory"/"buffer state" between US/EU and China. Both "camps" are against Islamic terrorism, so am I.

There used to be a cartoon series (in Mad Magazine ?) called Spy vs Spy, and I can imagine them searching for and stealing each others spyware, and substituting it with counterspyware, etc.

Good for a bigger budget next year, and promotions, eh agency boys and girls ;-) ?

Share this post


Link to post

"even if they track everything back to the IP, it ends at the VPN server."

 

That´s what I mean, "it ends at the VPN server" and if the connections in this server are monitorized then they can track who you are because you are identified when you log in, because there are many other methods to track you without cookies, because that server in Holland can be trojanized, because the connections from that server to websites not using https are visible, and many many other methods to track that server. I can´t trust that server anymore.

It´s safer to use VPN+Tor and knowing that when you log in then they know who you are, that you must avoid java and javascript, that you must delete all the history and cookies everytime you visit a new website, etc.

Share this post


Link to post

"even if they track everything back to the IP, it ends at the VPN server." That´s what I mean, "it ends at the VPN server" and if the connections in this server are monitorized then they can track who you are because you are identified when you log in, because there are many other methods to track you without cookies, because that server in Holland can be trojanized, because the connections from that server to websites not using https are visible, and many many other methods to track that server. I can´t trust that server anymore. It´s safer to use VPN+Tor and knowing that when you log in then they know who you are, that you must avoid java and javascript, that you must delete all the history and cookies everytime you visit a new website, etc.

Are you suggesting that the VPN servers are being monitored? So what if they are, they are used by a multitude of people. Usually with a great number on each individual server. That alone brings plausible deniability. And just in case anyone here is under some other impression, AirVPN does not log. Period.

 

Trojans on a VPN server? Are you just being a jerk, or are you legitimately this dumb? The VPN servers run a relatively minimal OS that allows it to serve its function and almost nothing else. It is a carbon copy from the software on every other VPN server, and can be replaced in less than an hour if anything were to change.

 

And in case you missed that part too, Tor is no golden shield from spying. In fact it is a huge target for anyone to aim at and place moles using fake clients to pass data along while collecting it for spy agencies worldwide.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Wow, some fascinating thoughts, articles and links.

 

Time to sit in a giant faraday cage and wear a tinfoil hat me thinks

Share this post


Link to post

"Are you suggesting that the VPN servers are being monitored?"

No, I suggest what the first article says about servers in Holland. Do you really know the implications of this news?.

 

"Trojans on a VPN server?"

No, I mean that the goverment could get all the information ot these servers in many ways, and if you don´t know, your information is encrypted from your computer to the destiny (the server) but what you will do after that it´s not encrypted, only if you use https. The goverment could change the ssl certificates, create new ones, use the trojans included in many cisco routers, and a long etc if you have read the recent news about how governments can track you and servers.

 

"Tor is no golden shield from spying"

Of course not, but if someone track what you are browsing in the exit nodes they will only see the VPN ip, and the VPN in Holland will not see what you are browsing when using Tor.

Share this post


Link to post

One more thing: Airvpn is not the owner of the server. If the goverment of Holland commands the company offering the servers to be silent and to log everything or be trojanized, they must obey the goverment. What you will do when your computer reach this server will be compromised. It´s in Airvpn´s hands to find out if something is going wrong or not in the server (if they can...): spying agencies are not fool.

And yes, I use Airvpn, mostly with Tor.

Share this post


Link to post

One more thing: Airvpn is not the owner of the server. If the goverment of Holland commands the company offering the servers to be silent and to log everything or be trojanized, they must obey the goverment. What you will do when your computer reach this server will be compromised. It´s in Airvpn´s hands to find out if something is going wrong or not in the server (if they can...): spying agencies are not fool. And yes, I use Airvpn, mostly with Tor.

 

Exactly. People are ignoring this. If the government in the country where the server is located is directly monitoring traffic, they will snoop up the data from it anyway even if they cannot break the encryption or if the VPN itself is not logging you.

 

If you want to be fairly sure the government on the other side is not snooping traffic from the VPN server connect to one in Switzerland where they have strong data protection laws. I am surprised only two AirVPN servers are located there. It is one of the best locations for privacy. Panama could be an option too.

Share this post


Link to post

Exactly. People are ignoring this.

I doubt many here are ignoring or are ignorant of anything being said here. Do you really think none of us are aware of all the possibilities. Some here are extremely qualified in the aspects of networking and data security never mind all the expertise available by the people who run Airvpn, whos integrity and know how are beyond question.

Share this post


Link to post

 

Exactly. People are ignoring this.

I doubt many here are ignoring or are ignorant of anything being said here. Do you really think none of us are aware of all the possibilities. Some here are extremely qualified in the aspects of networking and data security never mind all the expertise available by the people who run Airvpn, whos integrity and know how are beyond question.

 

Okay? I was never doubting your l33t skillz. "Some people are ignoring this." Better?

Share this post


Link to post

So , it has been 5 weeks now since i posted this, it is now marked as "hot" ;i am increasingly curious as to why Air staff is ignoring my repeated requests to participate , and let us know their views.

Again i am no expert in this field ,far from it, i just genuinely like some answers on the possible implications from this law ; from the people best equipped to do so , Airvpn.

Share this post


Link to post

@bobber6

 

We do not comment on laws that our lawyers have not read in their entirety and we won't comment on draft laws because they can be modified hundreds of times or dropped.  We know of similar laws that are already enforced in various Western countries, for example France and USA, where intelligence personnel can wiretap a private citizen without a mandate from a magistrate or judicial overview, or where mass surveillance is routinely performed by competent agencies (think about NSA).

 

We usually find EDRi comments and articles enlightening so we re-direct you there for analysis of such laws. This is a page you should be interested in:

https://edri.org/theme/security-surveillance

 

We already wrote years ago about how to defeat a particularly powerful adversary under specific conditions (for example that your system is not compromised) so we will not comment again on that. It's bad that you spend time to write here without having searched our forums. Here it is, for your comfort: https://airvpn.org/topic/54-using-airvpn-over-tor/?p=1745

 

About other parts of the laws we cited, we remind you once again that it's not our competence and it's not the purpose of our service to protect your system against malware, including spyware installed surreptitiously by intelligence or other entities. When a system is compromised by such spyware, usage of a VPN, Tor etc. is totally irrelevant.

 

Kind regards

Share this post


Link to post

*Edit* I am not awake yet. I edited out my reply to bobber6.

 

Earning a good reputation in a forums is the same as in combat, it takes either extreme luck or discretion.

 

So be patient if you expect more information from AirVPN. They have to pick their battles wisely.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post


 
       

We do not comment on laws that our lawyers have not read in their entirety and we won't comment on draft laws because they can be modified hundreds of times or dropped



    Fair enough   .

       

It's bad that you spend time to write here without having searched our forums.


    Actually, i think i did read most of the security related posts.All i did was ask if Air had a view on the repercussions of this particular law, if you don't want to comment ,fine with me.

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...