No Global Warrants. VPN's will be effected! Update

[Keksjdjdke 35]

Update.

The FBI falls 2 votes short of viewing our browsing history without a warrant

 

http://thenextweb.com/insider/2016/06/23/fbi-falls-2-votes-short-of-viewing-our-browsing-history-without-a-warrant/

 

 

But this has not been made final yet.{

http://www.decidethefuture.org

LESS THAN 24 HOURS REMAINING:

The Senate is about to vote on an amendment that would give the FBI your browsing history without a warrant.}

 

I saw this very important info and thought that the community at airvpn should know. This would effect vpn's.

The U.S. government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack. The changes to Rule 41 would make it easier for them to break into our computers, take data, and engage in remote surveillance.

These changes could impact any person using a computer with Internet access anywhere in the world. However, they will disproportionately impact people using privacy-protective technologies, including Tor and VPNs.

https://noglobalwarrants.org/#take-action

 

ALSO

http://www.decidethefuture.org

LESS THAN 24 HOURS REMAINING:

The Senate is about to vote on an amendment that would give the FBI your browsing history without a warrant.

Please post any comments you have about these possible rules/bills

[Mjolnir 1]

I agree. This has the potential to be devastating to VPN providers. I contacted the support staff at AirVPN last night and asked how they planned to counter this move by the US gov't. The response I got was shocking. There appears to be no concern at all. I hope they realize that this move by the US will make VPNs irrelevant and even dangerous to use. Who, after all, would want to be a target of the FBI for using a VPN?    

[Guest]

Well hopefully it won't go through, but AirVPN is Italy based, this is a US government thing so very little they can do except prevent them from accessing AirVPN servers and make sure the servers are always secured like they are doing now and me I live outside of any legal reach of the US government so I can't really do much on this matter either

[LZ1 672]

Hello !

 

Things like this just re-affirm why it's important to support providers who not just have good technology, but have strong ethics like AirVPN.

However, it's not as if those rules will make a big difference, seeing as the Snowden revelations were precisely about these people already doing this stuff.

So as far as I can tell, just like in places like the UK with the new "Snoopers Charter" law, they're simply making all of their previously hidden and illegal acts, legal.

[Staff 9971]

I agree. This has the potential to be devastating to VPN providers. I contacted the support staff at AirVPN last night and asked how they planned to counter this move by the US gov't. The response I got was shocking. There appears to be no concern at all. I hope they realize that this move by the US will make VPNs irrelevant and even dangerous to use. Who, after all, would want to be a target of the FBI for using a VPN?    

 

The answer to your ticket was that a VPN is not and has never been an antimalware tool or a tool to prevent system attacks, which is quite eloquent. Your message is not only a blatant lie, but also a self-evident attack against us. We warn you to immediately stop such attempts.

 

AirVPN

[dj77 6]

I think what mjolnir want Know is how Airvpn protect the Servers

[zhang888 1066]

Ironically enough the VPN providers who signed on that site are all U.S. based and were known to log user activities,

sometimes even handling them to foreign governments like the U.K. one (most likely to other Five Eyes as well).

 

Can anyone point to a technical description of how this is going to affect Tor/VPN providers? The entire proposal is to

expand the offensive measures against target devices, so in this case Tor/VPN would be irrelevant, since if they managed

to execute code on your machine, the practical benefit of Tor/VPN is compromised.

 

This should be rather good news, since it means Tor/VPNs are a hard enough attack surface, that they have to use targeted

attacks of some kind in order to achieve their goal. Like all the FBI malware against Tor users, but probably on a

larger scale. Personally I was happy to read about the malware attempt (Mozilla 0day, and a tool to collect and ping back MAC

addresses back to them) against Tor Browser, since it meant that the Tor software and routing model as a concept are still safe

to use, and were not exploited at least by that adversary.

[Guest]

 

I agree. This has the potential to be devastating to VPN providers. I contacted the support staff at AirVPN last night and asked how they planned to counter this move by the US gov't. The response I got was shocking. There appears to be no concern at all. I hope they realize that this move by the US will make VPNs irrelevant and even dangerous to use. Who, after all, would want to be a target of the FBI for using a VPN?    

 

The answer to your ticket was that a VPN is not and has never been an antimalware tool or a tool to prevent system attacks, which is quite eloquent. Your message is not only a blatant lie, but also a self-evident attack against us. We warn you to immediately stop such attempts.

 

AirVPN

 

Not to go against Air in any way, but how would it make VPNs irrelevent attacks is possible to be done to the Air servers instead of you which is part of the reason for VPNs, to have powerful servers mitigate attacks to you.

[pr1v 36]

I think it's clear: if they want to hack our devices and we are using tor or VPN,s then they will hack tor and VPN companies first or they couldn't know who we are.

[zhang888 1066]

I think it's clear: if they want to hack our devices and we are using tor or VPN,s then they will hack tor and VPN companies first or they couldn't know who we are.

 

I am afraid you are wrong.

Based on recent events, the targets are usually identified by grouping using metadata.

For example, you like to visit a community of cat pictures. Then they will infiltrate that

community and infect the members, they don't need to know your identity before that,

they know that you are part of that community and it makes you a target. After a successful

exploit, they will know your identity even without cracking Tor/VPN.

[pr1v 36]

You are right zhang888 but maybe I am right too, because both of these situations could happen and we already know what the goverments could do with so much effort and money. Even modern chips are supposed to contain backdoors.

[dj77 6]

@zhang888

Or they infiltrate air i mean you dont Know what Happens in the datacenter remember tbkresources (torrent Site)

 

"....that a hard drive had been attached to their server and it was copying data for use in a copyright infringement case against them."

 

How air Secure the Server?

 

I Know from another Provider they do this Short Info

 

"We own all the hardware used to operate our services. The servers are safely locked in isolated rack cabinets that only authorized personel have access to.

 

All our VPN servers operate without any type of storing media. This means that the servers run without any hard drives, USB memories or CD-ROMs that could otherwise log and store"

 

I saw a picture Server was in a cage and disabled USB Ports...

[Mjolnir 1]

I agree with LZ1. They have probably been attempting to identify users of TOR and VPN for quite some time now -- just as they have been compromising and breaking encryption. For some unfathomable reason, they feel compelled to tell us what they are doing through the publication of articles in the mainstream press. I mean, really, wouldn't it be better for them just to do it in secrecy and let us go on believing that our identities are protected? perhaps the most likely explanation for this latest article is to attempt to scare people away from using TOR/VPN... in other words a kind of psychological warfare.

 

I think what I was trying to get at in my first post was, How do we protect ourselves? And, as was pointed out, with compromised software AND hardware, it appears we can't.     

[Keksjdjdke 35]

Ironically enough the VPN providers who signed on that site are all U.S. based and were known to log user activities,

sometimes even handling them to foreign governments like the U.K. one (most likely to other Five Eyes as well).

 

Can anyone point to a technical description of how this is going to affect Tor/VPN providers? The entire proposal is to

expand the offensive measures against target devices, so in this case Tor/VPN would be irrelevant, since if they managed

to execute code on your machine, the practical benefit of Tor/VPN is compromised.

 

This should be rather good news, since it means Tor/VPNs are a hard enough attack surface, that they have to use targeted

attacks of some kind in order to achieve their goal. Like all the FBI malware against Tor users, but probably on a

larger scale. Personally I was happy to read about the malware attempt (Mozilla 0day, and a tool to collect and ping back MAC

addresses back to them) against Tor Browser, since it meant that the Tor software and routing model as a concept are still safe

to use, and were not exploited at least by that adversary.

Here is a pdf explains what is going to be changed. https://noglobalwarrants.org/images/proposed-amendment-rule-41.pdf

Im not sure if that was what you are looking for.

[Guest]

@zhang888

Or they infiltrate air i mean you dont Know what Happens in the datacenter remember tbkresources (torrent Site)

 

"....that a hard drive had been attached to their server and it was copying data for use in a copyright infringement case against them."

 

How air Secure the Server?

 

I Know from another Provider they do this Short Info

 

"We own all the hardware used to operate our services. The servers are safely locked in isolated rack cabinets that only authorized personel have access to.

 

All our VPN servers operate without any type of storing media. This means that the servers run without any hard drives, USB memories or CD-ROMs that could otherwise log and store"

 

I saw a picture Server was in a cage and disabled USB Ports...

 

In this matter, if I remember correctly I read that Air uses a live operating system to prevent cold boot attacks. Or it could've been they said it was a fix for cold boot attacks, can't really remember

[Thalium 4]

 

I agree. This has the potential to be devastating to VPN providers. I contacted the support staff at AirVPN last night and asked how they planned to counter this move by the US gov't. The response I got was shocking. There appears to be no concern at all. I hope they realize that this move by the US will make VPNs irrelevant and even dangerous to use. Who, after all, would want to be a target of the FBI for using a VPN?    

 

The answer to your ticket was that a VPN is not and has never been an antimalware tool or a tool to prevent system attacks, which is quite eloquent. Your message is not only a blatant lie, but also a self-evident attack against us. We warn you to immediately stop such attempts.

 

AirVPN

Hang on guys!

 

I've not seen the ticket of course, however I don't think a harsh response was needed. 

 

It's likely just a communication error.. as an internet community communication issues are always more likely because of the multiple languages involved.

Would a clarification of your position on the matter and stating what was asked in the ticket could have been clearer, be better?

 

There are enough entities out there against VPN without us in-fighting

[Thalium 4]

I think we might be losing the plot slightly.

What ever you do on the internet your identity is at risk. We can only protect it by the best means possible.

Ultimately you can't carry out illegal activities and expect there never to be the possibility of repercussions at some point in the future. The internet was born from data sharing. Neither can you put the onus of responsibility for your personal data on airvpn. As a well known example - 'piratebay' hardware was seized in a country that previously cared little for copyright laws.

At the end of the day you have to accept that risk to gain access to things common net users can't anymore. Whether I agree with the continuing American ownership and far reaching control of the internet is irrelevant. It's happening and it's a risk. The buck stops with us, we vote our governments in.

[Mjolnir 1]

Yes, Thalium -- definitely a communication error. I didn't mean to impugn AirVPN at all. After all, I joined for a year! I was just excited over the recent article that was posted -- and frustrated by the inability of privacy-loving people to protect ourselves from the warrantless FBI snooping. I guess I was hoping that AIR would have had some concrete suggestions about how to deal with the issue. Personally, I think I've done all I can: I use LINUX; I only use repository software; I do virus daily checks with CLAM TK; I keep all software updated. But I confess I am at a loss as to how to protect myself from FBI-inspired malware. Does anyone know...can it be done? Is there any way to firewall from their exploits?

 

Also, I'd welcome any other suggestions that would help secure my system.

[zhang888 1066]

Yes, Thalium -- definitely a communication error. I didn't mean to impugn AirVPN at all. After all, I joined for a year! I was just excited over the recent article that was posted -- and frustrated by the inability of privacy-loving people to protect ourselves from the warrantless FBI snooping. I guess I was hoping that AIR would have had some concrete suggestions about how to deal with the issue. Personally, I think I've done all I can: I use LINUX; I only use repository software; I do virus daily checks with CLAM TK; I keep all software updated. But I confess I am at a loss as to how to protect myself from FBI-inspired malware. Does anyone know...can it be done? Is there any way to firewall from their exploits?

 

Also, I'd welcome any other suggestions that would help secure my system.

 

Search Qubes/Subgraph.

Protecting yourself from being hacked is not about installing one software or another, it's about constant

threat modeling and compartmentalization. Software only makes a small difference.

Even then, you are not 100% covered, this is why you have to know what you are doing, how you are doing

it, and who knows about what you are doing.

If none of the above makes any sense to you, you should probably not be worried that any adversary will "waste"

very expensive exploits on you. After all, they don't just shoot them at random, in order to keep them as useful

as possible for a longer period.

[Mjolnir 1]

Well, the threat model is the FBI -- that's what this thread is about. They claim they are going to target users of TOR/VPN using malware. And as LZ1 pointed out, they've probably been doing it for quite some time. So, the question is: how the heck do we deal with that? Should we, like Applebaum, all be using TAILS?

[zhang888 1066]

Well, the threat model is the FBI -- that's what this thread is about. They claim they are going to target users of TOR/VPN using malware. And as LZ1 pointed out, they've probably been doing it for quite some time. So, the question is: how the heck do we deal with that? Should we, like Applebaum, all be using TAILS?

 

The upcoming Selfrando implementation should protect you from that. The underlying OS is not very important, it is the browser

that will be your attack surface in the vast majority of cases.

 

http://www.theinquirer.net/inquirer/news/2462143/tor-looks-to-beat-off-fbi-hacking-with-selfrando-project

[Guest]

One small tiny thing I'd like to add usually when they try to intimidate is because they are fishing, trying to have someone panic and slip up and then they strike because as it stands it is no secret they have been trying to hack Tor and other VPNs simply because it CAN allow people to POSSIBLY do something very illegal and get away with it while hidden, and there are people doing it already as well they try to go for the smallest things to again make people panic and possibly turn away from VPNs and the sort(at least that's how it looks to me I could be wrong) I trust that AirVPN are very good and will keep protecting their network against attacks

 

 

I agree with LZ1. They have probably been attempting to identify users of TOR and VPN for quite some time now -- just as they have been compromising and breaking encryption. For some unfathomable reason, they feel compelled to tell us what they are doing through the publication of articles in the mainstream press. I mean, really, wouldn't it be better for them just to do it in secrecy and let us go on believing that our identities are protected? perhaps the most likely explanation for this latest article is to attempt to scare people away from using TOR/VPN... in other words a kind of psychological warfare.

 

I think what I was trying to get at in my first post was, How do we protect ourselves? And, as was pointed out, with compromised software AND hardware, it appears we can't.     

[Mjolnir 1]

Zhang888, thanks for posting that link. VERY interesting. Sometimes I get pessimistic about this whole game so it's good to hear some good news. So, if privacy-loving individuals are using the TOR browser with selfrando, would they still be using a VPN? Is it possible to use both together? Are there any advantage to using both together?

 

 

 

[zhang888 1066]

There are always advantages by using multiple layers for anything related to security, not just in IT and Infosec.

Check the following guide which should answer your questions:

 

https://airvpn.org/tor/

[Mjolnir 1]

Although this doesn't really address the specific issue of FBI hacking/malware, for those interested, here's an excellent article from bestVPN on maintaining privacy. Well worth the read:

 

https://www.bestvpn.com/blog/49728/ultimate-privacy-guide/