Keksjdjdke 35 Posted ... Update.The FBI falls 2 votes short of viewing our browsing history without a warrant http://thenextweb.com/insider/2016/06/23/fbi-falls-2-votes-short-of-viewing-our-browsing-history-without-a-warrant/ But this has not been made final yet.{http://www.decidethefuture.orgLESS THAN 24 HOURS REMAINING:The Senate is about to vote on an amendment that would give the FBI your browsing history without a warrant.} I saw this very important info and thought that the community at airvpn should know. This would effect vpn's.The U.S. government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack. The changes to Rule 41 would make it easier for them to break into our computers, take data, and engage in remote surveillance.These changes could impact any person using a computer with Internet access anywhere in the world. However, they will disproportionately impact people using privacy-protective technologies, including Tor and VPNs.https://noglobalwarrants.org/#take-action ALSOhttp://www.decidethefuture.orgLESS THAN 24 HOURS REMAINING:The Senate is about to vote on an amendment that would give the FBI your browsing history without a warrant.Please post any comments you have about these possible rules/bills 3 Mjolnir, OmniNegro and LZ1 reacted to this Quote Share this post Link to post
Mjolnir 1 Posted ... I agree. This has the potential to be devastating to VPN providers. I contacted the support staff at AirVPN last night and asked how they planned to counter this move by the US gov't. The response I got was shocking. There appears to be no concern at all. I hope they realize that this move by the US will make VPNs irrelevant and even dangerous to use. Who, after all, would want to be a target of the FBI for using a VPN? Quote Share this post Link to post
Guest Posted ... Well hopefully it won't go through, but AirVPN is Italy based, this is a US government thing so very little they can do except prevent them from accessing AirVPN servers and make sure the servers are always secured like they are doing now and me I live outside of any legal reach of the US government so I can't really do much on this matter either 1 Thalium reacted to this Quote Share this post Link to post
LZ1 672 Posted ... Hello ! Things like this just re-affirm why it's important to support providers who not just have good technology, but have strong ethics like AirVPN.However, it's not as if those rules will make a big difference, seeing as the Snowden revelations were precisely about these people already doing this stuff.So as far as I can tell, just like in places like the UK with the new "Snoopers Charter" law, they're simply making all of their previously hidden and illegal acts, legal. 1 Thalium reacted to this Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
Staff 9972 Posted ... I agree. This has the potential to be devastating to VPN providers. I contacted the support staff at AirVPN last night and asked how they planned to counter this move by the US gov't. The response I got was shocking. There appears to be no concern at all. I hope they realize that this move by the US will make VPNs irrelevant and even dangerous to use. Who, after all, would want to be a target of the FBI for using a VPN? The answer to your ticket was that a VPN is not and has never been an antimalware tool or a tool to prevent system attacks, which is quite eloquent. Your message is not only a blatant lie, but also a self-evident attack against us. We warn you to immediately stop such attempts. AirVPN Quote Share this post Link to post
dj77 6 Posted ... I think what mjolnir want Know is how Airvpn protect the Servers Quote Share this post Link to post
zhang888 1066 Posted ... Ironically enough the VPN providers who signed on that site are all U.S. based and were known to log user activities,sometimes even handling them to foreign governments like the U.K. one (most likely to other Five Eyes as well). Can anyone point to a technical description of how this is going to affect Tor/VPN providers? The entire proposal is toexpand the offensive measures against target devices, so in this case Tor/VPN would be irrelevant, since if they managedto execute code on your machine, the practical benefit of Tor/VPN is compromised. This should be rather good news, since it means Tor/VPNs are a hard enough attack surface, that they have to use targetedattacks of some kind in order to achieve their goal. Like all the FBI malware against Tor users, but probably on alarger scale. Personally I was happy to read about the malware attempt (Mozilla 0day, and a tool to collect and ping back MACaddresses back to them) against Tor Browser, since it meant that the Tor software and routing model as a concept are still safeto use, and were not exploited at least by that adversary. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Guest Posted ... I agree. This has the potential to be devastating to VPN providers. I contacted the support staff at AirVPN last night and asked how they planned to counter this move by the US gov't. The response I got was shocking. There appears to be no concern at all. I hope they realize that this move by the US will make VPNs irrelevant and even dangerous to use. Who, after all, would want to be a target of the FBI for using a VPN? The answer to your ticket was that a VPN is not and has never been an antimalware tool or a tool to prevent system attacks, which is quite eloquent. Your message is not only a blatant lie, but also a self-evident attack against us. We warn you to immediately stop such attempts. AirVPN Not to go against Air in any way, but how would it make VPNs irrelevent attacks is possible to be done to the Air servers instead of you which is part of the reason for VPNs, to have powerful servers mitigate attacks to you. Quote Share this post Link to post
pr1v 36 Posted ... I think it's clear: if they want to hack our devices and we are using tor or VPN,s then they will hack tor and VPN companies first or they couldn't know who we are. Quote Share this post Link to post
zhang888 1066 Posted ... I think it's clear: if they want to hack our devices and we are using tor or VPN,s then they will hack tor and VPN companies first or they couldn't know who we are. I am afraid you are wrong.Based on recent events, the targets are usually identified by grouping using metadata.For example, you like to visit a community of cat pictures. Then they will infiltrate thatcommunity and infect the members, they don't need to know your identity before that,they know that you are part of that community and it makes you a target. After a successfulexploit, they will know your identity even without cracking Tor/VPN. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
pr1v 36 Posted ... You are right zhang888 but maybe I am right too, because both of these situations could happen and we already know what the goverments could do with so much effort and money. Even modern chips are supposed to contain backdoors. Quote Share this post Link to post
dj77 6 Posted ... @zhang888Or they infiltrate air i mean you dont Know what Happens in the datacenter remember tbkresources (torrent Site) "....that a hard drive had been attached to their server and it was copying data for use in a copyright infringement case against them." How air Secure the Server? I Know from another Provider they do this Short Info "We own all the hardware used to operate our services. The servers are safely locked in isolated rack cabinets that only authorized personel have access to. All our VPN servers operate without any type of storing media. This means that the servers run without any hard drives, USB memories or CD-ROMs that could otherwise log and store" I saw a picture Server was in a cage and disabled USB Ports... Quote Share this post Link to post
Mjolnir 1 Posted ... I agree with LZ1. They have probably been attempting to identify users of TOR and VPN for quite some time now -- just as they have been compromising and breaking encryption. For some unfathomable reason, they feel compelled to tell us what they are doing through the publication of articles in the mainstream press. I mean, really, wouldn't it be better for them just to do it in secrecy and let us go on believing that our identities are protected? perhaps the most likely explanation for this latest article is to attempt to scare people away from using TOR/VPN... in other words a kind of psychological warfare. I think what I was trying to get at in my first post was, How do we protect ourselves? And, as was pointed out, with compromised software AND hardware, it appears we can't. Quote Share this post Link to post
Keksjdjdke 35 Posted ... Ironically enough the VPN providers who signed on that site are all U.S. based and were known to log user activities,sometimes even handling them to foreign governments like the U.K. one (most likely to other Five Eyes as well). Can anyone point to a technical description of how this is going to affect Tor/VPN providers? The entire proposal is toexpand the offensive measures against target devices, so in this case Tor/VPN would be irrelevant, since if they managedto execute code on your machine, the practical benefit of Tor/VPN is compromised. This should be rather good news, since it means Tor/VPNs are a hard enough attack surface, that they have to use targetedattacks of some kind in order to achieve their goal. Like all the FBI malware against Tor users, but probably on alarger scale. Personally I was happy to read about the malware attempt (Mozilla 0day, and a tool to collect and ping back MACaddresses back to them) against Tor Browser, since it meant that the Tor software and routing model as a concept are still safeto use, and were not exploited at least by that adversary.Here is a pdf explains what is going to be changed. https://noglobalwarrants.org/images/proposed-amendment-rule-41.pdfIm not sure if that was what you are looking for. Quote Share this post Link to post
Guest Posted ... @zhang888Or they infiltrate air i mean you dont Know what Happens in the datacenter remember tbkresources (torrent Site) "....that a hard drive had been attached to their server and it was copying data for use in a copyright infringement case against them." How air Secure the Server? I Know from another Provider they do this Short Info "We own all the hardware used to operate our services. The servers are safely locked in isolated rack cabinets that only authorized personel have access to. All our VPN servers operate without any type of storing media. This means that the servers run without any hard drives, USB memories or CD-ROMs that could otherwise log and store" I saw a picture Server was in a cage and disabled USB Ports... In this matter, if I remember correctly I read that Air uses a live operating system to prevent cold boot attacks. Or it could've been they said it was a fix for cold boot attacks, can't really remember Quote Share this post Link to post
Thalium 4 Posted ... I agree. This has the potential to be devastating to VPN providers. I contacted the support staff at AirVPN last night and asked how they planned to counter this move by the US gov't. The response I got was shocking. There appears to be no concern at all. I hope they realize that this move by the US will make VPNs irrelevant and even dangerous to use. Who, after all, would want to be a target of the FBI for using a VPN? The answer to your ticket was that a VPN is not and has never been an antimalware tool or a tool to prevent system attacks, which is quite eloquent. Your message is not only a blatant lie, but also a self-evident attack against us. We warn you to immediately stop such attempts. AirVPNHang on guys! I've not seen the ticket of course, however I don't think a harsh response was needed. It's likely just a communication error.. as an internet community communication issues are always more likely because of the multiple languages involved.Would a clarification of your position on the matter and stating what was asked in the ticket could have been clearer, be better? There are enough entities out there against VPN without us in-fighting 1 Mjolnir reacted to this Quote Share this post Link to post
Thalium 4 Posted ... I think we might be losing the plot slightly.What ever you do on the internet your identity is at risk. We can only protect it by the best means possible.Ultimately you can't carry out illegal activities and expect there never to be the possibility of repercussions at some point in the future. The internet was born from data sharing. Neither can you put the onus of responsibility for your personal data on airvpn. As a well known example - 'piratebay' hardware was seized in a country that previously cared little for copyright laws.At the end of the day you have to accept that risk to gain access to things common net users can't anymore. Whether I agree with the continuing American ownership and far reaching control of the internet is irrelevant. It's happening and it's a risk. The buck stops with us, we vote our governments in. Quote Share this post Link to post
Mjolnir 1 Posted ... Yes, Thalium -- definitely a communication error. I didn't mean to impugn AirVPN at all. After all, I joined for a year! I was just excited over the recent article that was posted -- and frustrated by the inability of privacy-loving people to protect ourselves from the warrantless FBI snooping. I guess I was hoping that AIR would have had some concrete suggestions about how to deal with the issue. Personally, I think I've done all I can: I use LINUX; I only use repository software; I do virus daily checks with CLAM TK; I keep all software updated. But I confess I am at a loss as to how to protect myself from FBI-inspired malware. Does anyone know...can it be done? Is there any way to firewall from their exploits? Also, I'd welcome any other suggestions that would help secure my system. Quote Share this post Link to post
zhang888 1066 Posted ... Yes, Thalium -- definitely a communication error. I didn't mean to impugn AirVPN at all. After all, I joined for a year! I was just excited over the recent article that was posted -- and frustrated by the inability of privacy-loving people to protect ourselves from the warrantless FBI snooping. I guess I was hoping that AIR would have had some concrete suggestions about how to deal with the issue. Personally, I think I've done all I can: I use LINUX; I only use repository software; I do virus daily checks with CLAM TK; I keep all software updated. But I confess I am at a loss as to how to protect myself from FBI-inspired malware. Does anyone know...can it be done? Is there any way to firewall from their exploits? Also, I'd welcome any other suggestions that would help secure my system. Search Qubes/Subgraph.Protecting yourself from being hacked is not about installing one software or another, it's about constantthreat modeling and compartmentalization. Software only makes a small difference.Even then, you are not 100% covered, this is why you have to know what you are doing, how you are doingit, and who knows about what you are doing.If none of the above makes any sense to you, you should probably not be worried that any adversary will "waste"very expensive exploits on you. After all, they don't just shoot them at random, in order to keep them as usefulas possible for a longer period. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Mjolnir 1 Posted ... Well, the threat model is the FBI -- that's what this thread is about. They claim they are going to target users of TOR/VPN using malware. And as LZ1 pointed out, they've probably been doing it for quite some time. So, the question is: how the heck do we deal with that? Should we, like Applebaum, all be using TAILS? Quote Share this post Link to post
zhang888 1066 Posted ... Well, the threat model is the FBI -- that's what this thread is about. They claim they are going to target users of TOR/VPN using malware. And as LZ1 pointed out, they've probably been doing it for quite some time. So, the question is: how the heck do we deal with that? Should we, like Applebaum, all be using TAILS? The upcoming Selfrando implementation should protect you from that. The underlying OS is not very important, it is the browserthat will be your attack surface in the vast majority of cases. http://www.theinquirer.net/inquirer/news/2462143/tor-looks-to-beat-off-fbi-hacking-with-selfrando-project 2 OmniNegro and Mjolnir reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Guest Posted ... One small tiny thing I'd like to add usually when they try to intimidate is because they are fishing, trying to have someone panic and slip up and then they strike because as it stands it is no secret they have been trying to hack Tor and other VPNs simply because it CAN allow people to POSSIBLY do something very illegal and get away with it while hidden, and there are people doing it already as well they try to go for the smallest things to again make people panic and possibly turn away from VPNs and the sort(at least that's how it looks to me I could be wrong) I trust that AirVPN are very good and will keep protecting their network against attacks I agree with LZ1. They have probably been attempting to identify users of TOR and VPN for quite some time now -- just as they have been compromising and breaking encryption. For some unfathomable reason, they feel compelled to tell us what they are doing through the publication of articles in the mainstream press. I mean, really, wouldn't it be better for them just to do it in secrecy and let us go on believing that our identities are protected? perhaps the most likely explanation for this latest article is to attempt to scare people away from using TOR/VPN... in other words a kind of psychological warfare. I think what I was trying to get at in my first post was, How do we protect ourselves? And, as was pointed out, with compromised software AND hardware, it appears we can't. Quote Share this post Link to post
Mjolnir 1 Posted ... Zhang888, thanks for posting that link. VERY interesting. Sometimes I get pessimistic about this whole game so it's good to hear some good news. So, if privacy-loving individuals are using the TOR browser with selfrando, would they still be using a VPN? Is it possible to use both together? Are there any advantage to using both together? Quote Share this post Link to post
zhang888 1066 Posted ... There are always advantages by using multiple layers for anything related to security, not just in IT and Infosec.Check the following guide which should answer your questions: https://airvpn.org/tor/ 1 OmniNegro reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Mjolnir 1 Posted ... Although this doesn't really address the specific issue of FBI hacking/malware, for those interested, here's an excellent article from bestVPN on maintaining privacy. Well worth the read: https://www.bestvpn.com/blog/49728/ultimate-privacy-guide/ 1 Casper31 reacted to this Quote Share this post Link to post