ghostp 5 Posted ... Hello everyone, I wonder if someone heared about the website sadd.io and what are you all (including experts here ;-) ) think about it in comparison to VPN, TOR ect.? Cheers Share this post Link to post
Staff 9744 Posted ... Hello everyone, I wonder if someone heared about the website sadd.io and what are you all (including experts here ;-) ) think about it in comparison to VPN, TOR ect.? Cheers Hello! Different aim and scope and also a nice idea. It's based on Tor too, although scaled down so that a single tab of a single browser of your system communicates with a remote desktop acting as an interface to Tor network . If you use Tor (directly in your system we mean) you get a stronger anonymity layer, while with a VPN you can tunnel the whole traffic of your system. On top of that, you need to consider that with Tor or VPN you can run your own programs locally, which in many circumstances can be a nicer solution. When using a remote desktop not owned by yourself you also need to consider that end-to-end encryption with final services is performed by the remote desktop, and not by your system. So, those who have access to the sadd system may potentially have access to all of your "end-to-end" encrypted communications, because one of the ends is not your system but the remote desktop. Probably not acceptable in most circumstances. Kind regards Share this post Link to post
OpenSourcerer 1359 Posted ... In addition to Staff's points, I'd also ask the question of performance. You can do anything over the Tor network but latency-sensitive and/or traffic-heavy applications might have a hard time. To be pleasant to use, remote desktop needs both a low latency network and a performant one. Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
JMennuni 0 Posted ... This machine isn’t anonimous it may log all your traffic you won’t ever know that Share this post Link to post
JMennuni 0 Posted ... Hello everyone, I wonder if someone heared about the website sadd.io and what are you all (including experts here ;-) ) think about it in comparison to VPN, TOR ect.? Cheers Hello! Different aim and scope and also a nice idea. It's based on Tor too, although scaled down so that a single tab of a single browser of your system communicates with a remote desktop acting as an interface to Tor network . If you use Tor (directly in your system we mean) you get a stronger anonymity layer, while with a VPN you can tunnel the whole traffic of your system. On top of that, you need to consider that with Tor or VPN you can run your own programs locally, which in many circumstances can be a nicer solution. When using a remote desktop not owned by yourself you also need to consider that end-to-end encryption with final services is performed by the remote desktop, and not by your system. So, those who have access to the sadd system may potentially have access to all of your "end-to-end" encrypted communications, because one of the ends is not your system but the remote desktop. Probably not acceptable in most circumstances. Kind regards Share this post Link to post
Jamesmane123 0 Posted ... Staff thats not a very good argument as VPNs can also see your traffic. Its all about trust at the end of the day. I think sadd.io is a good concept. Atleast they are destroying the desktops at the end of the day. If you are subpoenaed you may hand over information about your users. Share this post Link to post
zhang888 1065 Posted ... On 4/19/2019 at 2:52 PM, Jamesmane123 said: Staff thats not a very good argument as VPNs can also see your traffic. Its all about trust at the end of the day. I think sadd.io is a good concept. Atleast they are destroying the desktops at the end of the day. If you are subpoenaed you may hand over information about your users. Completely wrong misconception and assumptions here. First of all, AirVPN does not, and will never provide any "Desktops" or "Workspaces". Where there is no single verifiable way for the end user to know they are encrypted and destroyed. Also, AirVPN cannot see encrypted traffic, which is by latest surveys exceeds 90% of WWW. Sites that default to HTTPS 89 / 100 Sites that work on HTTPS 96 / 100 Second, the business model here is entirely different.Sadd.io, Any.run, all those services allow you to have a temporary disposable Windows VM for a few minutes. While it is good for random malware analysis, or unpacking questionable software for future research, how exactly those services "compete" with VPNs? AirVPN cannot be subpoenaed to any data they don't collect. Unlike those services which do it for a reason. Both of them have a business model behind, and your privacy is not part of it. Unless you pay for a "private plan" of $$$ per month. And still nothing is guaranteed. I used to work with people in the Antivirus/IPS industry who shared collected samples easily, before it was popular to pay Google (Virustotal) to download it from there. I can still get any file from there, and those services usually upload it there for "Cloud analysis" checks. So? @Jamesmane123 Usually it is the service that has to provide it's credibility for the users, not the other way around. If you are affiliated with the service above, it's not an issue, actually it is welcome in this forum area. But spreading FUD is not something that will get anyone anywhere, at least in the long term. P.S. I have doubts regarding the sadd.io service, the way I see it it's just a platform for purely blackhat activity. There is no such thing as "free VM" and free nodes, unless you are a start-up company with valid details, somewhat like hybrid-analysis, joesecurity, cwsandbox, cuckoosandbox and others were before. Someone has to pay for those VMs monthly, and it seems to be that the bill is not going to be anywhere below 200$, for which you can rent ~64GB RAM, two 1Gbit NICs and around 1TB of storage. Enough for like 30 VMs max? Google ads are not going to cover it, at least not in that stage. When you provide an "anonymous" VM, and your site only has a "PATENT PENDING" contact form, (since when running VMs over Tor was a patent?) that should raise more questions about who is actually behind it. Are you really looking for free cheese? I am sure the business model is the same as dyncheck.com, a blackhat runtime checking service. At least such "honeypots" could mask themselves better. And I stand behind every word and welcome any representative of the above service(s) to address any of my comments here on in private. Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Not connected, Your IP: 3.19.31.73 Not connected, Your IP: 3.19.31.73
Online: 22071 users - 236250 Mbit/s total BW
