airyvnp 0 Posted ... Apologize if this has been asked before but the forum search is kind of twitchy and gives a lot of results. So i thought i may as well ask here. But should be a sticky for thread for these basic questions as laws change and positions of vpns change as well in time. Questions: 1. Since no logs are kept, how do you find people who break your "Terms of service" (the European Convention for Human Rights, people trying to compromise security of airvpn, etc, etc as described by you on terms of service page)? 2. Again, is there any monitoring at all at a level less obvious ? 3. Say, if you are raided. What happens then. The users who are online at that moment might get exposed even though u may not log per se. Quote Share this post Link to post
Staff 10015 Posted ... Apologize if this has been asked before but the forum search is kind of twitchy and gives a lot of results. So i thought i may as well ask here. But should be a sticky for thread for these basic questions as laws change and positions of vpns change as well in time.Questions:1. Since no logs are kept, how do you find people who break your "Terms of service" (the European Convention for Human Rights, people trying to compromise security of airvpn, etc, etc as described by you on terms of service page)?Hello!We can't do that "ex-ante" (just like any true mere conduit of data), but we reserve the right to do that "ex-post". If a competent authority with competent jurisdiction warns us in any way about usage of our systems in order to perform or aid or abet a violation of ECHR (we are particularly sensitive to human trafficking, human exploitation and privacy violations) we will cooperate "ex-post" with the competent authorities.2. Again, is there any monitoring at all at a level less obvious ?No.3. Say, if you are raided. What happens then. The users who are online at that moment might get exposed even though u may not log per se.The real IP addresses of those users who are connected at that moment not over TOR would be exposed. The users who are connected over Air over TOR would not be exposed. You might like to look for "partition of trust" in the forum, the following post may give you useful information:https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745Kind regards 1 azmo reacted to this Quote Share this post Link to post
l33t 2 Posted ... I know this may seem a bit extreme, but do the AirVPN servers have a "kill-switch" that could be used to terminate all active connections in the event of a raid? Quote Share this post Link to post
l33t 2 Posted ... Thanks for the information, but it looks like you took my quote from a separate post that isn't on this Thread. Quote Share this post Link to post
Jinsong 5 Posted ... We can't do that "ex-ante" (just like any true mere conduit of data), but we reserve the right to do that "ex-post". If a competent authority with competent jurisdiction warns us in any way about usage of our systems in order to perform or aid or abet a violation of ECHR (we are particularly sensitive to human trafficking, human exploitation and privacy violations) we will cooperate "ex-post" with the competent authorities. My only concern here would be regarding the criteria you use to identify a "competent" authority, as well as the loosely-defined phrase "warns us in any way" - as opposed to something less ambiguous, preferably something more along the lines of "presents us with a valid warrant/subpoena signed by a judge". The problem is that governmental authorities (in some/most? jurisdictions) are not necessarily obligated to be truthful about their intentions. By publicizing the issues you are "sensitive" to, that gives an open invitation for an adversary to solicit your cooperation under false pretenses. For example, if I'm a Federal agent trying to track down a political whistle-blower, I'm certainly not going to tell you that... instead, I'll say whatever I think is most likely to convince you to cooperate voluntarily. Therefore, I think it would be much safer (from a privacy standpoint) to require a proper and complete legal order before agreeing to assist in *any* investigation, rather than selective cooperation. Having said that, a high-level adversary wouldn't really need AirVPN's cooperation in the first place... they could just show up at the data center with a warrant (maybe even without AirVPN's knowledge) and start sniffing traffic on the VPN server itself. This has actually been done before in some high-profile cases - I believe in Germany and elsewhere. Realistically, the threat of real-time surveillance is not an issue for most regular VPN users; but those who work with highly confidential data may need additional layers of protection (Tor, etc.) as suggested by admin. I also think it would be a good idea for AirVPN to add servers in some less "Western friendly" jurisdictions such as Russia, Ukraine, etc. for those users who need additional protection against this kind of governmental adversary. Quote Share this post Link to post
Staff 10015 Posted ... My only concern here would be regarding the criteria you use to identify a "competent" authority, as well as the loosely-defined phrase "warns us in any way" - as opposed to something less ambiguous, preferably something more along the lines of "presents us with a valid warrant/subpoena signed by a judge". The problem is that governmental authorities (in some/most? jurisdictions) are not necessarily obligated to be truthful about their intentions. By publicizing the issues you are "sensitive" to, that gives an open invitation for an adversary to solicit your cooperation under false pretenses. For example, if I'm a Federal agent trying to track down a political whistle-blower, I'm certainly not going to tell you that... instead, I'll say whatever I think is most likely to convince you to cooperate voluntarily. Therefore, I think it would be much safer (from a privacy standpoint) to require a proper and complete legal order before agreeing to assist in *any* investigation, rather than selective cooperation.Hello!The previous message might have been misunderstood and a clarification is due. A judge with proper jurisdiction who serves us a valid warrant/subpoena is surely a competent authority. A USA federal agent who tells us that [aid to] a violation of human rights is performed via our servers is not, but we reserve the right to investigate further anyway, according to our ToS. In case we decide to investigate, that the results of our investigation will be handed over to him/her is a completely different matter. Being bound to our contract with you and to EU acquis, this will not happen, instead the proper EU authorities can be warned by ourselves, even in order to identify the person committing the act (we can't do that) in the cases reported in our ToS: [aid to] violations of the ECHR or usage of our systems with the aim of copyright enforcement through direct or indirect privacy violations.Kind regards Quote Share this post Link to post
Jinsong 5 Posted ... Thanks for the clarification. I guess it's fair to say that even the best VPNs aren't 100% bulletproof, so one should always play it safe and try (to the best of one's ability) NOT to do anything to attract unwanted attention from a powerful/competent adversary in the first place. Quote Share this post Link to post
Royee 11 Posted ... Could we have some clarifcation on the above please ? I noticed on here, comments below the reviews: http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/ Torora AirVPN will log a user if asked by the court. Was in regards to the human traffic ( ECHR ) Is this comment true ? I read the above and it sounds like AirVPN will NOT give anything logs or information over, obviously no one should ever do something like human traffiking. Quote Share this post Link to post
hashtag 151 Posted ... The real IP addresses of those users who are connected at that moment not over TOR would be exposed. The users who are connected over Air over TOR would not be exposed. There was a case in Germany concerning another VPN provider where the police raided a server. This was in regards to Anonymous carrying out a DoS attack against payment processors in retaliation for the financial blockade of Wikileaks. As far as I know no one was arrested. The admin of that VPN replied that the police obtained only a list of usernames and hashed passwords since the server kept no logs. Would they have got the real IPs of users? Quote Share this post Link to post
B0R3D 3 Posted ... Even if the police did get the real ip's how would they possibly match it to who did what? No one was monitoring the packets. Quote Share this post Link to post
hashtag 151 Posted ... They won't have a record of who was doing what but I assume they would potentially have a list of real IPs of people who were using that server at that point in time. Quote Share this post Link to post
Royee 11 Posted ... That is if the VPN was able to keep and maintain logs of everyone's IPs. As we know with AirVPN under client option our IPS are clearly shown but once disconnected there is no evidence. I guess the whole idea of Tor over Air gives all Air users that comfort knowing not even AirVPN or the client area will get the real isp ip, but the one that Tor network gives out. Quote Share this post Link to post
itsmeprivately 14 Posted ... Since AirVPN does not log, it can never prevent something ex-ante (before the fact). However, if something happens that breaches their terms of service, and the authorities inform AirVPN, HOW CAN THEY COOPERATE ex-post (after the fact)? This is not clear to me. For example, some authorities tell AirVPN that their IP was used for human trafficking. AirVPN does not know who it was (ex-ante). So how to find out ex-post? Will AirVPN then surveill *all* users on *all* AirVPN servers, and *all* their data packets, until they find the black sheep when it strikes again? But would this then not be total surveillance of all user data? I would be happy if AirVPN could clarify how they can cooperate with autorities ex-post without surveilling all user traffic.... Quote Share this post Link to post
Staff 10015 Posted ... @itsmeprivately Hello, it's just a matter of automatic triggers (when they are possible to implement) to be decided on a case by case basis. Kind regards Quote Share this post Link to post
Royee 11 Posted ... Is it not best to assume if anyone is worried the AirVPN servers get raided or we are monitored in any shape or form just to do AirVPN with TOR ? 1 Staff reacted to this Quote Share this post Link to post
retiredpilot 6 Posted ... The issue for folks in my country is that even connecting to TOR raises flags. I don't want my ISP to know I ever used TOR. Connecting to the VPN and then TOR may at times be acceptable, but the reverse is risky even if perfectly legit stuff is done only for privacy. I wish there was an easy way to connect to VPN - >TOR -> VPN without having to launch a VM to do it. The models I have studied make it appear too cumbersome to be enjoyable. About the only option for me is to go to an open wifi area and connect to Air first if I have to use TOR for something. Quote Share this post Link to post
Staff 10015 Posted ... @retiredpilot In your case (TOR usage raising alerts), TOR over OpenVPN might be a perfectly acceptable solution: our servers would come to know your real IP address, but our servers (and therefore any malignant entity that could have the power to fully monitor the server you're connected to) would know nothing about your traffic content, real origin, real destinations and real protocols (assuming that that malignant entity does not control, in addition to the server, even the relevant portions of the TOR network: extremely unlikely anyway). Your country would not see TOR usage from your node. Of course there is a major limitation, you can't use UDP over TOR. Evaluate this possible solution, only you can decide if it's ok or not. Kind regards Quote Share this post Link to post
Staff 10015 Posted ... I know this may seem a bit extreme, but do the AirVPN servers have a "kill-switch" that could be used to terminate all active connections in the event of a raid? Hello, not that it really increases or lowers security in every circumstance, anyway the answer is yes. Kind regards Quote Share this post Link to post
MapI6c 1 Posted ... I think you should make transparency reports about government requests (if there have been any), similar to what twitter, facebook etc have.https://www.facebook.com/about/government_requestshttps://transparency.twitter.com/information-requests/2013/jan-jun 1 Royee reacted to this Quote Share this post Link to post
Staff 10015 Posted ... I think you should make transparency reports about government requests (if there have been any), similar to what twitter, facebook etc have.https://www.facebook.com/about/government_requestshttps://transparency.twitter.com/information-requests/2013/jan-jun Hello! That's a good suggestion. Since the birth of AirVPN in 2010, we have never received any request or interference from any government body or representative. Kind regards 1 Royee reacted to this Quote Share this post Link to post
Royee 11 Posted ... I do like that idea also, that is also rather shocking to see England and US pretty much top of the investigations into crime/offences. Also shows proof England and US are just police states, and its safer and better to live else where Quote Share this post Link to post
retiredpilot 6 Posted ... I think you should make transparency reports about government requests (if there have been any), similar to what twitter, facebook etc have.https://www.facebook.com/about/government_requestshttps://transparency.twitter.com/information-requests/2013/jan-jun Hello! That's a good suggestion. Since the birth of AirVPN in 2010, we have never received any request or interference from any government body or representative. Kind regardsStaff, with 40+ servers running in many countries that is an amazing statement!! I know from other posts (Diadem server, etc...) that you guys must get lots of DMCA letters all the time. I imagine that most here are just privacy seekers, but I/we sometimes worry about the small percentage that really go far over the line on the Air systems. Quote Share this post Link to post
salvialight 0 Posted ... On 8/18/2012 at 5:59 AM, Staff said: Hello! We can't do that "ex-ante" (just like any true mere conduit of data), but we reserve the right to do that "ex-post". If a competent authority with competent jurisdiction warns us in any way about usage of our systems in order to perform or aid or abet a violation of ECHR (we are particularly sensitive to human trafficking, human exploitation and privacy violations) we will cooperate "ex-post" with the competent authorities. No. The real IP addresses of those users who are connected at that moment not over TOR would be exposed. The users who are connected over Air over TOR would not be exposed. You might like to look for "partition of trust" in the forum, the following post may give you useful information: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 Kind regards How do I use air over TOR? Quote Share this post Link to post
OpenSourcerer 1442 Posted ... 17 hours ago, salvialight said: How do I use air over TOR? Please have a look at the Download section. There is an entry for Tor. 1 salvialight reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post