Jump to content
Not connected, Your IP: 3.238.107.166
curhen57

VPN Common Myths - Let's discuss this

Recommended Posts

Hello.

Today, I stumbled across this interesting video hosted by Techlore and The Hated One. I watched some of Techlore's videos before and I enjoy the use of AirVPN (I used to use PIA and NordVPN - until I learned of NordVPN's data mining practises).

I thought I would share this video, get you to watch it so we can talk about the points it brings up.
How VPN providers use common myths to trick you into using them
Please watch and listen to this!


I am aware that my browsing traffic and real IP addressgets routed through a server and can potentially be monitored by my VPN provider, whether they claim to have a no-logs policy or not. And I definitely know VPN's don't prevent social media from tracking you - that's what add-ons like uBlock Origin and uMatrix and, of course, not using social media is for.

Third-parties like governments, companies and hackers can use correlation attacks to track you (i.e. compare when I access a website to when I access the VPN server) along with other techniques to identify you, in spite of your VPN, like fingerprinting. Basically, completely anonymity with a VPN is impossible - even if you make an account with a temporary email address and pay for it with cryptocurrency if you're not careful how you browse the web.

What caught my attention is that while VPN providers claim you can combine their VPN with Tor for improved security and anonymity (hiding the fact you are using Tor from your ISP, for instance), using Tor bridges effectively do that as well. Plus using a VPN with Tor would basically help third parties correlate your browsing traffic to your VPN's IP address.

There are other interesting points that bear discussion such as web traffic being decrypted once leaving a VPN server (Is even AirVPN lying about encrypting our web traffic?) and such.

So what are anyone's thoughts on this?
 

Share this post


Link to post
@curhen57

Hello!

Combining Tor over OpenVPN provides you with remarkable benefits. Some examples:
  • you tunnel efficiently UDP, which Tor alone can't handle
  • you tunnel at least over the VPN any system process with high privileges binding without your knowledge
  • you hide your Tor traffic to your ISP and government (really relevant but only in some countries)
  • you exit from the VPN server to enter a Tor circuit (Tor circuits are re-built normally, the fixed circuit problem is relevant in OpenVPN over Tor)
  • you can split traffic to balance load, aggregate bandwidth etc.
  • you can use protocols which are not welcome, not recommended, not usable or too sluggish on Tor network (one example on the next point)
  • you can use BitTorrent (and any other software which behaves similarly or relies on STUN) without risking your real IP address is revealed, as it may happen (and it happened) with Tor alone https://blog.torproject.org/bittorrent-over-tor-isnt-good-idea?page=0
Quote

using a VPN with Tor would basically help third parties correlate your browsing traffic to your VPN's IP address.


This is false with Tor over OpenVPN for very obvious reasons (speaking of which, if it was true then the correlation would be absolutely identical and successful with your ISP IP address!).

With OpenVPN over Tor of course you have a fixed circuit because Tor does not change circuit for the same TCP stream and that's an issue to seriously consider. Therefore OpenVPN over Tor may be a starting point to use Tor over itself and establish "dynamic" circuits (a new one for each stream) over a VPN tunnel over a fixed Tor circuit. In this way you have all the advantages given by Tor while our VPN servers do not come to know neither your real IP address nor your real traffic origin and destination (the price to pay is another performance hit). Anyway use it only if you understand perfectly what you are doing, otherwise rely on Tor over OpenVPN and forget about OpenVPN over Tor.
 
Quote

There are other interesting points that bear discussion such as web traffic being decrypted once leaving a VPN server (Is even AirVPN lying about encrypting our web traffic?) and such.


That's the most astonishing thing since sliced bread. 😱 Anyway it is exactly what would happen after a Tor exit node, or after your ISP nearest DSLAM, just to say, if you hadn't end-to-end encryption. The external, first encryption layer of Tor or OpenVPN or your router MUST be wiped out, otherwise how would the final recipient understand your data? By the way HTTP is disappearing so it does not apply much to web traffic. We think that nowadays lack of end-to-end encryption should not be tolerated, and actually we see important steps toward that.

That said, we strongly support Tor (during 2018 and 2019, more than 2.5% of the global worldwide Tor traffic transited through exit-nodes financed by us) and we recommend to use it with and without VPN. Tor network access remains totally free for anyone especially thanks to those people who run at their expenses (money, time, legal issues) Tor exit nodes, just like AirVPN staff does.


Kind regards

Share this post


Link to post

Thank you @Staff

I was just curious to see how AirVPN measures against the points raised in the video, given that it is never directly mentioned. Still, I would be interested to further discuss this if anyone else is intrigued by this topic.

One thing that does concern me is that Italy, where AirVPN is based, is part of the Five Eyes.
Each country, if I'm correct, member cannot spy on their own citizens but trade information about them with each other.

NordVPN promised to be outside of the Five Eyes and Fourteen Eyes, something too good to be true but, again, is guilty of data mining its customers and have recently had its servers hacked into with secret keys stolen, as far as I'm aware.

I switched to AirVPN because of its open source nature and better customer satisfaction but, just for the sake of refreshing my memory and assuring other prospective users, what makes AirVPN safer for users from government spying in spite of it being based in a Five Eyes member country?

Share this post


Link to post
@curhen57

Just a quick preamble to make you notice that Italy is not one of the "Five Eyes countries". However it is one of the Fourteen Eyes country.

It's not very relevant when servers are not based in Italy (but, like any other VPN service, we do operate or own servers even in the USA, the apparent champions of illegal wiretapping!). Remember that, no matter how powerful an entity is, it can't get data that we don't have. So do not enter personal data in your VPN account, pay with anonymous methods (we accept Monero too and without intermediaries!) and so on and so forth.

We guess we are the only VPN service in the world that accepts many different cryptocurrencies without intermediaries. An intermediary can crumble all the privacy and anonymity layer of a cryptocurrency transaction nowadays: most cc payment processors now collect your data and many do not even allow transactions if you don't send them an ID document etc.

The majority of Tor nodes are in the Fourteen Eyes countries too. We have written a lot on how to defeat a powerful adversary (in short: jump to Tor not from your node, but from a VPN server located in a country different than the one you are living in), but of course if you are a specific target the easy way for the powerful adversary is breaking your own system, so that any encryption and all that jazz become irrelevant. It's hilarious (or maybe sad) that a lot of people worry about intelligence data exchange and co-operation while they use routinely and with peace of mind Windows, Mac, Android, iOS or some archaic Linux distribution! :D

About NordVPN mining personal data, we were aware that they implemented several trackers usage in their Android application which collected personal information and sent it out to third parties without your consent in the past, are you aware of anything else about data mining issue with them?

 
Quote

what makes AirVPN safer for users from government spying in spite of it being based in a Five Eyes member country?


AirVPN is the oldest VPN around (between the mainstream ones) operating since 2010 (and at least an AirVPN founder had experience with VPN and Tor since late 90ies).

During these 10 years, can you mention about AirVPN a single case of identity disclosure imputable to AirVPN logging or storing personal information? There are cases for various "no logging" VPNs around, but we challenge you to find one about AirVPN. About local data mining (enforced by many VPN software, unfortunately, what a shame) can you find any line of code in our software (it's open source, so anyone can check), now or in the past, aimed at sending personal information to ourselves or any third party?

Kind regards

 

Share this post


Link to post
13 minutes ago, Staff said:

During these 10 years, can you mention about AirVPN a single case of identity disclosure imputable to AirVPN logging or storing personal information?


To everyone, I'd like to remind that AirVPN did lose one or two servers because of government intervention in the past. One very delicate example was Ukraine somewhere in 2015 during a politically even more delicate time: Euromaidan. The server was seized, but no one lost his or her head for it; AirVPN held its word back then.
 
Quote
About local data mining (enforced by many VPN software, unfortunately, what a shame) can you find any line of code in our software (it's open source, so anyone can check), now or in the past, aimed at sending personal information to ourselves or any third party?

I can also vouch for this a bit – I read some of the code of the AirVPN library and Eddie for PC, even if, in case of Eddie, it's C# which I don't usually work with. Nothing suspicious was seen so far, but truth be told, I was not reading it like a novel. :)

About the whole 5-eyes and 14-eyes thing: I think it's marketing slang. Somehow people get the notion that not being in 14-eyes is a plus while the horrible truth can be as simple as the company deliberately moving their HQ outside 14-eyes while the overlords are still chinese or NSA agents
or something.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...