Jump to content
Not connected, Your IP: 52.14.209.100
display04

Why Does AirVPN try to uniquely fingerprint my browser/hardware when I view AirVPN website?

Recommended Posts

Posted ... (edited)

When I go to airvpn.org, I get notifications that the site has tried multiple fingerprinting techniques to ID who I am, or at least my unique configuration.

What is the purpose of this? Other VPNs do not do this on their pages, although some do. People who are aware of things like this are already blocking fingerprints, but many aren't aware of this.

This sort of reminds me of Protonmail and ProtonVPN when they have browser fingerprinting during sign up and then promised to not log any IP addresses. These liars ended up getting an environmental activist thrown in prison because they were "forced" to log IPs ("We had to write the code, they literally pushed our fingers onto the keys until the code was written getting an activist thrown in prison!") Even if Protonmail/ProtonVPN logged IPs in order to please their government, they have never explained the need to fingerprint users, which they don't advertise. They are less private than they pretend.

So when I see AirVPN doing the same thing with fingerprinting website visitors, it makes me very uncomfortable. I'm thinking of purchasing a subscription, but this is the only thing holding me back. Yes, they donate to privacy causes and seem legitimate, but then why would they fingerprint users (and not tell them!) when they go to the site if they had no agenda other than privacy?

Edited ... by display04

Share this post


Link to post

Hello!

It's an Invision Power Board feature we don't like as well, but it's used only for your comfort. We do not exploit (if it was even possible) such data to profile you. We are anyway dropping IPB (the procedure is not trivial, we started it months ago but some more time is still needed). Also note that our web site and apps do not use tracking cookies, trackers or anything else and we run scripts to wipe out some IPB caching, just in case it was dangerous. If we had known in 2010 that IPB would have evolved in this way, our initial choice for the community and non-community forum would have probably been different

ProtonMail had a court order to log and transmit the IP address of a specific account, they actually did not do it before they were served the subpoena. It's anyway a mail related issue, not a VPN one, where a subpoena can't indicate an e-mail address (we do not require an e-mail address in account data).

Please note that contrarily to what numerous "competitors" did, in 11 years of activity AirVPN has never disclosed the identity of its customers, not a single one. In any case some skepticism is welcome and we invest very much on Tor (4% of worldwide Tor exit nodes traffic is supported economically by AirVPN), which is free for everyone and offers a very robust layer of anonymity. Use Tor for free in any case and especially if you can't trust us.

Last but not least, the problem you have correctly underlined is negligible when compared to other dangers you must take into account. We wrote an article in 2013 to suggest how to defeat powerful adversaries, even when you can't trust one of your providers (including the VPN). It's an 8 years old article but it's still good and valid:
https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745

Kind regards
 

Share this post


Link to post
1 hour ago, Staff said:

We are anyway dropping IPB (the procedure is not trivial, we started it months ago but some more time is still needed).


So, what might be the next board software? Anything tested so far?

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Posted ... (edited)
14 hours ago, Staff said:

Hello!

It's an Invision Power Board feature we don't like as well, but it's used only for your comfort. We do not exploit (if it was even possible) such data to profile you. We are anyway dropping IPB (the procedure is not trivial, we started it months ago but some more time is still needed). Also note that our web site and apps do not use tracking cookies, trackers or anything else and we run scripts to wipe out some IPB caching, just in case it was dangerous. If we had known in 2010 that IPB would have evolved in this way, our initial choice for the community and non-community forum would have probably been different

ProtonMail had a court order to log and transmit the IP address of a specific account, they actually did not do it before they were served the subpoena. It's anyway a mail related issue, not a VPN one, where a subpoena can't indicate an e-mail address (we do not require an e-mail address in account data).

Please note that contrarily to what numerous "competitors" did, in 11 years of activity AirVPN has never disclosed the identity of its customers, not a single one. In any case some skepticism is welcome and we invest very much on Tor (4% of worldwide Tor exit nodes traffic is supported economically by AirVPN), which is free for everyone and offers a very robust layer of anonymity. Use Tor for free in any case and especially if you can't trust us.

Last but not least, the problem you have correctly underlined is negligible when compared to other dangers you must take into account. We wrote an article in 2013 to suggest how to defeat powerful adversaries, even when you can't trust one of your providers (including the VPN). It's an 8 years old article but it's still good and valid:
https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745

Kind regards
 


So you're asking me to trust you? Cool.

I'll just trust you accidentally installed fingerprinting scripts in your website that you can't avoid while registering.

Also, governments and agencies often run honey pots or information gathering services and do not disclose this fact during prosecutions but simply use the information to further prosecution or prevent activism.

When a government builds a case against someone, where it's an activist protesting against women being denied the right to learn math or some jerk who is trading endangered animals parts, they don't honestly represent where they get their information. In many countries they select the "impartial" referee, who usually is a former prosecutor who spent many years locking people up, and they select the "impartial" jury and throw out anyone who is skeptical of the government in the slightest. Then, the defendant can't present whatever evidence they want but only things the referee (a government worker) says is acceptable information. Then the government provides various information, much of it potentially inaccurate, and a defendant has a limited ability to respond and even if a defendant accuses the government of lying, the jury that was selected by the government is unlikely to believe the government could ever lie. And if the government ever is shown to have lied, it typically doesn't even matter. There are cases where defendants have been in prison for decades and the government now admits they were probably or definitely wrong who stay in prison for years or decades or never get out because the government "procedures" prevent a release. And that's in some of the more "enlightened" countries. The corrupt countries just lock a person up, declare them bad, and declare whatever made up bulls they want.

The fact that there's no proof you've ever given evidence to the government doesn't mean you haven't. You haven't been independently audited. And you're fingerprinting people's hardware. When they register. And asking users to trust you because you've funded tor nodes that also haven't been audited.

So let's say you are a government agency. Here's Cassidy the illegal endagered Condor trader visiting a website so she can trade crushed Condor baby parts to a religious person who thinks they give him special Condor spirit vitality, despite it being illegal. If you are a government agency and provide a "tip" to another agency, they won't use this tip as the basis for the case. They will make up some other basis or find a different basis. They'll give a confidential information a deal if they can get information from Cassidy the Condor trader and this confidential informant will make a bunch of bull up but it won't matter because it provides an independent basis for the case.

I am not saying what you are, but that fingerprinting happens during REGISTRATION with or without the forum being open and funding tor nodes would be a good cover if you are liars.

But fine, I guess I can trust you. After all, at the end of the day, good privacy has to come down to trust, right?

Plus, as you have so clearly declared, the fingerprinting somehow makes me more comfortable. Great. I am much more comfortable due to this. Edited ... by turtle8437

Share this post


Link to post
6 hours ago, turtle8437 said:
The fact that there's no proof you've ever given evidence to the government doesn't mean you haven't. You haven't been independently audited. And you're fingerprinting people's hardware. When they register. And asking users to trust you because you've funded tor nodes that also haven't been audited.

Hello!

Of course, absence of evidence is not evidence of absence, but at least you can't find any proof that any identity of our customers has ever been disclosed, while such cases are notorious for various competitors. While science can't prove that there are no pink donkeys, because scientific inquiry can't bring evidence of absence, the scientific method forces you to bring a proof, specifically at least one pink donkey., to show that they exist. Now, either you bring some proof for your insinuations, or you are just another trolltard.
 
Quote

But fine, I guess I can trust you. After all, at the end of the day, good privacy has to come down to trust, right?


Not at all, or at least "not necessarily",. You can still access our onion web site, or even access our regular web site through Tor, which is a much stronger clue against your fears than any audit can provide because an audit which is paid by the audited can not be trusted. Can you tell us what good the excellent audits performed on ExpressVPN (who hired CIA intelligence agent who worked for UAE government to crack activists and journalists devices) or PIA and CyberGhost (which are owned by an adware and malware specialized Israeli company) brought to customers?
 
Quote

And asking users to trust you because you've funded tor nodes that also haven't been audited.


This shows your ignorance on how Tor works, shame on you. The power of Tor is mainly due to the fact that you don't need an audit of every single Tor relay and that end-to-end encryption has wiped out Tor malicious exit nodes which could intercept your unencrypted communications and take advantage from them even though the exit-node does not know where they come from. Please get informed before you publish such nonsense.

Kind regards
 

Share this post


Link to post
18 hours ago, OpenSourcerer said:
So, what might be the next board software? Anything tested so far?

Hello!

It's a work in progress and some tests have been performed successfully. If possible, but we do not promise it in any way for it's just a distant aim at the moment, we would like to offer a completely customized web site which gets rid of Invision once and for all.

Kind regards
 

Share this post


Link to post
7 hours ago, turtle8437 said:

When a government builds a case against someone, where it's an activist protesting against women being denied the right to learn math or some jerk who is trading endangered animals parts, they don't honestly represent where they get their information. In many countries they select the "impartial" referee, who usually is a former prosecutor who spent many years locking people up, and they select the "impartial" jury and throw out anyone who is skeptical of the government in the slightest. Then, the defendant can't present whatever evidence they want but only things the referee (a government worker) says is acceptable information. Then the government provides various information, much of it potentially inaccurate, and a defendant has a limited ability to respond and even if a defendant accuses the government of lying, the jury that was selected by the government is unlikely to believe the government could ever lie. And if the government ever is shown to have lied, it typically doesn't even matter. There are cases where defendants have been in prison for decades and the government now admits they were probably or definitely wrong who stay in prison for years or decades or never get out because the government "procedures" prevent a release. And that's in some of the more "enlightened" countries. The corrupt countries just lock a person up, declare them bad, and declare whatever made up bulls they want.

The fact that there's no proof you've ever given evidence to the government doesn't mean you haven't. You haven't been independently audited. And you're fingerprinting people's hardware. When they register. And asking users to trust you because you've funded tor nodes that also haven't been audited.

So let's say you are a government agency. Here's Cassidy the illegal endagered Condor trader visiting a website so she can trade crushed Condor baby parts to a religious person who thinks they give him special Condor spirit vitality, despite it being illegal. If you are a government agency and provide a "tip" to another agency, they won't use this tip as the basis for the case. They will make up some other basis or find a different basis. They'll give a confidential information a deal if they can get information from Cassidy the Condor trader and this confidential informant will make a bunch of bull up but it won't matter because it provides an independent basis for the case.

I am not saying what you are, but that fingerprinting happens during REGISTRATION with or without the forum being open and funding tor nodes would be a good cover if you are liars.


Now that… is some next level tinfoil crap. Holy fck. To think such a rant resulted from the IPBoard setting one simple cookie…
 
1 hour ago, Staff said:

we would like to offer a completely customized web site


Probably the best option. Though, it involves coding something of a forum, too, if you want to keep it.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
2 hours ago, OpenSourcerer said:
Probably the best option. Though, it involves coding something of a forum, too, if you want to keep it.

Hi,

that's true. Perhaps the most practical solution is entering a transitional state by leaving some forum dedicated section still to Invision and rewriting (when the license allows it) some critical parts we don't like of those sections, while other important parts and pages will be completely detached from Invision. Then, in a farther future, eliminate the remaining Invision parts one by one.

Kind regards
 

Share this post


Link to post
On 11/26/2021 at 2:39 PM, display04 said:

When I go to airvpn.org, I get notifications that the site has tried multiple fingerprinting techniques to ID who I am, or at least my unique configuration.
So when I see AirVPN doing the same thing with fingerprinting website visitors, it makes me very uncomfortable. I'm thinking of purchasing a subscription, but this is the only thing holding me back.


Hi,
I do share your concerns.
However you do have the option of accessing AirVPN via its onion site. The onion address is http://airvpn.org/
I believe the onion site does not have multiple fingerprinting techniques to ID you (I hope my guess is right.)

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...