Jump to content
Not connected, Your IP: 3.92.96.247
Sign in to follow this  
user412f3ew

How private/anonymous are you using Paypal with AirVPN?

Recommended Posts

I'm considering using AirVPN, but I'm curious if using Paypal defeats the whole purpose of using this service, or if there are any other negative aspects about it.

 

If I pay using Paypal, in my real name, with my own credit card, then someone could look up that I have an account on AirVPN. But how would that person be able to determine my account on AirVPN? How does AirVPN provide the login credentials for the account? I'm assuming by e-mail? So if I use a secure e-mail account, such as Tormail over Tor, then why is there any problem for my security in paying with Paypal in the first place? I.e. given that I don't care that someone can figure out that I do have this account on AirVPN?

 

How would someone go about linking my AirVPN account to my real IP, or my real name, simply because I have used Paypal? Is Paypal secure enough for most users? Why would someone need more security?

Share this post


Link to post

Paypal defeats the whole purpose of using this service

 

Exactly. Doesn't matter if you don't have your name or any other identifying info here. An adversary can easily find out your ISP and your real IP address, all the while knowing exactly which VPN you're using. Then they can even find out which VPN IP address you're using by monitoring your line. So while your packets may be encrypted to the VPN, your anonymity is completely lost.

 

Bottom line: Don't.

Share this post


Link to post

...

Is Paypal secure enough for most users? Why would someone need more security?

 

 

Paypal defeats the whole purpose of using this service

 

Exactly. Doesn't matter if you don't have your name or any other identifying info here. An adversary can easily find out your ISP and your real IP address, all the while knowing exactly which VPN you're using. Then they can even find out which VPN IP address you're using by monitoring your line. So while your packets may be encrypted to the VPN, your anonymity is completely lost.

 

Bottom line: Don't.

 

 

I just use Paypal.

 

I don't believe that any "adversary" that would be interested in me would ever be in a position to do these things. All I am trying to do is avoid getting letters from my ISP at this point. I don't think that the NSA really cares about MPAA or RIAA.

 

Plus, I bet that most people using AirVPN are accessing services in a way that could easily be used to identify them, and figure out what AirVPN server they are using, and do correlations to locate them. I suspect many people are in fact using geo-restricted services in other countries that they have paid for in ways that can be traced to them. You would have to be extremely careful in your use of AirVPN in order to truly be secure.

 

Technology alone will not protect anyone if we end up living in a police state. In fact, in a police state generating no IP traffic other than encrypted traffic could easily draw attention to you. In fact generating any encrypted traffic probably would. Encrypted traffic would have to masquerade so as to look like normal traffic. And it would probably be best if critical traffic requiring such stealth was in amongst a lot of truly normal traffic.

 

I doubt that many of us using this service would really be up to exercising the discipline necessary in such circumstances.

Share this post


Link to post

Hello,

a payment made with PayPal or credit card shows that you paid to AirVPN for a subscription, but it does not say anything about HOW of even IF you used the service. As Baraka says, many additional steps would be necessary to make relevant correlations, which would be in the ability of a very powerful adversary. If you think you must face such an adversary. you should (must) subscribe through BitCoin, even better with BitCoin running behind TOR when performing a transaction.

This is the article we usually link for such a debate (it goes deeper):
https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745

As NaDre suggests, defeating an extraordinarily strong adversary requires extraordinarily strong discipline, but under a technical point of view it's easy to "win" (nowadays).

Luckily encrypted traffic is, at the moment, not a preoccupation in most countries, given the widespread usage of the Internet to perform monetary transactions, VPNs used by almost every small, average and large companies, increasing number of web servers implementing https etc. etc. But it may be actually troublesome in some country. We would not recommend for example to send/receive a significant percentage of encrypted traffic (out of total traffic) in a chinese Internet cafè. In these cases, when important data must be protected and one can't afford to "trigger encryption detection", steganography is a safe solution (and also technically simple, with modern tools), at the price of a certain overhead (which in most cases can be quite remarkable).

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...