Jump to content
Not connected, Your IP: 3.91.43.22
Sign in to follow this  
Royee

Newbie VPN questions

Recommended Posts

1.  Is VPN really secure,  I was reading how if one was surfing the internet and visited a website with flash or java your real IP is revealed,  not the AirVPN one ?

 

2. Is it true once connected to an AirVPN server,  multiple users share that same IP hence no one can tell who is who ?

 

3. Some people advice to use AirVPN and then tunnel it to another VPN provider giving a vpn tunnel to vpn tunnel,  is this the best way to remain undetected and unmonitored and private ?

 

4. Would it not be easy lets say if I visited a website then disconnected my AirVPN software and shut down my computer,  that few seconds to shutdown I  would reveal my real ISP IP address,  so anyone could look at the logs and simply ID this was the person ?

 

I am just trying to get a better understanding of how VPNs work,  thanks !

 

 

Share this post


Link to post

I am not a staff member, but I think I can answer this.

 

And Staff/Moderators, if I missed something but you otherwise like my post, feel free to modify it however you wish. 

 

1.) This is complex question, because you don't want to generalize when it comes to security/privacy. 

 

Once you are using a secure protocol (OpenVPN, which AirVPN does) there are 4 main concerns I can think of.

 

  1. Something unrelated to AirVPN could be harming your privacy. You could have a virus/keylogger, your wireless card could be bugged, or there could be a camera in your room.
  2. The VPN company itself could give away your data/information. I picked AirVPN for this exact reason. They have the best privacy policy by far of any VPN company I've seen, and I honestly read the entire privacy policy of about 20 companies. The owner knows exactly what he's talking about, and is very tech and legally savvy. (Trust me, I have harassed him with loads of questions via email)
  3. You are doing something that is an ECHR violation, (human rights violation) and you get the attention of the government where AirVPN legally resides, forcing an investigation in which you get caught. I highly doubt you are, and very much hope you are not worried about this, because human rights violations are disgusting. They are pretty damn serious, and are for protecting against things like human trafficking, and stuff like that.
  4. This is the one you brought up, client problems. Firstly, your VPN connection can drop, and you accidentally send packets from your real IP. On Windows I believe a DNS leak can also happen. You can (and should) set up a firewall to stop both of these, where the firewall only lets through VPN traffic on a very basic level. Programs such as Flash, Java, and other browser plugins can leak information. So can cookies, and Javascript. The problem is, while unconnected to the VPN, you could go to a site such as Google, and Google could set a cookie or Flash variable that marks down your real IP. This could even happen while connected to the VPN, if you say, use your regular email site and they set a cookie. Then, a site you don't want to be tracked on could possibly read in that cookie, Flash variable, JavaScript localStorage variable, etc. and know what your old IP was. This is also fairly preventable. There are better solutions, but I simply have Firefox set up to disable all addons by default, disable Javascript by default, remember no history whatsoever, allow sites to store nothing in localStorage, and only keep cookies until I close the browser. I avoid using sites that know who I am (Gmail) during VPN sessions just in case. If I need to use a plugin (typically Flash) I will clear all of Flash's data (~/.adobe and ~/.macromedia on linux, not sure about Windows) and then enable it only while I need it. 

2.) Yes, exit IP's are shared. To quote an AirVPN staff member: "All the exit-IP addresses of our servers are static and shared for additional privacy." Obviously entrance IP's are too, but that doesn't really matter.

 

3.) That seems highly unnecessary. Either way you are trusting the "inner" VPN with your IP and data. A far better idea is to do what AirVPN themselves suggest, and use AirVPN over Tor. I'm a fairly anxious person, and I don't even go this far. I would suggest it for a whistleblower though.

 

https://airvpn.org/tor/

 

4.) Not if you set up a proper packet blocker/firewall like I explained in answer #1. Simply disconnect from the VPN before closing the firewall. As soon as you close the VPN connection, everything should be fine, but if you are really paranoid I suppose you could wait until AirVPN verified that your connection had ended before disabling the firewall.

Share this post


Link to post

Linking VPN1 -> VPN2 would be a great idea to keep yourself more secure incase of a server raid..?

Share this post


Link to post

Thank you very much hotrootsoup for taking the time to answer my questions,  I can certainly believe you harassed Air VPN staff but for the better

 

I am half tempted to get a router with tomato firmware,  and see how that goes.  But I understand it would still be wise to setup firewall rules regardless that way am safe always.

 

And Yes I use chrome and enjoy google account for now so they must have seen my cookies/passwords/bookmarks etc always,  but I can see it is better to use firefox,  it has that lovely option to not save web cache/history option which chrome does not,  you can incongnito mode it but not quite the same.  May need to make 2 versions of firefox,  one with flash enabled and the other with all addons/java/flash disabled for normal surfing ?

 

Still it is gonna be tricky I can't browse without using Adblock plus/many other secure addons !    Do not fancy Tor really so will see.

 

Regarding VPN to VPN tunneling I read it was a good idea from this link :

 

"“If you don’t trust your VPN provider 100%, use two VPNs,” explains Felix from VPNetMon. “This way you are tunneling your already encrypted connection through another tunnel.”

 

https://torrentfreak.com/how-to-make-vpns-even-more-secure-120419/

 

But as you said it maybe overkill to do so....

Share this post


Link to post

Yeah, the no addons thing can be annoying, as I use quite a few of them myself.

 

You can just enable/disable flash in Firefox and then clear local flash data in between "regular" and VPN use. In fact, having 2 Firefox installs I don't think necessarily means 2 flash databases, so be careful.

 

As for tunneling 2 VPN's: 

 

1.) It's a pain in the ass to set up.

 

2.) Downtime on either disrupts you.

 

3.) Twice as many disconnects, or more.

 

4.) Twice the amount of money.

 

5.) Twice as much bandwidth and CPU cost on the encryption. (Or 1/3rd more in the case of an HTTPS site I suppose)

 

Are those downsides worth it? Well, there is an upside.

 

You get an increase in anonymity, but not in privacy. 

 

No matter what, one of the VPN's has to see your unencrypted traffic. This is simply how VPN's works. You send the VPN encrypted traffic, and then they decrypt it and pass it on to the site/server you were connecting to. This would be the change:

 

One VPN:

 

You -> (encrypted traffic) -> VPN -> (decrypted traffic) -> Website/server (Assuming no HTTPS, etc.)

 

Two VPN's:

 

You -> (double encrypted traffic) -> VPN 1 -> (single encrypted traffic) -> VPN 2 -> (decrypted traffic) -> Website/server

 

 

The advantage here is that if VPN 1 is raided, they can not read your traffic. If VPN 2 is raided, they can read your traffic, but as long as VPN 1 doesn't flop on you, they can't tell who sent it. (Assuming you signed up for VPN 2 while using your other VPN, used a burner email address, payed using a bitcoin account not even slightly linked to you (again, while under VPN 1), and have never logged in to VPN 2 without being connected to VPN 1.)

 

Again though, VPN 2 can still read your data, so if you ever send data that identifies you (logins, emails, etc.) VPN 2 will know who you are anyway.

Share this post


Link to post

That is a great complex way and truthful way of looking at it,  I agree still Air VPN sounds the best one out of the lot.... and there no monitoring or logs policy can only be tested,  but considering not one bleep yet shows its the best VPN provider out there currently,  I would imagine if there was one negative comment ever made that would be the end regardless !

Share this post


Link to post

If you use bittorent there is a new client out there called NeoLoader which allows you to tell it which adapter your computer uses as vpn.  If that connection is interrupted or disconnected the bittorent client immediately shuts down.  Its the easiest client to set up in this fashion.  I highly recommend it.

 

My best,

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...