Jump to content


Photo
- - - - -

Important notice about security


  • Please log in to reply
4 replies to this topic

#1 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 6949 posts

Posted 23 September 2011 - 02:52 PM

An "HideMyAss" VPN service user identity has been compromised and as a consequence personal freedom of the customer is now at stake. http://arstechnica.com/tech-policy/news/2011/09/fbi-arrests-lulzsec-member-for-sony-pictures-hack.ars

As a consequence, apparently to defend their activity by saying that they did nothing more than any other provider would have done, HideMyAss released a series of statements which are not correct.

For example, they claimed that "all VPN providers keep logs. When there was a court order issued to them, they WILL release it". On top of that, they released on their website a communiqué which, in our opinion, is harmful to the professional reputation and to the the status of mere conduit of a service provider.

For the aforementioned reasons, we would like to re-assure our users and our customers that nothing like that may happen with AirVPN, for a series of legislative (we are based in the EU, not in the USA, and we don't recognize USA jurisdiction, obviously) and above all technical reasons.

When we built our infrastructure we had in mind access from people who live in freedom of expression extremely hostile areas, where identity disclosure can lead to critical threats to physical safety and to personal freedom. Therefore we have planned solutions designed to give higher security and stronger anonymity layers which can be used by anyone.

These solutions have been designed so that you don't need to have "faith" in what we say (for example, when we say "we don't keep logs", how can you trust us if you're outside activists circles?), but to be inherently secure, regardless of what you think of us and regardless of which pressures we might receive from enforcement or criminal entities.

The key is that we must NOT know who you are (on the other hand, EU law prohibits us to investigate privately about your personal data and real identity, or to monitor your communications).

1) If you don't wish to leave a trail payment, the most secure way is to buy an account via our authorized Bitcoin reseller bitcoincodes.com. We encourage you to use TOR when you buy an account there and use the BitCoin client via TOR, to protect the Bitcoin payment with a layer of anonymity (Bitcoin per se is not really anonymous for transactions).

2) For extremely critical data transfer (whistleblowers, reports on organized crimes, etc.) please consider to use AirVPN over TOR. A simple example: https://airvpn.org/index.php?option=com_content&view=article&id=64&Itemid=122
Please note that it is not TOR over VPN, it's VPN over TOR.

3) If/when you need to communicate with us, always use a secure and safe e-mail account which can't be used to reveal your identity. In this way you can buy an account via Bitcoin or LibertyReserve by directly asking to us.

For some further information, you might be interested in reading this thread: https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=3&id=37

If you live in freedom of expression hostile areas and you can't afford the payment, you can obtain a free access. Feel free to contact us. Some free access coupons are usually available also from the Telecomix cluster (best way to reach them is through their IRC servers).

Kind regards and datalove
AirVPN

#2 HugeHedon

HugeHedon

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 28 September 2011 - 11:06 AM

Rick Falkvinge (founder of the first Pirate Party, the one in Sweden) has an article on this today, and mentions AirVPN:

http://falkvinge.net/2011/09/27/never-trust-a-vpn-provider-that-doesnt-accept-bitcoin/

> I just learned that at least one VPN provider, AirVPN, is now accepting bitcoin, in the wake of the HideMyAss.com scandal

#3 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 6949 posts

Posted 28 September 2011 - 12:11 PM

Thank you @HugeHedon!

There are also some nice articles on the web about the differences between us and HideMyAss.

These two look pretty good:

http://www.itworld.com/security/206429/who-trust-your-secrets-some-vpn-anonymity-providers-sound-noble-others-are-just-icky

https://www.privacyinternational.org/blog/enjoy-internet-freedom-and-anonymity-terms-and-conditions-apply

Kind regards
AirVPN admins

#4 maddin128

maddin128

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 04 March 2012 - 09:46 PM



3) If/when you need to communicate with us, always use a secure and safe e-mail account which can't be used to reveal your identity. In this way you can buy an account via Bitcoin or LibertyReserve by directly asking to us.



Hello Air VPN
I am pretty impressed how you guys from Air VPN take position when it comes to privacy and anonymity. After long internet searches, weighing services against trustworthiness against forum entries etc., you are definitely on the top of the list, when it comes to integrity. A virtue found far to seldom nowadays.
This is why I want to subscribe with you.

Before I can do this, I want to follow your advice in taking a safe and secure email account.

Internet searches produce of course all kinds of results and advice, but I was wondering if you can suggest or recommend any anonymous email provider, which can be considered safe and secure.

Your advice would be highly appreciated.

Kind regards,

maddin128

#5 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 6949 posts

Posted 04 March 2012 - 11:22 PM

Hello!

Thank you for your nice words, they are very much appreciated.

We would prefer that you make your own resarch and form your own opinion. However, we can give you some golden rules.

Never show your mail provider your real IP address. Always connect your POP/IMAP/SMTP client (or your browser, if you prefer to use a web interface for e-mail) through TOR, AirVPN or AirVPN over TOR (last solution is recommended if you send highly sensitive information that, if associated to your identity, can threaten your safety).

The mail provider must provide also an SSL/TLS connection to their servers. Discard providers who don't.

If you keep a copy of your sent and received e-mails, store it in a hidden and encrypted volume (TrueCrypt for example is excellent for this aim). Never mount the volume if not necessary, and never leave the volume mounted if your computer is unattended.

Moreover, don't forget that if you put in the content of your e-mails information that can be exploited to disclose your identity, you might destroy "by yourself" your technical anonymity layer, no matter how good and strong it is. Always assume that there is the chance that the mail provider security system can have a breach or a leak.

Finally, carefully consider to encrypt the e-mail contents with GnuPG. If you do so, generate and use a public key exclusively for that account, never mix keys for different accounts. Doing so might create a vulnerability that could be exploited for correlation purposes.

Obviously, all of the above must be done on an already secured and clean machine. A trivial keylogger could destroy at once all the aforementioned security layers.

Please do not hesitate to contact us for any further information.

Kind regards





Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Users: 16127 - BW: 52658 Mbit/sYour IP: 54.224.197.251Guest Access.