Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Reputation Activity

  1. Like
    LZ1 reacted to Staff in Guide To Getting Started + Links For Advanced Users   ...
    Please see https://airvpn.org/topic/26209-how-to-manage-client-certificatekey-pairs : "in Eddie, you will need to log your account out and then in again to force Eddie to pick a different key (new or old)". Eddie 2.13.6 or higher is required.
    Kind regards
  2. Like
    LZ1 reacted to VeNoMouS in The dynamic DNS doesn't update the DNS entry anymore   ...
    The AirVPN Staff has resolved the issue.
    Thank you very much! On a few more years with AirVPN!
  3. Like
    LZ1 got a reaction from wickedvapin in AirVPN does not recognize ICANN authority anymore   ...
    Hello !
    AirVPN is just legendary haha!

  4. Like
    LZ1 reacted to Staff in DNS don't match   ...
    Hello and thank you for your patience!

    We are working to solve the problem as soon as possible.
    In the meantime, please simply disable the DNS check from inside Eddie. Select "AirVPN" > "Preferences" > "DNS" and untick "Check Air VPN DNS". Click "Save" and start a new connection. That's all. DNS check is a redundant option so you can keep it disabled safely while we work to fix the issue.
    Side note: you are running an archaic Eddie version (2.11.15). Latest stable version is 2.13.6, you might like to upgrade.
    Kind regards
  5. Like
    LZ1 got a reaction from madrat in Bootstrap Error Notification   ...
    That post belongs in the beta thread, as you're using the beta client. But you mentioned it yourself in that thread already.
    There's no solution yet - at least nothing by Staff. Likely because they're working on the next beta release as we speak and will address it during or after that release .
  6. Like
    LZ1 got a reaction from ZPKZ in Comparison with Witopia   ...
    Welcome to AirVPN!
    We're associated with the question on these boards, so naturally we're susceptible to being biased and so I won't pretend to be impartial, but I'll try to be fair of course.
    I took a browse through what I think to be their site and I think there's a world of difference:    
    No native Linux client and apparently none other, which is FOSS(Free and Open Source Software). Instead, they rely on Network Manager and this is only on Ubuntu-derived systems it seems. Their product is segregated into basic and pro, instead of one-size-fits all.  Which means not all users get access to the same features. The personal one only supplies broken protocols, such as L2TP. They disallow the sharing of an account. So if you set up their product on a router and thus extended use of their product to other people's devices in your home, you would be breaching their ToS. They say you must use WiTopia "reasonably" in their ToS and say it's in their sole discretion to determine what that is. Otherwise they may suspend your account. Their product is subject to US export controls(!) and so you may not use it in certain countries such as Iran, Cuba, Sudan, Syria and others. Which is otherwise where human-rights activists need it most. They use Google Analytics on their website, while thinking that in their privacy policy, that an opt-out plugin is the solution for it, instead of just not using Google in the first place. They accept DMCA claims. It's seemingly not possible to setup their product on your own router, so you must buy one of their pre-configured routers. Which is an issue for many reasons, if this is accurate. "Full Support for openVPN SSL, L2TP/IPsec, Cisco IPsec, PPTP, and 4D Stealth™" I thought they were joking with 4D Stealth, but they repeat it on their purchasing page, so... Stating they're a "We’re a pure privacy and security service provider with nothing to compromise that standard." And yet they use Google. But also if not, that's a tall claim, which has little real meaning. Their client appears to use Google maps for its server lists. Their clients "Low Profile Mode" makes little sense to me: "For those of you who truly want to be off the grid. Low Profile Mode disables the client’s location detection features as well as updates. We don’t recommend this as it lessens the functionality and experience in our opinion, but we thought we’d provide the option just the same." They only offer AES-256 at certain locations. If you want the maximum out of their product, like access to the OpenVPN protocol, you must buy at least a 6 month subscription. While their "basic" lineup makes a monthly subscription lineup possible. There's only 2 payment methods. Credit Card or Paypal. No cryptocurrencies. They self-certify the EU-US safe-harbor agreement. Including in their privacy policy. But that agreement died in 2015 thanks to a lawsuit and the link on their checkout page is dead anyway. Even their link on their privacy policy page to their own certification is dead. SSL labs couldn't connect to witopia.net to make an assessment and the same is true for hpersonalvpn.com/ (the part of witopia which doesn't deal with secure email). Their latest reviews, which they show on their frontpage, are from 2011. While their newest testimonials are from 2008 and 2007(!). They don't support custom router configurations and it seems most would need to buy routers from witopia, for it to be fully supported.  In their comparison chart, the Encryption field is blank for the non-Pro subscription. So what does that mean, that there's no encryption for L2TP/PPTP/IPSEC? There's a clear attempt to upsell. Their client doesn't appear to be supply any kind of killswitch or similar additional security. As such, their only fix for WebRTC leaks was to tell users to install addons or change about:config. If their blog is any indication, they last deployed a server in 2013/2014. But they're using an image overlaid with their own logo, of serverracks belonging to none other than Facebook. They don't seem to do remote port-forwarding. They don't do free trials due to scammers and spammers that "that dirty up our network and IP address space"(?). So they ask you to trust them to honor their 30-day money back guarantee. No DNS micro-routing by the looks of it. No talk of support for IPv6 anywhere. No apparent live stats on their infrastructure, how its doing, how other users are performing or anything. Their "Quick Connect" client feature suggests the client knows your location and can't function if it doesn't(!). One can wonder if this location is then shared with 3rd parties. They also assume proximity = better connection. Mirroring the prior bullets point by point, Air by contrast:
    Native Linux client and it's all FOSS. While using Air through Network Manager is possible, but not recommended. Air has no tiered usage. So all premium users get the same things and only OpenVPN is supported. Air is fine with account sharing I think. Certainly no limitation if done through a router. Air accepts any degree of usage, so you can download as much as you want. Only free trials may see a limit of some sort. Air is not subject to any controls. Certainly not US export controls. Air uses no 3rd party tracking on the site. Only internal analytics, using Piwik (Now Matomo). So both the analytics and support is on a closed-loop. Air rejects DMCA claims flat out. It's easily possible to use Air with a router. Indeed many do, with custom firewalling and other hardware too, to get the best performance. Air doesn't use words like "Stealth", because the only thing stealth features hide, is what they actually do. There's no need either, as there's SSL, SSH and Tor. Air tries to avoid overselling. Air doesn't use any Google maps in their client or similar notorious companies. Air has no "low-profile mode" because it's not needed. Network Lock does the job and well. Air uses the same high encryption across the board and the website is equally good too. All users get the same protocols and you can also buy a subscription which only lasts 3 days. Air supports many payment methods, including a whole host of cryptocurrencies. Including, recently, without any middle men. So it's possible to use Air completely anonymously if done right. Air is in Europe and therefore subscribes to a lot of European law already, with no need for anything export-related. Airs site gets A+ ratings on SSL labs. Air has recurring reviews in all sorts of places. If not from this year, then the last and without any affiliate marketing. As well as an active forum and announcement section. Air doesn't sell any hardware or email related stuff, but supports router configurations and many mobile ones too. Air has an entire page almost entirely dedicated to encryption alone. Air has Network Lock in its client, which helps as a killswitch on 3 different platforms and for that reason and others, Air didn't find the WebRTC debacle to be an issue. Air is really careful with where it sets up a server, announces new locations frequently and doesn't use images. Certainly not ones from the inside of a Facebook datacenter . Air has remote port-forwarding. Which helps with many applications - not least torrenting, which Air supports fully. Air has free trials. Especially on the basis of human rights-related activity. Air has micro-routing, which is useful for getting access to different online content, regardless of location. So unlike Witopia, you don't need to connect to UK to access UK content. Full IPv6 being implemented. Pretty much as open as can be, on infrastructure, with information on every server and its performance. Airs Eddie client doesn't need to know your location (and doesn't) to connect to somewhere automatically, as it simply calculates the best route based on different metrics each time. Actual performance, customer service quality and general trustworthiness I can't really say anything about. I've made the comparisons I care to make, that one can see from a website. There's always lots of technical details one could compare too, such as if there's entry and exit IPs, if Perfect Forward Secrecy is supported, key sizes, cipher suites, APIs and so on. But it's meaningless to most people.
    Some drawbacks for Air is the lack of an Air client on mobile, despite of course being able to use other clients, but Staff seem to be playing with the idea of releasing one sometime in the future. Other drawbacks could include only supporting one protocol and not supplying the famed 24/7 support. Being too technical has also been a criticism; which I then tried to help, by making the guide you can see in my signature. I can't think of much else that Air is really missing.
    I also want to point out:
    Faster support doesn't necessarily mean it's better. The techs you get in contact with aren't necessarily that knowledgeable. Being able to connect to more locations, doesn't necessarily mean all those locations are real, bare-metal ones. I actually doubt they are,for Witopia. (How can they not be allowed to export to Iran/Syria etc. but have Russian servers?) The privacy policies between the two pretty much couldn't be more different. Here's Witopia's and here's Airs. One is general. The other is specific.  
    But since you're still with Witopia, could you ask their support what their 4D Stealth technology is all about? It would be interesting if they supply any details.
  7. Like
    LZ1 got a reaction from crazyjoe in Please remove more german servers   ...
    This is Airs policy regarding placement.
    So it's therefore not based on how many users there are. But German servers are not full and it's misleading to say so. As of now, not 1 has reached even 50% load.
    But I completely agree that we should consider naming it Germoney on April 1st or something.
    Don't write in full caps. Please supply logs, in your own thread, instead of hijacking this one. If you don't know how or where, then do refer to the link in my signature, thank you. Wild guess: You're using Eddie, so go to Eddie's Menu>Preferences>DNS>Uncheck "Check Air DNS" and Preferences>Advanced>Uncheck "Check if Air tunnel works". Hit save. Re-connect. If you want official Air support, this is where to get it.
  8. Like
    LZ1 got a reaction from Adzkii in cloudflare   ...
    If you trust the comments, it's not a particularly good thing. To me it seems hyped. Somewhere along the line, it's probably also trying to capitalize on the recent data breaches/scandals.
  9. Like
    LZ1 reacted to User26401 in Remote viewing a security/wildlive cam behind AirVPN.   ...
    Solved (well the networking side) this myself, posted here in case it helps other people or you land here from a search.
    1) Grab the port number(s) you want and a ddns name so you can access it by name not IP (also if you change vpn server) let's say 12345 and mycamera1
    2) Your camera has an internal IP of and listens on port 80
    3) On Tomato, VPN is tun11, check this is enabled for forwarding by running this command, it should return 1:
    cat /proc/sys/net/ipv4/conf/tun11/forwarding if not you need to enable by typing
    echo '1' | sudo tee /proc/sys/net/ipv4/conf/tun11/forwarding  
    4) Put these in your routers Settings/Administration/Scripts/Firewall (first one was already there, is a killswitch)
    iptables -I FORWARD -i br0 -o `nvram get wan_iface` -j DROP iptables -I FORWARD -i tun11 -p udp -d --dport 80 -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 12345 -j DNAT --to-destination iptables -t nat -I PREROUTING -i tun11 -p udp --dport 12345 -j DNAT --to-destination You can now acess it from a browser here
    If you have more than one camera, then you just grab extra port numbers (12346, 12347, ...) and ddns (mycamera2, mycamera3, .. ) and forward to each internal I.P. (,, .. ) all can listen on port 80.
  10. Like
    LZ1 reacted to Clodo in Network Lock failure, Eddie 2.13.6   ...
    Confirmed bug. Eddie have some issue on network \\ path. Copy to local disk, or map the network path on a disk letter, or wait a new release that fix this issue.
    Thanks for the report.
  11. Like
    LZ1 got a reaction from 56Kmodem in no latency value for servers   ...
    There's a Staff answer on the same issue here.
    And something related here.
  12. Like
    LZ1 got a reaction from Weasel in Can google still see my activity?   ...
    I don't know which article you read, but it sounds a lot like a recent FUD article that Staff/Paolo recently rebutted.
    Air changes your IP, so Google sees things coming from an Air IP, not yours. So in those terms, you're hidden. It's not really important that Google can see what is being done on their own products, but whether you can be uniquely identified or not. Which you can be to an extent, if you don't take the precautions you mentioned - including other ones, such as using some quality addons which block all manner of ads, trackers, scripts and whatnot.
    FYI, there's no WebRTC leak if you use Network Lock. It was quite a hyped problem, but mainly affected Airs competitors, but not Air itself.
    I assume you mean your ISP. In which case it's correct that Air hides what you're doing, from your ISP. Especially so, as Air also supplies their own DNS, so that your queries aren't being sent to your ISP DNS. But the ISP can still see that you're using a product like Air, unless you take additional steps such as using a second VPN or protocols like SSH and SSL, which Eddie supplies.
    But you know, there's a fairly straightforward answer if this bothers you: don't use Google . There's many other search engines you could use instead.
    Besides all that, there's plenty other things you could do.
  13. Like
    LZ1 reacted to NaDre in Multiple Connections from one machine?   ...
    See the second half of this post:
     I find this to be much less effort than using namespaces/cgroups or container software built on these. Overkill.
    You could do without the "redirect-gateway", "route ..." and "...buf .." stuff. In fact if you want to have two connections you should drop that stuff. So long as the addresses that are used on each interface are different, there should be no conflict since each interface has its own routing table. So just this:

    script-security 2 up ./common/up.sh route-nopullAnd you could use "--config ..." on the command command-line (you can have a second one) to do the include for the extra commands, if you do not want to edit the files from AirVPN. 
    You have to bind each program that is to use a VPN connection to the address of the VPN interface. The script to start the program could retrieve the address from the output of "ip rule list table 10001".
    You mentioned "custom routing" in your OP. If you mean that you intend to add routes so that an interface is chosen based on destination, this can be very hard to make work if the destination has multiple addresses and varies its DNS response depending on circumstances, such as for a content provider like Netflix.
    Firefox does not allow you to bind to an interface. But you can install SQUID (an HTTP proxy) which will let you bind to an interface, and even specify what DNS to use. Then set up a separate Firefox profile that uses SQUID.
  14. Like
    LZ1 reacted to n7of9 in Help with port forwarding   ...
    Old thread, but still relevant.  I'd like to add something in case anyone in future finds it helpful.  
    If you are on Windows 10, have tried all of the above, have bound your connection in qbittorrent to the AirVPN connection, but are still unconnectable to your tracker/canyouseeme, and the TCP Test in AirVPN Client Area is not green, you have 1 more step to take
    Open the Windows Defender Security Area  Select "Firewall & Network Protection" Select "Allow an app through the firewall" Select "qbittorrent" Select "Change Settings" and make sure both Private and PUBLIC are selected (by default, the AirVPN network is created as a Public Network)  
    Run your tests again, all should work 
  15. Like
    LZ1 got a reaction from Weasel in Can google still see my activity?   ...
    I don't know which article you read, but it sounds a lot like a recent FUD article that Staff/Paolo recently rebutted.
    Air changes your IP, so Google sees things coming from an Air IP, not yours. So in those terms, you're hidden. It's not really important that Google can see what is being done on their own products, but whether you can be uniquely identified or not. Which you can be to an extent, if you don't take the precautions you mentioned - including other ones, such as using some quality addons which block all manner of ads, trackers, scripts and whatnot.
    FYI, there's no WebRTC leak if you use Network Lock. It was quite a hyped problem, but mainly affected Airs competitors, but not Air itself.
    I assume you mean your ISP. In which case it's correct that Air hides what you're doing, from your ISP. Especially so, as Air also supplies their own DNS, so that your queries aren't being sent to your ISP DNS. But the ISP can still see that you're using a product like Air, unless you take additional steps such as using a second VPN or protocols like SSH and SSL, which Eddie supplies.
    But you know, there's a fairly straightforward answer if this bothers you: don't use Google . There's many other search engines you could use instead.
    Besides all that, there's plenty other things you could do.
  16. Like
    LZ1 got a reaction from paccap in Slow torrent speeds   ...
    It's quite possible they're throttling. It's possible to tweak traffic shaping to only happen in certain conditions; hence one possible reason why you initially had good regular speeds, but then had issues with torrenting. It's bad practice, but some ISPs do it. Here's some supporting information on SSL and SSH as well, if you're technically inclined. I'm glad it worked anyway - enjoy yourself & welcome to AirVPN  !
  17. Like
    LZ1 reacted to Staff in accessibility for blind users: can't reach the "servers" and "country" menus anymore   ...
    We will put this issue on the table of the lead Eddie programmer with high priority. At the moment there are no hotkeys to select the buttons you mentioned and we will seek for a solution that can be quickly implemented, if possible even in the next release which is imminent.
    Kind regards
  18. Like
    LZ1 got a reaction from Staff in Connection problem   ...
    Thank you.
    When I downloaded the Beta client 2.14.2 on Windows 8, I also started getting this error:
    What worked was turning off Network Lock and reconnecting. I couldn't find any other solution to it. You may want to post in the Beta client thread about that error, so it gets addressed.
    Update: Go to your device manager, find the TAP adapter and click uninstall. Including any drivers when the prompt shows a tickbox. Then, while Network Lock is enabled, connect to a location. Then Eddie will install the tunnel driver for you . Works for me.
    I was getting this too. Please go to Control Panel>Network & Internet>Network & Sharing Center>Change Adapter Settings>TAP Adapter Properties>Configure>Advanced>Media Status>Set to Always Connected>Click OK. If there's then further issues with this, a quick fix is to disable and re-enable the TAP adapter.
    You may be able to remedy this by going to Eddies menu>Preferences>Advanced>Microsoft Only>Disable IPv6 at OS level.
    By the way @Staff if you're reading, do you think it would be good to install TAP utilities by default in the future?
    At one point the logs stated that we "Should be able to go to Start>All Programs>Utilities>TAP Windows>Add new TAP adapter" and do stuff. But for me at least, it wasn't possible to find any "Utilities" or TAP stuff in Windows, until I went into Eddie's download folder and installed "TAP utilities" during the installation process. After that, Windows immediately found TAP-related stuff.
  19. Like
    LZ1 got a reaction from Flx in Utorrent with CyberGhost popup offer(s)   ...
    The fix is to not use ad-infested "shareware freemium junk" as a wise man once said, but only FOSS software. So please consider switching to something such as qBittorent.
    Guides on configuring it can likewise be found in the link in my signature.
  20. Like
    LZ1 got a reaction from paccap in Slow torrent speeds   ...
    Thank you for the detailed response. Yes that's asymmetric. Did you try changing the protocols?
    Remember to re-connect to a location, after making a protocol change, for it to take effect.
    Also, is this a wired or wireless connection?
  21. Like
    LZ1 got a reaction from H8SOCIETY in Eddie 2.14beta released   ...
    Staff did mention making the auto-selection more intelligent in the future, but I can't find the post for you at this moment sorry.  Otherwise there's the usual FAQ on how Eddie selects. I don't think setting the scoring rule to speed makes any difference, as that's only for how things are ordered in the list.
  22. Like
    LZ1 reacted to jsand in Minecraft Authentication Failure   ...
    Whitelist the authserver at authserver.mojang.com & their VPN checker at mcoapi.minecraft.net and you can login. The rest of the game traffic will be through VPN. Enjoy!
    NB: Do not nslookup either hostname and use the IP you find as you will notice when (if) you switch servers, the IP will change. This is because they employ a geographic load balancer on their APIs.
  23. Like
    LZ1 reacted to Staff in Rebuttal of article "Don't use VPN services."   ...
    DISCLAIMER: this post has been written by an AirVPN co-founder (Paolo) and merges the information and the points of view elaborated by the Air founders in more than seven years. Other Air VPN staff members might add additional comments in the future.
    We have been asked via Twitter to reply to the following post:
    We see that the issues raised by the aforementioned article may be of general interest, so we have decided to post a detailed rebuttal here, meant to fix the remarkable amount of technical misunderstandings and errors which have led the writer to astonishingly wrong conclusions and worrying generalizations.
    The rebuttal is based on AirVPN only; we can not and we do not want to write in the name of any other service, since most of the considerations you will read here may or may not (and sometimes we know that they will not) apply to other "VPN services". Anyway, it is our right to reply as if the writer were talking about us too, because he/she repeatedly claims that ALL VPN services act in the same way.

    A "VPN in this sense" is NOT a proxy. Our service encrypts and tunnels all of the client system TCP and UDP traffic to and from the VPN server. Moreover, our service, when used with our free and open source software, also makes additional steps to prevent traffic leaks outside the VPN tunnel.
    A proxy tunnels (and not necessarily encrypts) only TCP traffic (proxies can not support UDP), and only the traffic of those applications which are configured to connect to a proxy. UDP traffic, system traffic and traffic of applications which may be started by the system and that you failed to configure (or that you can't even configure in Windows, in some cases) are not necessarily tunneled to the proxy. Not even your system DNS queries are necessarily tunneled over the proxy.

    If we were really interested in logging our clients traffic, we would not allow connections to and from Tor, proxies and other VPNs. We have always made very clear how to bypass the problem of "trust us" when you can't really afford to do that, and our answer has always been "partition of trust".  Please see for example our post dated March 2012 (!) about it:

    There's more. We work under a legal framework where the safe harbors for the mere conduits are very rigidly and clearly defined (specifically, by the 2000/31/EC, the E-Commerce Directive, articles 12, 13, 14 and 15).
    The liability exemption for the mere conduit status would not exist if we were not mere conduits. If we inspected traffic and/or modified traffic (e.g. through content injection) and/or selected source and destination of the communications, we would not be mere conduits and we would lose the legal protection on liability exemptions.

    We have also two decisions of the Court of Justice of the European Union which clearly define indiscriminate data retention as infringing the fundamental rights of the citizens of the EU:
    under a legal point of view, logging and/or monitoring and/or inspecting and/or modifying the content of our customers traffic without the customers explicit and written consent would be a criminal infringement, also subject to civil prosecution by the customers themselves under a business point of view, that would be simply suicidal (more on this later)  
    It is enigmatic how the writer can make such claims.
    We charge less than 10 USD per month for our services and we can pay a whole legal firm, 250 servers (physical, bare metal servers), the whole staff, including a tiny team of programmers. We also regularly donate money to organizations and projects whose activities are compatible with AirVPN mission.
    We're not here only for the money, but if the writer wants to talk about money, so be it. He/she may rest assured that we have planned seriously a business model which remains robust if not rock solid.
    It is obvious that we must keep our business model solid, because our infrastructure has become large and we have duties toward the people working with us and toward our customers. At the same time we never forget that our customers have transformed into reality the dream to build a rather big project based on and aimed to privacy protection in a time when the whole world was going to the opposite direction. By changing now direction and pointing to a business based on privacy infringements and personal data commerce would not only betray our beliefs and mission and customers, but we would become a goldfish in an ocean of sharks, we could not even think to compete.
    After 7 years, we have the right and knowledge to claim that a privacy protection mission is not incompatible with the price the writer mentions and with a strictly agnostic network where no traffic inspection or monitoring is enforced.
    We can also claim confidently that any business plan based on data protection and privacy infringements not declared in the terms of service would crash dramatically in the short-term in the EU: remember the legal framework we live in and feel free to do your own research on real cases and incidents in the recent past.
    Last but not least, please do your own math and compute the costs to store and "hand a customer traffic data over": they imply costs of losing the mere conduit status, added to the costs of civil lawsuits from that and potentially other tens of thousands customers. Then compare them to the "costs" (in reality benefits) of no monitoring at all added to the peace of mind to strictly act in a legal/lawful way.
    Given all of the above, you can easily discern that the quoted assumption is false for AirVPN. The logical, unavoidable conclusion is that AirVPN best interest, even under a purely cynical, business point of view, is to NOT log (in the most extensive sense of the term) customers traffic and not commerce with their data.
    This is partially, only partially, true. HideMyAss was really risking to go out of serious privacy protection business soon after the incident occurred: check the massive uproar caused by the event. The AVG acquisition, with the disruptive marketing power of AVG, has probably covered the issue, but the old HideMyAss management hurried to sell the whole Privax company. Who knows, maybe just in time, maybe before the value could be hit too seriously by the incident. We can't know for sure, and the writer can't as well. Anyway, if the writer wants to claim that marketing is powerful, we agree (what a discovery!).
    The logical jump from HMA incident to the assumption that every service does what HMA did is long. Do not forget that what HMA did would pose a huge amount of legal problems to us, as explained.
    HideMyAss targeted the same persons who are happily using the new Facebook VPN. We respect the intelligence of our customers and we don't have the arrogance to think that we can change people mind and competence all over the world in a few years (or ever), and we don't even think that we can oppose the marketing power. More importantly, that's a problem pertaining to HideMyAss. It is not only unfair, but even defamatory to surreptitiously imply that the behavior (good or bad) of certain services is the same behavior of any other service, in the same field or not.
    We have been providing AirVPN services since 2011, when we offered the service as a beta version totally free. Now we challenge the writer of the article to provide any single proof that any single user identity has been compromised by us through a betrayal of our terms of service and our mission and/or through traffic logging or inspection and/or by any infringement of the EU legal framework on privacy and personal data protection. 
    False. We provide our users with any tool to never make their "real" IP address appear to our servers. We have also integrated AirVPN over HTTP proxy, AirVPN over SOCKS proxy, and AirVPN over Tor usage in our free and open source software. We don't even block connections from competitor VPN servers. Finally, we accept not only Bitcoin, but Monero and ZCash as well, which are designed to provide a robust anonymity layer on the transactions.
    If you really don't trust us, you can easily make your IP address never visible to our servers.
    This is particularly important even if you trust us, but you can't afford (for the sensitivity of the data you need to transmit, for example) to assume that our servers are not monitored by hostile entities, an event that can happen with ANY service, not only VPN services. The fact that we have made every human effort to provide effective and easily usable protections against such occurrences is a proof of our interest in the protection of our customers privacy.

    This is ambiguous, because we would need the writer to define security scope and context exactly. Is he/she referring to integrity and security of data between your node and our servers? Or security of your system? Surely, our service is not meant as a security tool to protect against virus and spyware, and this is clearly stated at the very beginning of our Terms of Service. AirVPN can't do anything if your system is compromised.
    However, the above does not imply in any way that our service is a glorified proxy. See the reasons we mentioned above and verify how a loose security mention does not change anything. Additionally, while OpenVPN is the core of our service, it is complemented by an important series of features aimed to protect privacy and data in all of those cases which OpenVPN alone has not been designed for.
    Even if you don't run our free and open source software, we and our community have made any effort to provide guides and insights on how to get the most from our service to integrate it in a comprehensive environment aimed to protect your data and identity. We are very grateful to our community for the invaluable contributions throughout the years.
    If we were a "malicious VPN provider", does the writer really think that we would have allowed our forums to become a golden source of information for privacy, identity and data protection? Do you really think that we would have been provided monetary support to TorProject, OpenBSD, European Digital Rights, Tor infrastructure, etc. etc.?

    A part of this has been widely rebutted in our previous reply. Here it will be sufficient to add that even if you don't use end-to-end encryption, even if you don't use Tor on top of an AirVPN connection, a MITM who sniffs the packets in any point between the VPN server and the final destination (including the final destination itself of course) will see those packets coming from the VPN server exit-IP address, NOT from your real IP address and NOT from the entry-IP address of the VPN server you connect to. This is a paramount point which is incompetently (intentionally?) ignored by the writer. It is so important that in some extreme cases it makes the difference between imprisonment and freedom, or even between life and death.
    Imagine the case of a whistleblower giving out relevant information via VoIP or other applications relying on UDP to a self proclaimed journalist who then betrays the confidentiality of the source, or even to a serious journalist who is unaware of the fact that his/her computer is compromised, or that his/her line is wiretapped. The whistleblower can't use a proxy reliably. The journalist, or the wiretapping entity, can trace the source IP address and the identity of the whistleblower can be disclosed (just to make a trivial example which does not require any wiretapping or compromised system, think of Skype exploit, for which any party could discover the IP address of the other party). In most of these cases, end-to-end encryption would have been irrelevant for the whistleblower.
    Whenever the source can't trust the destination integrity, whether the recipient is in good faith or not, our service makes a vital difference.

    True. We have never said or written the contrary. In addition to changing IP address, which is anyway important in spite of the writer claims, further steps are strictly necessary to prevent profiling, from "separation of identities" to script blocking, from browser fingerprint changes to system settings obfuscation. Our community has widely covered this issue and provided precious suggestions.
    Here the writer makes a totally irrational shift: first he/she wants to make you think that our service is just a "glorified proxy", then he/she wants to insinuate that our service is useless because it is not some sort of supernatural system capable to protect users from their own behavior and from every possible tracking system which exploits the user system, not the service.

    The first case is true, and it is very important.
    However, it is totally false that you can safely rely on a proxy for the second case purpose. Many applications, including torrent software, can:
    bind to the physical network interface, or do some dangerous UPnP use UDP (not supported by a proxy) send DNS queries out of the proxy include the assigned "real" IP address inside their layer of communications, example: https://blog.torproject.org/bittorrent-over-tor-isnt-good-idea In the aforementioned cases, correct usage of our service will fulfill the purpose to never disclose your real IP address and/or the UDP traffic and/or the DNS queries. A proxy will not and you can be potentially tracked back, either by copyright trolls or any hostile entity.
    Additionally, our service has many more use cases:
    tunneling UDP traffic (not available with a proxy or Tor) circumventing censorship based on IP addresses block circumventing censorship based on DNS poisoning preventing injection of forged packets (not necessarily available with a proxy even in TCP, and surely not when you need UDP flow integrity) using Tor anyway when Tor usage is blocked or triggers interest of ISP or any hostile entity about you protecting your identity when the final recipient of your communications is compromised (not available with end-to-end encryption alone, and not available with Tor when you need UDP, imagine if you need to stream a video in real time which requires source identity protection) making your services (web sites, torrent clients, FTP servers for example) reachable from the Internet when your ISP does not allow port forwarding (not available with a proxy), without exposing your IP address having a static exit-IP address bypassing various types of traffic shaping tunneling simultaneously the traffic of all the devices in your local network, even with remote port forwarding, and even those which can't run OpenVPN provided that you have a device acting as a gateway to the VPN (typical examples a pfSense box or a DD-WRT / AsusWRT / Merlin / Tomato etc. router or any computer configured to work as a router) and maybe you can see more use cases which we have missed here.
    The fact that the writer omitted all of the above says a lot about his/her competence and/or good faith.

    This is hilarious, and not only because the whole point of the writer's post ends up into advertising LowEndBox.
    We will not insult our readers' intelligence with an explanation of why that is a terrible idea when you seek more privacy and some anonymity layer in your interactions with the Internet.
    Draw your own conclusions.
    Kind regards and datalove
    AirVPN co-founder
  24. Like
    LZ1 got a reaction from Alter94 in Comparisons   ...
    Oh it's not that you can't point out where others go wrong, it just needs to be accurate/truthful and there's plenty where that came from. Otherwise I agree there's 2-3 companies one always sees .
  25. Like
    LZ1 got a reaction from Alter94 in Comparisons   ...
    I'm not one to defend Nord, but we must keep things accurate, including about competitors, as it's potentially defamatory otherwise and that's not permitted on these boards.
    Air says something similar too:
    Airs response to this "military" thing would be:
    Whether or not Nord is aware of the same technicalities I of course can't say. But it's at least worth being aware of the origins of some of this kind of terminology.
  • Create New...