Royee

There are not many sadly check here for more details on the few that remain
 
http://thesimplecomputer.info/free-webmail-for-better-privacy/
 
It would appear picking a email provider inside of US and UK and other english speaking countries is a big no no and under nsa
 
A few european email providers are still around,  I still like hushmail but they have in the past handed over emails to authorities... Riseup is not taking any more people on board and you have to pass there test which some fail and are US based so sooner or later perhaps nsa get them also.
 
European ones seem best,  obviously best to stay a million miles away from google mail, hotmail, yahoo.
 
also check here:
 
https://prism-break.org/
 
has other alternative and more stronger and safer emails,  but these usualy involve much higher security but work more better.

Any encrypted email service that's under U.S. jurisdiction would.

According to arma this is correct (from Tor blog).

"Incorrect, the exploit code itself doesn't get your IP because the kernel functions the code can call only know your network adapter's IP which is pretty useless (i.e. if you're behind a router like most are it's probably a generic 192.168.x.x or similar). The server on their end gets the IP because your router strips the LAN IP and adds its WAN IP to the packet (your "real" IP). However if you're going through a VPN the VPN then strips that and adds its own. So the server would only know the VPN's IP. They would get your MAC address even through the VPN but that's no use to them without also knowing your real IP."

...

The concept of using a Tor hidden email host has been completely destroyed unless you host it yourself. If someone starts a new service there is no way of knowing if NSA or FBI are behind it. If Tor Mail is brought back with all your old accounts you will know it is definitely a honeypot.

According to that article NSA has modifed supercomputers to target specific algorithms. Their priority would be AES. If you decide not to use AES then don't get a CPU that supports AES because it appears to slow down alternatives like Twofish. Twofish is actually faster than AES at 256-bit on most platforms.

http://en.wikipedia.org/wiki/Twofish

http://en.wikipedia.org/wiki/Serpent_%28cipher%29


You can test password strength here.
https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html

No, they're not anywhere close to breaking AES-128, 192 or 256. Look at the date. This is old news. Bruce Schneier has written about it in the past and has said many times that AES will take quite a bit of time to break- on the order of decades, centuries or even longer. AES-192 and 256 are considered good enough for top secret docs in the US. PGP (RSA asymmetric), on the other hand, may be broken over the next 10 or 20 years. THAT is pretty scary!
 
And remember: regardless of the algorithm used, if your passphrase isn't long enough then a sufficiently powerful computer can guess it in a few days or even hours. No need for a such a passphrase for anything but whole disk encryption, PGP and other things where someone can seize your data and try to decrypt it an unlimited amount of times.

Just wanted to say thanks to Baraka for the awesome guide,  I noticed a few other guides around the net but they were more specific for other companies etc and thanks to VPN staff.
 
Gone from throwing a bricked Asus Router in the bin to being able to flick between 2 servers
 
Yes the CA and CERT and what exactly to copy threw me off also,  everything in CA and Key is fine to copy and paste but in the cert,  I forgot to delete the top lines,  so remember all when copying Cert file it should start with -----BEGIN CERTIFICATE----- and end in -----END CERTIFICATE-----,  in fact all 3 boxes should look the same and have begin and end.
 
That is perhaps the only thing I feel the guide could be improved upon,  if there was a 3rd screen cap showing the "keys" part,  and an example of what it looks like with an arrow saying : 
Certificate Authority Box copy and paste all ca.crt contents
Client Certificate box copy and paste user.crt contents (but delete top part so it begins with  -----BEGIN CERTIFICATE----- and ends in -----END CERTIFICATE-----)
Client Key Box copy and paste all user.key contents
 
I can try my dodgy paint shop skills if you want ?
 
Still that part is quite tricky at the beginning,  once its all done and setup its fine.
 
Performance is solid and good,  although I noticed to start and stop a server sometimes it does not work and I have to start and stop again and wait 30 secs then it kicks in.  Still I will not be switching that much and its a minor thing,  perhaps I just have to wait a minute or 2 next time ill try.
 
Other then that very happy and pleased !  and best of all I can confirm the Asus Tomato Router works fine with all types of Broadband be it ADSL or Cable broadband Modems!

Hello,
 
you can generate split files by clicking on "Advanced Mode" and ticking "Separate certs/key from .ovpn files". By default the generator creates .ovpn files embedded with certificates and key.
 
Kind regards

Yes. That's the quickest way. Although it's not too tough to put in another IP if you want to switch servers.
 
 
Choose the advanced options. Then you can specify UDP and the port. UDP is definitely recommended, especially if you want to run Tor over the VPN.
 
 
Please follow the link from the Tomato setup page to my original instructions. The mention of CA and CERT really confused me too when I first got started with VPNs. You really just need one file which contains everything inside it. Then you can text edit it and copy the certificate authority (CA), client certificate (CERT) and client/private key (KEY) directly into your router config. Not too hard, but I don't see any other easier way of doing it. The good thing is once you have them properly copied into your config, you don't need to copy them again because they're not likely to change. Also see this:
 

It doesn't really matter unless you use services that are unique for each location(like youtube). Airvpn's dns servers let you use popular US sites like netflix, hulu from any server that doesn't have to be physically located in the US. For other sites, you can use one of the vpn servers from the same country as the website. Some sites may block particular servers, you can search the forums for them. In this case, you might want to try a different server that isnt blocked.

Hello,
 
under a pure performance point of view, our DNS records are updated in almost-real-time to reflect the best server for each area. The best server is determined according to a formula which keeps into considerations the following parameters: latency from nodes in the same region, available bandwidth, status parameters (such as packet loss). Once the system has performed measurements and calculations, it determines the best server and updates DNS accordingy. For example, america.vpn.airdns.org will resolve to the IP address of the best server in America continent.
 
You can see the best server and many more information (useful also in case you wish to perform a manual pick) in our servers monitor:
 
https://airvpn.org/status
 
where latency is calculated directly from your computer, bandwidth and stats are updated every 60 seconds.
 
Additionally, have a look at the Ping Matrix (updated every 300 seconds):
 
https://airvpn.org/pingmatrix
 
Kind regards

For Ubuntu laptop users, it is convenient to use the NetworkManager applet to connect/disconnect to the VPN-service.

The AirVPN admins may at some point create ready-made packages to download and install that will automatically fix everything (like for Windows users), but until then the following is how to set it all up:

1) Create an AirVPN account. Generate/download the needed key-, certificate- and configuration-files here: https://airvpn.org/index.php?option=com_air&view=access&Itemid=100

2) Save the downloaded zip-file somewhere, say in ~/.airvpn. Unzip it. Four files should be extracted. Try to make sure nobody but you can read the file user.key, because that one is secret.

3) Erase the zip-file. Or at least, make sure only you can read it (since it contains the secret user.key file inside)

4) Install the package named network-manager-openvpn-gnome, which is a plugin to NetworkManager handling OpenVPN connections. The install will automatically include all needed packages, like openvpn etc.

5) To check that openvpn plugin was properly installed in NetworkManager, click on the nm-applet (the NetworkManager icon) => VPN Connections => Configure VPN. In the little window that comes up, click the Add button. Is there an OpenVPN option in the menu? Good. But don't click on it. Just close the windows. This was just a check.

6) Click on the nm-applet (the NetworkManager icon) => VPN Connections => Configure VPN

7) In the little window that comes up, click the Import button.

8) In the file chooser that comes up, find the previously downloaded file air.ovpn (perhaps you stored it in the ~/.airvpn directory?)

9) A new little window comes up. That little sucker is pre-filled with the necessary airvpn-configuration stuff.

10) You should just be able to click the Apply-button -- but wait: We need to double-check something. The AirVPN service uses "LZO data compression" (at the time of this writing at least). We need to check that this option is properly entered in the configuration. Click the Advanced button (down below, to the right). In the little window that comes up, make sure that the check-box next to "Use LZO data compression" is checked. (There seems to be a bug in network-manager-openvpn or something, so that this sometimes does not work automatically). Ok, this should be it. Click OK, Apply, Close etc.

11) Before connecting, you'll have to restart the computer. (Alternatively, you can just start the relevant services on the command line, perhaps like this: sudo service openvpn start)

12) Click the NetworkManager applet. Under VPN-connections, you should now be able to select the VPN-connection named air. After a little while, the applet icon should be decorated with a little padlock. Does it work for you?

Hello!
 
Ok, the results from ipleak.net show no DNS leak at all.
 
Kind regards

If you're using the RT-N16 and ONLY the RT-N16, flash this version: tomato-K26USB-1.28.7502.8MIPSR2Toastman-RT-VPN.trx
 
Otherwise use the latest RT-N build which contains USB, MIPSR2 and VPN in the filename.

Let's try one, last time:

I have Toastman's build of Tomato [v1.28.7500 MIPSR2Toastman-RT K26 VPN] installed on my Asus RT-N16 router. Before signing up for AirVPN's service, I scoured the internet for an FAQ or instruction guide to setting up on a router using Tomato as its firmware. No luck. After playing around with the settings for a couple of hours, I got it right. To help others configure the AirVPN service with this fantastic router/firmware setup, I will now give step-by-step instructions complete with a couple of screenshots.

1. Make sure you triple-check that your version of Tomato supports OpenVPN or you'll be sorry. I strongly recommend Toastman's build of Tomato because of its widespread feature support and stability.

2. Under Basic->Network, configure your 3 static DNS servers. I recommend picking ones from the OpenNIC Project because many of the servers don't keep any logs, which is consistent with this service, plus they would allow your internet service to continue functioning in the event of a government-ordered root DNS server shutdown- http://wiki.opennicproject.org/Tier2
Alternately, as a distant second option, you can go with OpenDNS (not related to OpenNIC), which is the best public DNS service, using 208.67.222.222 and 208.67.220.220 as your servers.

3. Under Basic->Time, make sure that the correct time zone and server is configured.

4. Download the vanilla OpenVPN file of your choosing under "Member Area->Access without our client" after you login to the AirVPN site. Check "Embed keys/certs in .ovpn file" and take note of your port and protocol. After downloading, text edit the file and look for your IP, again noting it (near the top after "remote").

5. For the actual configuration, please see the following two screenshots of the Basic and Advanced OpenVPN Client Configuration:


 


Under Basic, sub in your own correct protocol, IP and port in place of what I have in my own config.

In the Advanced Custom Configuration text box, the options are as follows:

resolv-retry infinite
ns-cert-type server
comp-lzo
verb 3

6. Under Keys, you'll need to again text edit your .ovpn config file and copy the matching keys and certificates to the text boxes in your router config. Everything between <ca></ca> should be copied and pasted into the Certificate Authority box. Everything between <cert></cert> should NOT be copied. Instead, you should just copy the actual certificate which starts with "-----BEGIN CERTIFICATE-----" and finishes with "-----END CERTIFICATE-----". Include both in the Client Certificate text box. Lastly, everything between <key></key> should be copied into the Client Key box. If you have a Static Key box, ignore it and it'll disappear after you save your settings and startup your VPN.

7. Save all settings.

8. Under Status, click Start Now and count for 30 seconds. Then do a traceroute to your favorite website or IP to verify that you're now being routed through AirVPN instead of your ISP's network.

Please write back to let me know that my guide is working for you. After all, I could have gotten something wrong here in my instructions to you. Just one, quick note: I have AirVPN configured on Client 2 because I have another VPN configured on Client 1. (It's awesome that you can actually switch from one VPN to another on-the-fly in Tomato.) I will be fully transitioning to AirVPN over the next few months. Just in case you were wondering.

Hello!
 
Just as a side-note, you don't need to assign a static IP address to your network card to prevent DNS leaks (and in some circumstances it might also create issues if your network is handled by a DHCP server), just set static DNS IP addresses 10.4.0.1 and 10.5.0.1, which are reachable regardless of the Air VPN server port you connect to.
 
Kind regards

I am not a staff member, but I think I can answer this.
 
And Staff/Moderators, if I missed something but you otherwise like my post, feel free to modify it however you wish. 
 
1.) This is complex question, because you don't want to generalize when it comes to security/privacy. 
 
Once you are using a secure protocol (OpenVPN, which AirVPN does) there are 4 main concerns I can think of.
 
Something unrelated to AirVPN could be harming your privacy. You could have a virus/keylogger, your wireless card could be bugged, or there could be a camera in your room. The VPN company itself could give away your data/information. I picked AirVPN for this exact reason. They have the best privacy policy by far of any VPN company I've seen, and I honestly read the entire privacy policy of about 20 companies. The owner knows exactly what he's talking about, and is very tech and legally savvy. (Trust me, I have harassed him with loads of questions via email) You are doing something that is an ECHR violation, (human rights violation) and you get the attention of the government where AirVPN legally resides, forcing an investigation in which you get caught. I highly doubt you are, and very much hope you are not worried about this, because human rights violations are disgusting. They are pretty damn serious, and are for protecting against things like human trafficking, and stuff like that. This is the one you brought up, client problems. Firstly, your VPN connection can drop, and you accidentally send packets from your real IP. On Windows I believe a DNS leak can also happen. You can (and should) set up a firewall to stop both of these, where the firewall only lets through VPN traffic on a very basic level. Programs such as Flash, Java, and other browser plugins can leak information. So can cookies, and Javascript. The problem is, while unconnected to the VPN, you could go to a site such as Google, and Google could set a cookie or Flash variable that marks down your real IP. This could even happen while connected to the VPN, if you say, use your regular email site and they set a cookie. Then, a site you don't want to be tracked on could possibly read in that cookie, Flash variable, JavaScript localStorage variable, etc. and know what your old IP was. This is also fairly preventable. There are better solutions, but I simply have Firefox set up to disable all addons by default, disable Javascript by default, remember no history whatsoever, allow sites to store nothing in localStorage, and only keep cookies until I close the browser. I avoid using sites that know who I am (Gmail) during VPN sessions just in case. If I need to use a plugin (typically Flash) I will clear all of Flash's data (~/.adobe and ~/.macromedia on linux, not sure about Windows) and then enable it only while I need it.  2.) Yes, exit IP's are shared. To quote an AirVPN staff member: "All the exit-IP addresses of our servers are static and shared for additional privacy." Obviously entrance IP's are too, but that doesn't really matter.
 
3.) That seems highly unnecessary. Either way you are trusting the "inner" VPN with your IP and data. A far better idea is to do what AirVPN themselves suggest, and use AirVPN over Tor. I'm a fairly anxious person, and I don't even go this far. I would suggest it for a whistleblower though.
 
https://airvpn.org/tor/
 
4.) Not if you set up a proper packet blocker/firewall like I explained in answer #1. Simply disconnect from the VPN before closing the firewall. As soon as you close the VPN connection, everything should be fine, but if you are really paranoid I suppose you could wait until AirVPN verified that your connection had ended before disabling the firewall.

Good to know guys. I didn't even think about banking stuff, but makes sense. Would it be enough to use an exit server in the same country as I am, even if the server location is fairly far away.

What do people do who have their router setup for VPN? I was thinking to import/export router settings or keep a second router, not blocked, but then I guess I may need a third to act as a splitter? Do I have to worry about hardware bottlenecks with all the splitting? Presumably best to do with ethernet cable?

We all know there are certain sites out there that love to track you. In addition they love to provide you "extra security" by making sure no bad guys get into your account.

I know for example if Gmail sees a foreign IP log into your account, it may think its a bad guy and give you a warning. They do track the timing of these things to so that if you are traveling its smart enough to know that you don't travel between the US and China at the speed of light, but if there's 12 hour diff, you're OK. I've seen this traveling myself.

Is it going to be problematic for someone to use Gmail at home over a AirVPN foreign server and then once they leave home and use Gmail over a cellphone which uses the local carrier? Are there other sites with these kind of smarts that will be problematic to use? Like Facebook? Would love to use my cell over VPN. Does this just protect all the data streams (wifi, 3g, 4g, etc.) and not the voice?

I assume to do so would mean I could have one device my router and then a plus one for each mobile device that leaves that router's presence. Or can I route everything thru the home router somehow?

Hello,
 
about p2p activities: we have never received any communication or request of any kind from legal authorities (neither jurisdictionally competent nor jurisdictionally not competent).
 
From private entities, we have received communications of alleged copyright infringements perpetrated through usage of p2p protocols through some of our servers, but we have never received any request of data disclosure. Until now all of such communications have never been accompanied by any proof, and now and then they referred to servers which were not operational at the time of the alleged infringement, casting serious doubts about the validity of any similar allegation.
 
In case of personal data disclosure requests from private entities, the request would be simply ignored or in extreme cases cause us to report the private entity to competent authorities, because in general complying to such requests, in our jurisdiction, would imply to commit civil and criminal infringements.
 
In every other case, we can't give away information that we do not have.
 
Kind regards

Hello!
 
1. Yes: https://airvpn.org/tomato and https://airvpn.org/ddwrt You can anyway run OpenVPN automatically at your system startup, you don't need to launch it manually.
 
2. Your question is somehow unclear, can you please elaborate and explain what you mean with protection?
 
Kind regards

What a five star support you are guys!!!