Royee got a reaction from Baraka in Any suggestions for email providers? ...
There are not many sadly check here for more details on the few that remain
It would appear picking a email provider inside of US and UK and other english speaking countries is a big no no and under nsa
A few european email providers are still around, I still like hushmail but they have in the past handed over emails to authorities... Riseup is not taking any more people on board and you have to pass there test which some fail and are US based so sooner or later perhaps nsa get them also.
European ones seem best, obviously best to stay a million miles away from google mail, hotmail, yahoo.
also check here:
has other alternative and more stronger and safer emails, but these usualy involve much higher security but work more better.
Royee reacted to hashtag in Tor exploit by government agencies ...
According to arma this is correct (from Tor blog).
"Incorrect, the exploit code itself doesn't get your IP because the kernel functions the code can call only know your network adapter's IP which is pretty useless (i.e. if you're behind a router like most are it's probably a generic 192.168.x.x or similar). The server on their end gets the IP because your router strips the LAN IP and adds its WAN IP to the packet (your "real" IP). However if you're going through a VPN the VPN then strips that and adds its own. So the server would only know the VPN's IP. They would get your MAC address even through the VPN but that's no use to them without also knowing your real IP."
The concept of using a Tor hidden email host has been completely destroyed unless you host it yourself. If someone starts a new service there is no way of knowing if NSA or FBI are behind it. If Tor Mail is brought back with all your old accounts you will know it is definitely a honeypot.
Royee reacted to hashtag in NSA close to breaking AES encryption? ...
According to that article NSA has modifed supercomputers to target specific algorithms. Their priority would be AES. If you decide not to use AES then don't get a CPU that supports AES because it appears to slow down alternatives like Twofish. Twofish is actually faster than AES at 256-bit on most platforms.
You can test password strength here.
Royee reacted to Baraka in NSA close to breaking AES encryption? ...
No, they're not anywhere close to breaking AES-128, 192 or 256. Look at the date. This is old news. Bruce Schneier has written about it in the past and has said many times that AES will take quite a bit of time to break- on the order of decades, centuries or even longer. AES-192 and 256 are considered good enough for top secret docs in the US. PGP (RSA asymmetric), on the other hand, may be broken over the next 10 or 20 years. THAT is pretty scary!
And remember: regardless of the algorithm used, if your passphrase isn't long enough then a sufficiently powerful computer can guess it in a few days or even hours. No need for a such a passphrase for anything but whole disk encryption, PGP and other things where someone can seize your data and try to decrypt it an unlimited amount of times.
Royee got a reaction from Baraka in AirVPN Tomato configuration step-by-step guide ...
Just wanted to say thanks to Baraka for the awesome guide, I noticed a few other guides around the net but they were more specific for other companies etc and thanks to VPN staff.
Gone from throwing a bricked Asus Router in the bin to being able to flick between 2 servers
Yes the CA and CERT and what exactly to copy threw me off also, everything in CA and Key is fine to copy and paste but in the cert, I forgot to delete the top lines, so remember all when copying Cert file it should start with -----BEGIN CERTIFICATE----- and end in -----END CERTIFICATE-----, in fact all 3 boxes should look the same and have begin and end.
That is perhaps the only thing I feel the guide could be improved upon, if there was a 3rd screen cap showing the "keys" part, and an example of what it looks like with an arrow saying :
Certificate Authority Box copy and paste all ca.crt contents
Client Certificate box copy and paste user.crt contents (but delete top part so it begins with -----BEGIN CERTIFICATE----- and ends in -----END CERTIFICATE-----)
Client Key Box copy and paste all user.key contents
I can try my dodgy paint shop skills if you want ?
Still that part is quite tricky at the beginning, once its all done and setup its fine.
Performance is solid and good, although I noticed to start and stop a server sometimes it does not work and I have to start and stop again and wait 30 secs then it kicks in. Still I will not be switching that much and its a minor thing, perhaps I just have to wait a minute or 2 next time ill try.
Other then that very happy and pleased ! and best of all I can confirm the Asus Tomato Router works fine with all types of Broadband be it ADSL or Cable broadband Modems!
Royee reacted to Baraka in AirVPN Tomato configuration step-by-step guide ...
Yes. That's the quickest way. Although it's not too tough to put in another IP if you want to switch servers.
Choose the advanced options. Then you can specify UDP and the port. UDP is definitely recommended, especially if you want to run Tor over the VPN.
Please follow the link from the Tomato setup page to my original instructions. The mention of CA and CERT really confused me too when I first got started with VPNs. You really just need one file which contains everything inside it. Then you can text edit it and copy the certificate authority (CA), client certificate (CERT) and client/private key (KEY) directly into your router config. Not too hard, but I don't see any other easier way of doing it. The good thing is once you have them properly copied into your config, you don't need to copy them again because they're not likely to change. Also see this:
Royee reacted to B0R3D in Which VPN is best to connect to ? ...
It doesn't really matter unless you use services that are unique for each location(like youtube). Airvpn's dns servers let you use popular US sites like netflix, hulu from any server that doesn't have to be physically located in the US. For other sites, you can use one of the vpn servers from the same country as the website. Some sites may block particular servers, you can search the forums for them. In this case, you might want to try a different server that isnt blocked.
Royee reacted to Staff in Which VPN is best to connect to ? ...
under a pure performance point of view, our DNS records are updated in almost-real-time to reflect the best server for each area. The best server is determined according to a formula which keeps into considerations the following parameters: latency from nodes in the same region, available bandwidth, status parameters (such as packet loss). Once the system has performed measurements and calculations, it determines the best server and updates DNS accordingy. For example, america.vpn.airdns.org will resolve to the IP address of the best server in America continent.
You can see the best server and many more information (useful also in case you wish to perform a manual pick) in our servers monitor:
where latency is calculated directly from your computer, bandwidth and stats are updated every 60 seconds.
Additionally, have a look at the Ping Matrix (updated every 300 seconds):
Royee reacted to HugeHedon in Ubuntu/Linux: How to use NetworkManager for AirVPN ...
For Ubuntu laptop users, it is convenient to use the NetworkManager applet to connect/disconnect to the VPN-service.
The AirVPN admins may at some point create ready-made packages to download and install that will automatically fix everything (like for Windows users), but until then the following is how to set it all up:
1) Create an AirVPN account. Generate/download the needed key-, certificate- and configuration-files here: https://airvpn.org/index.php?option=com_air&view=access&Itemid=100
2) Save the downloaded zip-file somewhere, say in ~/.airvpn. Unzip it. Four files should be extracted. Try to make sure nobody but you can read the file user.key, because that one is secret.
3) Erase the zip-file. Or at least, make sure only you can read it (since it contains the secret user.key file inside)
4) Install the package named network-manager-openvpn-gnome, which is a plugin to NetworkManager handling OpenVPN connections. The install will automatically include all needed packages, like openvpn etc.
5) To check that openvpn plugin was properly installed in NetworkManager, click on the nm-applet (the NetworkManager icon) => VPN Connections => Configure VPN. In the little window that comes up, click the Add button. Is there an OpenVPN option in the menu? Good. But don't click on it. Just close the windows. This was just a check.
6) Click on the nm-applet (the NetworkManager icon) => VPN Connections => Configure VPN
7) In the little window that comes up, click the Import button.
8) In the file chooser that comes up, find the previously downloaded file air.ovpn (perhaps you stored it in the ~/.airvpn directory?)
9) A new little window comes up. That little sucker is pre-filled with the necessary airvpn-configuration stuff.
10) You should just be able to click the Apply-button -- but wait: We need to double-check something. The AirVPN service uses "LZO data compression" (at the time of this writing at least). We need to check that this option is properly entered in the configuration. Click the Advanced button (down below, to the right). In the little window that comes up, make sure that the check-box next to "Use LZO data compression" is checked. (There seems to be a bug in network-manager-openvpn or something, so that this sometimes does not work automatically). Ok, this should be it. Click OK, Apply, Close etc.
11) Before connecting, you'll have to restart the computer. (Alternatively, you can just start the relevant services on the command line, perhaps like this: sudo service openvpn start)
12) Click the NetworkManager applet. Under VPN-connections, you should now be able to select the VPN-connection named air. After a little while, the applet icon should be decorated with a little padlock. Does it work for you?
Royee reacted to Baraka in AirVPN Tomato configuration step-by-step guide ...
Let's try one, last time:
I have Toastman's build of Tomato [v1.28.7500 MIPSR2Toastman-RT K26 VPN] installed on my Asus RT-N16 router. Before signing up for AirVPN's service, I scoured the internet for an FAQ or instruction guide to setting up on a router using Tomato as its firmware. No luck. After playing around with the settings for a couple of hours, I got it right. To help others configure the AirVPN service with this fantastic router/firmware setup, I will now give step-by-step instructions complete with a couple of screenshots.
1. Make sure you triple-check that your version of Tomato supports OpenVPN or you'll be sorry. I strongly recommend Toastman's build of Tomato because of its widespread feature support and stability.
2. Under Basic->Network, configure your 3 static DNS servers. I recommend picking ones from the OpenNIC Project because many of the servers don't keep any logs, which is consistent with this service, plus they would allow your internet service to continue functioning in the event of a government-ordered root DNS server shutdown- http://wiki.opennicproject.org/Tier2
Alternately, as a distant second option, you can go with OpenDNS (not related to OpenNIC), which is the best public DNS service, using 184.108.40.206 and 220.127.116.11 as your servers.
3. Under Basic->Time, make sure that the correct time zone and server is configured.
4. Download the vanilla OpenVPN file of your choosing under "Member Area->Access without our client" after you login to the AirVPN site. Check "Embed keys/certs in .ovpn file" and take note of your port and protocol. After downloading, text edit the file and look for your IP, again noting it (near the top after "remote").
5. For the actual configuration, please see the following two screenshots of the Basic and Advanced OpenVPN Client Configuration:
Under Basic, sub in your own correct protocol, IP and port in place of what I have in my own config.
In the Advanced Custom Configuration text box, the options are as follows:
6. Under Keys, you'll need to again text edit your .ovpn config file and copy the matching keys and certificates to the text boxes in your router config. Everything between <ca></ca> should be copied and pasted into the Certificate Authority box. Everything between <cert></cert> should NOT be copied. Instead, you should just copy the actual certificate which starts with "-----BEGIN CERTIFICATE-----" and finishes with "-----END CERTIFICATE-----". Include both in the Client Certificate text box. Lastly, everything between <key></key> should be copied into the Client Key box. If you have a Static Key box, ignore it and it'll disappear after you save your settings and startup your VPN.
7. Save all settings.
8. Under Status, click Start Now and count for 30 seconds. Then do a traceroute to your favorite website or IP to verify that you're now being routed through AirVPN instead of your ISP's network.
Please write back to let me know that my guide is working for you. After all, I could have gotten something wrong here in my instructions to you. Just one, quick note: I have AirVPN configured on Client 2 because I have another VPN configured on Client 1. (It's awesome that you can actually switch from one VPN to another on-the-fly in Tomato.) I will be fully transitioning to AirVPN over the next few months. Just in case you were wondering.
Royee reacted to Staff in DNS leaks and how to fix them ...
Just as a side-note, you don't need to assign a static IP address to your network card to prevent DNS leaks (and in some circumstances it might also create issues if your network is handled by a DHCP server), just set static DNS IP addresses 10.4.0.1 and 10.5.0.1, which are reachable regardless of the Air VPN server port you connect to.
Royee reacted to Hotrootsoup in Newbie VPN questions ...
I am not a staff member, but I think I can answer this.
And Staff/Moderators, if I missed something but you otherwise like my post, feel free to modify it however you wish.
1.) This is complex question, because you don't want to generalize when it comes to security/privacy.
Once you are using a secure protocol (OpenVPN, which AirVPN does) there are 4 main concerns I can think of.
3.) That seems highly unnecessary. Either way you are trusting the "inner" VPN with your IP and data. A far better idea is to do what AirVPN themselves suggest, and use AirVPN over Tor. I'm a fairly anxious person, and I don't even go this far. I would suggest it for a whistleblower though.
4.) Not if you set up a proper packet blocker/firewall like I explained in answer #1. Simply disconnect from the VPN before closing the firewall. As soon as you close the VPN connection, everything should be fine, but if you are really paranoid I suppose you could wait until AirVPN verified that your connection had ended before disabling the firewall.
Royee reacted to magnumpi in Using foreign VPN servers screwup gmail/Facebook? ...
Good to know guys. I didn't even think about banking stuff, but makes sense. Would it be enough to use an exit server in the same country as I am, even if the server location is fairly far away.
What do people do who have their router setup for VPN? I was thinking to import/export router settings or keep a second router, not blocked, but then I guess I may need a third to act as a splitter? Do I have to worry about hardware bottlenecks with all the splitting? Presumably best to do with ethernet cable?
Royee reacted to magnumpi in Using foreign VPN servers screwup gmail/Facebook? ...
We all know there are certain sites out there that love to track you. In addition they love to provide you "extra security" by making sure no bad guys get into your account.
I know for example if Gmail sees a foreign IP log into your account, it may think its a bad guy and give you a warning. They do track the timing of these things to so that if you are traveling its smart enough to know that you don't travel between the US and China at the speed of light, but if there's 12 hour diff, you're OK. I've seen this traveling myself.
Is it going to be problematic for someone to use Gmail at home over a AirVPN foreign server and then once they leave home and use Gmail over a cellphone which uses the local carrier? Are there other sites with these kind of smarts that will be problematic to use? Like Facebook? Would love to use my cell over VPN. Does this just protect all the data streams (wifi, 3g, 4g, etc.) and not the voice?
I assume to do so would mean I could have one device my router and then a plus one for each mobile device that leaves that router's presence. Or can I route everything thru the home router somehow?
Royee reacted to Staff in Which one is safer? FTP (via VPN), Torrent (via VPN), or Usenet? ...
about p2p activities: we have never received any communication or request of any kind from legal authorities (neither jurisdictionally competent nor jurisdictionally not competent).
From private entities, we have received communications of alleged copyright infringements perpetrated through usage of p2p protocols through some of our servers, but we have never received any request of data disclosure. Until now all of such communications have never been accompanied by any proof, and now and then they referred to servers which were not operational at the time of the alleged infringement, casting serious doubts about the validity of any similar allegation.
In case of personal data disclosure requests from private entities, the request would be simply ignored or in extreme cases cause us to report the private entity to competent authorities, because in general complying to such requests, in our jurisdiction, would imply to commit civil and criminal infringements.
In every other case, we can't give away information that we do not have.
Royee reacted to Staff in AirVPN Tomato configuration step-by-step guide ...
1. Yes: https://airvpn.org/tomato and https://airvpn.org/ddwrt You can anyway run OpenVPN automatically at your system startup, you don't need to launch it manually.
2. Your question is somehow unclear, can you please elaborate and explain what you mean with protection?