InactiveUser

This topic has been discussed in a lot of places (including: here, Tor Stack Exchange, Wilders Security, ...) so I'll keep it relatively short: "VPN over Tor" (== you >>> Tor >>> VPN >>> destination) Pro: VPN provider doesn't know who/where you are (if you paid anonymously)Pro: Less obstacles while surfing the web (fewer captchas and/or blocks)Pro: Tor offers more creative anti-firewall measures (private Tor bridges and Pluggable Transport protocols) - although SSL/SSH-tunneled VPN usually works well too (even in places like China) Con: VPN provider is able to snoop on your trafficCon: It's easier for sites to track you (one VPN provider cannot provide the same anonymity pool as the bigger Tor network)Con: Less flexible in most cases (pumping all your traffic through Tor first will add a bottleneck) "Tor over VPN" (== you >>> VPN >>> Tor >>> destination) Pro: VPN provider is unable to snoop on your (Tor) trafficPro: Your ISP / local admin / local network cannot see that you're using Tor (although this can also be achieved by using private Tor bridges and/or Pluggable Transports)Pro: Harder for sites to track you (better anonymity pool)Pro: More flexible in most cases (use Tor Browser for the web, use VPN-only for P2P, software updates, ...) Con: More obstacles while surfing the sub (captchas; sites blocking Tor) About P2P: 1. Please don't use Tor at all as P2P traffic generates high numbers of connections and large amounts of traffic; this unfairly strains the Tor network (and, in certain edge cases, might even defeat your anonymity). Read: https://www.torproject.org/docs/faq#FileSharing https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea 2. That means it would be best for you to go for "Tor over VPN", meaning that you do your browsing via Tor but let your P2P applications exit directly through the VPN. This also allows you to set up VPN port forwarding for these applications. 3. If you're looking for anonymous P2P, take a look at the i2p network which is designed with P2P in mind. It's not as popular as Tor though, meaning fewer users, more bugs and - I would imagine - (I haven't tried it yet) slow speeds and small number of available files.

The question mark is related to NetworkManager's connectivity check. Periodically - and whenever a connection's status changes - NetworkManager tries to contacts a website. If it doesn't get an "OK" response, the question mark appears. This means that there's either no connectivity at all or there is connectivity but DNS doesn't resolve. On a side note, for F21, the config file for the connectivity check can be found at: /etc/NetworkManager/conf.d/20-connectivity-fedora.conf Steps you should take: 1. connect to VPN 2. run ip addr | grep tun0 and see if your tun0 has been assigned an "inet" address (10.x.x.x) 3. run ip route the first line should be a default route pointing at the VPN device: default via 10.x.x.x dev tun0 (..) 4. run cat /etc/resolv.conf to see what DNS servers you're using. For testing purposes, you can edit this file directly (changes take effect immediately). For persistent changes, you would need to edit the NetworkManager (Air)VPN connection profile to put in the correct AirVPN DNS server 10.x.0.1 - example: If your tun0 address is 10.4.x.x, the DNS IP would be 10.4.0.1, if it is 10.7.x.x, the DNS IP would be 10.7.0.1.) 5. check your firewall rules. firewall-cmd --direct --get-all-rules Compare them to my current rules: I grayed out those rules that shouldn't be of any importance with regard to connectivity. For the sake of brevity, I also deleted all but one AirVPN entry server rules. The one I left in there (192.96.200.18) would allow you to connect to Arrakis. The numbers you see after INPUT/OUTPUT indicate rule position/priority. I haven't actually tested if it makes a difference but AFAIK, DROP rules should be added last, that's why you see 999 in my rules. Read "man firewalld.direct", the "priority" section and the "EXAMPLE" a bit further down in that document. 6. Lastly, you can also investigate journalctl -x -u NetworkManager --since=-10minutes which will show you all NetworkManager logs (including the openvpn module) of the last 10 minutes. Important note: If you can't resolve the problem on your own, it would be helpful to see the output of all the commands I mentioned above BUT: Inspect all output before posting it. Remove, if you find any, identifying info like: non-local/non-AirVPN IP addresses, host names, MAC addresses, ...

Answer to question 1) There are two different types of credentials: - your AirVPN account / password (the client is able to save these credentials) - your Mint user account password (the client can't save this password. Every time you launch the client, it needs to ask the OS for root privileges) If you want to launch the client automatically on system boot, add it to Mint's autostart list (but you'd still have to enter your sudo password). If you want to run the client without having to enter your sudo password, that's possible too (but slightly tricky if you're totally unfamiliar with the process). I've already detailed both of these procedures with screenshots / commands in another thread: https://airvpn.org/topic/12797-from-windows-7-to-linux-problem/ Answer to question 2) Linux uses the /etc/resolv.conf file which contains all DNS servers that the system may use. If it contains any other than AirVPN servers (which have IPs like 10.X.0.X), that would be the cause of your leaks. The AirVPN client offers options to manage the resolv.conf file, check the client menu, "Advanced" section. To see if it did its job, connect to AirVPN and then check the contents of the /etc/resolv.conf file.

All of Tor Browser's DNS requests are supposed to go through a Tor exit node - not AirVPN's DNS server! There is a browser setting in about:config network.proxy.socks_remote_dns which must be set to "true" (that's Tor Browser's default, so if you didn't change it, no need to do anything.) If you changed that setting to false, DNS requests would be sent to your system instead (but Tor Browser would notice this and warn you with a crossed onion logo). Even if that's what happened, you shouldn't see your ISP's DNS server, but AirVPN's. One possible scenario I can think of: The Tor exit node happened to use the same DNS server. Here is what you should do - in this order. Don't skip steps: 1. Connect to AirVPN and verify that your other (non-Tor) browsers don't leak DNS 2. Remove Tor Browser, download a new copy 3. Verify that Tor Browser doesn't leak DNS (exit nodes use all kinds of different DNS servers - you often see "Google Business" or OpenDNS) 4. Click the Tor button, get a "New Identity" (Tor Browser will restart) 5. Repeat DNS leak test in Tor Browser. Different exit nodes usually use different DNS servers, so you should see changing DNS addresses in your leak test, not only one and the same all the time. Repeat steps 4 and 5 a few times, you will see changes eventually. 6. If you verify that there's indeed a problem with vanilla Tor Browser somewhere in steps 2 through 5, and only then, you should contact the Tor support people directly (IRC or email): https://www.torproject.org/about/contact.html.en#support I highly doubt it though, I'm sure it's something else, maybe just odd luck that some exit node used the same (or a similar-looking) DNS server as your ISP.

I'll be honest, when i first encountered firewalld I had the same reflex, trying to go back to iptables. But it's not that different if you make use of the "direct configuration" mode. You can either use the "Firewall" GUI to write/edit your rules... ... or use the command line. I will list the commands / rules that I personally use. I should add that I don't use the Eddie client, I connect directly via NetworkManager. The following content is not a step by step guide. I am merely presenting a few rule examples and some general tips and tricks that I personally make use of. I achieve blocking non-VPN traffic by whitelisting AirVPN's entry servers and blocking all other direct traffic. - firewalld commands to directly alter permanent rules - #allow loopback firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT #allow lan (out) and broadcasting/dhcp firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s 255.255.255.255 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 255.255.255.255 -j ACCEPT # allow tun device to communicate firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT # optional masquerade rule (NAT/ports) firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE # finally, drop outgoing ipv4 (if not specifically allowed by other rules) firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 999 -j DROP # optionally, block incoming ipv4 firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 999 -j DROP # drop all ipv6 firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -j DROP firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -j DROP # example: allow outgoing ipv4 to a specific AirVPN entry server firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -d 82.118.16.175 -j ACCEPT # alternatively, lock it down to specific port and protocol: firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport=443 -d 82.118.16.175 -j ACCEPT # add such a rule for every AirVPN entry server you need to connect to Don't forget to restart firewalld to apply the new permanent rules: systemctl restart firewalld - tips and tricks - If you intend to use most / all AirVPN servers, it would be tedious to add rules one by one. Here are some hints on how to automate the process. 1. Generate .ovpn file containing all servers: 2. bash one-liner to generate firewall rules for all IPs grep "remote " AirVPN_All-servers_UDP-443.ovpn | awk {'print $2'} | tr '\n' '\0' | xargs -0 -L1 -I '$' echo 'firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport=443 -d $ -j ACCEPT' > firewalld-commands Breaking down all parts of this one-liner: grep "remote " AirVPN_All-servers_UDP-443.ovpn ...find all lines that contain an entry IP awk {'print $2'} ...only print the 2nd column of the lines to get the IPs by themselves tr '\n' '\0' ...translate the newline character so that xargs can parse the lines correctly xargs -0 -L1 -I '$' echo 'firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport=443 -d $ -j ACCEPT' ...for each line, xargs will echo a string (the firewall command) and replace each "$" with the IP we pipe into xargs > firewalld-commands ...finally, save the output (the generated firewall rules) as a file called "firewalld-commands You can then run this file (as root) to execute the generated rules all at once: bash firewalld-commands Don't forget to restart firewalld for the new permanent rules to take effect: systemctl restart firewall You can print all permanent rules using: firewall-cmd --direct --get-all-rules General advice - Don't forget to test your firewall rules! - Don't copy my rules! They're just an example! Adapt them to your situation! - Remember that AirVPN occasionally withdraws and also adds servers. Maintain your rules to reflect changes. - Don't forget to correctly configure DNS resolution in order to avoid DNS leaks. Especially when using NetworkManager.

I have checked my hosts file and it does not have any duplicate lines in it. (I compared the linecount of "cat /etc/hosts | wc -l" versus "cat /etc/hosts | sort | uniq | wc -l"). What do you mean by "they don't list the output of the compiled list of blocked hosts"? The resulting hosts file already is a "hosts friendly file" - it's plain text! You can set a custom path for the resulting file in the rc.conf: # FINAL HOSTSFILE. The final hosts file that combines together all downloaded # blocklists. If not using a dns caching daemon like dnsmasq, this should be # /etc/hosts. Include hosts file entries which you want to maintain in the # "hostshead" entry, such as your loopback device (e.g. 127.0.0.1 localhosts) hostsfile="/etc/hosts.block" #hostsfile="/etc/hosts" # If not using a dns caching daemon I am not aware of any fundamental differences between the Windows and Linux implementations of the hosts file standard. I would imagine that you could use hostsblock on a Linux box or VM and sync it over to your other Windows/OS X machines. If these machines need to keep some custom entries you might need to append to the existing hosts file, not replace it. That could be achieved easily by copying the machine-specific lines into a separate file, then using a little script to append hostsblock's synced-over hosts file, save the resulting file as \system32\drivers\etc\hosts (or wherever Windows expects its hosts file to be).

-- accidental double post, sorry

"this is not my real IP, no-one knows who I am" I wouldn't be so definitive about that. As you know, browsers are usually very fingerprintable: http://panopticlick.eff.org/ Consider this scenario: - You use AirVPN - You don't block ads / trackers (but regularly delete cookies) - You use Facebook/Twitter/Google/ other services that know your identity - You browse the web In this case, and as far as my understanding goes, trackers on Facebook etc. would be able to link your fingerprint (no cookies needed for that) to your identity and track your fingerprint around the web. ---- For your "poll", I'll detail my browsing setup. Most of my precautions are aimed at improving security; as a side effect, some of them also help against tracking. hostsblocks - this tool auto-updates my /etc/hosts file to block most ads / trackers. Very configurable. You mentioned that common adblockers slow you down - you may want to try this one instead! http://gaenserich.github.com/hostsblock Sandboxing via firejail - Firefox does not see any other processes on the system and can't access certain personal directories (my web browser does not need access to my bank receipts, does it?) The same can be achieved by properly using SELinux but firejail is easier to configure (I know, shame on me). http://l3net.wordpress.com/projects/firejail/ No Flash/Java plugins installed. YouTube still works just fine with HTML5. Firefox addons: Adblock Edge + Element Hiding Helper I already block ad/tracker servers via hostsblock, but it's still useful for hiding certain parts of websites that I don't ever want to see. NoScript I only enable JavaScript for very few sites, never for 3rd parties. Self-Destructing Cookies If a site no longer has any open tabs, delete its cookies. Cookie Monster I use it to whitelist a few cookies so they won't get auto-deleted. Works great in combination with Self-Destructing Cookies. HTTPS-Everywhere Automatically switches from http to https whenever possible. RefControl No website needs to know how I got there. Some sites protect against hotlinking - RefControl can be used to send a forged referer to those sites, pointing to the site itself (or actually sending the real referer). RequestPolicy All requests to 3rd-party domains get blocked by default. I imagine this would be very annoying for most people, but I don't want any 3rd parties while I'm browsing a 2nd party. Many sites use centralized services or CDNs - you can't use them wihout selectively enabling 3rd parties - that will definitely slow you down your browsing experience, similar to the frustrations of running NoScript. ---- Rant on why I use such a frustrating setup, including NoScript and RequestPolicy: It's not just about privacy or security. I hate the modern web. I don't ever want to login to sites using some social network. I don't need fancy. I want information. The amazing property of the world wide web used to be the fact that everyone has the power to host their own site. Nowadays, sites flock towards centralized services like Wordpress, Cloudflare, Google. I want the internet to be decentralized and independent. Another one of my related pet peaves: JavaScript should be an addition to, not a replacement for HTML. If you host a website, you must provide a basic version via pure HTML and if you think it's necessary, go nuts and improve it using JavaScript. Sites that can't even display basic information without the use of (often embedded, 3rd-party) JavaScript (or, even worse, Java/Flash) can go to hell. ---- Happy Christmas!

EFF's position is all well and good, I certainly support it, but warrant canaries' legal efficacy has yet to been proven in court. The existence of a warrant canary doesn't tell customers anything about a company's willingness to stand up for it in court. Most lawyers will tell you that there's hardly any difference between empyloying a warrant canary and outright violating the terms of a gag order - it's the same level of risk. At least that's the conclusion Moxie Marlinspike and his legal contacts have come to: https://github.com/WhisperSystems/whispersystems.org/issues/34#issuecomment-49910725 Don't rely on warrant canaries. Think about what happened to Lavabit - standing up to the law will destroy you. Responsible service providers will take the hard road (and get crushed). Irresponsible service providers (read: almost all profit-oriented companies) will take the easy road (and cave) - warrant canary or not.

First of all - is it just an annoying (potentially incorrect) error message or does it prevent you from connecting to AirVPN? Does DNS resolve correctly? Open a command prompt and run nslookup auth.airvpn.org It should currently resolve to 54.93.175.114. If it doesn't: Are you able to resolve other domains? try nslookup google.com What's the DNS server currently used by your system? For example, it shouldn't be one of AirVPN's internal servers (10.X.0.1), because you can't use them without being connected to AirVPN. Another idea - maybe Eddie's leak protection and/or network lock didn't reset correctly. Disable them temporarily, reboot, try again. These suggestions are just supposed to get you started with the troubleshooting process. I'm not able to provide any better suggestions as I'm not a Windows or Eddie user.

Two steps: - Tell the AirVPN client to automatically connect when launched - Add the AirVPN client to Mint's "Startup Applications". ​ Here's a screenshot detailing all the steps: I tried this with Mint 17.1 MATE, but the Cinnamon edition features the same "Startup Applications" tool, afaik. Caveat: You still have to enter your sudo/user password every time AirVPN starts. If that bothers you, you can edit the "sudoers" file to let you run AirVPN as root without having to enter any password. If you're totally new to sudo and its sudoers file, I'd recommend reading Ubuntu's documentation first: ​https://help.ubuntu.com/community/Sudoers ​The paragraph "Shutting Down From The Console Without A Password" describes a similar use case to what we're doing here. The only way to edit sudoers is on the command line using: sudo visudo Add the following line to the very end of that file (replace the word "user" with your own user name): user ALL=(ALL) NOPASSWD: /usr/bin/airvpn Exit visudo with ctrl-x. ​ Go back into Mint's "Startup Applications", edit the AirVPN entry. Change its command from .. /usr/bin/airvpn to .. sudo /usr/bin/airvpn and reboot.

​https://www.youtube.com/watch?v=dNZrq2iK87k If you haven't seen this yet - this is a 2+ hour, must-watch presentation about the current state of data collection / analysis / surveillance / targeting, held by (right-wing, anti-Snowden!) private investigator Steven Rambam at the HOPE X conference. Money quotes: "If this stuff had existed during the American Revolution, all of the leaders of the revolution would have been identified and arrested." "It's a double-edged sword. Undercover agents, people risking their lives assuming identities, what do they do about this? (..) It's a nightmare now. (..) Motorcycle gangs now have membership applications. And they hire private investigators to check them out." "All of this stuff is being done to catalog us, pigeonhole us - is it actually translating (..) to a reduction in crime rates, catching of terrorists, finding missing persons? No. Not at all." This presentation is a great reminder that yes, we need technological solutions like VPNs and Tor but the real problem lies so much deeper. It doesn't matter how hard we try, we can't escape or avoid "the system". We have to change it and it's not just some crooked governments or a few misguided corporations: it's the current, global mindset that enables these violations and this wrong way of thinking.

On a rooted device, you should check out the excellent open source iptables frontend AFWall+: https://f-droid.org/repository/browse/?fdid=dev.ukanth.ufirewall In its preferences, enable "VPN control" to give you fine-grained control over every app's connectivity (allow app traffic via: WiFi / Mobile Data / only via VPN / none). Another interesting setting to consider would be "Fix Data Startup Leak" which prevents Android from sending any packets before AFWall's iptables rules are loaded. Be careful with this option, it's incompatible with certain devices, preventing them from booting. It's happened to me with several devices so I leave this option disabled. As a workaround (which may or may not be effective), I put my devices in airplane mode prior to rebooting.

No, I was talking about general security issues when using shared computers. Other users might, intentionally or not, install malware or make changes to the OS in ways that might threaten your anonymity.

Well, don't use the same VPN connection/session for a mix of identities. With regard to anonymity, I don't think you gain much (if anything) by exclusively using a set of VPN servers for certain tasks. It might be a better idea to use random servers each session, no matter what the sessions are about. Also, Tor Browser will offer (much) better protection against fingerprinting and correlation than hopping to a different VPN IP of the same VPN provider. The real issue is security-related; you can't fully trust a shared operating system. For critical tasks, consider booting off your own USB stick instead.

After issuing "sudo openvpn file.ovpn", use "route -n" to check your default route. Two routes have to be set correctly: 1. A new default route via the VPN device. Something similar to: Destination....Gateway....Genmask....Flags....Metric....Ref....Use....Iface 0.0.0.0........10.X.X.X......0.0.0.0.....UG........1024......0........0........tun0 2. A route to the AirVPN server via the local gateway (your (W)LAN). Something similar to: [AirVPN IP] .. 192.168.X.X .. 255.255.255.255 ............................. eth0 If you don't see these routes, try installing the "net-tools" packages from the Arch repos. It contains the ifconfig tool, used by OpenVPN to set the routes. OpenVPN can also be configured to use the newer ip / iproute2 command instead. More info: https://airvpn.org/topic/12031-vpn-problems-under-archlinux/?do=findComment&comment=19471

Lots of different questions, let's try and untangle this: A firewall that's deployed on your computer can be configured to filter all packets coming into (ingress filtering) and/or originating from (egress filtering) your computer's network interfaces.Whenever your network interfaces try to communicate, the firewall will look at the packets (destination, target, port, protocol, ..) and decide whether to allow, deny, modify or redirect them. Also, nothing connects to a firewall; it's a transparent layer that either lets you through or not. If you establish a connection from your computer to a VPN server, your computer - not the router - is the endpoint of the tunnel. Of course, your router is still part of the route, so if there's a firewall on your router, that will affect your computer too. Many routers are configured to not allow incoming traffic and/or port forwarding by default. Unless you use AirVPN's Port Forwarding, a port scan of an AirVPN IP will not reveal any of your computer's services / ports. Regardless of whether you use VPNs or not, it is generally recommended to have your computer's firewall deny incoming traffic by default and selectively open ports for incoming traffic when such a need arises. With regard to VPNs, the talk about firewalls is usually about egress filtering: Configuring the firewall to deny outgoing traffic by default, only allowing communication to AirVPN entry servers. This will prevent accidental, unsecured communication.

the rule allows you to connect to LAN addresses 192.168.178.1 to 192.168.178.254. Make sure that this is the correct address range for your LAN (check "ifconfig" if you're not sure).Such a rule should not be necessary for VPN connectivity. If you need access to other LAN machines (e.g. the router's webinterface), you may add the rule. This rule's syntax is correct, it would let you use the VPN server at 46.19.137.144, 443/UDP.The problem is, there's no such server! I've checked "AirVPN_All-servers_UDP-443.ovpn", there's no such entry IP. AirVPN exit IPs are different from AirVPN entry IPs! As an example, if you want to use the "Cephei" server and have downloaded its configuration file "AirVPN_CA-Cephei_UDP-443.ovpn", it will contain the line: remote 184.75.214.162 443 This is the entry IP for Cephei, the one you need to allow access to in your firewall. ufw default deny outgoing ufw default deny incoming ufw allow out to 184.75.214.162 port 443 proto udp ufw allow out on tun0 This rule set should allow you to use VPN server Cephei on 443/UDP. If this did not resolve your problem, please be more verbose than "cannot connect". Go step by step to see where the problem lies: Ping the correct entry server IP with firewall disabled ("ufw disable"). If you get a response, enable the firewall ("ufw enable") and ping again: - If you don't get a response, fix the firewall rules. - If you get a response, proceed. Connect with openvpn, if it doesn't connect, look at openvpn's log entries. It might be a good idea to use openvpn on the command line (instead of connecting with GUI network managers) to see the connection log.

"Do I really leak?" - If you don't use a firewall to rule out leaking (check AirVPN's howto/faq section), you probably are. On Arch, I would use ufw. "What shall I do?" - Fix the problem (and configure a firewall). OpenVPN > /sbin/ifconfig tun0 10.4.33.202 pointopoint 10.4.33.201 mtu 1500 OpenVPN > Linux ifconfig failed: could not execute external program This means that openvpn was able to connect and now tries to use "ifconfig" to configure your VPN device (tun0). It fails because "ifconfig" is part of "net-tools", a package that Arch has thrown out back in 2011: https://www.archlinux.org/news/deprecation-of-net-tools/ You have two options: The easier, but deprecated way: Install the "net-tools" package from the Arch repos. The harder, but true-to-Arch way: Configure openvpn to use iproute2 instead of ifconfig. This bug report should point you in the right direction: https://bugs.archlinux.org/task/24797

I don't have user numbers for you, but traffic estimates. In North America, tunneling protocols amount to ~5% on fixed connections and ~10% on mobile connections. I have attached two charts. Source: 2014 Global Internet Phenomena Report by Sandvine (PDF) https://www.sandvine.com/downloads/general/global-internet-phenomena/2014/1h-2014-global-internet-phenomena-report.pdf I guess that only a small fraction of this tunneling usage comes down to privacy services - most tunnels will be business VPNs, SSHing back to one's home connection, and so on. The report I've used speculates: So, there's definitely a trend towards tunneling, but only partly motivated by privacy concerns, and still very much a fringe topic. For what it's worth, the number of global Tor users currently stands at about 2 million:https://metrics.torproject.org/users.html

Quite the opposite. Vietnam's rank on the internet freedom scale: 7th worst. http://freedomhouse.org/report/freedom-net-2013-global-scores Indonesia "Partly Free", 41/100 negative points Malaysia, "Partly Free", 44/100 negative points Vietnam, "Not Free", 75/100 negative points States that not only monitor but also rigorously censor the internet, like Vietnam does, don't seem like suitable locations for AirVPN. I'm actually surprised to see that AirVPN is able to run servers in Singapore, a notoriously Orwellian state: http://www.foreignpolicy.com/articles/2014/07/29/the_social_laboratory_singapore_surveillance_state https://en.wikipedia.org/wiki/Censorship_in_Singapore#Internet

Leaked XKeyscore selectors: http://daserste.ndr.de/panorama/xkeyscorerules100.txt If this document is authentic, any interest in Tor will mark you as an extremist: - Asking bridges@torproject.org for a bridge IP: Which means that the NSA gains knowledge about the non-public entry nodes and those who use them.Isn't it unbelievable that dissidents using Tor in China, Iran, repressive countries all over the world become NSA targets? Marked as extremists by the land of the free? - Googling for.. Welcome to the NSA database, extremist! - Using Tor hidden services: If you run hidden services, don't consider them "hidden". Expect exploitation attempts. Do not let them scare you off Tor. Yes, it's scary, but if you think about the rotten goals of NSA/GCHQ/BND, it's not a shocking revelation - it had to be expected. So, the only conclusion should be: Use the heck out of Tor, now more than ever! You can't escape ubiquitous surveillance, but you can make it harder! Run nodes! Fund nodes! Stop voting for parties that don't act against the surveillance state! Make yourself heard!

In fact, you can get IPs in the continent/country .ovpn files!In the config generator at https://airvpn.org/generator/ , choose your continent/country, check "Advanced Mode" and enable "Resolved hosts in .ovpn file". You can now take all the IPs from the .ovpn file and add them all to your firewall configuration. After that, it should no longer be necessary for you to disable ufw for using the continent/country .ovpn files. Please try it that way; if it doesn't work (or if I haven't fully understood your use case), ask again.

It's about their monetization strategy. Since APB introduced their opt-out "Acceptable Ads", people have questioned their integrity. "In an article for mobilegeeks.de, blogger Sascha Pallenberg accuses the developers of the popular AdBlock Plus (ABP) browser plugin of maintaining business connections to "strategic partners in the advertising industry". Pallenberg goes as far as calling ABP a "mafia-like advertising network"." source: http://web.archive.org/web/20131208011244/http://www.h-online.com/newsticker/news/item/Serious-accusations-against-AdBlock-Plus-1897360.html The following quote is kind of ironic and oh-so on-topic; it's from a 2009 ABP blog post on the "monetization dilemma": "I know that some other extension developers have their extension as a full-time job and that makes them dependent on money sources. Given the market value of their user base, it is hard not to sell out." source: https://adblockplus.org/blog/the-monetization-dilemma

That's exactly why me and others here have argued against running exits through AirVPN, see here: https://airvpn.org/topic/9825-is-running-a-tor-exit-node-tor-over-vpn-discouraged/?p=11958 What are you trying to achieve by contacting sectoor.de? sectoor.de provides a Tor block list and indeed, very recently there has been an exit node running on the IP 94.242.205.235. see here: https://atlas.torproject.org/#details/051730675868BA07CF1CE985299DFE90854B417E