Search the Community

Hello, I just joined with this account to reply that Mullvad's SOCKS5 proxy has an extra feature than the one which was explained here (this is not advertisement, it's just to add some extra information which might be useful). When you use Mullvad's Socks5 proxy, your first connection is to the VPN server of your choice (e.g. a server from Australia) through Wireguard (which means your connection is encrypted), and then your traffic is re-routed trough the SOCKS5 proxy. The good thing here, besides the one mentioned of having an static exit IP and the killswitch (if your only concern is one specific app not leaking), is that through Wireguard (doesn't work the same for OpenVPN) you can use it as a multihop to another wireguard server, since all wireguard servers are connected in a mesh-like network. Example: You are using an australian server through wireguard, and then you can configure your browser (Brave, for example) to use the socks5 proxy of a Japanese server. That way, your entire connection goes encrypted as usual to Australia, and then only your browser's traffic is re-routed to Japan's SOCKS5 proxy, so your web traffic exits through a japanese server. If you use a browser like firefox, there's an extension called Multi-Account container (made by mozilla), where you can configure each container to use a different socks5 proxy, so you can use the same browser and use multiple containers/tabs which will be using multiple exit nodes from different countries. This would be a nice to have feature for AirVPN too, which would come with the added pseudo-killswitch-protection mentioned in the first post, because nowadays if we want to see web content from another country we have to change the entire device connection in eddie. Sometimes Eddie crashed for me and I have no way to know if my web traffic leaked or not, but if we had the socks5 proxy we (or at least some people) can make sure that web browsers and email clients like thunderbird will always and only work if we are inside the vpn tunnel. Kind regards.

Heartfelt recommendation: Do not use such a setup. You've already got "best encryption" with one single VPN connection through which traffic cannot be matched to a specific account. If you really need multihop, please use Tor.

i use vpn's lot of time first time i see regular server 1 layer protection with entry ip and exit ip , Usually its in multihop Question : the entery ip and exit ip are shared ? or entery ip its specific belong to specific account ? its look to me a good think to use double ip for privacy its very similar to double vpn

Okay, but as i saw it Right. There is already a "Multi-Hop" since the Entrance-IP isnt the Exit-IP or the IP for the Server directly right ? So this Standard-Multihop isnt needed anymore right ?

The multihop feature reroutes certain traffic via one of the rerouting servers. This is done against geolocation-based restrictions; it's not a general multi-hop as you imagine it. Reason is that the rerouting servers' requirements are more lax compared to the normal ones everyone can connect to, so support for custom settings is unlikely to see the light of day. I remember the seizure of all UA servers from UrDN by the National Security Service of Ukraine, SBU. Whether it had any effect on users is unknown.Aside from that, no other seizures happened AFAIR. There is some information regarding connection state being retained which is exposed to you for transparency reasons: Your IP address for example, which can be viewed in the sessions overview, timestamps of the start of connections and how much traffic was exchanged and your current throughput. The latter three are used in the ranking (which hides user names in the public's eye). All of this is purged when the session is closed. A short while back there was a connection archive which listed timestamps, traffic volume, server and device and sums up the total number of sessions and traffic throughout the lifetime of the account, but it was removed. I can see how it could sow doubts amongst a certain clientele.

Does AirVPN have any plans to implement a multihop feature like that found in IVPN? This could help to improve privacy; even if a VPN provider does not store any logs, your ISP provider most certainly will keep a log of the IP addresses that you connect to along with a timestamp. With a multihop solution, your ISP can only see the first VPN server that you connect to, not the exit server, which I imagine would make it far more difficult to track. While AirVPN over TOR is an option, the speeds are unacceptable for most people.

Have the AirVPN admins entertained the notion of implementing a multihop network of two to three servers per cascade? You would still maintain the existing network of single servers. However, you would also create cascades of predefined servers or you could allow users to determine their own individual cascades. The former would be more uniform and perhaps too predictable to attackers, including governments. But the latter may have far less users per cascades; thus, resulting in potentially more problems. A multihop is exceedingly rare in the VPN market and I recommend AirVPN to take the initiative Right now there are about a dozen servers or so and if each cascade has two to three servers, it would amount to a fair amount of cascades. I would also suggest the following: Creating multiple continent cascades. There are plenty of U.S. based servers and each one can be used to multihop to a European server, with some entry and some exit nodes.

Ah, yes, I wrote the same in my book. As important as architectural anonymity is, it is equally important who the operators are. Independent operators would allow a far superior set up. However, I still think a multihop will help attacks against the size and timing of streamed data--to some extent. Yes, chaining Air to independent servers would be more anonymous, but there are some advantages to a multihop as well. Especially if the operators of the servers are in different jurisdictions than the servers. Hi there. I've been doing a bit of snooping round (unsupervised, I know; dangerous...) and also mulling over the comments here and information (thanks Willowbrook). I think that ToR is becoming weaker almost daily - sure some individuals make errors, but it also seems from the court cases, that even quite modest but enthusiastically repressive governments (e.g some in the middle east) have means of overcoming ToR. It does seem that a multihop + ToR approach is much more robust - particularly, if as Anonymous writes, the entry and exit servers are in different countries as are the intermediate servers. The VPNs that offer multihop have bewilderingly complex instructions for using it on linux. The win app they offer is better. But at least one of the vpns leaks dns on multihop, making it kind of pointless unless one uses ToR as well. This is a long winded way of asking the airvpn folks to have another look at implementing multihop. Air has a really good service and this could only make it even better. Oh, I meant to say that having the entry IP and exit ip being only one digit different give a huge tell to any advesary. If they can see that the exit ip is, say XX.XX.XXX.XX1 and they know that the Ip will differ by only one digit (as appears when I look at eddie on my linux machine) then the adversary could guess that the entry IP is XX.XX.XXX.XX0 or XX.XX.XXX.XX2 - and it is then not too difficult to see the origin of traffic to that entry ip [well, according to the stuff I've been reading - usual caveats, apply] I would be happy to be wrong on this. ToR would help but if it can be compromised, then the may be a problem. Thanks for your time and for reading. And for folks who take the time to inform. Very helpful.

Hi guys, I have to use another openvpn tunnel to be able to connect to the internet first, but would like to able to also use airvpn. I tried just using eddie on top of openvpn connect, but that just leads to no connection being made. Is there some way to set up a multihop from a .ovpn file to airvpn servers? Thanks!

Hi Casper31. Thanks for the heads up. I'm a very much a novice here and am getting my head around QUBES and WHONIX. [One problem seems to be, I think I read, that QUBES has problems with some graphics cards.] A problem, I think, is that ToR appears to be compromised to some extent, according to news reports on the Snowden docs and also multiple court filings. So, if you want anonymity, privacy and security, you need a VPN + Tor or VPN + Qubes/Whonix. I have been reading up on the various tech collectives helping folks in repressive countries avoid being detected. For them, it can be a matter of life or death - and so these discussions. There are a number of people advocating a VPN cascade /multihop and ToR - another approach I've seen. But I do not have the technical expertise to judge. Given the way the West is itself engaging in mass surveillance, we may all need such technology soon. Even keeping a hand written diary is now illegal in some countries, if you work for or worked for the government there. Hello 1984.

So I saw a post about this incident a while ago, except it was based on a message board discussion that was in Dutch making hard for non-Dutch-speakers to follow. However, now a post in English has been written about it here: http://www.wipeyourdata.com/other-data-erasing/no-logs-earthvpn-user-arrested-after-police-finds-logs/ Basically a user of EarthVPN - which claims to be non-logging - was presented with logged evidence that he had made bomb threats against his school. EarthVPN claimed that this was because the datacenter had decided to start logging without them knowing. The author of this article suggests that a multi-hop VPN setup would make this IP transfer logging much less of a privacy concern. I posted a thread with related questions here but got no response: https://airvpn.org/topic/10638-entryexit-ip-addresses/ Is it possible that AirVPN servers could be vulnerable to this kind of datacenter logging, and if so does a multihop setup mitigate that risk? Is such a multihop setup already in place and to what extent?

Hi, I read an interview with Air here. It states that: May I ask, do the different IP addresses indicate completely separate entry and exit servers? If so, are they always nearby each other, or can they be geographically distant? Is this a different technology from the anti-geolocation multihop feature?

Hi iwih2gk. Thank you for your very informative post. It does make sense to me. I researched this topic and found only a couple of vpns that permitted selection of servers - most had fixed cascades and only a couple of hops. And I could see the vulnerability in that. I have a friend who studies this and she just a little while ago said the same thing. I too use linux - but am novice. I have two further queries, if I may. The first is when you say "ToR behind Airvpn", do you mean you start airvpn and then start ToR? I'm not terribly technically minded, I'm afraid. The second is that I looked through the forums to see if there was a detailed guide to setting up a cascade / multihop. But I could not find one (owing to my rubbish search skills, no doubt). Could you post some instructions? Thanks heaps for your taking the time to reply to my posts. Regards T

Ah, yes, I wrote the same in my book. As important as architectural anonymity is, it is equally important who the operators are. Independent operators would allow a far superior set up. However, I still think a multihop will help attacks against the size and timing of streamed data--to some extent. Yes, chaining Air to independent servers would be more anonymous, but there are some advantages to a multihop as well. Especially if the operators of the servers are in different jurisdictions than the servers.

I think what he actually meant more was for multihop to have the client Eddie support it.

Well the common denominator between you and foxmulder is the state being at "0" <Recovery> <netlock mode="windows_firewall" service="1"> <domain state="1" inbound="BlockInbound" outbound="BlockOutbound" /> <private state="1" inbound="BlockInbound" outbound="BlockOutbound" /> <public state="1" inbound="BlockInbound" outbound="BlockOutbound" /> </netlock> </Recovery> this is mine however I use manual network lock since I multihop through my own server to airvpn, anyway try to put open your windows firewall settings click restore default policy then start the Eddie and copy paste this into it however since mine is set to block connections still try to put this one in instead: <Recovery> <netlock mode="windows_firewall" service="1"> <domain state="1" inbound="AllowInbound" outbound="AllowOutbound" /> <private state="1" inbound="AllowInbound" outbound="AllowOutbound" /> <public state="1" inbound="AllowInbound" outbound="AllowOutbound" /> </netlock> </Recovery>

I assume that organizations like the NSA can monitor and save metadata of all VPN traffic in the world. I think, then, that all VPNs are useless because having access to metadata of incoming and outgoing traffic of a VPN server can reveal almost everything and cracking the encrypted traffic is not necessary as they can look on decrypted traffic that exited a VPN server. Some correlation attacks scenarios I could think of: ​ ​1) If a VPN user accesses a less popular site, say abc.net then it can be safely assumed that he/she is the only VPN user that accesses it. Then the user can be easily identified, because it may be looked up that whenever a request was sent to this site by the VPN, a user X was also connected (for example sent/received requests from the VPN within 5-10 seconds) to the VPN. This can hardly be a coincidence so the anonymity is compromised. ​ ​2) Similarly, some pattern in the traffic can be seen. For example, a user usually spends some time on one site before moving on to some other site. So it is plain to see that if whenever some user X sent a request to the VPN and the VPN sent a request to some site abc.net 2 seconds later (or at any regular interval) and this continued for, say, several minutes, then those outgoing requests from the VPN are likely to correspond to the incoming requests from the user to the VPN. ​ ​There are probably dozens of other variations of correlation attack that can be performed. ​I think that 60-100 people on a server is much too less to provide any anonymity. ​ ​The point is that organizations like the NSA don't even have to decrypt the data but just seek for patterns. With all the computational power they have it should be easy. They wouldn't even need to perform the attack on specific targets only, but simply use computers to deanonymize almost every user. ​ My questions are: ​ ​1. Does the NSA use correlation attacks? Why or why not? I have never read any news about it but saw a bunch of posts like this on forums that dangers of a correlation attack. I have only read about them cracking VPNs (but only those that were vulnerable because they were apparently run by lazy people and AirVPN is not one of them) here: http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ and here: http://arstechnica.com/tech-policy/2014/12/nsa-has-vpns-in-vulcan-death-grip-no-really-thats-what-they-call-it/. But no information about correlation attacks. ​ ​2. What measures does AirVPN take to prevent correlation attacks? Do you use multihop network i.e. different entry and exit IP? If so, are there any additional hops inbetween, similar to TOR relay nodes? Does it make correlation attacks any harder? What can we do to increase our security against these type of attacks? Would routing the traffic through AirVPN SSH tunnel (in the client) help or further compromise anonymity?

As Trakt appears to be quite popular around here I think it's just a matter of time Staff will do something about it. Thanks to the block I got interested in this service, too, and I'm hoping for a quick fix. Usually you change the servers and it works again. Popular services and websites might get microrouted internally to one of the multihop servers.

dwright, Thanks for the information. Is this capability some sort of timestamp attack where encrypted and decrypted traffic are matched? Or do they know the entry and exit IPs of VPN operators? In your opinion, would running Virtual Machines with OpenVPN from different services (Air, etc.) serve the same function as Tor+VPN? I would not recommend people use Tor for high bandwidth stuff (ie. torrents) as it's run by volunteers. Users could also try JonDo in addition to Air. They use a three-hop system with independent mix operators. It runs as an encrypted proxy and must be configured for the individual application used. They offer a modified FireFox profile, JonDoFox to install, which changes settings to improve privacy. The service does charge for bandwidth (not unlimited) usage, and Bitcoins are accepted. A good tool for browsing. Here's an example of a setup for multihop with different VPN providers (all should use strong algorithms + OpenVPN): Computer connects to Air. Virtual Machine created. VM connects to another VPN. Now, traffic routed through Air then through other VPN. This would create 2 hops, more VMs or routers (which would be in between the physical computer and the net) running OpenVPN connected to different VPN companies would improve the anonymity.

Hello! It's a nice idea and we have evaluated it. However we consider OpenVPN over TOR much more secure. A multihop VPN with all servers belonging to the same entity might add just a very thin additional security layer. Of course we could create separate entities/companies which handle various servers, however it's difficult to see a real advantage in comparison to Air over TOR. Kind regards