Search the Community

https://arstechnica.com/tech-policy/2017/03/senate-votes-to-let-isps-sell-your-web-browsing-history-to-advertisers/ Comments, questions, concerns.

Protonmail launched a Tor Hidden Service, any comments or questions? https://protonmail.com/blog/tor-encrypted-email/ onion link https://protonirockerxow.onion Onion server Certificate should be verified before logging in. Sha256 D6:D5:26:07:F9:5F:41:D3:92:AD:EE:59:CE:29:AB:E0:B3:E8:2F:30:EA:1E:6B:8F:9D:12:09:42:F0:35:BB:65

Hi, I have a suggestion that should increase security for Air and customers. My suggestion is for Air to configure an optional system of multifactor/two-factor authentication for logging in to the AirVPN website, as well as for the initial setup of the Eddie software (entering login details). This can be enabled or disabled by the user and accomplished by either: a smartphone app such as FreeOTP (which is open source and available for iOS/Android).a hardware device such as Nitrokey (which is open hardware) or a similar USB one time password generator (Yubikey, etc.) The user will be prompted on their phone or mobile device with a number to enter in additionally to their password. This makes sure nobody but the authorized user has access to the account, profile, etc. Air would probably be the first VPN provider to have this as an option. Regards, anonym

It's a new feature in OpenVPN 2.4, for more privacy and can also help with censorship circumvention in some cases. https://github.com/OpenVPN/openvpn/blob/master/Changes.rst Can AirVPN implement this?

Hello, I have been reading about the differences between UDP and TCP and they basically say that TCP is more reliable, as it does some extra "error-checking stuff", while UDP does no such thing. From that I can inferr basic things for example: TCP guarantees that your downloads are not corrupt in case of connection problems and so on. But as a newbie, i am not sure how to interpret that in another context: Do these extra error checkings also protect your privacy and anonymity against (theoretically) any kind of hacking, like intercepting and compromising the packets, or sniffing them ie spying on your activity online (from the government for example) ? And would i be at a disadvantage when using UDP in that case? Thank you

I would like to request that AirVPN change the gift voucher system so that we can purchase by a time period instead of by an amount. A good example of why length is a better system is that we could take advantage of the current sales to buy time to use for 6 months at the sale rate and then give it as a gift. When we can only purchase by amount, then giving someone a gifted amount means they get less time because they purchase at the regular rate. Personally I want to add credit to my account but there is no point if I have to make a new account afterwards so I can have new certificates. On that second point, please allow us to regenerate new certificates. Its a good idea to regenerate your certificates every 3-6 months and currently the only way to do that is to create a new account.

Hi, Like it says in the documentation, and as is usual, upon the first connection to a ssh server to open a ssh tunnel, the authenticity via the ECDSA key fingerprint is stated. The documentation says to just accept it. But this is dangerous as it allows any intermediate to open a MITM attack. So please compile a list of all servers (with their IPs) and their fingerprints so we can match them on the first connection. Thanks!

I was testing my security using this site: https://ipleak.net/ While the IP and DNS is secure, and even torrents. It still got through with the WebRTC check. Is there any way to stop this leak?

A few days ago, Obama supposedly gave control of the Internet's global Domain Name System from ICANN (where it's been FOREVER) to the United Nations... thoughts? - http://www.foxnews.com/politics/2016/06/09/obama-administration-backs-plan-to-relinquish-internet-control.html - - -

First day on AirVPN. After about 30 minutes I changed server. Reconnect in infinite loop. Shut down AirVPN and restarted - no change. Shut down everything, ran CCleaner, and rebooted. AirVPN came back up without any loops. Changed servers several times - no problem connecting. Another issue showed up when changing servers. Before changing servers ChilliTorrent speed display was close to AirVPN. After changing to a different server with faster response time, ChilliTorrent increased in speed (more than doubled to 900+ Kb/s and fairly steady. AirVPN download displayed 0-100 b/s (most of the time at zero). Upload speed was also near zero. My first thought was that the torrent was not going through the VPN. Leak tests and IP verification passed. Changed again to another server with same results. Shut down AirVPN and logged in again. Same results. Changed to another country. Same results. When everything is shut down, system cleaned and rebooted then AirVPN displays approximately the same as torrent client. This speed indicator issue does not happen on every server change. But when it does is doesn't matter what server is connected including the previous server. It was noticed that AirVPN speed sample is not filtered like the torrent client. When the torrent client is uploading at 40 Kb/sec and the VPN display consistently shows less than 200 b/s and torrent is downloading at 900 Kb/s and VPN shows less than 200 b/s, and mostly zero, something seems amiss. Should there be concern about the traffic not going through the VPN? The lock is always activated before connecting to a server and in all cases the closed lock is displayed. A little more data. On the resource monitor, listening ports are confined to my computer LAN address, two 10.xxx.xxx.xxx addresses, and fe80::d8a:d521:4fd6:1a30 from svchost.exe (localServiceAndNoImpersonation). On TCP connections, only my computer and a single 10.xxx.xxx.xxx addresses are displayed. Remote addresses are as expected - all over the map. Anyone have any thoughts on what to look at next? This doesn't seem to be a leak. Any concern on my part is the initial setup was almost too easy. I chose open VPN and was up and running in a few minutes. Nice job on a good customer interface.

Hi guys, ​ ​Just want to firstly say thank you for the services you provide. I just have a few questions that I would like some discussion on if possible. My setup for using Tor through Airvpn's client is a s follows, my OS is Ubuntu, Mate, Mint or Windows as the base OS which I use to connect the VPN. I then use VMware or virtual box, mostly virtual box due to it not being proprietary to launch a fully contained Tails instance from an .ISO file without persistence, which I then use to connect to Tor. In the Eddie client I have Network lock active at all times, I remove the default gateway and even block ping and the private network access. I have however noticed that if you use DHCP, the default route is reconfigured after a few minutes even though network lock has removed it. I switched to static addressing and this issue hasn’t come up since. I am not sure if you are aware of this. I use this setup because Tor and Eddie's network lock feature isn’t compatible as yet and I do not like the idea of using the VPN without it. I would just like to know any views on this setup and any suggestions on improving security even further. ​ ​I also stumbled on this new feature in Firefox network.dns.blockdotonion, a new preference setting introduced in Firefox 45.0. Any thoughts on this? Why would they want to block .onion dns queries or dns results?

Quantum computers are coming - and probably sooner than we think. Does AirVPN have any thoughts or strategy to mitigate this threat to VPN-security?

Update. The FBI falls 2 votes short of viewing our browsing history without a warrant http://thenextweb.com/insider/2016/06/23/fbi-falls-2-votes-short-of-viewing-our-browsing-history-without-a-warrant/ But this has not been made final yet.{ http://www.decidethefuture.org LESS THAN 24 HOURS REMAINING: The Senate is about to vote on an amendment that would give the FBI your browsing history without a warrant.} I saw this very important info and thought that the community at airvpn should know. This would effect vpn's. The U.S. government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack. The changes to Rule 41 would make it easier for them to break into our computers, take data, and engage in remote surveillance. These changes could impact any person using a computer with Internet access anywhere in the world. However, they will disproportionately impact people using privacy-protective technologies, including Tor and VPNs. https://noglobalwarrants.org/#take-action ALSO http://www.decidethefuture.org LESS THAN 24 HOURS REMAINING: The Senate is about to vote on an amendment that would give the FBI your browsing history without a warrant. Please post any comments you have about these possible rules/bills

AirVPN OSX client is using an OpenVPN binary version 2.3.8, according to the changelog it has several vulnerabilities that has been corrected in newer versions https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23. Replacing the binary inside the App for the OpenVPN 2.3.10 Binary (Brew version) works fine, so probably it would be easy to update the client. Thanks!

Some of the popular vpn's pre-shared Secret keys. Read this article talking about there simple keys. https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa

Hi, I have a Mofi 4500-4GXeLTE-SIM4 V2 4G/LTE Router (this is a router combined with the cellular radio) connected to Verizon (ISP). First question I hope it's an easy one, can I configure AirVPN on the Mofi router itself, so any device connected will always use VPN? Second question is about port forwarding. To this router I'm planning to connect a surveillance camera system that it's a dedicated appliance (not an actual computer from what I can see) and I need to be able to access from outside. I need to open ports 80, 5445 and 5446. Reading some information it seems that AirVPN cannot do port forwarding below port 2048, is there any workaround so I can see port 80 from outside? Third question is about the static public IP address, I assume I don't get a static address from AirVPN, so I guess I have to use a Dynamic DNS to gain access to the camera system, right? Your help is much appreciated.

I came across a xkcd comic once (I hope it was not here, this would be a duplicate, then) and wanted to link it here. It's about password strength. I see lots of names here on the forums which are actually no names at all since they look randomly generated. I can imagine lots of you randomly generate your passwords as well. I've also done this in the past, using Kaspersky's Password Manager to store them. One day I downgraded back to Internet Security, and since the only version with the Password Manager is Kaspersky's Total Security Suite, I needed to save all of them. There was no export button so I needed to either change them or write them down. Some were changed, some were written down. And of those I wrote down a few went missing, including the password to my Bitcoin wallet. There was no trying to remember it, it was a 16+ character salad with letters (both uppercase and lowercase, of course), numbers and symbols. I learned and changed my tactics. I'm now compiling sentences, take the first letter of all words and make a character chain out of them, including all numbers and symbols. The sentences you compile that way heavily rely on what information they contain and how you express yourself, therefore, they contribute to the uniqueness of a password. By taking facts about the website you enter the password to you create unique passwords without the need to directly remember it: Look at the website, remember what you were writing about and you've got your password again. And the PIN codes in the title? I just wanted to link a blog post about PIN number analysis. Interesting read.

I'm looking for the best anti-malware protection on my windows 10 computer, HP. What would you all recommend? I'm doing a general setup for tightening security. I'm bought the VPN through AirVPN, Email through StartMail Search engine through Startpage (utilizes Google search but sends anonymous queries through their server, under Dutch Law) Thanks.

https://www.perfect-privacy.com/blog/2015/12/21/wrong-way-security-problem-exposes-real-ip/ @AirVPN Does your client handle this problem with the Network Lock?

Hello, I just stumbled across this very interesting paper comparing VPN vulnerabilities of commercial VPN services: http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf It is a very interesting read. Relying on tests performed between Sep and Dec 2014, the researchers found that all 14 commercial VPN providers examined are vulnerable to either IPv6 leakage or DNS hijacking, therefore failing to provide the privacy they advertise. I apologize if this has been discussed before, but I am concerned that those vulnerabilities could give away my IP address even if I use AirVPN. So my questions to the AirVPN provider: - are you aware of these issues? - what is your plan to close the vulnerabilities? - is there a way for us, the end user, to verify whether we are subject to those issues? As a countermeasure to IPv6 leaks, I have disabled IPv6 on my OS X and Linux clients (iOS is not affected). I am not sure how to counteract the DNS hijacking. I hope we can have an open discussion on this forum and thanks for any suggestions.

Hi, Should we be worry about this new vulnerability ? Thanks. reference url https://thehackernews.com/2015/11/vpn-hacking.html

Dear members, As i live in the country x, is it safer to choose a server that's not in country x? Many thanks

I was browsing with AirVPN running and I saw this HTML injection on a site (see attached InjectedHTML), when I turned off the VPN it was gone (see NoVPN_HTML) - this seems to indicate that your VPN node was compromised. Has anyone had this happen and what does it mean for all of my other private data

Hi all, First of congratulations on great product. It beats all other VPN providers in user review! I have one issue though. This seems to pertinent to all VPN providers out there. How does one secure access to VPN account? OpenVPN and connections are encrypted and all the cryptographic goodies are there but security of access to account itself is fairly limited. Someone can still/guess/keylog credentials and get access to account - and therefore connect under my credentials to the Internet, and cause (even legal) havoc. Why is there not added security in this space? 2FA authentication seems no brainer these days but no one seems to offer it. VyprVPN is really bad with this, the offer encrypted storage with their service but once your credentials are compromised all goes down the drain. Cheers all!

Hi, this has been announced here https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html the security flaw is impacting versions 1.0.1 and 1.0.2 of Openssl. From eddie (mac version) it states openssl version 1.0.1k, so it is affected. Will you repack Eddie with the 1.0.1p version patched soon? Thanks