Search the Community
Showing results for tags 'nsa'.
Found 19 results
-
Hello,As we know no VPNs even the safest VPNs like AirVPN or ProtonVPN? are really safe, in fact there is always the problem that none of us users really know if they keeps logs.My solution would be to host running a VPN on a rented VPS server in order to personally manage it.To do so I do not want to limit at something pre-compiled, such as "digital ocean", infact my plan is to run it in Softether host inside a VPS.The scheme should be so: Within a Windows Server VPS placed in some data center run VMware emulating another operating system, within this guest run Softether host app.Then connect via VPN tunnel from Softether host app to my real domestic PC. I just wonder if the VPS server owner or the VPS internet operator itself could actually trace the source back to my real PC even though ill establish a VPN tunnelling from softether to my actual pc. PS: The idea of running everything inside a VM instead of into just the VPS itself is to make the Softether logs inaccessible to a potential attacker protecting them in a shell, plus mask the imei and the operation system.I look forward to understand if they (NSA or potential attackers) would have some way to track back the encrypted VPN connection from Softether to my current PC
-
https://netzpolitik.org/2016/secret-report-german-federal-intelligence-service-bnd-violates-laws-by-the-dozen/ Published by Netzpolitik.org, a privacy-focused german blog which has a reputation for taking a stand on privacy, net neutrality and the political part of the internet in Germany In the past politicians tried to sue the blog's creators for disclosing secret documents. Sometimes, it's like a smaller, less hardcore version of Wikileaks, just not so "boom, secret documents in your face", more like "we've got some docs here, we think it's critical for you to know, so we sum the contents up for you". Most of the time they publish news with a few comments from the privacy's point of view and give recommendations to certain privacy-related problems. My recent software against Windows 10 spying thread originated from one of these posts.
-
Droid-Break extends the Android section of prism-break.org and includes a more up-to-date collection of apps. I already replaced a few of my apps with those on this list, a few more are considered. Which apps are you using? Share your app lists and recommendations here. Stories about what drove you to replace certain apps are welcome, too. As a side note, there's also a subreddit devoted to open source software for Android.
-
I assume that organizations like the NSA can monitor and save metadata of all VPN traffic in the world. I think, then, that all VPNs are useless because having access to metadata of incoming and outgoing traffic of a VPN server can reveal almost everything and cracking the encrypted traffic is not necessary as they can look on decrypted traffic that exited a VPN server. Some correlation attacks scenarios I could think of: 1) If a VPN user accesses a less popular site, say abc.net then it can be safely assumed that he/she is the only VPN user that accesses it. Then the user can be easily identified, because it may be looked up that whenever a request was sent to this site by the VPN, a user X was also connected (for example sent/received requests from the VPN within 5-10 seconds) to the VPN. This can hardly be a coincidence so the anonymity is compromised. 2) Similarly, some pattern in the traffic can be seen. For example, a user usually spends some time on one site before moving on to some other site. So it is plain to see that if whenever some user X sent a request to the VPN and the VPN sent a request to some site abc.net 2 seconds later (or at any regular interval) and this continued for, say, several minutes, then those outgoing requests from the VPN are likely to correspond to the incoming requests from the user to the VPN. There are probably dozens of other variations of correlation attack that can be performed. I think that 60-100 people on a server is much too less to provide any anonymity. The point is that organizations like the NSA don't even have to decrypt the data but just seek for patterns. With all the computational power they have it should be easy. They wouldn't even need to perform the attack on specific targets only, but simply use computers to deanonymize almost every user. My questions are: 1. Does the NSA use correlation attacks? Why or why not? I have never read any news about it but saw a bunch of posts like this on forums that dangers of a correlation attack. I have only read about them cracking VPNs (but only those that were vulnerable because they were apparently run by lazy people and AirVPN is not one of them) here: http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ and here: http://arstechnica.com/tech-policy/2014/12/nsa-has-vpns-in-vulcan-death-grip-no-really-thats-what-they-call-it/. But no information about correlation attacks. 2. What measures does AirVPN take to prevent correlation attacks? Do you use multihop network i.e. different entry and exit IP? If so, are there any additional hops inbetween, similar to TOR relay nodes? Does it make correlation attacks any harder? What can we do to increase our security against these type of attacks? Would routing the traffic through AirVPN SSH tunnel (in the client) help or further compromise anonymity?
-
Hi, after the usual worrisome news, - http://thehackernews.com/2015/10/nsa-crack-encryption.html I have one question among others: They state 'Around 92% of the top 1 Million Alexa HTTPS domains make use of the same two primes for Diffie-Hellman, possibly enabling the agency to pre-compute a crack on those two prime numbers and read nearly all Internet traffic through those servers.' So how do the renaming 8% update them? Also hos vpn providers can protect to some extent against this ? cheers
-
The EFF compiled it's annual report regarding major internet companies transparency. Worth to read which ones you should avoid (I would recommend avoiding most) https://www.eff.org/who-has-your-back-government-data-requests-2015 PDF version: https://www.eff.org/files/2015/06/18/who_has_your_back_2015_protecting_your_data_from_government_requests_20150618.pdf
-
I'd love to see twofish, threefish, serpent and skein offered. I understand your trepidation with ECC completely. I'd also like to see xor support added as well. Your service is top notch and as linux user I am very pleased with your new gui client with all of great options available. Keep us in the loop plz
-
I read about it a few days ago. It's nothing new, I think, because, you know, NSA, surveillance, direct access and the like.. but this one is quite interesting for people in Germany. You may heard that a certain German Telecom is subject to non-stop "exclusive" traffic surveillance (NSA having direct access to it's customer's traffic). And if you read my signature you will find out that my ISP is the German Telecom. So when I'm not connected to AirVPN they basically know where I am and what I'm doing - thanks to a program named "Treasure Map". It's aim is to make a real-time "internet map" to display every single device. It's used as an additional information service for plotting targeted attacks and other cool things. How I feel about it?
-
The owner of one of the TOR directory servers himself confirmed he had seen the source code of XKeyscore and saw his server's IP hardcoded in there. The server is located in Nürnberg, Germany, and is called Gabelmoo. Id est: XKeyscore logged every attempt to access his server. Additionally, comments made in the source code show that everyone who is accessing the directory server is made an "extremist" - at least in the terminology of the NSA. In the source code the student hasn't seen any proof that TOR relay servers are exposed to the same risk. This task might be allotted to another application... Source#1 Source#2 excellent addition by sheivoko - the XKeyscore rules!
-
"If you're using things like a single hop VPN to do things in a so-called "anonymous" way on the internet, you should probably stop." "When you are using certain VPNs, the NSA has special traffic flow analysis software, for example, that will mark you, put it into a database, and later when an analyst wants to compromise you, they can just pull it out of this database." Jacob Appelbaum in a talk that you can watch here: (watch from about 2:15 for these quotes) Unless there's a practical reason not to use Tor on top of your VPN connection, it's really best to use Tor (excellent though VPNs are for things that Tor cannot do).
-
Hello, I think Air should add GPG support for the Contact Us page ( regardless of whether one has registered and logged in as a client or is accessing as guest). Users could upload their GPG public key so Air's responses sent via e-mail to the user would be encrypted. This would really improve security, particularly for users who have an insecure mail host. Best regards, anonym
-
Hello, after reading the latest terrifying news about the NSA's ability to intercept and defeat VPN encryption I think we could all use a refresh on some behind the scenes AirVPN practices and defences against this evil. First off here is the Ars article, if you haven't read it strap in tight it's an unnerveing ride... http://arstechnica.com/information-technology/2014/03/nsas-automated-hacking-engine-offers-hands-free-pwning-of-the-world/ So what I'd like to know are what all defences AirVPN has in place to counter the things we've learned the NSA is doing to defeat even the strongest VPNs. 1. When is the last time AirVPN has completely wiped ALL of its internal systems and done fresh installs, and fully patched OS's and software OFFLINE? 2. We've learned governments will intercept hardware in the course of delivery and install "plants" before you even receive your new hardware. Have you taken into account where your hardware has been since it left the manufacturer? 3. Users are easily fooled if their connection is being hijacked during the time they open a new connection to AirVPN servers, is there anyway to alert a user, OR kill the connection with a warning if you (can) detect connections being made from a different location? 4. From this most recent article we've learned the NSA has "VPN cracking blades." In the article it's focused on IPSEC VPNs, have there been known weaknesses that would allow the NSA to bruteforce any part of IPSEC? How does their method strike you as per AirVPNs entire network configuration? These are just some basic questions that I could come up with, please feel free to point out any misunderstandings I may have had, and please anyone feel free to add any critical questions I didn't list. Thanks a lot, I do love AirVPN!
-
Hi all, if someone could help me please, how does the Open VPN client generate the RSA keys it uses for the initial handshake when logging on and then for the encryption of traffic? Does Open VPN generate it's own keys ( and if so according to what rules) or does it 'buy in' a key or key template from the company of the name RSA or where do these keys come from? Thanks.
-
How NSA-Proof Are VPN Providers? Very interesting article, suggest everyone to read your way through it.
-
Hi, I'm a bit surprised to see that you are able to have top 10 stats on your site. That make me feel you are keeping some kind of logs for this. I wonder how this works out with your "no logs" policy ? Thanx for your Reply
-
Data collection, NSA vs Stasi http://apps.opendatacity.de/stasi-vs-nsa/english.html Sigh.
-
(Reuters) Sunday 30 June 2013 - The United States taps half a billion phone calls, emails and text messages in Germany in a typical month and has classed its biggest European ally as a target similar to China, according to secret U.S. documents quoted by a German newsmagazine. The revelations of alleged U.S. surveillance programs based on documents taken by fugitive former National Security Agency contractor Edward Snowden have raised a political furor in the United States and abroad over the balance between privacy rights and national security. Exposing the latest details in a string of reputed spying programs, Der Spiegel quoted from an internal NSA document which it said its reporters had seen. The document Spiegel cited showed that the United States categorized Germany as a "third-class" partner and that surveillance there was stronger than in any other EU country, similar in extent to China, Iraq or Saudi-Arabia. "We can attack the signals of most foreign third-class partners, and we do it too," Der Spiegel quoted a passage in the NSA document as saying. It said the document showed that the NSA monitored phone calls, text messages, emails and internet chat contributions and has saved the metadata - that is, the connections, not the content - at its headquarters. On an average day, the NSA monitored about 20 million German phone connections and 10 million internet data sets, rising to 60 million phone connections on busy days, the report said. A Spiegel report on Saturday that the NSA had spied on European Union offices caused outrage among EU policymakers, with some even calling for a suspension to talks for a free trade agreement between Washington and the EU. In France, Der Spiegel reported, the United States taps about 2 million connection data a day. Only Canada, Australia, Britain and New Zealand were explicitly exempted from spy attacks. Full article: http://www.reuters.com/article/2013/06/30/us-usa-germany-spying-idUSBRE95T04B20130630
-
Hello! AIRVPN Admins/Staff, How is the news of NSA dragnet being received in Italy? What is the mood of the public? I see some European officials making cautious statements, usually expressing dismay that the U.S. is collecting so much data and violating the Safe Harbor agreement. In the Guardian, there is a nice sampling of comments from European leadership : World leaders seek answers on US collection of communication data I am curious to hear your opinions as to what these revelations may lead to in Italy and Europe. I hope to see the American security state rebuffed overseas, I just don't know if the will is there. Also, will the U.S. Internet giants like Google and Microsoft, Facebook, pay any price for their complicity? Are people there talking about alternatives to these corrupt companies? I connect from the U.S. and there is little hope starting to be some push back regarding this "turnkey tyranny", as Mr. Snowdon called it, can be stopped perhaps it will be stopped here where it originates. I am somewhat encouraged by the remarks I am reading from Euro leaders, but it is hard for me to tell if they are just making the noises they think the public wants to hear, or are going to do something about this situation. Thanks.