VPN Vs. Government?

[inadaizz]

I'm trying to learn more about how effective a VPN actually is vs super-power govs, ISP's, major tech, or anyone with an unlimited budget. 

I would like to know

• about the different encryption used and how long they would take to break. My options are listed here <https://support.hidemyass.com/hc/en-us/articles/202720306-VPN-Protocol-Comparison>
• Is communication from US to another counties VPN server in the tunnel caught in NSA fishnet as I expect but only that it is encrypted?
• general ways to make it harder to be tracked. Ex. Set my IP location to automatically change every X number of min and use features like Secure IP bind so programs cannot access the internet without the tunnel ect.  

I've taken steps to make sure I'm not leaking my IP via https://ipleak.net/ and https://www.dnsleaktest.com/results.html. Any other tests I should run are most welcome. If anyone has a good suggestion for a DNS that would be welcome too. Something preferable that has user privacy at its core. 

[m0k]

i wouldnt know, but i feel like if i dug any further into this topic im gonna be put on a list....lol
i just use PrivateInternetAccess and hope my tinfoil hat is working man

[RuLeZ]

Well I need to use VPN, because literally 60%+ of the top 1000 videos  on Youtube are blocked in Germany, I think it makers harder to track, but they can still track with help from the VPN itself, but dont worry, we have a really dark future ahead of us, today is still not that bad

[Electronics Wizardy]

5 minutes ago, inadaizz said:

 

• Is communication from US to another counties VPN server in the tunnel caught in NSA fishnet as I expect but only that it is encrypted?

You really don't know. Probably, but if its encrypted properly they don't know what you doing. You might be able to guess what activites you doing, video, file transfer, web browsing, by the types of packets being sent.

 

7 minutes ago, inadaizz said:

general ways to make it harder to be tracked. Ex. Set my IP location to automatically change every X number of min and use features like Secure IP bind so programs cannot access the internet without the tunnel ect. 

If you have a vpn, this isn't a huge problem, and normally vpn's don't let  you change public ip.

7 minutes ago, inadaizz said:

general ways to make it harder to be tracked

If you really don't want to be tracked do this

 

- buy a laptop from craigslist

- get someone to download tails on a usb for you or go to a library.

-Go to a public location and use the laptop. You should probably put a privacy filter on the screen.

-Swap laptops or wifi cards every month or two.

 

10 minutes ago, inadaizz said:

anyone with an unlimited budget. 

Impossible to stop

 

 

What are you doing. If your a normal person a normal vpn is more than enough, tor is more than needed. If your a drug dealer or someone who is hunted by the government, you probably shouldn't be posting here and, use the tips above.

 

 

[vorticalbox]

Just now, mok said:

i wouldnt know, but i fee like if i dug any further into this topic im gonna be put on a list....lol
i just use PrivateInternetAccess and hope my tinfoil hat is working man

I get this worry every time i start typing in google... truth is a VPN is good but only if they don't keep logs server side. The best way to stay hidden is to be using tailsOS booted from a USB with a hidden encrypted partition for data. This isn't very convenient so next would be ubuntu or debian and rooting all traffic through tor. All traffic through tor is probally not needed as most of the tricks used to leak your IP don't work in ubuntu. using tor browser with all the embedding disabled and the security slider all the way up is more than either for the average user.

 

But remember that the more you mask and hide the more you stand out, like walking around with a mask on sure your identity is hidden but you draw attention to yourself, for one to stay truly hidden one must look like everyone else.

 

At this point you do have to ask your self if it is really worth it.

[inadaizz]

1 minute ago, Electronics Wizardy said:

What are you doing. If your a normal person a normal vpn is more than enough, tor is more than needed. If your a drug dealer or someone who is hunted by the government, you probably shouldn't be posting here and, use the tips above.

I'm going into Computer Sci Eng and this is what interests me. Please keep such insinuations to yourself. Otherwise I appreciate the information. 

 

[m0k]

1 minute ago, vorticalbox said:

I get this worry every time i start typing in google... truth is a VPN is good but only if they don't keep logs server side. The best way to stay hidden is to be using tailsOS booted from a USB with a hidden encrypted partition for data. This isn't very convenient so next would be ubuntu or debian and rooting all traffic through tor. All traffic through tor is probally not needed as most of the tricks used to leak your IP don't work in ubuntu. using tor browser with all the embedding disabled and the security slider all the way up is more than either for the average user.

 

But remember that the more you mask and hide the more you stand out, like walking around with a mask on sure your identity is hidden but you draw attention to yourself, for one to stay truly hidden one must look like everyone else.

 

At this point you do have to ask your self if it is really worth it.

im pretty sure i read PIA doesnt log anything
and its end to end enryption which you can strengthen in the settings
and they even went to the length of notifying all the PIA users that they were shutting down their russian servers because russian gov was illegally spying into the data
etc.
 

i just wanna watch tv shows man

 

[inadaizz]

3 minutes ago, vorticalbox said:

I get this worry every time i start typing in google... truth is a VPN is good but only if they don't keep logs server side. The best way to stay hidden is to be using tailsOS booted from a USB with a hidden encrypted partition for data. This isn't very convenient so next would be ubuntu or debian and rooting all traffic through tor. All traffic through tor is probally not needed as most of the tricks used to leak your IP don't work in ubuntu. using tor browser with all the embedding disabled and the security slider all the way up is more than either for the average user.

 

But remember that the more you mask and hide the more you stand out, like walking around with a mask on sure your identity is hidden but you draw attention to yourself, for one to stay truly hidden one must look like everyone else.

 

At this point you do have to ask your self if it is really worth it.

Yeah I use Debian based Kali and Ubuntu typically when using Linux. Otherwise Win10 which is probably backdoored lol. 

[vorticalbox]

Just now, mok said:

im pretty sure i read PIA doesnt log anything
and its end to end enryption which you can strengthen in the settings
and they even went to the length of notifying all the PIA users that they were shutting down their russian servers because russian gov was illegally spying into the data
etc.
 

i just wanna watch tv shows man

 

regional locks are super dumb. I paid for netflix why can't I have stuff because of where I live? 

[vorticalbox]

Just now, inadaizz said:

Yeah I use Debian based Kali and Ubuntu typically when using Linux. Otherwise Win10 which is probably backdoored lol. 

Windows 10 probably isn't, I mean government wouldn't run windows knowing it had a exploitable point of access. Like i said the base way to stay hidden is to look like everyone else so when you need to be anonymous boot up tails do you looking and then go back to being a normal user. Personally I do have my devices in encrypted but I don't use a VPN it just adds more latency that I can't be doing wish  

[xc3ll]

1. How long would it take to break the encryption:

Simple answer: Encryption algorithms are build to ensure, that no one can break them in a reasonable amount of time, even with unlimited calculation power. So in a serious discussion it doesn't make a difference if it takes 2 billion or 4 trillion years... But, all these calculations are based on assumptions. Assumptions are, that your encryption key is strong and really private. So, if your VPN-Provider hands out the keys to some third party, all your encryption is worthless against this party. Another assumption is, that the algorithm is correctly implemented, which none of them are. Some cryptographic functions for example need random numbers. Since it isn't that simple to get real random numbers in a short amount of time, developers might use pseudo-random-numbers or random number generators, which are intentionally flawed. This then weakens the encryption to a point where it might be relatively easy to break or even trivial.

Now, with all this said, most internet traffic gets "only" monitored in real time with minimal ressources. So the weakest encryption you can find, will help to hide your packets from, lets say a packet sniffing amateur hacker at Starbucks or your ISP. Even the NSA can either directly access the records of your VPN-Provider (who still knows, what you are doing...) or won't bother to attack the casual internet user.

 

2. Make it harder to get tracked:

Yes, changing your IP frequently makes it a little harder to get tracked. But you can achieve this by getting just a proxy or unplugging your DSL-Connection a few times a day... The real benefit of a VPN is, that one server (= one ip) represents a lot of users, not just you. So if someone monitors the traffic at the VPN-server, he sees the traffic of all users coming out. So you "hide in the crowd". But don't think for a second, that your IP is the only thing to track you. If you want to learn more about tracking, I would recommend you look into "fingerprinting", which is one of many techniques to track users without having to rely on the ip.

 

3. Conclusion:

So what are VPNs good for? Well, if you want to get around geoblocking (like Youtube in germany...), they are awesome. If you want to hide your traffic from attackers in the same network (like airports and other public networks) they help a little. Since most connections are https anyway, your traffic to any site is encrypted anyway, if you are using an VPN or not. The only benefit of a VPN is, that an attacker can't see to which sites you are connecting. And don't think that encrypting something twice is in any way a more secure solution... It isn't. Https is good enough. Further VPNs help to hide your traffic from your ISP, which might help to avoid throtteling of certain services.

What is the problem with VPNs? Well, you have to trust your VPN-Provider a lot. They can monitor all your connections, if they want to. While the contents are still protected by https, they can see which sites your accessing and when. So with privacy concerns you just changing your point of trust: Now your IPS can't see what you are doing, but your vpn-provider can...

 

[KuJoe]

If you're using HideMyAss be careful, they admit that they log user access and thanks to them the FBI was able to catch sabu from LulzSec back in 2011 who was using their service to mask his activities. Unless you own the hardware and network there's no way to guarantee you're privacy and data is safe, you have to trust the provider so how much you're willing to risk is completely up to you. Also be careful of what browser you use, there's a popular exploit floating around that can reveal your real IP extremely easy if you visit a certain website and as of last week many browsers claim to have patched this exploit but I tested if last Tuesday on both Chrome and Edge (only ones I had installed on that PC) and have confirmed it's not patched on the latest versions and even with so called Chrome extensions designed to block it my real IP was still leaked. There's always rumors that government agencies have backdoors into various encryption protocols but there's no evidence of this although there have been some cases where the FBI or CIA presented files as evidence in trials where the defendant said it was impossible for them to have such files without breaking high level encryption. Peer-to-peer networks are your best bet but in the past the FBI has been able to compromise the TOR network, so it's still not 100% guaranteed either.

 

One thing you do have going for you is you're an extremely small fish in a big pond so unless you start making waves to get attention, you'll probably be OK.

[m0k]

https://torrentfreak.com/vpn-anonymous-review-160220/
 

good read if youre new to VPN's

[KuJoe]

Oh, and to add to this. Your VPN provider is most likely renting/leasing their hardware and doesn't own the data center. I know of multiple instances where a US government agency entered a data center with a warrant, forced the data center staff to clone hard drives and mirror ports, and was able to collect data for weeks without the user ever knowing about it. There was a nice article written by the owner of a data center about a similar situation where a government agency mirrored a user's ports for a significant length of time and he wasn't allowed to say anything or he would be prosecuted himself. He wrote the article after the gag order was lifted and he talked about how ill it made him knowing there was a server in his data center just collecting a user's data and he couldn't do anything about it.

 

Another instance that happened just this month, PIA (who I use and still recommend) sent an e-mail to all of their users that the Russian government ceased their servers in Russia with all of their data. Now they don't log anything so no user data was received but if they had encryption keys on the server itself then that meant that any VPN traffic between the time the server was taken and the time they changed their keys was accessible to the Russian government. I'm not sure if PIA encrypts their hard drives (it's a liability in a 24x7 operation but if they had enough servers they could have mitigated the risk) but even if they did their are ways of getting the data if they really wanted to.

 

Just some more reasons why you should be worried on the internet.

[jimistephen]

I'm weary of using one that goes outside of the US. (I have one to my house that I use in public spaces) The government will tell you it doesn't matter what it is, if it's internet traffic coming into the states from outside of it they look at it. All of it, every bit of it. Which sound kind of shitty until you realize that if you have anything on Google Servers, or Apple servers, or FB (you get the point) they move that data around all the time and it might be stored on a server outside of the US and when you call it up, it's coming back in. Or if you live closer to the border, like my parents in Indiana, it can just go out no matter what. 

 

Now I don't know what they can do with VPN's as it's supposed to be a secure tunnel to where ever you want it. (i.e. mine back to my house.) but I don't know about if it's coming into the country if the US can see it. I would bet they can.

[straight_stewie]

On 7/25/2016 at 3:12 PM, inadaizz said:

I'm trying to learn more about how effective a VPN actually is vs super-power govs, ISP's, major tech, or anyone with an unlimited budget. 

I would like to know

• about the different encryption used and how long they would take to break. My options are listed here <https://support.hidemyass.com/hc/en-us/articles/202720306-VPN-Protocol-Comparison>
• Is communication from US to another counties VPN server in the tunnel caught in NSA fishnet as I expect but only that it is encrypted?
• general ways to make it harder to be tracked. Ex. Set my IP location to automatically change every X number of min and use features like Secure IP bind so programs cannot access the internet without the tunnel ect.  

I've taken steps to make sure I'm not leaking my IP via https://ipleak.net/ and https://www.dnsleaktest.com/results.html. Any other tests I should run are most welcome. If anyone has a good suggestion for a DNS that would be welcome too. Something preferable that has user privacy at its core. 

Unfortunately, the United States, along with the United Kingdom, New Zealand, Canada, and Australia have banded together to form a group called Five Eyes. Collectively the group has compromised all of the Trans-Atlantic cables. So no matter where you are or what you are looking at, they can see your communications. Beyond that, any government who is in the practice of internet censorship has compromised the security of all of their own communications. Everything I'm going to say next is with that knowledge in mind.

• Any modern encryption is considered NP-Hard. This means that it's theoretically non-bruteforceable on current computers. This doesn't mean unbreakable. If you don't use good passwords, if there are security holes in the communications that are taking place, or if your computer or the end machine has been compromised, then they will just see plaintext anyway.
• Yes. communication from anywhere to anywhere that crosses the border of any FVEY country or a Transatlantic cable is caught by the NSA fishnet. 
• Things like TOR, IP switching, and VPN's can help alot, anything you can do to make your trail longer or less trackable is a step in the right direction.