34 replies to this topic

[V.T. Eric Layton]

In the interest of privacy protections on the Internet these days, I've taken the plunge and purchased a year's worth of virtual private networking (vpn) though a company that received rave reviews from numerous techie sites and publications. It's called Private Internet Access (PIA)
--> https://www.privateinternetaccess.com/ I got that year's worth at a discounted rate of $31.95 thanks to an offer from PCMag online, which was where I read some of the information and reviews regarding vpn providers.

Right now, this is where the Internet thinks I'm located...



Sneaky, huh?

There are a couple downsides that I'm seeing, though. There is a slowdown of speeds due to the encryption and the bouncing around servers here and there, but it's not really noticeable when just surfing. I only see the diminishing speeds when I use a speed test website of some sort. There may be ways to tweak that, though. I have an active ticket with PIA support right now regarding this.

The other noticeable thing is that all my email servers are freaking out (Google, Hotmail, Yahoo, etc.) because they all think my accounts have been hacked by some bloke in Arizona. HA!   I've replied to their security emails and told them that that new IP they're seeing is me and all is well. I'm using the US West exit server and the US Midwest, so I'm going to have to OK two different IP numbers for the email folks before they will stop freaking out.

The reason this is happening is because, unlike TOR, that only affects the browser's connection to the Internet via the TOR proxy, this vpn service operates on the Internet side of my router, so ALL connections on my computer are routed to the vpn. Everything leaving my local home network is encrypted and then send directly to the exit server. At that point the packets are decrypted and sent out with the exit server's information, as you see by the IP address above that shows I'm in Arizona.

Cool, huh? Well, we'll see how it works out in the next year, I s'pose. I have buyer's remorse big time, though, because I could use that $32 elsewhere for more practical things like meds, cat food, etc.

[V.T. Eric Layton]

OK, I tweaked some connection settings and port assignments and VIOLA! Got my speedy groove back.

Using the US West exit server:



Using the US Midwest exit server:



The actual speed of the Internet that I'm paying for from my ISP is 50Mbps down/50Mbps up.

[securitybreach]

Nice but I see a problem with using that provider if you care about your privacy at all. They are located in California and since they are in the US, they have to comply with any request government gives them. Using a VPN in the USA will automatically get you flagged and they will monitor your traffic even more hence why I mentioned that the one I use is located in Panama. Now you actually connect to a server located in whatever region you choose but the traffic then gets routed through Panama. Since they are located in Panama, they cannot be forced to comply with US requests to give up your name or any identifying information about you.

From their privacy statement:

Quote

APrivateInternetAccess.com is a business that strives to protect privacy and the privacy rights of our clients. Although we will comply with all valid subpoena requests, our legal team scrutinizes each and every legal request that we receive for compliance with both the "spirit" and letter of the law. For invalid or overly broad subpoenas, we will often question or attempt to narrow the scope of any subject matter sought. Moreover, when it is possible and a valid option we will provide the user an opportunity to object to any requested disclosures. We cannot provide information that we do not have. PrivateInternetAccess.com will not participate with any request that is unconstitutional.

The State of California requires us to post specific language related to our privacy policy. By default, PrivateInternetAccess does not share your private information with any third parties aside from the disclosures already made in this privacy policy. However, if you wish to inquire into how PrivateInternetAccess does not share our user's personal information with third parties for direct marketing purposes, you may contact:

https://www.privatei...privacy-policy/

Now do not get me wrong, I am not doing anything illegal but I have a real problem with prying eyes looking at all of my traffic.

[V.T. Eric Layton]

Well, I contacted them before signing on to ask a few questions. 1. Even if they are subpoenaed by the U.S., there's nothing they can provide. There are ZERO server logs and residual data from my comings and goings. The only info they keep on me is my email (not my real name) that I used to sign up with and my Paypal info that I used to pay them with. The U.S. Gov. probably already has that much info on me now.

From your quote above: "We cannot provide information that we do not have."

The only activity my ISP can report is my constant connection between my home network and the vpn server out West or wherever I happen to be located that day. That's it. They won't even have DNS records because all my requests are handled by the vpn server. While I'm in the tunnel, all data is encrypted, so even if some one could do a man-in-the-middle on the tunnel, they couldn't decrypt any of the data going back and forth in there.

Oh, and PLEASE don't put all your cookies in that one very insecure argument about having your vpn service provider outside of the U.S. The U.S. Dept. of State would have permission and access from the Panamanian government in a matter of minutes. That shield is made of tissue paper and balsa wood. It's not so much important where your company is located as it is that their integrity is such that they would not toss you under the bus when the GOV comes calling. We, as users, must trust their no-log/no-record policies. We must trust that they won't provide easy backdoor access to government entities. We must even trust that they AREN'T the government just running a sting/data mining front operation.

My main concern is privacy from hackers, spooks, men-in-the-middle, ad crawlers, etc. I don't do anything illegal, either. However, just because I don't do anything illegal when I'm laying in bed at night doesn't mean I want Google cameras in my bedroom monitoring me all night. And, like I said to someone at my board just a little while ago, I don't trust anything 100%. The ONLY time I'm completely secure on the Internet is when electrical connectivity of all type is removed from the soul-sucking box on my desk.







.

Edited by V.T. Eric Layton, 20 May 2016 - 05:47 PM.

[securitybreach]

I hear ya

[goretsky]

Hello,

The following might be of interest:  https://thatonepriva...mparison-chart/

Regards,

Aryeh Goretsky

[raymac46]

Folks in Canada use VPNs to get access to US sites like Hulu and US Netflix. But I don't see a real use for them unless you spend a lot of time in an Internet cafe sending emails. I use HTPPS everywhere on my browser. What does a VPN do to prevent ID theft?

[securitybreach]

I do not know about ID theft but it does hide all your traffic from your ISP and gives false information to websites that gather data from you among many other reasons. Read this for more reasons:
http://lifehacker.co...-for-your-needs

[raymac46]

Curious how you set this up.
Do you install the VPN on your router so you can stealth your network?
What happens when you take your laptop to Starbucks? Do you then set up a VPN for the laptop only?

[securitybreach]

Well most VPNs are compatible with openvpn so its just a matter of configuring your client and you can connect from any device. The one I use gives you a crossplatform client (even an archlinux package) but I just use openvpn as a daemon. Most routers support Openvpn so you can run it via your browser so that every device goes through it.

[V.T. Eric Layton]

Here you go, Ray...

Virtual Private Network (VPN): Everything You Need to Know

[raymac46]

Thanks for the link. Still digesting all the info.

[securitybreach]

This quote from Eric's article did give me a chuckle as its simply not true. Heck most of them offer a gui that just asks for username/password. So now logging in is difficult and requires a professional ??

Quote

You would want an IT professional to set one up, but you can learn a lot from reading up on the subject and examining your options.

Granted they are diving a little deeper into all the technology with that link but setting one up is very simple. Even with openvpn, its as simple as adding the address and the username/password.

[securitybreach]

BTW if you want openvpn to store your username and password so you do not have to enter it everytime, simply make a file somewhere called auth.txt and add the following:

username(usually email addy)
password

Then add this to your /etc/openvpn/whatever.conf (replace whatever with the profile name):

auth-user-pass /whatever/location/auth.txt

   (replacing /whatever/location with the actual location)

I know its plain-text, which sucks, but at least it is going straight to your VPN on whatever port you chose so it is highly unlikely that someone could sniff it out.

[V.T. Eric Layton]

Yes, setup was relatively easy with Slackware and NetworkManager. I had one little password/keyring bugaboo, but it got solved this evening with a suggestion from someone on LinuxQuestions.org's forums where I had earlier posted a question asking for some assistance. You can read about it here, if you'd like...

https://www.linuxque...ase-4175580297/

[raymac46]

Looking into this a bit more, if you have your own wifi router that supports VPN why would you not just set it up on the router for your local machines? Seems easier than trying to configure a bunch of PCs and laptops. You could put local configuration on any machine you take away with you to a coffeeshop or on holiday. Most of my hardware doesn't go anywhere.
Only disadvantage I see is that it might slow things down a bit for your Roku box, if you have one.

[securitybreach]

raymac46, on 24 May 2016 - 08:26 AM, said:

Onny disadvantage I see is that it might slow things down a bit for your Roku box, if you have one.

Well it does slow down a little but honestly if you choose a close server to connect to, then it will not slow down very much. For instance I get 150mbps from my ISP and when I run the VPN, I get 135mbps so the slowdown is very minimal.

I could set it up on my router but I have a lot of streaming devices (2 smarttvs, roku, chromecast, etc.) so I want my full bandwidth on those devices. That and the VPN I use offers dedicated IPs so I use a dedicated IP for my main machine so I can access via ssh. Since I do not remote into any of my other machines outside of the network, it doesnt matter if their IPs change when I carry them with me. Basically at home my main machine uses the dedicated IP and when I am on the go my laptop, netbook, tablet and phone connect to non-dedicated IPs my VPN offers. I do not know about others but the VPN I use has an android app so I can connect with phone and tablet.  https://play.google.....openvpn.client

[raymac46]

I suppose you are right to get finer grained control by just setting up your VPN on each machine as needed.

[V.T. Eric Layton]

I only intend to use it on my main machine. I have no need for vpn on the shop system or the laptop on my office desk.

[goretsky]

Hello,

In my case, I was tunneling back into the US from Europe via VPN concentrator colo'd at a US-based facility.  Nice when you want to get your email, web traffic, etc. without getting warnings.

Regards,

Aryeh Goretsky

[kiakeu]

Hi,

It seems it is only becoming more common that a VPN is required if you don't want your government or ISP spying, throttling or limiting what is supposed to be a free and open internet. Although a VPN protects your data and location you might want to think about other methods of tracking, adverts, cookies etc. There's plenty of things out there to prevent against this such as browsers dedicated to security (tor) some VPN providers even allow VPN over tor theres also various extensions designed to protect you from tracking such as disconnect, decentraleyes, self-destructing-cookies.

Also you might want to read the forums daily on you VPN of choice as when there is a potential privacy risk someone would have posted it there. And of course I'm sure you already know about http://ipleak.net another I also found useful was whoer.net.

What gets me is that company's like Netflix decide the need to block VPN users who want to remain "anonymous" of sorts on-line because a minor majority of their user base use this to bypass GEO-restrictions just another indicator to how current rules are not viable for the modern world.

Side Note: I use Airvpn, also some ISP's find the need to throttle OpenVPN connections if you ever become subject to this OpenVPN over SSH usually works well (I have to currently use this as my ISP feels the need to throttle OpenVPN).

Kind Regards,

Edited by kiakeu, 02 June 2016 - 04:06 PM.

[securitybreach]

I am familiar with all of those but thanks for the info.

As far as throttling, unless my ISP started blocking SSL, they wouldn't be able to throttle my VPN since the provider uses port 443.

[kiakeu]

securitybreach, on 02 June 2016 - 01:27 PM, said:

I am familiar with all of those but thanks for the info.

As far as throttling, unless my ISP started blocking SSL, they wouldn't be able to throttle my VPN since the provider uses port 443.

My provider offers several ports, 80, 53, 2018, 443 and 22 (over SSH tunnel). Unless running OpenVPN its self through SSH or SSL tunnel as far as i'm aware they can detect OpenVPN. This only when using their gateway, if I was to use my own I wouldn't have this problem.

Edited by kiakeu, 02 June 2016 - 01:32 PM.

[securitybreach]

Well I use my own router and my own modem so good luck figure out if I am using an vpn or not. That and I do not run the VPN on my router but instead on one of my local machine so all the ISP sees is a single connection to a server in Atlanta.

[kiakeu]

securitybreach, on 02 June 2016 - 01:34 PM, said:

Well I use my own router and my own modem so good luck figure out if I am using an vpn or not. That and I do not run the VPN on my router but instead on one of my local machine so all the ISP sees is a single connection to a server in Atlanta.

Mine is also run on my own machine. it's just their gateway that detects OpenVPN if I don't put OpenVPN its self through a SSL or SSH tunnel.

For example one person on the VM forums.

Standard OpenVPN over UDP on port 443: 5MB/sec
OpenVPN over UDP (with SSL tunnel) on port 443: 18MB/sec

It's strange as to why they do this but at least there's ways around it.

Edited by kiakeu, 02 June 2016 - 01:49 PM.