PDA

View Full Version : VPN Technology



ShadWolf
02-23-2013, 03:39 AM
VPN or (Virtual Private Network), lets you go about on the Internet without being tracked or monitored so easily, bypassing any filters or blocks that Governments or ISP's have setup. But you have to be careful with who you setup your VPN Tunnelling with, here are few key pointers to look at when selecting a VPN to tunnel your connection through to make sure you're making the right selection;

Does it have?:

Do they keep Activity Log records?
Is it Free to use by public or Paid service?
How does it encrypt it's connection?
Does it is use L2TP and/or PPPTP protocols?
How much is it going to cost you per month?
Does it use SSL (Secure Socket Layer) encryption?


By most standards today, most VPN providers can give you 256-bit SSL Encryption for your VPN service, while others may offer you 512-bit encryption, but just because you've got high encryption on your connection doesn't mean you still can't be hacked or broken into to see what you've been doing. In some case reports I've seen even the most secured connections can be easily cracked.

When you are looking for those things in VPN you want to make sure it DOESN'T have the following;


Activity Log records.
Free VPN services like OpenVPN


No Activity Logs = No traceback to whatever you're doing online.

This makes it harder for authorities trying to get something on you from your online activities, be it in the case of illegal activity like downloading a torrent for that movie you've always wanted to watch, or that music album you've searched for.

You may be wondering why choose VPN service thats paid rather than using ones that are Free to the public to use. …well here's why; Paid VPN service offers more benefits while Free one doesn't, and doesn't give you any real SSL encryption like 256-bit. Public VPN's like OpenVPN keep track records of your activity and can be retrieved at anytime by anyone, they could see what sites you've visited recently. Some paid VPN services also keep Activity Logs too so it's usually best to avoid those ones and find a better alternative VPN service.

Here's a common mistake people tend to do when they use VPN Tunnelling services, they tend to think that just because their connection is secure they can go about and enter whatever they like to sites and still be secure… that is indeed wrong. Your information can still be tracked on sites you enter them into especially if they're not secured and not using HTTPS to show you it's using SSL encryption. If you see HTTPS you can be sure the connection is secured, but you're still at risk as websites can be hacked and any personal info you've entered there could be still stolen and used.

Here's a few VPN Tunnelling services to name that I would probably recommend if you do intend to do use VPN Tunnelling.

What The Server – http://whattheserver.me/
Mullvad – https://mullvad.net/en/services.php
AirVPN – https://airvpn.org/
Anonine – https://www.anonine.com/en

also some may like to use Tor when using VPN's to further increase their anonymity online, but mind you it will be a bit slower since Tor is a Proxy service which bounces your connection to several other proxies around the world hosted by other people.

Tor – https://www.torproject.org/projects/torbrowser.html.en

If anyone else has VPN Tunnelling services you recommend feel free to share. :3

benanderson
02-23-2013, 08:09 AM
The only thing VPN is good for is connecting securely to local area networks from over the internet as well as to connect to other countries to make use of their services which are otherwise not permitted in their country.

All this privacy FUD in your first paragraph is just that, FUD. It also doesn't matter what service you use, any computer system keeps logs of everything it does ever - everything from error logs to when it was powered on. Any service who says that they do not keep logs of your VPN activity are just telling big fat lies - especially if they use MS Windows where its integrated into the reporting service. Plus, if they state that they do not keep activity logs, then you have to wonder if you really are more secure on a service that will almost certainly be used for illegal activity by dubious individuals. Plus, publicly available VPNs can be used for man in the middle attacks since the machine every bit of data you're submitting and receiving is being pushed through is housed and run somewhere else in the world by a third party you know nothing about.

Keeping private on the Internet is easy.

Privacy Mode in a web browser is the obvious one. Basically blocks everything.
Upgrading to a newer web browser and checking the "do not track" option.
Reading the fine print on websites to make sure you do not share your information with third parties is the one people always overlook (and then wonder why they get spam)
Editing privacy settings on a website the moment you create an account so all content thereafter is secured.
Having your browser NOT remember your history or even your cookies once you close it down (basically an always on versions of privacy mode)
Turn off search suggestions if the web browser has a combined URL and Search bar.
And, if you're stupidly paranoid, just install adblock to stop adverts from showing up.

If you are the kind of person who likes to download things like torrents (naughty naughty) then just enable encryption. Micro Torrent ("uTorrent") has the feature built in. The ISP will see that you are downloading data, but they will not know what it is and therefore not be prosecutable.

What you have to remember is that almost if not ALL of the tracking is done on your local machine via cookies and local storage. Even if you used VPN, its not going to stop the cookies and therefore the targeted adverts, making this information on you've submitted pretty much useless.

Instead of listening to the media on how apparently every little bit and byte is being spied upon, actually learn how the technologies and techniques work first and just remember to read all the fine print before you sign up. You'll quickly realise its not as bad as you are lead to believe.


Disclaimer: 3 Degrees; Computing, Computer Applications (BSc) and Computer Science (MSc). Currently employed by the Nissan European Data Centre.

ShadWolf
02-23-2013, 09:10 AM
The only thing VPN is good for is connecting securely to local area networks from over the internet as well as to connect to other countries to make use of their services which are otherwise not permitted in their country.

All this privacy FUD in your first paragraph is just that, FUD. It also doesn't matter what service you use, any computer system keeps logs of everything it does ever - everything from error logs to when it was powered on. Any service who says that they do not keep logs of your VPN activity are just telling big fat lies - especially if they use MS Windows where its integrated into the reporting service. Plus, if they state that they do not keep activity logs, then you have to wonder if you really are more secure on a service that will almost certainly be used for illegal activity by dubious individuals. Plus, publicly available VPNs can be used for man in the middle attacks since the machine every bit of data you're submitting and receiving is being pushed through is housed and run somewhere else in the world by a third party you know nothing about.

Keeping private on the Internet is easy.

Privacy Mode in a web browser is the obvious one. Basically blocks everything.
Upgrading to a newer web browser and checking the "do not track" option.
Reading the fine print on websites to make sure you do not share your information with third parties is the one people always overlook (and then wonder why they get spam)
Editing privacy settings on a website the moment you create an account so all content thereafter is secured.
Having your browser NOT remember your history or even your cookies once you close it down (basically an always on versions of privacy mode)
Turn off search suggestions if the web browser has a combined URL and Search bar.
And, if you're stupidly paranoid, just install adblock to stop adverts from showing up.

If you are the kind of person who likes to download things like torrents (naughty naughty) then just enable encryption. Micro Torrent ("uTorrent") has the feature built in. The ISP will see that you are downloading data, but they will not know what it is and therefore not be prosecutable.

What you have to remember is that almost if not ALL of the tracking is done on your local machine via cookies and local storage. Even if you used VPN, its not going to stop the cookies and therefore the targeted adverts, making this information on you've submitted pretty much useless.

Instead of listening to the media on how apparently every little bit and byte is being spied upon, actually learn how the technologies and techniques work first and just remember to read all the fine print before you sign up. You'll quickly realise its not as bad as you are lead to believe.


Disclaimer: 3 Degrees; Computing, Computer Applications (BSc) and Computer Science (MSc). Currently employed by the Nissan European Data Centre.



Well you're right about 1 thing, Can't always trust what they say about VPN service not keeping track logs of activity. But you're forgetting that all of those logs can be disabled if made so, and most of these popular and well known trusted VPN servers are running either running Linux CentOS or some other Linux OS like RedHat.Under Linux it's possible to completely disable network logging altogether of who comes and goes on the network, while keeping only error and warning logs that usually occur on a network infrastructure which is completely normal.

It's very good to read the complete TOS and all the other little bits of small prints they have that you should know before using the service they provide. Also You say that they could be using MS Windows as server for VPN's… well yes some do, but not all because there's more flexibility in open-source *NIX systems. Also noticing how much they're charging per month is a big give away whether they can be trusted or not, if they're giving you away a really high-cost per-month, then you know there maybe something they're not telling you, of course, marketing prices can vary between different companies who've setup VPN services. But you can never be too sure.

I've tested out a few on my own to see what each one can offer as a short trial, and some are better than others. I've tried BTGuard, didn't really have much problems except I kept getting disconnected every 5 minutes which was annoying. I know a few people who've test trialled other VPN services and gave their feedback on each one of them, we all kinda worked together to find ones that worked really well and is really honest and upfront about what they're offering without hiding information.

Keeping private on the Internet is easy? …sure to some extent. with browsers now offering In-Private Browsing making your online activities hard to follow offers alot of great benefits. As for History and Cookie storage, I'm usually always clearing these out weekly so there's no traces left behind. And I always use extensions like AdBlock, and NoScript at my side to block out stuff on the Internet I don't want to see or having ads tracking what I do, and as for the DNT Options, you've pretty much got that built-in to browsers like Chrome, Opera and Firefox. Plus you've also got options for Blocking 3rd-party Cookies so they can't dump their crap on your computer when you visit sites that have third-party content advertising. Search Suggestions I usually have them turned off by default through my browser.

I'm not really the type to download torrents for the (naughty naughty) stuff unless there's something I'm really after, which is usually software thats generally overpriced. I use Transmission as my torrent client anyways since it's much lighter than uTorrent and much cleaner without the extra crap you don't need since with it being open-source and available for *NIX systems, and uses latest encryption possible. I like Transmission's support with Magnet URL's since I tend to use them alot, cuz I never download the torrent data file.

While VPN is doing it's job to keep you hidden, you have to do your part too by clearing out the other junk you don't need. VPN's not just good for Local Networks, but good for Outside Networks too when you're wanting to make secure connection to somebody else.

Also I don't even watch media reports on how every little bit and byte is being spied upon, in fact I don't even watch the media at all for that matter since I'm not interested, except for those times where I do find something interesting, and I've already learned how technologies and techniques work, and I always read fine prints for everything.

Onnes
02-23-2013, 12:51 PM
If you are the kind of person who likes to download things like torrents (naughty naughty) then just enable encryption. Micro Torrent ("uTorrent") has the feature built in. The ISP will see that you are downloading data, but they will not know what it is and therefore not be prosecutable.


Protocol encryption for torrents is meant to get around ISP throttling by trying to hide the nature of the data; however, it is not particularly useful in terms of privacy. The very nature of a torrent requires your IP still be visible to everyone else sharing that torrent on the same tracker. Prosecution usually stems from an interested party recording all the IPs seen sharing some piece of pirated content, subject to various criteria, and then contacting the responsible ISPs. The only way around this is to have an address that can't be traced back to you, such as from open WiFi or truly anonymous proxy services.

benanderson
02-23-2013, 02:34 PM
Protocol encryption for torrents is meant to get around ISP throttling by trying to hide the nature of the data; however, it is not particularly useful in terms of privacy. The very nature of a torrent requires your IP still be visible to everyone else sharing that torrent on the same tracker. Prosecution usually stems from an interested party recording all the IPs seen sharing some piece of pirated content, subject to various criteria, and then contacting the responsible ISPs. The only way around this is to have an address that can't be traced back to you, such as from open WiFi or truly anonymous proxy services.

Yes, you need to be visible on the tracker. Does the ISP see what is on the tracker? No. The ISP sees what you are connecting too, but they will have no idea what it is unless they connecting to that tracker and reading its contents.


Well you're right about 1 thing, Can't always trust what they say about VPN service not keeping track logs of activity. But you're forgetting that all of those logs can be disabled if made so, and most of these popular and well known trusted VPN servers are running either running Linux CentOS or some other Linux OS like RedHat.Under Linux it's possible to completely disable network logging altogether of who comes and goes on the network, while keeping only error and warning logs that usually occur on a network infrastructure which is completely normal.

It's very good to read the complete TOS and all the other little bits of small prints they have that you should know before using the service they provide. Also You say that they could be using MS Windows as server for VPN's… well yes some do, but not all because there's more flexibility in open-source *NIX systems. Also noticing how much they're charging per month is a big give away whether they can be trusted or not, if they're giving you away a really high-cost per-month, then you know there maybe something they're not telling you, of course, marketing prices can vary between different companies who've setup VPN services. But you can never be too sure.

I've tested out a few on my own to see what each one can offer as a short trial, and some are better than others. I've tried BTGuard, didn't really have much problems except I kept getting disconnected every 5 minutes which was annoying. I know a few people who've test trialled other VPN services and gave their feedback on each one of them, we all kinda worked together to find ones that worked really well and is really honest and upfront about what they're offering without hiding information.

Keeping private on the Internet is easy? …sure to some extent. with browsers now offering In-Private Browsing making your online activities hard to follow offers alot of great benefits. As for History and Cookie storage, I'm usually always clearing these out weekly so there's no traces left behind. And I always use extensions like AdBlock, and NoScript at my side to block out stuff on the Internet I don't want to see or having ads tracking what I do, and as for the DNT Options, you've pretty much got that built-in to browsers like Chrome, Opera and Firefox. Plus you've also got options for Blocking 3rd-party Cookies so they can't dump their crap on your computer when you visit sites that have third-party content advertising. Search Suggestions I usually have them turned off by default through my browser.

I'm not really the type to download torrents for the (naughty naughty) stuff unless there's something I'm really after, which is usually software thats generally overpriced. I use Transmission as my torrent client anyways since it's much lighter than uTorrent and much cleaner without the extra crap you don't need since with it being open-source and available for *NIX systems, and uses latest encryption possible. I like Transmission's support with Magnet URL's since I tend to use them alot, cuz I never download the torrent data file.

While VPN is doing it's job to keep you hidden, you have to do your part too by clearing out the other junk you don't need. VPN's not just good for Local Networks, but good for Outside Networks too when you're wanting to make secure connection to somebody else.

Also I don't even watch media reports on how every little bit and byte is being spied upon, in fact I don't even watch the media at all for that matter since I'm not interested, except for those times where I do find something interesting, and I've already learned how technologies and techniques work, and I always read fine prints for everything.

You can't disable logs. Only rotate them if they get too big. Systems such as PPTPd for Linux can have the logs for connections and disconnection's disables, but its not going to stop the logs for the server's network service or the actual network router which will keep track of your outside IP and port, as well as the local IP you've been assigned and the outgoing and incoming connections. The rest of the network hardware is an entirely different story. Firewalls, as well, log EVERYTHING that goes in and out and as well as the source.

The rest of your reply is just repeating what I've said but in long form. |:

This thread is just spreading FUD. No physical being is spying on us - just some scripts on a server somewhere going "he has cookie A, give content A" and "he's downloading WAY to much! Throttle it."

Maybe I feel more secure because European laws are so damn strict and even google with its cookie policy got their arse handed to them. But even so, no one should have to resort to VPN and no one should be so paranoid about the internet.

Onnes
02-23-2013, 04:07 PM
Yes, you need to be visible on the tracker. Does the ISP see what is on the tracker? No. The ISP sees what you are connecting too, but they will have no idea what it is unless they connecting to that tracker and reading its contents.


ISPs are not the entities interested in prosecuting individuals for file-sharing. Were it not the law they would never comply with requests to identify their customers. They only care about bandwidth use.
The evidence used in prosecution comes from the tracker, not from the ISP inspecting packets. Everyone on the tracker for a given file is visible to everyone else, so any organization that wants to collect IP addresses can do so. The ISP really only enters to identify the user, verify traffic logs, and potentially execute file-sharing clauses in their terms of use.

ShadWolf
02-23-2013, 04:21 PM
Yes, you need to be visible on the tracker. Does the ISP see what is on the tracker? No. The ISP sees what you are connecting too, but they will have no idea what it is unless they connecting to that tracker and reading its contents.



You can't disable logs. Only rotate them if they get too big. Systems such as PPTPd for Linux can have the logs for connections and disconnection's disables, but its not going to stop the logs for the server's network service or the actual network router which will keep track of your outside IP and port, as well as the local IP you've been assigned and the outgoing and incoming connections. The rest of the network hardware is an entirely different story. Firewalls, as well, log EVERYTHING that goes in and out and as well as the source.

The rest of your reply is just repeating what I've said but in long form. |:

This thread is just spreading FUD. No physical being is spying on us - just some scripts on a server somewhere going "he has cookie A, give content A" and "he's downloading WAY to much! Throttle it."

Maybe I feel more secure because European laws are so damn strict and even google with its cookie policy got their arse handed to them. But even so, no one should have to resort to VPN and no one should be so paranoid about the internet.

Sure rotate logs whatever… but you can change what they log, like if you only want it to log errors; LogLevel error it would only record those ignoring the rest. You seem to have different understanding than I do about this. And spreading FUD? ehh… nope not likely, cuz that's just not me as you may think. and I don't really care for what qualifications you have which says otherwise. >.>

repeating…? ehh… again only stating obvious facts which you should know already because it seemed to me you didn't understand what I was talking about the first time.

and what kind of fucked up head of yours thinks that it's a physical person spying? of course it's bloody scripts which does the actual work collecting information. –– Oh and before you think I'm repeating what you said, think again… :/

and scared of the Internet? …sounds like you are! cuz I'm not, I'm just the cautious type who doesn't try to overlook things. xD –– European laws are different in each country as each country has their own ruling systems of how things are dealt with, you have places like Germany blocking off sites like YouTube and torrenting sites, and some other social sites. some countries like Sweden doesn't even have laws of what you can and can't do over the Internet, hell look at PirateBay, it's still standing even though other countries have opted to blocked it off, but still accessible through proxies and secured networks.

in all honesty here… I think we've driven way off topic here thanks to your little rant. may I suggest heading back on topic? …I didn't really care what you had to say about FUD crap or that other nonsense you babbled on about. I created this topic on the purpose for sharing VPN services and what it can do.

benanderson
02-23-2013, 07:30 PM
Sure rotate logs whatever… but you can change what they log, like if you only want it to log errors; LogLevel error it would only record those ignoring the rest. You seem to have different understanding than I do about this. And spreading FUD? ehh… nope not likely, cuz that's just not me as you may think. and I don't really care for what qualifications you have which says otherwise. >.>

repeating…? ehh… again only stating obvious facts which you should know already because it seemed to me you didn't understand what I was talking about the first time.

and what kind of fucked up head of yours thinks that it's a physical person spying? of course it's bloody scripts which does the actual work collecting information. –– Oh and before you think I'm repeating what you said, think again… :/

and scared of the Internet? …sounds like you are! cuz I'm not, I'm just the cautious type who doesn't try to overlook things. xD –– European laws are different in each country as each country has their own ruling systems of how things are dealt with, you have places like Germany blocking off sites like YouTube and torrenting sites, and some other social sites. some countries like Sweden doesn't even have laws of what you can and can't do over the Internet, hell look at PirateBay, it's still standing even though other countries have opted to blocked it off, but still accessible through proxies and secured networks.

in all honesty here… I think we've driven way off topic here thanks to your little rant. may I suggest heading back on topic? …I didn't really care what you had to say about FUD crap or that other nonsense you babbled on about. I created this topic on the purpose for sharing VPN services and what it can do.

"There's that constant annoyance that your every move on the internet is tracked and recorded and monitored of everything you do; from general Internet browsing, to email-ing, Shopping, Social Networks, Online Banking. And of course you have the constant annoying threats from ISP's and Governments over what you can and can't do over the Internet."

That is FUD :B
It makes an otherwise semi-useful post about VPN appear like some kind of end all solution to a non-existant spying problem.

But anyway, back to the issue of VPN.

Network routers, switches, domain controllers etc always log because many of them are appliances. Plug in, switch on, go. We've just added some new Cisco switches to our network and the config for those is limited with no option to disable logging - almost all network switches are like that. If the VPN is in a data centre (which is will be in order to handle load) then they may disable the connection logs on the server, but every other bit of network equipment on the network will still be logging what is going in and out of it, the routers especially.

One trait of VPN is that your computer gains a local IP address on the physical network where the VPN server resides. Your NetBIOS name, open ports, shared folders, shared printers, media library, network services (etc. etc.) become available on the network to all other users connected to the VPN. So, for example, if I was connected to the same VPN, I could access your computer just by typing in a local IP address (EG: 192.168.0.3 ). The router will also log the connections to your local IP address, and the firewall will note that all VPN connections are being sent to your remote IP.

VPN is in no way private. It never has been because that is not its intended purpose. Its secure over the internet, yes, but it is in no way private once you hit the network on the other end and it doesn't take much effort to fish the log files from the firewall and the router.

If you want the kind of privacy you're referring too in the original post, you use a Proxy Server or perform SSH tunnling with X11. But you shouldn't need to do this anyway if you just practice safe browsing habbits and make sure third party cookies are blocked.

VPN is, however, very useful if you are trying to bring a group of people together to share resources (since that is its intended design purpose) - but if you were doing this I'd highly recommend using a privately owned VPN system, such as a home server (recommended) or one of the users has a VPN service on their PC that they can bring up and down at will.

I myself use a Acer Aspire M1930 PC tower that I've repurposed as a server running Windows Server 2008 R2. Its been running non-stop for nearly two years now and I highly recommend everyone who wants to make use of VPN, file sharing, "cloud" storage etc. to get a home server. It beats services like drop box and google drive by a country mile.

ShadWolf
02-24-2013, 06:14 AM
"There's that constant annoyance that your every move on the internet is tracked and recorded and monitored of everything you do; from general Internet browsing, to email-ing, Shopping, Social Networks, Online Banking. And of course you have the constant annoying threats from ISP's and Governments over what you can and can't do over the Internet."

That is FUD :B
It makes an otherwise semi-useful post about VPN appear like some kind of end all solution to a non-existant spying problem.

call it whatever you want… it's not FUD.