VPN - Are they effective, which ones are best, how to best set them up

Discussion in 'Misc Discussion' started by bphlpt, May 16, 2017.

  1. bphlpt

    bphlpt A lowly staff member Staff Member

    As Freezer mentioned, he and I have been chatting about VPN's. Our discussion began because, for the first time ever, I have recently begun receiving "abuse" notices from my ISP (Charter/Spectrum) because of some of the torrents I have downloaded. The offenders are all torrents of TV shows, and are a minuscule number compared to the number of torrents I have downloaded, but bottom line I don't want to my ISP to decide that further steps are necessary.

    These notices were all triggered even though I use our HOSTS file, with even a few further additions, and run PeerBlock. So I asked Freezer for his recommendation, thinking that he might be running a VPN. It ends up he isn't, yet, but he is also concerned, not only because of copyright-infringement but also due to fair-use, privacy, Net Neutrality, etc.

    So here is a summary of our conversation. [ OK, I blatantly copied portions of it. :) ]

    ---------------------------------------
    [Freezer]
    Free VPN's are available. But like Tor they are probably slow and really only useful for file lockers that limits the frequency of downloads from your IP. And sites that censor or block access from your country. Or if your country censors or blocks sites (such as torrent sites). Also, the only practical way to use these with bittorrents is to set your torrent client to only 'Resolve Hostnames through proxy' and not the actual peer-to-peer connections themselves. (for uTorrent, disable 'Use proxy server for peer-to-peer connections' under Connection Preferences).

    --VPN Book
    --VPN Gate
    --Opera has an unlimited, free built-in VPN now. Not sure how to use it outside the browser though.

    After HideMyAss turned out to SellYourAss instead, TorrentFreak maintains lists (and reviews) of some of the VPN's available: Which VPN Services Keep You Anonymous in 2017? And more articles from TorrentFreak. And this article from TorrentFreak: 5 Ways To Download Torrents Anonymously.

    [bphlpt]
    ExpressVPN seems to be ranked #1 by the all of the VPN comparisons I've read. It's not the cheapest, but it does seem to be the fastest, might have the most available servers and has a speed test available for the servers. It's been around awhile and is pretty stable, works with torrents and P2P, is available for all of the various OS including Windows, Mac, Linux, iOS, and Android, and allows simultaneous connection by 3 devices. There is also a custom OpenWRT router firmware available with a built-in ExpressVPN client to protect your entire network yet only count as a single connection.

    NordVPN seems to be ranked in the top 3, is currently the cheapest of the paid services when you pay for a 2yr subscription, is reasonably fast, works with torrents and P2P, is available for the same OS as ExpressVPN except Linux, allows simultaneous connection by 6 devices (I think), and offers double-VPN and Tor-over-VPN options for more secure connections.

    Of the paid options, to me those two seem to be the top two contenders.
    ---------------------------------------

    So is anybody using a VPN, currently or in the past, that can add to this discussion? Or know any stories from personal experience or that of a friend or acquaintance? Or just have an opinion form what you've heard or read?

    If nothing else, I might bite the bullet and sign up to try one for a month and see how it goes.

    Cheers and Regards
     
    Trouba likes this.
  2. Glenn

    Glenn Administrator Staff Member

    Sorry guys, but I am in Australia - it's already filled with convicts, all of us will pirate as we don't have other options to get them legit in a timely fashion, so if copyright wants to be enforced over here, then they are gonna have to take the whole country to court, because at the end of the battle there will only be 5 people and a wallaby not in jail for 5 years or the $50k fine :p If we are all in Jail, none of us are ;)

    I wont ever own/use a VPN and if I get blocked by my ISP, I will use another one. If I was in USA, either unite as one and call their bluff, purchase everything you want to watch through Digital means - but never and I mean NEVER go with a cable company, they got away with ripping people off for far too long, now they can go the way of the blockbuster video shops.

    It's not like I think many of the TV show creations deserve a cent from us anyway - they cancel the damn things after a season or 2 and never fishing the story, I wouldn't buy half a book, so screw them. I don't pirate Movies, I go to the cinema for the ones I want to watch and apart from that I don't watch them anymore - not enough time in the day and I would rather sleep of a night.

    Sorry I couldn't be more helpful.
     
    bphlpt and Trouba like this.
  3. Trouba

    Trouba Administrator Staff Member

    "HideMyAss turned out to SellYourAss instead" LOL

    "because at the end of the battle there will only be 5 people and a wallaby not in jail"
    "I wouldn't buy half a book" LOL

    So it looks like this will be a interesting thread. I have tried HideMyAss and some others either free or as a trial but at the time had connection problems and low speeds.

    The factor that has played a role in my decision making regarding what I download (I don't normally download movies or shows, just software) has been the fact that my current DSL connection is the ONLY broadband I can get, so I haven't particularly interested in messing up my relationship with them. I might try the VPN thing again, though, even if my current speeds aren't anything to write home about.
     
  4. bphlpt

    bphlpt A lowly staff member Staff Member

    Fortunately for me, my ISP (Charter - which is the cable company) does not have any kind of data cap, or policy of slowing my DL rate after XX GB of bandwidth has been used. Glenn, I understand your opinion of cable companies in general, but in my opinion/experience, those viewpoints are more appropriate to have about the phone company, (AT&T) which is the only other real option in my area. Yes there is also the option of satellite (Direct TV), but speed is just not in the same ballpark. And AT&T is actually in cahoots with Direct TV, which uses them to supply TV for any bundle you might do with them. Yes, AT&T is cheaper, at least on the surface and I've considered them, but the speeds are not as good and they have data caps, enforced slow-down after surprisingly little data usage, and quite high cancellation charges. I have no cap, and no contract, so if I can find a better deal I can change any time I want to.
     
  5. The Freezer

    The Freezer Just this guy, you know Staff Member

    Yeah, lack of choice is a problem for most in the US. It is for me.

    But for those cities that have a fiber-optic provider, such as Google-fiber with 1000/1000 Mbps down and up, the local cable companies provision for the fastest speeds your modem can handle -- which is about 300/50 Mbps currently. Elsewhere, we're told 60/5 Mbps is "good enough" for the rest of us. :cautious:

    And what really sucks is that these incumbent ISP's throw money at our local and state lawmakers to put up new regulations (and in some cases new legislation) to make it incredibly hard, if not impossible, for anyone else -- including your own local municipality -- to establish a competing Internet service. The incumbent ISP's are grandfathered-in, of course. So even Google, who's the only one with enough money to even attempt to fight these impossible roadblocks, has about had it and is throwing in the towel.

    :mad:
     
  6. Trouba

    Trouba Administrator Staff Member

    Yep, "let's leave it up to the states" is the favorite tune of the ruling party in DC right now. Pre-existing conditions? Leave it up to the states. Your browsing history? Leave it up to the states (who get bribed).
     
  7. Glenn

    Glenn Administrator Staff Member

    I use Dodo internet, mainly because it's VERY hard to get in contact with them for support, changes and well anything other than sales, I am not saying that if you have hours to listen to elevator music on a phone before a robot redirects or disconnects you, only then to be connected to a human who has no idea what they are doing if I am even able to understand their accent. No, I fix my own problems and when it is their issue, a phone call would do nothing to speed them up anyway. But the reason I stick with them is the same reason BP does - they don't give a crap about data usage, but mine also don't care what I choose to download, I would be willing to bet that way after any digital copyright laws are in place it will be another 3 years before Dodo adopts them - meaning I should be very safe for a while, as the only contact I have with them is the automated eMails they send out when my bill is due.
     
  8. zdevilinside

    zdevilinside Active Member

    There are many different reasons to use VPN. I use mine to use a US server (I live in Mexico now) so I can make free calls on Google Hangouts, access content that is based upon where you are and a few other reasons *torrents cough cough*. I don't want to let others know what I am downloading or what I am doing.

    I am very happy with my VPN provider - I have been with them for 5 years. Private Internet Access is one hell of a VPN provider.
     
  9. bphlpt

    bphlpt A lowly staff member Staff Member

  10. zdevilinside

    zdevilinside Active Member

    I looked at the various reviews and decided after reading the TorrentFreak review for them. I haven't had a single problem with them other than an occasional need to disconnect from their service and reconnect.
     
  11. The Freezer

    The Freezer Just this guy, you know Staff Member

    TorrentFreak has their annual updated review of VPN services: "Which VPN Services Keep You Anonymous in 2018?"
     
  12. The Freezer

    The Freezer Just this guy, you know Staff Member

    This. From an article about McAfee's (unfortunate) acquisition of TunnelBear:
     
  13. bphlpt

    bphlpt A lowly staff member Staff Member

    I've been using NordVPN for awhile now, and have been pretty pleased. The connections are reliable, speeds are sufficient, price was extremely reasonable, and I have had no more "abuse" notices while using NordVPN.
     
    The Freezer likes this.
  14. zdevilinside

    zdevilinside Active Member

    I have switched to NordVPN recently. This is because PIA started having issues with maintaining connections and a lot slower speeds developed and they didn't fix it after I put in trouble tickets.
     
  15. Trouba

    Trouba Administrator Staff Member

    I read somewhere that you sometimes have to switch servers to be able to watch Netflix. Apparently, Netflix is against use of VPNs so they are trying to prevent its use. Does anyone have experience with this?
     
  16. zdevilinside

    zdevilinside Active Member

    Yes, and that is part of the reason I went away from PIA - they stopped playing "Wack-a-mole" with Netflix. Many VPN services still play that - they get an IP, Netflix blocks it, VPN gets new IP and it works for awhile, Netflix blocks it, etc.

    So far, NordVPN is working.
     
    Trouba likes this.
  17. bphlpt

    bphlpt A lowly staff member Staff Member

    For some unknown reason, The Wayback Machine also has something against the use of VPN's. AudioBookBay doesn't like some VPN servers, while others are fine. The use of VPN's are occasionally hit-or-miss, but overall NordVPN has been very well behaved, and I have not received a single "abuse" notice while using it, and that was the primary reason that pushed me to use a VPN.
     
    The Freezer and Trouba like this.
  18. mortmaru

    mortmaru New Member

    They are block vpns it's just luck if one works with the service.

    Other thing to watch out for is they can ban your account in the terms it states no vpn.

    Regarding vpn i have tried over the years all different providers and always ended up sticking with Air VPN - The air to breathe the real Internet
     
    Last edited: Sep 7, 2020
  19. Trouba

    Trouba Administrator Staff Member

    What if you wanted to surf truly anonymously? Or at least with better protection than running a VPN + TOR on a host OS?

    What extra protection would it provide (if any) to run the following setup: host OS runs VPN >> guest OS runs in VirtualBox (connected via NAT) >> use of TOR inside guest OS?

    I'm thinking along the lines of MAC addresses, but also what if your host OS pings or something and they can link that with your guest OS because it uses the same connection? Stuff like that I'm having a hard time visualizing.

    Some would suggest the use of TAILS or Whonix, but how much of that is hype and what are the *practical* considerations just using Windows? I guess if you'd be doing something deeply illegal stuff, even MS ratting you out might be a concern. But I'm talking more about anonymous surfing and even things like exploring the darkweb out of interest -- without either your ISP or any monitoring knowing. Some even suggested running the Whonix server (it comes in 2 parts) and then running a different OS based off that for connectivity.

    I wonder if anyone has some thoughts about this. A good VPN (I've tried a few) and TOR is obviously a big step, but could VM's play a role in this and if so how from a security perspective? It also made me think about the SOX release and made me wonder what could be done to Windows to keep it functional for such purposes but be otherwise stripped from extra functionality (and pings and telemetry stuff) by the use of NTLite, for example.

    Just ANY thoughts on this are appreciated.
     
  20. Glenn

    Glenn Administrator Staff Member

    It's up to the VPN to hide you, there is NO physical way that you can hide yourself very successful behind that point;

    * All points below are NOT real world researched, they are just my own personal views that I have had about anon surfing. I feel that a smart enough person wouldn't have any problem following you if given access to the real hardware and the VPN's logs, regardless of TOR/VM or any other software trying to hide you locally.

    Your ISP has the connection to your VPN and back to your Router/Modem/Switch. even IF your managed to hide your IP address of your PC, it will not hide the routers etc it has passed. doesn't matter that the data is encrypted, they will still see where the data came from (your VPN) and where it is going (your home LAN).

    I had a thought about using a Laptops WiFi that's hardware allows a random Mac to be generated each time, but that made me think of all the other hardware a home network runs that the data will pass through.

    There would be no benefit to using a VM to do anything other than protect your host OS, all other Data/Internet reasons get translated locally within your host via software drivers. meaning the actual Data packets are set to your ISP via the PC's real hardware as a route address to your ISP or via your VPN. So anything involving that would be useless to make any real difference to your visibility.


    The problems are due to your Connection to the internet being physical (hardware) so the port your ISP uses for you will still be used, just with encrypted data (the destination will stay the same *Your physical Routers MAC), really the only way you could hide yourself locally would be a local exploit used inside your router that changes your MAC to be the same as another existing MAC on your ISP, one that is either turned off currently or changed remotely then changed back once you are done being hidden.


    That is about as much thought as I have put in to such things as I have no reason to hide what I do online anymore and a VPN seems enough to stop average people seeing it anyway.

    As a side thought if you could Emulate hardware that sends a random MAC before it gets to your router and had that hardware self destruct the PIC inside if tampered with, then you would be 100% hidden, but ain't nobody got time for that :)


    -EDIT-

    If you think your VPN is sending you data encrypted directly stop and have a thought about the data pipe to your home, it is the only way data gets in to your LAN and it is via the ISP's physical connection to you. So there is no way a VPN can protect them knowing you were on - only what data you received, but they are able to see what data you got if the VPN keeps logs, which many do due to laws put in place, they are not going to lose their business for the sake of your data IMO, they are a business trying to make money so it will always default to them giving it up, only big companies like apple can say no to government as they have the money and obscurity to hide those truly responsible for saying no.
     
    Trouba likes this.
  21. bphlpt

    bphlpt A lowly staff member Staff Member

    Some VPNs, and there are some that at least claim to not keep logs, such as NordVPN even offer modes such as double layer VPN, so if you use TOR on top of that, as Glenn says, at least what data your are transferring should be fairly well hidden. And you can encrypt on top of that if you have control of both ends of the transmission, not to mention encrypting the entire PC you use along with each individual file, again. So it seems, if someone has you under close enough investigation, that you can hide WHAT data you are transferring, but not necessarily WHERE you are transferring it from. And probably not even WHAT if they really want you bad enough. Of course each layer of protection you add needs more time and PC resources to process and transmit.

    So, I guess you would need to use a wireless link, rotate the IP addresses you use, rotate which VPN address you use, maybe even use alternate VPN providers and rotate ISPs if possible with changing MAC addresses in order to really hide.. I guess if you go explore the dark web you might find more suggestions of how to truly hide if you want/need to.
     
    Trouba and Glenn like this.
  22. Trouba

    Trouba Administrator Staff Member

    Yeah, I'm not planning on sitting in a car tapping into WiFi just to browse in the dark, and I'm not personally worried because I'm not up to nefarious activities. Heck I don't even download music or movies. It does interest me to understand it though. I've wanted to understand it for years but just never bothered to look into it because it was made out to be such a threshold subject.

    I understand that any data would flow through one's internet connection and ISP. I understand that a VPN would encrypt the data sent, but as you mention they're not going to defend a $10 membership (although there would have to be sufficient reason for any such pressure to be exerted on a VPN: so its security would be relational to what an individual would be doing on the DN). So the VPN would be responsible for encrypting any input that flows from your end to the net. TOR networks further anonymize and encrypt connections. But with TOR you'd have an entry node and (possibly) an exit node. So you get the "what you put in as plain text, comes out as plain text" reality -- the idea being that information you send through the network will come out how you put it in. If that information can be seen leaving your network and entering somewhere else, clearly a link could be made. But how possible and likely that is and to what circumstances it applies I think can differ and that's what I'm trying to understand.

    The way I understand it, if you remain on the TOR network, there is no exit node your information goes to. It is when you browse clearnet through TOR that an exit node comes into play. Of course, the VPN would encrypt the information going in (coming from you), and then if you have remain with TOR network then there also wouldn't be a plaint text out to refer to. TOR itself also encrypts the data leaving your system. At least that is the theory as I understand it. The only way that information (and/or ID) could be made out in that scenario is if a law enforcement or government would control one or more of the TOR nodes, which there have been reports about but they're just guessing at this point.

    So for example with NordVPN, you could use double layer VPN as John mentioned; you could then also run Whonix (gateway) which will set up a TOR network; you can run a VM that taps into the network set up by Whonix; you can then run TOR browser inside that VM which will double the TOR functionality. If you then stay within the TOR network (don't exit at a node), it would seem rather hard and/or impossible to tie all this back to a person. The likelihood that they could even trace such a connection back is already very unlikely if not impossible; but what you send also would not be visible. Perhaps I'm missing something but unless the various nodes you're on are compromised AND they have access to your VPN's records (and can decrypt everything) it would seem in the very least an extremely hard thing to do. Add to that that you can encrypt your actual VM itself (and even your system as John mentioned) which would be one benefit of using a VM over a live OS (well except for something like TAILS when run off a USB stick).

    So for example one way your ISP might know you're using TOR is because traditionally the data packets would have a certain size, indicating you're using TOR. But the VPN connection would obfuscate even the TOR usage. Your ISP might know you're using a VPN but it can't decrypt the data and so wouldn't be able to flag it either. So I would think any peering into someone's use of TOR would be solely based somehow on perceived activities on the darknet, from which they would try to work back to uncover your identity. Which might be a good exercise, to think along those lines. What are the weaknesses in connections like that. I'm finding it hard to visualize what exactly goes on in various setups. It seems most of us just kind of assume stuff and rely and good will of our ISP and law enforcement -- like, there are bigger fish to fry, they'll spare me, but that FBI warning on DVD's is pretty clear all the while. You know what I mean? So it's kind of important to understand what we're actually engaging in when we go online. There are kids in jail for hacking and involvement with entheogenic substances, while people responsible for crashing the economy of an entire nation get 150 million bonus payouts and are living in mansions. So I don't think it's good to have illusions about notions of good will and grace when you're a mere faceless number to enforcement agencies.

    So VPNs can talk a big game and say they don't keep logs but I think it's 90% talk. VPNs that reside in other territories might sound good but in some circumstances they might actually be worse because enforcement agencies might be bound by the law of its own country regarding VPNs based in it, whereas VPNs in other territories might fall under different laws or be associated with international issues that might give a government access to them for other reasons. In short, none can be trusted ultimately, although their services might and can help to a degree. This is kind of how I think about VPNs right now.

    I guess in the end the only thing I could say with any amount of confidence is that the more complex you make a connection, the harder it is (the more resources would be required) to lead data back to you. Would that be fair to say?
     
  23. Trouba

    Trouba Administrator Staff Member

    This is a pretty good and short summary of TOR:

    When you stay within the TOR network, such as hidden sites, etc., even though they don't appear as HTTPS or encrypted, they actually are and there is in the case of visiting those sites no exit node that comes into play. Now if you were to connect through TOR to outside the TOR network to, say, Gmail, that would be HTTPS and so even though it involves an exit node the data would not become unencrypted. But the main point being that on the darknet, or hidden sites, such as on the TOR network itself, data is and remains encrypted. So TOR on your computer would encrypt any data, and the hidden service/darknet sites would be decrypting that data. So yes, all data would flow out through your provider and back again through it to you, but this data would be encrypted always, and even more so when VPNs are involved.
     
  24. Trouba

    Trouba Administrator Staff Member

    I read this some time ago and thought it clarified some points about entry and exit points, regarding encryption and anonymizing connections in relation to TOR:

    "Your connection into the Tor network itself is encrypted, as are connections between Tor nodes. In fact, each hop is encrypted with a new key to avoid back-tracing.

    "What might be unencrypted is the connection from your Exit Node onto the web, if you're connecting over an unencrypted protocol. This means that if you're viewing a standard HTTP webpage then the final Tor node in your circuit and their ISP can see the unencrypted data, but they won't be able to trace it back to its origin (unless that data contains anything personally identifying you)."

    XhXQa.png

    So the data leaving your system is encrypted by TOR as well; your VPN would further encrypt it and even obfuscate the fact that it would be a TOR connection.
     
  25. Glenn

    Glenn Administrator Staff Member

    I personally feel that the more you hide your data and the more services you subscribe to, the more interest "they" will have on you. the problem is if your then on watch there is nothing stopping them recording your PC screen (unless your in a panic room in your basement inside a Faraday cage), so if you stop the remote monitoring then you will also need to stop any local physical monitoring as all Electronics can be exploited via MANY methods.

    The issue with having multiple layers of encryption is sometimes this can leave a pattern/method that would have otherwise been impossible, so make sure you check what the VM layers add to the packets separately as I can guarantee it would have something it adds so it knows which VM to send an external received packet back in to, even a virtual MAC address could be figured out if it is generated using system ID's and HDD identifiers etc - unless you change that manually yourself. That is just one of the catch 22's I am trying to show can happen when using multiple layers.

    The extra tip with the TOR node control is not one NODE has all clients stored on it, so the more NODE Servers running the less chance if one is captured that the data can be linked to the person they are hoping to "process", for example if there was only 4 Node Servers then they would have a 25% chance of seeing your data. It may take them a year to decrypt the data, but they could do it.

    I have seen enough proceedings to know that if they can't recover your data that you will still be thrown in jail and never have a life where your not watched and limited access etc. so at the end of the day there is very little incentive to try and circumvent what they see as this in their opinion is a sign you are doing something wrong and can sway a jury that your a devious person by nature.

    ALWAYS use a public network and a stolen burn device to do anything you need done. that is the only way, but remember they will try and recover the device and there are cameras almost everywhere so make sure you follow your own routine to gain access or they will spot your car out of place at a weird time on red light cameras or CCTV etc. The more you do the more failure points you introduce. Sleeper USB keys are also a very good way to introduce a time delay to your pre-programmed actions.

    But this is all in fun, I don't imagine any of us will ever need this sort of anonymity.
     

Share This Page