This is a guest post by ro0ted, founder of the hacker crew of the same name. It is reposted with permission and slight editing for clarity from a Twitlonger of yesterday. We reprint this not in the expectation that you, gentle reader, will be able to perform the action recommended, but rather to alert you to the risks which are out there. We note with alarm the many spambots on Twitter screaming “safe VPN! no logs kept! totally #Anonymous” when it is clearly nothing of the kind.
A VPN or Virtual Private Network encrypts your data and obscures your IP address, so that when you browse the internet outside observers cannot determine what you are looking at/downloading, what you are inputting/uploading, or where you are located. For best protection, always use a VPN with TOR because either on their own is, you know, better than nothing, but when you go out you lock the deadbolt as well as the doorknob lock, don’t you? Use both. And make sure that you either build them yourself or you look into the companies that produce them. I remember well using a random passerby’s key to get into my Honda Civic, as that year they only produced five different door keys and several million Honda Civics.
There’s a Part II here.
Your VPN costs 7 bucks on average, maybe less. Which means the VPN provider isn’t about to lose his company over 7 bucks, which means your life as of the moment you bought it, is worth 7 bucks.
Now, on their website the policy will say whatever the customer would want it to say to make them decide buy it. That’s what they call “Fishing”: you are the fish, and you took the bait.
Now, [when you get arrested because they turned over their logs, etc] you can argue the policy says whatever it said to get you to buy it; it won’t matter, because the government isn’t after the provider (since they cooperated with the government). They want you. The provider is well aware of this situation, and believe or not they expected this to happen.
So they are going to say, “Fuck it, I lost 7 bucks? Who cares? All I care about is making money, which is why I sell VPNs.” And that’s why policies say “Policy may be subject to change at anytime”.
Now ask yourself is my online activity and the next 10-20 years behind bars worth 7 bucks?
I hate this subject but people ask me what I think about VPNS and it always come down to:
Make your own fucking VPN. Don’t trust ANYONE.
Categories: Anonymity, Anonymous, Crews, Crypto, Cyber, Hacktivism, News, OpSec, Privacy, ro0ted, Security, Technology, VPNs
Exactly! Well said my friend!
We agree, you should be your own VPN: https://www.kickstarter.com/projects/1221503813/protect-your-computer-from-wi-fi-hacks-with-vpex
Is there a similar link for iPad air2?
Nothing I know of.
You are only partially right. Most of the VPN providers probably share logs with police or other official institutions, but hosting companies do that as well. So, even if you setup your own VPN you can get monitored by the hosting service. Tor may be a good alternative, but you never know who is who in the network: http://www.theverge.com/2014/12/28/7458159/encryption-standards-the-nsa-cant-crack-pgp-tor-otr-snowden
True, but TOR’s not as compromised as people say. That’s exactly why you need both: so the VPN leads only to TOR and the TOR leads only to the VPN. Also, it’s likely anyone making their own homebrew VPN also has their own server(s) to run it on.
Totally agree that you need both VPN and Tor. Regarding the home based servers, are they really a solution? The IPs are rented to a person or company, so they can be tracked down to the real owner.
unless you have your own hosting or if you buy offshore physical servers in a country that isn’t allies with your country you will be find because they have no jurisdiction there. For example you live in the US, buy offshore physical servers or even get offshore hosting in Russia or China. The US has zero jurisdiction there. Which is why Snowden was safe when he was at the airport in Moscow. They aren’t going to sanction a country over 1 person.
Which is why you get offshore hosting with a country that isn’t allies with yours. Example: You live in the US, you get offshore hosting in Russia. US has zero jurisdiction there. They can’t do jack. Which is why Snowden was safe when he was at the moscow airport. The US will not sanction a country over 1 hacker.
TOR is not a good option anyone who uses TOR is playing russian roulette. They are tracing people through monitoring exit nodes. Anyone who thinks otherwise doesn’t know much about how The Onion Router works in a networking perspective. The point is if they want you, they will get you. The only way you can make it a bitch for them is chaining a bunch of VPS’s spoof all the IP’s addresses to government IP’s which can be found on https://usahitman.com/magipa/ Then get a private SOCK5 list. Then use a chain of vpns with automatic 1minute rotation. All change your dns to another one in a different country such as this website: http://wiki.opennicproject.org/Tier2 Put over 20 dns’s to rotate on each VPS’s so if they injected your VPN with a ruby script, it wouldn’t matter.
Now the VPN’s will rotate, the sock5 private list will behind each rotation, in case your daemon crashes. Then go to your router change the default dns to a random one with several alternate DNS addreses. The reason why you do this is because if you want to know someones real IP Address behind a VPN, just ddos their VPN and the daemon will crash and the original IP will show up. Luckily for you it will show an alternate dns instead of the default DNS, and/or SOCK5 proxy.
so not only is just setup rotating, your router is rotating DNS’s. So now they have no clue who you are and where you are and what you are doing. You can also setup a honeynet it will block at all the hackers with detailed information of who they are and it will exposed the Government as well
Reblogged this on Art by Ellison.