Re: VPN
 

they cant have the best of both worlds though. If they proclaim to not keep any records of anything and specifically not have anything to hand over to law enforcement, then they shouldn't be able to turn around and do it.

Re: VPN
 

I think you're missing the point.

The idea is when law enforcement asks them to hand over the data they hand over nothing and say "This is all we have". Technically, they've handed over everything they have - which is nothing.

Re: VPN
 

Ahh, that would be me :)

Re: VPN
 

If that is the case then all is good but the impression i was getting from previous posts was that providers were actually keeping records and handing them over

Re: VPN
 

Well, some providers are. There was a good article a while back on exactly what different providers track and exactly what they're capable of handing over if forced to. Not all 'anonymous' providers are equal.

Re: VPN
 

when choosing my new vpn provider before xmas I read this article first and took note of the following:

1) We absolutely do not log any traffic nor session data of any kind, period.
2) We operate out of the US which is one of the few, if only, countries without a mandatory data retention law.
3) We do not monitor any traffic, period
4) since we do not log or monitor anything, we’re unable to identify any users of our service


This is what I was referring to in a previous post when I said I would get very mardy if after all that they turned around and handed stuff over to the police et al.

Re: VPN
 

If they're in the US their hard drives and routers probably already have NSA rootkits in the firmware.

Re: VPN
 

I am glad the NSA are so concerned about me watching The Walking Dead and Game of Thrones.

Re: VPN
 

Agreed, and Private internet access certainly looks the best of the bunch.

This is how i take it, i just wanted to get other opinions.


This might be old news to you guys but check out this link, it tells you about a security flaw FOR VPN users.
VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC. The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only. Luckily the security hole is relatively easy to fix.

https://torrentfreak.com/huge-securi...resses-150130/

Re: VPN
 

Its not a flaw, actually. It's by design.

WebRTC was designed to enable peer to peer transfers and voice communication over the web. Both of which would be impossible without access to the machines real IP. Therefore WebRTC has to make the machines real IP available.

Just because people make assumptions and don't follow what capabilities are provided for in design specs, doesn't make capabilities they didn't realise it had equal a flaw.

TorrentFreak reported it as a flaw, because it can affect the anonymity of VPN tunnels, which is true, it can affect the anonymity of VPN tunnels, but that doesn't make it a flaw. Its doing exactly what its meant to do.

I personally would class it as a vulnerability not a flaw. Its easily worked around too, the firefox addon 'NoScript' will block the WebRTC request.

Re: VPN
 

No, it's a flaw, caused by bad design.

It absolutely does not need the machine's real IP and has no business using it. It works just fine with a correctly configured VPN IP.

Throwing your hard drive in a furnace is "doing exactly what its meant to do" - i.e. erasing the data - but that does not mean it's a good way to do it.

Personally I would class it as a bug and/or faulty implementation.

Regardless, vulnerabilities are flaws.

---------- Post added at 18:42 ---------- Previous post was at 18:41 ----------

This is why I've always recommended anyone requiring absolute privacy, they should use a VPN hardened by a VM container. That makes it impossible for anything, including the OS itself to know any IP other than your VPN endpoint IP even exists.

To be fair anyone not using a "lazy" VPN and just using what we in IT used to consider as a 'normal' VPN would not be affected anyway. Sounds like it's really just a proxy vulnerability. Normal VPNs would prevent a browser being able to send any internet traffic outside the configured VPN tunnel without resorting to some exotic hacks.

Re: VPN
 

And Torrentfreak has updated their who's-who of VPN providers: http://torrentfreak.com/anonymous-vp...w-2015-150228/

Re: VPN
 

thanks for the update, PIA still sounds very good.

Re: VPN
 

Please define VM container, lazy VPN and Normal VPN please?
In simple speak if possible!

Dont like the bit where PIA say " we encourage users to create an anonymous e-mail when signing up" , why if they keep no logs?

Re: VPN
 

Because they'll need to keep your email on file for registration / account purposes. How else are you going to create an account with them?