People put too much faith in vpns and here is why.

First off I want to state I am a systems admin with over 12 years experience in web servers, virtualization, networking and pretty much all aspects of servers. I see people say vpn this and vpn that and its silly, here is why.

I have owned and operated service businesses such as VPNs, shells, hosting, etc; and if you are issued a subpoena you MUST provide logs or you will be prosecuted and held responsible for whatever is done. About a year ago I setup a new protocol for a large proxy/vpn company that states all over their sites they do not keep logs and it is truth to a point.

It means they do not keep packet and all request logging, mainly because no one really does unless a company or something running a tight ship and it uses a lot of resources to log such data. HOWEVER, connections logs are kept and retained by every provider, especially in the US. How this goes is as follows, You connect to lets say a pptp as user, the logs will reflect your login, where from. Most setups use wtmp/utmp (ever did last or who inside a linux box?) so it will have user - your real ip and then in pptp logs the IP you was leased. You have officially changed your ip to the VPN ip and it is fully traceable to your home ip or billing info. In setups like this they dont need to keep logs of all external connections.

There is no fool proof way to stay anon but a good start would be using a socks chain OR a very slow vpn/proxy from a country that is not known for participating with US authorities such as china. Using an American, Aussie, or UK company with foreign servers does you no good either. They must provide records for those as well. A socks chain onto an RDP that uses TOR would be about the best way possible to go.


Comments


[3 Points] 2005C:

Be a pal and post this in /r/privacy


[2 Points] None:

[removed]


[2 Points] davethebarbarian1:

I'm new to VPNs and was just about to buy Mullvad today. Aren't they one of the best as far as anonymity goes? Accepts bitcoin and doesn't require any personal info so even if LE asks for logs they have nothing to give


[1 Points] colesaw:

Can you please post any guide available on the internet as to how one can go about setting up a sock5 chain over RDP?

Im curious, I searched the web but coudnt find any concise guide.


[1 Points] None:

yeah when i was looking into VPNs and asking the providers couldn't the local government simply subpoena the server hosting company to provide the logs connected via the VPN. I.e PIA > XXXXAUS Server Hostings > your connection.

Obviously your post has more server jargon I am not familiar with at all, but their replies were only they had access to the server and as such no government could access their logs (Despite not technically 'owning' them,)

Is this a possibility?


[1 Points] TripAddict:

Raspberry pi, make it into a router. Boom, TOR router. Done it before. Very nice. Little slow obviously but it works.


[1 Points] ThrowawayTehGay:

Putting ANY faith in a VPN is foolish. The closest that most of us will ever get to true anonymity is a simple TOR connection with a spoofed MAC address on a public wifi.

EDIT: A socks chain into an RDP that uses TOR is no safer than a VPN. For one thing, why the hell would you RDP into anything? Are you a Windows guy?? Why not just tunnel your web traffic over a dynamic ssh connection? "ssh -d" basically creates a dynamic socks5 proxy that can be used for anything.

This still ignores the larger point of who owns and controls the remote host in this theoretical non-extradition country, and how can you guarentee that they're not pwning you? You can't trust any endpoint that you don't personally control, and even if you personally control it then it takes a great deal of effort to ensure that it can't be traced back to you. You would basically have to use bitcoin to rent a dedicated server that you only ever connect to via TOR to avoid the provider getting access to your clearnet IP. And then what would even be the point unless it was part of an elaborate WHONIX setup or something.


[1 Points] juniperhigh:

Are you saying you dont trust them?

Because if you dont trust your VPN provider, its kind of silly to use their server. If you arent willing to use a company's VPN client, you shouldnt be using their VPN server (especially since it is by nature "closed source").

To be clear, every single provider listed there uses a "closed source" VPN server software, in that you have zero ability to determine what code they are running or where it sends its traffic.