A VPN service is something that encrypts all your traffic and routes it through an anonymous company, then out to the internet.
If someone were to spy on your internet traffic at the ISP level, all they would see is loads of data that they can't understand, going to and from this anonymous company.
You can have entire network VPNs which will route traffic for all your devices automatically without even doing anything different on the device itself. You can have device-specific VPN connections that might be an icon you click on your smart phone, or something in the system tray on your laptop; that will only protect the traffic to/from your one device.
The whole-network VPN connections are typically more expensive, and often require additional hardware on your network. The single device VPN connections are much more economical, but you have to micro-manage it and babysit it.
If you really want to hide, and do questionable shit, go through a VPN, then use "Tor Browser" which is like what they use in hacker movies where the FBI can't trace their call because it's going through France and Russia and shit. Then you find secret darknet markets and buy illegal things with "tumbled" Bitcoin. "A+++ #1 cocaine in the EU!!" They seriously have eBay of darknet, with seller ratings and everything. It's insane.
Once you do get a VPN service, there are usually several different ways to connect to it. Read through this technobabble to see which is the most secure (don't use PPTP).
I recommend iVPN
A bit more pricey but the Service is absolutely amazing, including the customer support. They also don't throttle your bandwith, you get all of your internet speed (and I can confirm that).
There's a guy who tested nearly all VPN services and ivpn had the best test results: VPN comparison
What a terrible article. I don't know whether to think that the author has some kind of agenda here or is just plain ignorant.
> What you can do is, you can configure your Firefox not to use this feature. However, it is configured to use the Cloudflare resolver as default.
Purposely misleading.
TRR is configured to use Cloudflare by default yes, but is also OFF by default. Following the instructions given to turn it off just changes the trr pref from 0 (Off by default) to 5 (Off by choice). Well done.
> My local ISP seems more trustworthy to me than a big US-based corporate which acts under the guise of a selfless privacy rights defender.
Must be nice in Switzerland with such trustworthy ISPs. I mean, they'd need to be given that Switzerland has some of the most draconian data retention laws in all of Europe.
As opposed to Cloudflare who at least claim that they will never log your IP address and have had their systems audited to ensure that.
>Let's stop here for the moment and repeat: With Mozilla's change, any (US) government agency can basically trace you down.
>If there is anything wrong with your government (for instance corruption, collusion or fraud) and you have information to publish about it, the government will be able to trace you down. This puts any whistleblower at risk.
This is where I can't decide between agenda and idiot because this claim is so laughable. Even if you don't trust Cloudflare your government has far easier access to your local ISP's logs than they do to Cloudflare's, and you know for certain that those ISP logs are there. Any whistleblower not using TOR is at risk anyway, but using TRR to Cloudflare certainly doesn't make it any worse.
vpn always keep logs and can't be trusted. A VPN will do more harm than good to your privacy. Before we dig deeper into this, we need to establish a baseline: When anonymity is involved, no VPN can be trusted.
First, it’s a black box and your security is based on trust. We all know how that works out. Two great articles to give you full context: When law enforcement knocks on a VPN’s door which cite a LulzSec member case, and VPNs are lying about logs.
Second, there are also cases where the service is trustworthy but simply not on par with the technical requirement thus, leaking your information.
Suggestion for Paid services. For Privacy & Security.
FYI. I am Not posting any affiliated links. I do Not make any money.
1. https://mullvad.net/en/
2. https://protonvpn.com/
3. https://www.ivpn.net/
OPSEC is not just your hardware and software setup, it also the way you behave. If you have the most "strong" setup of vpns and proxies, what does it help if you log into your email or facebook or instagram or netflix or whatever.
Before you plan your OPSEC (Google is the way) you should identify your threat model. If I remember right, there were great guides on ivpn which go into great detail and sure will give you some things to think about. Check them out here:
Works for me.
I noticed your username, so try this:
> save https://www.ivpn.net/resources/pubkey.txt
> save https://www.ivpn.net/resources/canary.txt
Go to terminal:
> gpg --import pubkey.txt
> gpg --verify canary.txt
Outcome:
> gpg: Good signature from "IVPN Administrator <>" [unknown]
Get a VPN. I use iVPN and it works great. I've been in China 4 months and have been able to access all the banned sites. You can connect to a variety of servers hosted all over the world, so you really can access anything (ie watch YouTube videos that are unavailable in X country). Enjoy China! It's my favorite country!
Sybil attack is a threat to any system that works through multiple non-associated nodes, unlike Bitcoin, which relies on PoW to keep sybil attackers at bay, Tor uses centralized directory servers, whose operators reserve the power to delist suspicious relays, like during this attack in which the researchers basically created hundreds of relays to de-anonymize hidden service users. The degree to which such de-anonymzation will be successful, will ultimately has to depend on the percentage of network an attacker can control for an extended period of time without being discovered.(there are about 6000-7000 nodes in the network and to de-anonymize a user at least 2 relays in his path will have to be compromised so you do the math)
Meanwhile, it's important to not make a knee-jerk reaction and ask everyone to abandon Tor, all anonymization solutions's ultimate limit on its capability will be the size of its anonymity set-the number of people using it for purposes governments don't care about, you could have a perfectly anonymous system in which it's impossible to tell one from every other user, but only 100 such users exist, and all of them are obviously in it for something so LEs could just collect RL info on every one of them. Tor is the only anonymous network with millions using it for legitimate purposes, which would make it infeasible for LEs to go after every one, this makes it usually indispensable.
If you don't feel safe about using Tor alone, you could create your own nested-chain of VPN and Tor to distribute your trust, following the advanced tutorial here, for Windows users, you could try out Tortilla.
3 audits:
1. no-logs audit in 2019
2. public VPN service infrastructure audit in 2020
3. apps security audit in 2021
details in the corresponding blog posts: https://www.ivpn.net/blog/tags/audit/
full audit reports are linked in the posts so you can dig deeper.
please note that audits are just snapshots in time and they are constrained by their scope. while we believe they are important tools to increase trust and transparency you should not assume a no-logs audit done in 2019 proves completely that a provider does not keep logs. (well, we don't, anyways, but we can't and won't say "it's proven!").
re: systems privacy, if you refer to systems transparency, there is nothing to report yet. that project is conceived by another provider and in the prep phase (afaik), no systems were deployed yet. we are following the developments and intend to participate.
What do we have to do? It appears we've hugged that site:/
edit: it's back, but wrong URL for me, try this:
https://www.ivpn.net/blog/uk-citizens-care-online-privacy-24-hours-two-simple-things
Just ignore me. Contact your MP and e-mail the committee of MPs reviewing the legislation.
iVPN explains it best: https://www.ivpn.net/knowledgebase/165/Do-you-offer-a-kill-switch-or-VPN-firewall.html
Windscribe firewall is inspired by and implemented in a similar manner as iVPN states. This was actually my go-to VPN before Windscribe.
One way I have considered this would be possibly is making libelous posts about yourself via a VPN and then trying to civilly sue the 'John Doe' that made those posts.
If you can get a court order ordering your provider to turn over info and the don't have anything that is likely the best proof you can get.
Other than that, you really can't get any proof. Some VPN providers have had third party audits done ( https://cure53.de/audit-report_ivpn.pdf ) but even those audits are offered with the caveat that the setup may be altered specifically for the audit and not match the normal configuration.
I have seen only one provider offer this which supposedly is updated whenever a request is received. But again, there is no way to truly verify its accuracy: https://www.ivpn.net/transparency-report
This seems like the best one atm to me... it's a bit more expensive than I was hoping I'd be able to find though. You can check out the sub /r/vpnreviews and read some of the reviews there too
Almost the same here but before running Tor, I chain couple of different VPN's then browse on Tor. I benefited mostly by mirimir's privacy guide.
Compartmentalization is the key. I browse on different VPN ends, like for torrenting, browsing tube and for browsing Reddit it's only through Tor because of the missing warrant canary...
> Also is it just the standard browsing history? Cause if so then I feel bad for folks who've not caught onto Incognito mode yet.
Incognito mode will do absolutely fuck all to hide your browsing from your ISP and ergo the government.
Incognito basically stops recording your history from the browser on your device. Your ISP can still see and log (now legally have to) everything you are accessing.
Here's why if you want to stop it, the very least you'll need is a vpn:
In regards to getting a VPN, make sure you get one that advertise that they keep no logs that can identify users. I currently use iVPN, and one of their FAQs explicitly says this.
Here is a really nice spreadsheet comparing VPNs on privacy, speed, country exit locations, and other features made by the dedicated /u/ThatOnePrivacyGuy
Yes, that's the problem with bitcoin, which you have to accept. But if you care about privacy of your users, I would recommend putting an info or link next to bitcoin payment option, that bitcoin is not anonymous. For example, tails does this https://tails.boum.org/contribute/how/donate/index.en.html. Some that accept bitcoin, even provide full guids how to increase anonymity with bitcoin: https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-7
This alows users to make informed decisions about paying with bitcoin (or any anon coin if you want to accept them as well), and shows that you trully care about their privacy and anonimity. There are many resources on the anonymity and privacy of bitcon, e.g., www.bitcoinisnotanonymous.com that you could use.
The tax is nothing. It's putting internet regulation in the hands of the FCC that worries me. https://www.ivpn.net/blog/wp-content/img/A-Quick-Guide-to-FCC-Corruption1.jpg
The FCC is the shining poster boy for the failings of the American government. I don't want the internet to go down the path AT&T and the FCC took our telecom industry 60 years ago.
For privacy I like IVPN, it's off-shore near malta, focuses on privacy of customers, has double-hop vpns which I've not seen anywhere else, heavy encryption, accepts bitcoin, and has a lot of exits including US. For my money noone beats them.
check it out:
here's a nice article that talks about this: https://www.ivpn.net/blog/privacy-issue-real-vpns-alone-cant-solve-it/
Basically VPN is just one slice (albeit essential, depending on your threat model) of a larger pie that is used to regain privacy.
Use it from a browser, preferably tor; if not, Firefox. If you use Tor, you may be banned anytime though, so don't get too attached to the account.
If you're looking for something permanent, you are looking for what's known as "alternate persona" of your own self. Basically, you probably use a different phone or laptop for a new online identity that you create and maintain it separate from other online identities: Always use a VPN to mask your true IP. Be pretty clear about not linking any of the installed apps or websites or emails. Have a completely different browsing profile etc etc.
It is hard but do-able. See: https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-1
I'm on mobile right now this may not be exactly what you wanted, but hope it helps.
That suggests your router is not sending any traffic to the tunnel, which be up and running. You have to set this up manually in DD-WRT. We're gonna do a tutorial soon, but you can use this one in the mean time, just Step 6: https://www.ivpn.net/setup/router-dd-wrt-wireguard.html
You're gonna need to get your hands dirty in a script/systemd I think.
Here's some reading.
https://www.ivpn.net/knowledgebase/226/Linux---Autostart-OpenVPN-in-systemd-Ubuntu.html
I also use IVPN. Good service, plenty of servers in various locations, with multi-hop support as well. Only downside is that once a year you'll probably get a call from your CC about a payment going to Malta.
I've used 'Anonymous' VPN for a year, but I wasn't too satisfied with it. Slow connection, often wouldn't connect at all and had technical difficulties. I highly recommend iVPN. I've been using it for the last 3 months or so and am highly satisfied with it. Very fast connection, very secure, no logs, etc. They have a fantastic firewall feature where it won't connect your device to the internet until it connects to the VPN first, that way there are no leaks from your device being exposed to the internet without the VPN. You can compare a list of VPNs here in detail. . Navigate around that site and you'll find a "simple" comparison as well.
IVPN has written about this on their blog and will openly discuss it with anyone who asks. I have been using them for 3+ years and it did bother me when they made the switch but I felt confident in the service they were providing. I actually included them as my top choice in my Crypto | Paper over at https://cryptoseb.pw/paper for many reasons. They could be logging, yes. But based on their company model, it is very unlikely. The administration team has a solid head on their shoulders and doesn't fuck around. Well at least in the 5-6 times I have contacted about security/privacy/anonymity related topics and questions.
Seb //
Edit: see here --> https://www.ivpn.net/blog/should-gibraltar-be-classified-as-a-member-of-the-five-eyes-alliance
Restano i problemi dei metadata (che peraltro è anche un problema di openPGP). Per molti Tor è compromesso, quindi se devi essere strasicuro di essere anonimo usalo con giudizio. Se mastichi l'inglese questa è una guida eccellente e scritta da uno "con le palle": https://www.ivpn.net/privacy-guides
This is exactly how it works and those who downvoted my answer don't understand how a typical kill switch works. If the VPN app crashes, a traditional Kill Switch won't stop traffic. If you want to stop all traffic even before the OS fully loads, even before the VPN app starts or after it crashes, you need more than what is typically offered by most providers.
https://www.ivpn.net/data-retention-laws/united-states
https://www.purevpn.com/blog/data-retention-laws-by-countries/
It should be noted that if you do keep logs, you may be required to hand them over if asked, but there is no law requiring you to keep the logs.
Cryptostorm.is allows VPN routers, also iVPN does. Also I feel for you, I thought we were moving in the right direction here in the UK. Yes a VPN router will protect everything, this will hide Tor and other VPN usage as well. I don't think it is that difficult to set up either. You should be able to find Cryptostorm.is router set up at cryptostorm.is/howto. Cryptostorm uses tokens so they don't store any user data, this also means reselling token is a thing, so you get another layer in between you and your adversary. Someone at a reseller actually sells pre set up routers http://vpndark.net/. Here is the iVPN documentation https://www.ivpn.net/vpn-routers
You'd need to have an appropriately configured router.
You can buy one from IVPN.Net (affiliate link).
Edit- Here's a non-affiliate link to their routers page: https://www.ivpn.net/setup/router.html
If that's the same PDF I already read a week ago - it was just for IPv6 - which isn't being used much at all, so it shouldn't matter.
But while we are at the topic VPNs, I'd like to, yet again, drop a good source of information about them:
https://www.ivpn.net/privacy-guides
Disable JS and all, it's been using HTML5 Canvas-crap the last time I visited the site.
Also make sure to scroll down for the 'advanced' guides.
Dear watched1, good question and yes, creating a chain of nested VPNs / Porxies which are finaly routed through TOR is the exact thing you want to do while browsing onions and not have to be concerned much about your privacy. WHONIX is by far the most easy solution to do this in a safe way. If you are in severe paranoia, you could even consider a layer of I2P inbetween to produce "fake traffic" ment to securely obscure your traffic for quantitative analysis. I know it is a wall of text, but it is not that hard to configure and since it is about privacy, please don't miss a good read:
u/-AlexBard/ The ivpn.net knowledge base has further details:
https://www.ivpn.net/knowledgebase/general/what-is-port-forwarding/
https://www.ivpn.net/knowledgebase/general/what-is-a-multihop-vpn-service/
u/Vepox/ offers a good example of Multi-hop, though you might consider using a search engine like duckduckgo.com for increased privacy.
Check the Network Protection settings for the networks your device uses. Networks set to trusted
will cause an automatic disconnection. Set other networks to untrusted
to automatically connect the VPN.
Using WireGuard might help as well. WireGuard handles network disruptions virtually seamlessly.
If the issue persists, enable diagnostic logs for the connection, wait for the issue to occur, submit logs, then let the IVPN support department know you have submitted logs and the approximate time the issue occurred (local time, to correlate with the logs): https://www.ivpn.net/knowledgebase/troubleshooting/how-to-submit-vpn-diagnostic-logs-to-ivpn/
The internal IP address is the assigned WireGuard tunnel IP address that is tied to your WireGuard public key.
When the app generates a new key pair, you are assigned a new WireGuard internal IP address.
The key regeneration mechanism has been implemented to address privacy concerns described here:
https://www.ivpn.net/knowledgebase/general/using-wireguard-for-privacy-protection/
AdBlock and any other apps that make use of the VPN service cannot be used in parallel with another VPN-based application due to the limitation of the OS itself (assuming you are referring to Android or iOS).
There can be only one VPN connection running at the same time. The existing interface is deactivated when a new one is created.
You can use the AdBlock's DNS server while being connected to an IVPN server using the app's 'Custom DNS' feature though:
Bruker IVPN og når jeg testet Netflix nå så funka det. Du kan prøve dem i 1 uke for 20kr, og jeg foretrekker dem over alt annet siden de er den ærligste VPNen jeg har opplevd. Sier nøyaktig hva VPN kan hjelpe med og ikke hjelpe med og driver ikke med sponsorskap og reklamer. Rein word-of-mouth
"Api Request failed: Unable to access IVPN API Server" error indicates that the network you are connected to is blocking the calls to our authentication endpoints which prevents you from logging into the IVPN app as a result.
Our authentication and other API endpoints are not accessed only by a domain name, but also a bunch of IP addresses, and our app should automatically cycle through all of them before giving up. If you are unable to log in after trying multiple times, that would indicate that those IP addresses are blocked as well.
One way to workaround such restriction is to log into the IVPN app from a different network. This includes using your mobile device's cellular connection via hotspot sharing.
Another way is to log into the app after connecting to an IVPN server using a manual connection method with a different app, e.g.:
WireGuard - https://www.ivpn.net/setup/windows-10-wireguard/
OpenVPN GUI - https://www.ivpn.net/setup/windows-10-openvpn-community/
IPSec with IKEv2 - https://www.ivpn.net/setup/windows-10-ipsec-with-ikev2/
Once connected, launch the IVPN app and try to log in again. Should you succeed, you can now disconnect from the VPN on another app and try connecting using our IVPN app.
I hope this helps but in case the issue persists, you might have to try logging in from a different, less-restrictive network.
The main purpose of moving to a port-based solution was to improve the stability and performance of Multi-hop connections.
>So I guess the new OpenVPN multi-hop implementation only allows users to choose a fixed port?
With the new implementation, the port number is fixed to the one associated with the chosen Exit-hop server. You are still free to use either UDP or TCP protocol.
For more details on how to enable Multi-hop for your manual connection, refer to the instructions in our KB article - https://www.ivpn.net/knowledgebase/general/how-can-i-connect-to-the-multihop-network/
Trying a different server location as u/Olumerri suggests is one way to bypass network conditions and restrictions that might be the cause of the issue.
Changing the port the VPN connection uses is another option. This article has the ports for both OpenVPN and WireGuard listed near the top: https://www.ivpn.net/knowledgebase/troubleshooting/how-do-i-change-the-port-or-protocol-used-to-connect/
You might have to try some or all of the port options to find the one that works best.
you can any router that support DD-WRT firmware
DD-WRT Router Setup Guide and you can check if your router is supported here Router Database
Appreciate the help, confused though as it states: (regardless of which server you connect to). https://www.ivpn.net/knowledgebase/general/how-can-i-connect-to-the-multihop-network/
But that might explain why wireguard traffic didn’t change either.. the Kba is slightly misleading if it requires it it exit out of a different country
Definitely, would strongly recommend staying away from any commercialized VPN like nord, express, private internet access, etc.
You may want to look at something a little more private and not all about the marketing. Most techs would stay far, FAR, FARRRRR away from all of that crap. That's gotta tell ya something.
Suggest wireguard, using either an mullvad or ivpn, where you may pay with cryptocurrency. Otherwise, what is the point of having a VPN if its linked to your credit card? Ya know....
Also, this could benefit you by reading:
(Windscribe is newer, however its not open source), where as mullvad and ivpn are.
How our AntiTracker feature works - https://www.ivpn.net/knowledgebase/general/antitracker-faq/
Firewall (Kill switch) - https://www.ivpn.net/knowledgebase/general/do-you-offer-a-kill-switch-or-vpn-firewall/
For each VPN server, there is a random chance of a couple of different exit IP addresses. Additionally, some locations have multiple servers, like Frankfurt, New Jersey, and Singapore, each with different IP address pools.
There is no way to guarantee the same IP address, though if you connect to a location with one server, like Madrid, Miami, or Oslo, the chance of getting the same exit IP address increases. The server status page lists all servers: https://www.ivpn.net/status
I am not sure if it is too late but I want to add my 5cent :)
As you can see, the servers are all self-hosted. Even though it is pricey, they are extremely open about their transperancy and commit to privacy.
Cannot help with the torrenting troubleshooting part specifically, but apart from the trying different servers the most helpful advice is usually try and switch protocols.
Further tips here: https://www.ivpn.net/knowledgebase/troubleshooting/my-vpn-is-slow-what-can-i-do-to-make-it-faster/ (esp. advanced options)
Any VPN service that requires you to create an account should be considered bad. I recommend IVPN, cheap, no account required, very user friendly and they have tons of guides :)
The key rotation issue is less about the key itself and more about the internal IP address assigned to that key.
This article offers details about the key/IP rotation in the sections for Problem 3: Without real dynamic IP address allocation, users can be tracked under some circumstances and Problem 4: WireGuard doesn’t offer “identity-hiding forward secrecy”:
https://www.ivpn.net/knowledgebase/general/using-wireguard-for-privacy-protection/
You might prefer to rotate the key/IP address manually periodically depending on your preference and requirement.
"Yes, however..." - https://www.ivpn.net/knowledgebase/general/do-you-allow-p2p-or-bittorrent-or-torrents-downloading/
Linux ISOs are okay, though the Terms of Service indicate:
"5. You will not use our service for receiving and distributing pirated copyright materials. This includes, but is not limited to the following activities: trading, selling, bartering, sharing, transmitting or receiving, of such materials." - https://www.ivpn.net/tos/
The RPM binaries on the Linux App page (https://www.ivpn.net/apps-linux/#binaries) work as expected on openSUSE Tumbleweed.
The RPM binaries likely work on the current Leap distribution, though this has not been explicitly tested.
Most sites which block, I assumed you’d know, don’t do it in order to track. As iVPN itself emailed me:
To guarantee your privacy, we use a technique called crowding and many users connected to the same VPN server can be sharing the same IP address:
https://www.ivpn.net/knowledgebase/79/Do-you-offer-dedicated-or-static-IP-addresses.html
Our VPN servers have many customers doing many things and some of these things may seem suspicious to some websites or online services. They may also detect the access of too many accounts coming through the same IP address and lockout access for a time believing it could be an attempt to evade their security. The lockout normally lasts for 12 hours or it may be permanent.
So although I appreciate your interest in privacy, this discussion is rather tangential to my query. Thanks anyway
The only thing in our app that could break any google services would be the enabled AntiTracker feature with Hardcore mode.
>What is “Hardcore Mode”?
>
>Hardcore Mode extends the AntiTracker feature further by completely blocking all IP addresses and services owned by the flagship bearers of the surveillance economy, such as Google and Facebook.
>
>Do not be surprised to discover that everything linked to those corporations, starting from Youtube, Facebook, Instagram, Gmail and down to the widely used Google Search and services using their IP addresses will not work once you switch to Hardcore Mode.
https://www.ivpn.net/knowledgebase/general/antitracker-faq/
>sent 2 emails to support..
Our support team replies to every inquiry in a very timely manner. If you have not received any response, a chance exists that your message has not even been delivered.
You could try sending a message ([email protected]) from a different email address or use the Live Chat button on our website to get in touch with our staff to have this investigated further, in case the problem with ReCaptcha persists even with the AntiTracker Hardcore mode disabled.
I can recommend https://www.ivpn.net/. However, the provider is quite expensive.
But apart from that, if I were you, I would first find out why you can't connect. In my opinion, this is most likely due to your configuration and not the provider. So switching to another provider will not solve the problem.
This would be an improvement over Standard Notes that integrates Coinpayments. I would actively promote Etesync within the Monero community if the option becomes available
https://standardnotes.org/help/52/what-services-does-standard-notes-use-for-daily-operation
It may become a competitive advantage for the privacy focused FOSS projects to run a Monero node rather than using 3rd parties
https://www.ivpn.net/blog/ivpn-now-accepts-monero-payments-runs-full-node/
And if any of you were looking for evidence of why you should look harder before taking all the time to write out you problem, let the above post be an example for you....
You can't "clean up" the past digital trails: They won't go away magically. What you can do is stop them from leading to you.
One of most effective ways I know is to create "personas". A concept hyper-popular amongst the hacker-activist Chinese developers churning out Great Firewall busting code on GitHub, with Shadowsocks once being a shining example (though, the lead developer later was busted by the Chinese authorities). I digress.
Personas: The basic idea is that you create new identities for your activities online, like different identities when participating in different subreddits, discords, and slacks, say. This requires a lot of careful deliberation if a state-actor (like the NSA) is in your threat model, just hiding IPs and cloaking-emails aren't enough.
So, ideally, each of your personas wouldn't overlap at all and be kept separate sometimes even to the extreme of using different computing devices for each persona let alone different VPN profiles.
A comprehensive 8-part guide on this was written by mirimir and published by ivpn, first of which is here: https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-1
Remember, you don't have to go to the extremes depending on what your threat model is: For example, for most folk a VPN, a cloud desktop, and a email-cloaker is all they'd need.
Not very likely. See here: https://www.ivpn.net/knowledgebase/general/do-you-offer-dedicated-or-static-ip-addresses/
Delete comment if not allowed but a quick google search gave me this:
https://www.ivpn.net/knowledgebase/66/My-VPN-is-slow-what-can-I-do-to-make-it-faster.html
It explains that a VPN will never be faster. Your speed is dependent on your connection in house. A VPN, like others have said, would in fact, be slower.
Yeah. I am. It appears there is an API at the browser level that uses a number of tools to figure out your location:
I thought it was just using a query to windows.
This is more about some applications that I have installed that are geofenced and only supposed to work in certain countries. For my own convenience I want them to work globally. I am trying to figure out if these applications can sort my location much like a browser could and was startled to find a browser even had the ability to find your location without using the GPS chip on the laptop. It appears the browser has its own clever tools!
Hi.
The AntiTracker feature is not available in the Play Store version of our app.
You will have to download and install our app from the apk file downloaded on our website - https://www.ivpn.net/apps-android
Make sure to delete Play Store version prior to installing from the apk.
>IVPN's writeup about Using WireGuard® for Privacy Protection
This was incredibly helpful to read, thanks for linking it.
/u/sissted
Thank you for the suggestion. The Linux Client FAQ has been updated.
https://www.ivpn.net/knowledgebase/265/Linux-Client-FAQ.html
I've seen recommendations here for systemd and network manager. None of those worked for me (I think due to bug on network manager + me doing something stupid w/systemd), but I will share what did work.
- Setup OpenVPN systemd service https://www.ivpn.net/knowledgebase/226/Linux---Autostart-OpenVPN-in-systemd-Ubuntu.html
- Set up some ufw rules for the "kill switch"
ufw --force reset
ufw default deny incoming
ufw default deny outgoing
ufw allow out on tun0
ufw allow out on wlp82s0 to [VPN_IP_FROM_CONFIG] proto udp
# ufw allow out on wlp82s0 proto udp
ufw enable
ufw status verbose
- The openvpn service (as opposed to the command alone, which works fine) will initially use DNS at some point I believe instead of the IP. It will also leak DNS while being used, which I didn't notice from using openvpn alone. I don't know too much about why that is yet, as I havne't read up much on openvpn service. So, I simply used dns-crypt and configure it for the connection I am using in network mgr. Just wait until after the first visit. You maintain your own cache in dns-crypt so it works fine with the kill switch rules as well.
Advantages
- No config after this, just use it and never worry about vpn, leaks, again
Disadvantages
- Doesn't have the configuration of cli, switching vpn locations, etc. That may be a chore, if needed
Neutral
- Uses dns-crypt. I guess that may be positive or negative, depending on what you want. I don't personally see anything wrong with it, but I am not an expert in such things.
A119 v3 - GPS feature - works fine, but can give wrong information. Court would treat it as 1 more piece of information.
A129 Duo - same deal
A129 PRO Duo - same deal
You might try your cellphone's GPS feature - as it is possible to track your location - accessing this information and it being admissible in court might be more difficult. - Some guy in Germany accessed it and made a ted talk about it. Malte Spitz asked his cell phone carrier what it knew about him — and mapped what he found out. - So to get access to this information all you would have to do is cite this german law, the time/date range of the incident, and the cellphone carrier has to respond - even if you are not in Germany.
Remember one thing: Don't assume you're anonymous because you are behind a VPN. Total anonymity is very difficult to achieve if not impossible. I suggest you to read on this if it's important to you. But a VPN is a great tool. Im always behind a VPN, on my phone, laptop, etc.
https://www.ivpn.net/privacy-guides/an-introduction-to-privacy-anonymity/
Yeah they want point to point vpn setup, but the way pfSense does it by default is slow, I linked to you because you can use pfsense still on both sides but with wireguard from your home setup to the cloudbased. I also do not recommend IPsec due to its possible NSA IKE decryption leak (it's also not really faster then openvpn). https://www.ivpn.net/pptp-vs-ipsec-ikev2-vs-openvpn-vs-wireguard .
Once you setup pfsense in the cloud, and at home, then follow the wireguard setup with your remote pfsense as the server and home as the client you're good to go. From that point you can follow a standard pfsense setup guide for pfblocker_ng ..for example.
​
--- also are you doing link referral tracking or did you just happen to stumble upon this?
Well, /u/Cold-Code has given you the best answer, I think.
Something to consider though:
Try to determine whether your definition of "anonymous" means "more private". Attempting to come close to true anonymity is insanely intense.
Like, who do you wish to be tracked less by? Your ISP? Google? Government intelligence? You will exhaust yourself if you prepare for an adversary you'll never have to defend against.
Only slightly on-topic, but I find it hilarious and ballsy that a VPN company wrote this blog post, but....it's spot on. Have a read.
>Nothing free about it. I pay for it.
I got confused, it's a free trial for the whole service, not for using Wireguard, but whose protocol alone is free and open-source.
Hi.
Website or service blocks occur on the remote end due to certain IP addresses being blacklisted or in some cases only certain IP blocks being whitelisted.
There are 4 LA OpenVPN servers (https://www.ivpn.net/status) and every server has a different IP address. That being said, connecting to the same server may yield a different IP address which is not blocked yet. To try and bypass the IP block, you can also try connecting to a WireGuard LA server or a server in a different country location. Using a Multihop feature will assign you a different IP address as well - definitely worth a try.
If you can tell us the IP address of the LA server that is blocked - we can rotate an IP address on that node, though there is no guarantee the new IP won't end up blocked either.
I don't believe that will change the OpenVPN download speeds though.
If security is not so crucial, why don't you try L2TP/IPSec tunnel or maybe IPSec with IKEv2. For the latter you can adjust this guide to your VPN's parameters.
That’s great news about dark mode.
No real preference, just convenience and the protocol allowing VPN clients split tunneling capability with DNS filter apps. Which leads me to a question I have, for my own curiosity how was IPSec security improved on iOS, other than updating to IKEv2 what replaced MS-CHAP v2 authentication? Also is it still configurable natively within the iOS configuration settings?
https://www.ivpn.net/setup/iphone-ipsec-ikev2.html
By the way, a small request feature for your clients, where configuring Fastest server options it’d be convenient to have a deselect all setting to quickly enable just one or a few servers which would be the likely scenario for most people to do.
I’ll assume you’re on Windows. I don’t have plenty of experience setting up Wire Guard on Windows but there you can download the program from Wire Guard web page.
This is a simple guide to set it up: guide
Also, just google something like win 10 wire guard vpn server set up. There are plenty of guides out there or you can just use unraid and it will facilitate everything: unraid guide
IVPN took an interesting step when they implemented Wireguard by fixing the privacy issues themselves, something I imagine other providers could do as well. From IVPN’s website:
As a VPN provider with a chief focus on privacy protection, we have considered and evaluated the possible risks of using the protocol during our tests. Security experts in our team have identified and solved multiple issues – including users’ public IP being stored in memory indefinitely, the lack of real dynamic IP allocation and no ‘identity-hiding forward secrecy’ offered – and have taken significant steps towards eventually recommending WireGuard as a default VPN protocol to use. If you are curious about these technical solutions please review our article Using WireGuard for Privacy Protection.
The article is a good read.
https://www.ivpn.net/knowledgebase/253/Using-WireGuard-for-Privacy-Protection.html
1) I don't need proof. While the exact percentage is unknown, TLA and various law enforcement agencies across the world have regularly operated and monitored Tor exit nodes to bust all sorts of people. If you don't believe me look it up yourself. I would actually guess that more than three quarters of all exit nodes are run by law enforcement. It was the American government that wrote and released the code to open source, and they are also the largest funder of Tor since then... Why do you think that is? Use your head. If you actually look into where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on. Who would pay for this and be anonymous?
2)HTTPS everywhere only forces websites to use a https if they support it key words. There are still many sites that do not support it.
3) You know if a VPN does not keep logs because of independent audits. For example. Also, using Tor -> VPN hides your true IP address from your VPN provider, assuming you pay them in bitcoin and have an anonymous account even if they did keep logs there would be no way to attach them to you specifically.
4) Tor -> VPN is a good setup and even a superior setup depending on your threat model. I am more worried about compromised exit nodes and know that as long as I pay anonymously for my VPN it is hiding my traffic from exit nodes and any traffic information they collect is impossible to trace back to me. Tor is not a trustless system, I simply trust VPN exit nodes over Tor exit nodes. Preferring one way over the other for your threat model is no problem, but it is both baseless and ignorant to say that Tor exit nodes are inherently more trustworthy than VPN nodes, or even your very own VPN.
Nope. I ran through the Catalina betas as well, and IVPN didn’t have any issues with connecting.
I’m assuming you’ve tried reinstalling the latest version from their website? Version 2.10.3Version 2.10.3 was released on October 7th with improve compatibility with Catalina.
It's hard for me to imagine it being very useful. I suppose if the spammers are super dumb, they'd just spam the alias, but it's so trivial to strip it programmatically that it can only do so much. And since GMail has this feature, and I don't know who else, it's worthwhile. That said, not many people know about/use the feature, so maybe they don't bother.
But either way, if you want to seriously accomplish this, use a disposable email address generator. My VPN service has a beta feature to generate disposable email addresses for you, but I'm sure there are other services. Just make sure you trust the service.
>what are some general tips on this matter?
Websites use a few ways of detecting location. Especially those that are increasingly suspicious of fraudulent behavior. Try some methods on the below website to identify the leak vector:
You need to understand your threat model. If you just want to insulate yourself from ISP snooping then use a VPN and it doesn't matter that websites already know your real IP because you're not trying to hide from them. That is fine. Unless your stealing NSA secrets you don't need to be anonymous to everyone everywhere.
Thanks OP. Wirecutter Link
Is this an affiliate link from Wirecutter? I thought iVPN decided not to do those.
Might also crosspost to r/vpncoupons
>Must be nice in Switzerland with such trustworthy ISPs. I mean, they'd need to be given that Switzerland has some of the most draconian data retention laws in all of Europe.
I think you misunderstood the article you linked. With that statement, the author meant that the providers have to store all kinds of personal data for 12 months, and pass them to the police if needed. Literally the second sentence:
> 2015 the two government chambers of Switzerland passed amendments to existing surveillance laws (known as BÜPF and NDG) that granted police vast new snooping powers, which now extend to all forms of communications (inclusive of post, email, phone, text messages and IP addresses) and metadata for a period of 12 months
There is also no net neutrality in Switzerland, both reasons to probably not trust Swiss ISPs, either.
Are you setting the office dns server as your dhcp dns server for the openvpn on your router?
I believe iVPN pfsense guide, step 17 may be similar.
Sounds like your not using the office's dns that is offered
Not a recommendation for this VPM - but miririr knows his stuff when it comes to VPN and this is a pretty good guide on what to look for when buying one: https://www.ivpn.net/privacy-guides/18-questions-to-ask-your-vpn-service-provider
https://www.ivpn.net/knowledgebase/150/My-real-location-is-detected-when-connected-to-VPN-How-to-disable-geolocation.html there is no such thing as 100% privacy on the internet. You are confusing privacy, with identity a bit. When connected to a VPN. your identity is anonymous. No websites know who you are(more on this later) until you log into an account eg, social media. You have just lost privacy right there. that social media account, knows it is you!!! Now if you go to another website that you do not need to log into. You are somewhat private! The VPN can give you a level of anonymity, but Privacy is 100% in your control. Be aware, that there are methods to track you on the internet, whether you sign in or not, change ip's clear all browser cache and cookies and more!! It is called browser fingerprinting. It uses your browser and computer system/hardware settings to form a tracking code!
I wrote a 'newbie' help document to show people how to test their browser fingerprint, as well as fix it!
https://docs.google.com/document/d/1ga-sq1j4sSh7tg46_E7j0MmN2blrpkUV7-F1oNveTuo/edit
Very true.
Such a shame some public IPSec VPN's use public preshared keys, which is a security risk.
More info: https://www.ivpn.net/knowledgebase/160/Is-using-L2TPorIPSec-with-a-public-pre-shared-key-secure.html
OpenVPN version 2.4 supports AES-NI which might help performance.
Maybe TUN/TAP drivers are just slow?
I could be wrong. Again, this is just some of the few things I remember in passing kind of thing. A bit of a nerd, so I do watch this stuff more then others, but still. Actually, let me look into it again....
And scratch all that. I guess I was remembering a law that did not pass. Awesome. So, while the NSA does record every god damn thing for the planet for about a year (Thanks for the info Snowden), ISP's do not have to at least.
At least in the USA. The EU does however, so if you are there...
As a complementary comment, the privacy expert mirimir said:
>OS Diversity is Crucial for Compartmentalization Safety
>WebGL fingerprinting is a serious risk when using VMs for compartmentalization. WebGL uses the GPU via the OS graphics driver. On a given host, all VMs that use a given graphics driver will have the same WebGL fingerprint, because they all use the same virtual GPU. So let’s say that you have a Debian VM that connects through a nested VPN chain, and a Lubuntu VM that connects directly, or through a different one. Default Firefox in both VMs will have the same WebGL fingerprint! That could link the two VMs, and break compartmentalization.
>One can readily disable WebGL in browsers. But accidents happen. Maybe you’ll install a new browser, and forget to disable WebGL. Any sites that you visit while WebGL is working can fingerprint the VM. And potentially that VM is linked by WebGL fingerprint to other VMs that use the same graphics driver.
>Given that, it’s best to compartmentalize across VMs with different graphics drivers. Browsers on all distros that use the Debian graphics driver (Debian, Ubuntu, Lubuntu, Mint, Xubuntu, etc) apparently have the same WebGL fingerprint. But VMs using different graphics drivers (such as Arch, Fedora, PCBSD, Windows and Yosemite Zone) have different WebGL fingerprints.
>The host and VMs use different GPUs (real vs virtual) so there is no overlap in WebGL fingerprints. However, it does appear that systems using a given graphics driver will have the same WebGL fingerprint on given hardware, with a given GPU. And so reinstalling the OS, or using a related OS with the same graphics driver, may not change the WebGL fingerprint.
(Source)
Try enabling port forwarding for your VPN provider, then set that port forward number as Transmission's "Port for incoming connections". Then make sure it's working, test with a site like http://www.canyouseeme.org/
I don't use that VPN provider but according to their support they do indeed support port forwarding
Yeah, everything looks good. Comcast passes my connection off to Zayo, then to Abovenet (which is part of Zayo), and then finally to Akamai.
You can try a different VPN. I'm not sure if it will solve the issue for you since it seems like some suggestions work for some while others work for others, but, in my opinion, it's worth a shot especially since I've heard from many VPN enthusiasts that PIA is not a very good VPN service.
Try using IVPN. Again, might not solve the issue for you, but I think it's worth a shot.
Check:
https://www.ivpn.net/knowledgebase/124/DD-WRT---How-do-I-exclude-hosts-or-bypass-VPN-tunnel.html
I appended this shell script to my startup script that brings up the vpn, and set the variable in nvram.
Ok, so something you have to realize is that Whonix(Client & Gateway) and Kali are both operating systems. Whonix is actually 2 operating systems that work together to compartmentalize your system insuring greater privacy. The only way this works is by using VM's as you obviously cant boot 3 OS's at the same time on the same drive.
The answer to your question is no. They have to be inside VM's to ensure maximum privacy. I also don't recommend using windows as the VM host because if the host is compromised then your VM's are too.
I would suggest using a setup similar to mine, which skips WHONIX and instead uses pfSense to compartmentalize your data.
This setup is a bit insane for the average user but it ensures your data is secure. A full setup guide here
Debian -> Openvpn(VPN1) -> pfsense(VPN2) -> Debian(Or Kali in your case) -> Openvpn(VPN3) -> TOR -> Socks5 -> Internet.
Note that i use 3 separate VPN's, located in 3 different non 5-eyes countries
;)
But do see this: https://www.ivpn.net/privacy-guides/onion-ssh-hosts-for-login-chaining
In screwing around, I've hit 28 hops (three nested VPNs plus three onion-ssh-vpn hosts). Latency was 2-3 seconds, but jitter wasn't that bad.
You should go and check out /r/VPN, they have some really nice comparisons against popular services, I personally have a subscription to IVPN for a few reasons:
Sorry for looking like I'm trying to sell it to you but those are just a few reasons, but again you should go and check out that subreddit for better comparisons.
Yes, there's no way to verify stuff like not logging.
What I mean is that it's just a dumb idea to trust VPN providers. If you're just streaming or torrenting, no problem. Even HMA would probably be good enough for that. But if you're hacking shit, it's dumb to count on trusting a VPN. Maybe chain three VPNs, and then use Whonix. Maybe then proxy through a few onion SSH hosts <https://www.ivpn.net/privacy-guides/onion-ssh-hosts-for-login-chaining>.
I'd go with IVPN, they are very security oriented. They even have multihop feature that allows you to connect through multiple VPNs servers. They are also organizational members of EFF.