That cryptostorm blog post is bizarre in the extreme.
Long lists of "suspicious" things about Google's SSL setup which are, in fact, legitimate and exactly how Google normally configures things. They've never used EV SSL certs, for example. And Google owns bazillions of bizarre looking domain names. Often due to acquisitions.
I used to work at Google and was quite familiar with its network setup. The CryptoStorm guys seem convinced that anything they spot that doesn't match their pre-conceived notion of what SSL should look like is suspicious, and adding up a bunch of "suspicious" things == SSL compromise. I see no evidence of that.
Wifi router compromises via XSRF certainly do happen, but that's been known about for a long time already. The claim that Chrome installs are being silently switched through an SSL connection on a clean computer is a vastly stronger claim and I see no support for it in these blogs. If it happens, it'll be the work of an intelligence agency for sure.
Gonna have to say, what the hell on this one. They did list some great providers, but why are they listing EarthVPN after the logging fiasco?
CryptoStorm is structurally anonymous by default.
Gotta say, I'm a little disappointed with this one.
The 3 obvious ones that people already knew collected data.
Never choose a VPN headquartered in any of the following countries:
The best two countries for data security are Iceland and Switzerland. If you want a good VPN, go with ProtonVPN (based in Switzerland, also hosts ProtonMail) or CryptoStorm (based in Iceland).
After reading the convoluted post, I inferred following:
CSIS (Canadian Intelligence) came to them trying to ask them to compromise a portion of their service likely to intercept traffic of one or some of their users. CryptoStorm (CS) refused. As a result one or more of their members were picked up by CSIS, were lightly but physically tortured, had their families threatened, had one person's dog (puppy) killed, among other things.
In the end, it seems they were let go, without having to agree to compromising the service, possibly with threats to not go public with their ordeal. Hence the cryptic post.
Sad state of affairs in Canada unfortunately. Not sure how it will work under the new government or if the government change had any thing to do with the end of CryptoStorm's troubles.
If CryptoStorm was still operating within Canada why is the organization using an Icelandic domain for their website address?
Why were these alleged activities carried out by CSIS, rather than the CSE?
What is the real / offline name of the "core cryptostorm team member" who is allegedly being held hostage by "rogue CSIS agents"?
How did CryptoStorm determine the incident was carried out by "rogue CSIS agents" specifically, rather than being part of an authorized CSIS operation?
Can CryptoStorm benefit from these allegations?
> Your traffic will be encrypted and resnet and anyone else won't be able to see what you're doing.
Not completely true. VPNs only add a layer of indirection, tunneling your traffic through your VPN provider's servers. UCSD can't see what you're doing, but your provider (eg. CryptoStorm) can, and other people can see that one of the provider's customers is, say, torrenting Game of Thrones. And it's not UCSD that monitors these torrents, it's the production companies. If they cared enough they could take a court order to your VPN provider and try to make them cough up your identity. Many providers claim that they don't keep traffic logs, but there's really no way of verifying that as a customer. The FBI has even set up VPN services as honeypots—secretly logging all traffic—in the past (see the Max Vision case).
Both of the VPN providers you mention are based out of the same country (I know that HMA is based out of the UK, but the US has the UK in their pocket)
The fact that HMA logs is reason enough to not trust them. I wouldn't touch HMA with a 10 foot pole.
If you want REALLY cheap and a VPN based out of a better country for privacy laws then try CyberGhost as they have a Christmas/New year sale going right now.
You can get a VPN for 24$/year on their sale from a trusted VPN provider based out of Romania.
They have been around for around 8 years and do not log, allow P2P and have servers in 20 countries and growing.
You can also look into these other great providers
Mullvad, AirVPN, CryptoStorm.
> CSIS (Canadian Intelligence) came to them trying to ask them to compromise a portion of their service likely to intercept traffic of one or some of their users. CryptoStorm (CS) refused. As a result one or more of their members were picked up by CSIS, were lightly but physically tortured, had their families threatened, had one person's dog (puppy) killed, among other things.
Holy fuck, my government is doing the dirty work, and just few days ago we were hailed as the best in personal privacy. Fucking sick to my stomach. FUCK YOU Canadian government. I suspect this incident with Cryptostorm has something to do with the recent passed C-51.
He should have given context. Anyway, I did some research and that particular article actually IS relevant. The main legal fugitive in the article is Doug Spink, and he is/was affiliated with CryptoStorm. Just google his name and some stuff comes up on that
First and foremost I recommend a VPN outside of the US & U.K. here's the direct link to the suggested site's VPN charts
The IVPN and Mullvad recommendations are excellent choices, tho IVPN is expensive... others recommend CryptoStorm. there's some other good looking VPNs as well.
Doug created CryptoStorm.
IIRC he loved animals too much, smuggled hundreds of pounds of cocaine and only served a 3 year sentence. This was a while ago but at the time there were suspicions of him getting out early by giving the service over to the FBI.
CryptoStorm is only a quid a week? That's very good value. Are they worth getting?
I've been tinkering with the idea of getting a VPN for privacy sake but have never really been able to justify the expense. But for the price of a can of coke a week it doesn't make sense not to really.
I get great speeds with them. I personally don't notice any slowdowns while on the servers. I pull near full on my internet speeds when using them with OpenVPN. I sure don't have 50mbit internet, but am pulling great speeds with my net connection while using them.
Got to admit though, CryptoStorm has been a little faster for me. But only a little, not by far.
Hmmm.... regarding CryptoStorm, the presentation was sloppy. However, u/tweIph might actually have a certain point with that. I did my own research and Doug Spink ( i think that was the name), the weirdo in the linked article, apparently is associated with CryptoStorm. Google search of the name seems to indicate that, anyway
Even though the main post criticizing these VPNS is, in my opinion, FUD (my problem is that I have never heard of the sources posted, and that the user seemed to be pretty upset with PTIO personally), I still think enough of the information is accurate that it warrants doing our own little mini "audit" of the VPNS that the PrivacyToolsIO site recommends, since thousands of people use it as a trusted resource
No Database or Records means they are trying to tell you that they don't keep logs. BUT the only one so far we have been able to verify through an FBI subpoena is PIA. Check our list for more information.
Does CryptoStorm own the Hardware? Where are their servers located?
The biggest difference between CryptoStorm and Spideroak is that spideroak has promised from the very beginning to release their source code, but have not done so. I would also like to recommend them, but there is no way to verify their encryption.
J'en ai testé un peu moins d'une 20ène.
Les deux acceptent les bitcoins si tu veux être anonyme au payement, et ne conservent pas de logs.
Most VPN providers indeed do lie about logs. Read CryptoStorm's interview answer to question #1
If you read the whole thing it has a lot of great info on how most VPN providers are complete garbage. But, a majority of VPN providers don't know what they are doing.
Odd you didn't get auto approved. I would say if you don't get your login details by Monday night, or Tuesday morning file for a refund, and if they refuse, open a report with the Better Business Bureau.
Anyway, I would say maybe since its the weekend, none of the employees aside from customer service are working. Their support is okay, but very irritating I do have to agree. Anyway, wait till Monday, if no response go with another company.
CyberGhost, AirVPN, LiquidVPN, CryptoStorm, all good companies I would recommend.
CryptoStorm setup in Linux is confusing. See at bottom for instructions on using token. TL;DR: username for openvpn is sha512 hash of token, and there is no password. CA and config files are at <;.
Also, use openvpn daemon, not Network Manager. Specify DNS nameservers in and prevent leaks with iptables.
Yeah, it's an entirely trust-based industry. It's all about whether you can trust them when they claim they don't keep logs or they will fail to update their warrant canary if/when they get a National Security Letter or they will not give in to requests they cannot be compelled to, etc.
Add to it the fact that most of them have referral programs and VPN reviews are among the most common paid reviews in the tech industry, and it is at best a questionable choice.
For what it's worth, Private Internet Access has been subpoenaed in the past, and it is therefore confirmed that they have no logs to give (there was a court document linked on /r/vpn a while back). Similarly, CryptoStorm has no information to give on you, as long as you connect to a server which has at least one other account using it, because of how they process authentication.
If you're further interested in privacy, I would recommend purchasing a VPN that doesn't log connections (they run about $40-$60 a year, I personally use CryptoStorm) and using the RandomAgentSpoofer add-on. The VPN will obscure your location and secure your traffic from on lookers in your ISP and RandomAgentSpoofer randomizes different parts of your browser fingerprint, like your reported operating system, reported browser, and more. I also recommend, like said in other comments, you use NoScript.
Here is a good list:
I use ExpressVPN, since I live in China, and I am very satisfied with their service. If I would start now, looking at the above list, I would first try CryptoStorm.
I think I would like to tag /u/ProtonVPN in this thread. I have done some reading on their subreddit over at /r/ProtonVPN and it looks to be VERY well developed for something that has just started. I have full intentions of renewing my current subscriptions with IVPN, CryptoStorm, and possibly Mullvad, but they could be a big competitor in the VPN game. As I said above, it is VERY early for me to make commitments for or against their VPN in a personal sense. But I won't discredit their efforts even if I decide not to use it. The have what I would consider to be the best all around privacy-centric and secure email provider out there. I can't imagine them developing a VPN company would result in any less dedication to our privacy and security.
Agreed. I was also very upset they mentioned EarthVPN after the logging fiasco at all.
CryptoStorm is structurally anonymous by default. I feel the list could use a bit of revising myself. But I do agree that a lot of the VPN providers on here are pretty good.
Cool concept, however I found this info.
"If Mr Spink is indeed involved with CryptoStorm, then his quick release from prison following his drug smuggling conviction, combined with the fact that following the bestiality farm case a condition of his release (.pdf) was that any computing hardware and software of his is be monitored by the United States Probation Department, could lead to well-founded suspicion that CryptoStorm might be an FBI honeypot."
I would love to see a similar concept from a reputable company.
I'm looking to replace my current provider and looked at CryptoStorm but removed them from the list. Couldn't find any additional information on what they did regarding heartbleed.
As far as I can tell they didn't regen their keys and replace their server certs.
Is there information I missed? If so I would use them as a replacement.
Would recommend CryptoStorm for your needs. They are run by the previous owners of CryptoCloud, and located in Iceland. If you don't know CryptoCloud, look them up, they have a proven track record.
They were one, if not the first VPN provider to fully provide a non logging service. Their new service is structurally anonymous by default.
CryptoStorm, they have a proven track record and will go to court to defend their users data as they have done with their past VPN, CryptoCloud.
CryptoStorm is also fully structurally anonymous
Cloudnymous has a bit of an odd way of operating with their severs, connections etc.
I would go with cryptostorm who has a proven track record.
, VikingVPN, IVPN, and LiquidVPN all have warrant canaries(the only ones I'm familiar with) and CryptoStorm has "privacy seppuku" where they vow to shut down the service rather than cooperate with law enforcement.
I really like SpiderOak. These guys know a thing or two about serious security. I consider them the cloud storage equivalent of CryptoStorm VPN which is run by some gifted security pros.
Also, perhaps there can be a mention of software like Viivo or BoxCryptor or open source alternatives for encrypting your files before they are uploaded to cloud. While definitely should not be considered the most secure option but can be used for general storage and low security items with satisfactory encryption.
Tor > VPN only works if you can't be connected financially to the VPN, so buy a VPN subscription with bitcoin. Arrange the buy over Tor and do it in person with small cash. I use Riseup's free VPN, but it's US based. if the feds went after me I'd lose. others I trust like CryptoStorm, which lets you buy without personal details & is in some awesome foreign jurisdiction.
VPN > Tor hides from your ISP that you are using Tor (Tor doesn't hide that you're using Tor) and helps protect you from malicious entry nodes (because each download of Tor uses the same entry node each time it connects, if you happen to get one owned by NSA you are fucked)
Not quite browser integration, but I believe the VPN service allows users to view .bit and .onion domains natively.
The only two VPNs that I am aware of that have open source clients are AirVPN and CryptoStorm. You can still use OpenVPN with all of these services, which I recommend! Viscosity is just a way for many services to have an easy to use/stable client without developing their own.
Cloudflare has nothing to do with the VPN service and does not keep logs past 10 minutes.
PPTP/L2TP is used by many VPN providers in order to support devices that only natively support these type of VPN connections, as well as a an option for under powered devices (some routers) that are not able to support the processing power for high bandwidth OpenVPN connections.
Yes, it is marketing for them. But at least now you can use any of their servers without worrying about getting in trouble for DMCA notices.
Breivik verteidigt. Der Spin, den Zugriff auf beiden Seiten sperren Tor zu finden die Ecke. Die Amerikaner machen können nicht was that CryptoStorm might be an den Medien (aka "Lügenpresse") ja durchaus mit Galgen und Städteplanung. Jemanden wie Konzeptlosigkeit, was es aber ich mir kamen 1 geistig verwirrten Messerstecher.
Check out . I haven't had a chance to use them yet but they take an interesting approach by separating the actual payment process from the VPN provider. They use a token-based system, which allows you to purchase tokens from a number of different places other than their own website. I'm planning to test their service once my current VPN provider subscription expires.
Yea, I don't know what kind of people these developers are, but on the flip side evidence may be hard to publicize for a variety of legal reasons due to things like gag orders.
I am really at a loss as to whether this happened or not. I am hoping someone with more knowledge about CryptoStorm can either refute or confirm the validity of their claims and possibly produce evidence.
I'd replace TrueCrypt with VeraCrypt or at least mention that VeraCrypt is the fork with the patched vulnerabilities while TrueCrypt is abandoned. You are also missing the mobile version of Tor and the Tor Browser Bundle (Orbot and OrFox).
For VPNs AirVPN and possibly CryptoStorm VPN.
I've been using CryptoStorm, but a few things do point to him being part of CS. I haven't really seen anything saying that his internet isn't being monitored still. Can you link me to something that says he isn't being monitored? Because a lot of the articles on google point to him owning Baneki Privacy Labs and it just so happens that the twitter account for CS talks to Baneki. I just want to make sure he's not still being monitored is all and that he is in fact in Canada and not in Washington.
How are you getting "best" for PIA? The closest to a perfect score appears to be IVPN. AirVPN, CryptoStorm, PIA, and VikingVPN would be the next highest scores, but with PIA being based in the US, that would be my personal lowest choice (VikingVPN is also in the US, but they have a warrant canary, which would make me think they are in a better position against gag orders). I weighted "logging" as the most important criteria, and then "encryption".
Admittedly, I only compared the options for a few minutes, so I could have overlooked several good alternatives. I don't think PIA is bad, but definitely not in the running for best.
I am confused about the vpn work sheet, their is alot of blank spotsin different places like dns requests and others. how do I compair the company's? I have it down to AirVPN, AzireVPN, CryptoStorm, , Ivacy, IVPN, Lokun, Mullvad, MyIP, OctaneVPN, , Perfect Privacy, RiseupVPN, , , VikingVPN and VPNArea. I live in maryland usa, I will heavily download bittorents.
CryptoStorm is a joke. Their staff has consistently discredited themselves with incredibly dumb statements.
Privatoria is cheap. Can't extensively comment on it.
Maybe use a VNP is a good idea than Tor, I dont recommend you to use free VPN for anonyma & privacy concern but I think its worth have a look to CryptoStorm section for testing.
I don't know if it's your case but if you care about your freedom use OpenSource software & OS :)
Good review. I use VikingVPN alongside AirVPN and CryptoStorm as one of my primary VPNs. Speeds are great. Logging policy is great. Overall very nice. Especially with the Good Friday deal they have going on right now. Can't beat 50% off!
Just a note on your statement on Cryptostorm, as the privacy expert mirimir said:
>Both CryptoStorm's Windows and OSX clients leaked IPv4 while reconnecting after uplink interruption. And they totally leak IPv6.
I know at least 3 bots able to do that:
1. CryptoStorm - 0.15 BTC
2. GunBot - 0.1 BTC
3. PoloniexV3 - 0.18 BTC
They have differenet algos to do that, might have different behaviour for different market conditions leading to pump/dump.
Based on their price - they do not worth to be used, unless you find where purchase them a lot cheaper (like I did).
If your using proxy/vpn browser that means only the traffic from that browser is being "protected" you would want to configure your proxy/vpn info you have set up in your torrent client or get a full VPN service like PIA or CryptoStorm. I suggest you configure with VPN so you and encrypt your packets and also test your bittorrent client
CryptoStorm can't keep specific user identity logs by design, since they don't require an e-mail and the username is a generated random hash/token. Pay with Gift Card or cryptocurrency for maximum anonymity.
It requires you to use a custom app, not a deal-breaker but the option to use OpenVPN is preferable. It is based in Finland which does have good privacy laws, but they're part of the EU so I wouldn't choose it. CryptoStorm is the best option.
This is why you need to use encryption with plausible deniability. CryptoStorm and ProtonVPN are the best services to go for.