Phony VPN Services Are Cashing In On America's War On Privacy

Reader Freshly Exhumed writes: Nicholas Deleon at Motherboard reveals a run-in with scammers who are already hard at work taking advantage of newly signed legislation that allows Internet Service Providers to sell your online privacy, including your web browser history, to the highest bidder without your consent. Relatedly, Tim Berners-Lee would prefer people to protest in the streets rather than take technical measures such as TOR and VPN. For those intent on using VPN, TorrentFreak has their latest reviews of VPN anonimity practices, with the caveat that the info is submitted by the VPN companies themselves on a "trust us" basis.

Re:

[thomn8r]

A true luddite uses cu and uucp

ToR is slow

[Anonymous Coward]

TOR is so slow.

Re:

[malditaenvidia]

TOR was made to be slow. That's why it works.

Re:

[boohoohoo]

CryptoStorm was created and is partially run by previously convicted drug smuggler and known zoophile, Douglas Spink, He is known for running a bestiality farm.

http://www.nydailynews.com/new... [nydailynews.com]
http://www.seattletimes.com/se... [seattletimes.com]

There have been concerns about his involvement with CryptoStorm for a while.

https://www.bestvpn.com/blog/8... [bestvpn.com]
https://www.wilderssecurity.co... [wilderssecurity.com]

Re:

[unrtst]

Replying to remove incorrect mod

Re:

[Unknown User]

Good, that makes it more likely that he offers real anonymity and is not in bed with the feds.

Re:

[Thud457]

give me BONESTORM or GO TO HELL!

Re:

[phantomfive]

If you have tech skills, the easiest thing to do is set up your own VPN on an AWS box. Cheap, not too hard, you can use SSH [linuxjournal.com] or you can use openSwan [libreswan.org].

Re:

[phantomfive]

Lol, yeah only a simple subpoena to Amazon and they know exactly who you are,

If you're trying to hide from the government, VPN isn't going to save you.

Re:

[rhazz]

That's not what this is about. This is a phishing attempt directed at the customer base of some companies whose forums were hacked. The only link to the policy changes is that the email claims to be a VPN service saying you need them more than ever due to the policy changes.

All my data is double-encrypted with ROT-13!

[Fringe]

Sometimes people don't even realize encrypted data is present.

Re:

[Anonymous Coward]

ROT-26 is faster than running ROT-13 twice, and is just as secure.

But the modern recommendation is ROT-416. It's well established that the NSA has been able to break double-ROT-13 and ROT-26 for a long time now. There are also rumors of them secretly injecting vulnerabilities into the ROT standard, so be careful out there!

Re:"anonimity"?

[tsqr]

Learn how to spell, you fucking retards.

Now, dont curl up into a feeble position, or run around like a bowl in a china shop. No need for ad homonym attacks. Its the 21st century, and for all intensive purposes, its a far-gone conclusion that society has bid ado to gramer; speling - and punkshuation (ect). As long as you can pack up the meening from contacts, you shouldnt go on and nauseum about this sort of thing. In the end, its all for knot anyways, so dont ball your eyes out over it. In stead, you should cease the opportunity to except the inevitable and be internally grateful at being liberated.

Re:

[Maritz]

You'd gotten as far as 'gramer' before you noticed anything was up? lol. Woosh city.

Re:

[grep -v '.*' *]

NO, I don't think so, You can have my grammar and punctuation only when you pry it from my cold, dead ... pencils?

Wait, let me come in and try that again.

Re:

[Maritz]

They are all eggcorns. Ball = Bawl. Feeble position should be 'foetal' position. Eternally grateful instead of internally. "In stead?" Have a word with yourself.

Re:

[Anonymous Coward]

Some folks seem to be doing that with VMs. They will run VPN A on the main OS, then run a VM and inside that VM open VPN B's connection. Idea is that VPN B will tunnel through the VPN A connection to VPN B's exit point.

How well that works or how effective it is, I could not say. At least to a first glance it does not seem like too bad an idea though.

Re:

[AHuxley]

Re " it seems like things would be pretty untraceable, if not in theory then in reality."
The police or security services who detected a criminal matter would track the first VPN.
International paperwork would be requested for the VPN owners/host nation showing a real crime in that nation.
A local court in the VPN's own nation would see that evidence and then the VPN would be contacted.
The VPN would have no logs but the user of interest has a pattern of access. So every packet in and out is looked for a t

Re:

[Falos]

If you're moving highly mission-critical data or trade secrets or something, sure. Or selling drugs.

Most of us are satisfied with basic concealment, because it's enough to beat automated snooping, whether it's the ISP or your government.

If you're on a list (the real kind) it may not be enough, but the rest of us will be casually safe against the casually invasive. If you've a determined actor, the genuine "someone is watching" that normies conflate with mass logging, you expect to take additional measures.

There are good ones if you do your research.

[waspleg]

I did quite a bit. I've been using AirVPN (based in Italy) for several years without any issues beyond ones I caused myself; and without any love letters from Comcast.

(no I'm not affiliated just a satisfied customer - check my post history)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[radarskiy]

That comparison site is only useful if you are assuming that the VPN itself cannot be a threat, a point which is refuted by the very article we are posting about.

The site even includes this disclaimer, which you have glossed over: "including if a given VPN service is not transparent and does not make the data available on their official site."

Worthless

[rudy_wayne]

Over the past few years there have been many articles written about VPNs but they all suffer from the same problem, and this article is no different:

their latest reviews of VPN anonimity practices, with the caveat that the info is submitted by the VPN companies themselves on a "trust us" basis.

There is absolutely no independently verified information. The only information provided in the articles comes directly from the VPN companies themselves, making it completely useless. More lazy journalism.

Re:

[Anonymous Coward]

That may be true, but it's still a step up from the ISP situation, which are known to look at traffic. The VPNs at least promise not to, and if they get caught out in a lie they can lose their entire business, because there is real competition for them.

So it's not perfect by a long shot, and we can and should wish for better. But if you have to pick something to put your trust in, better the VPN company than the ISP company. And you can also pick your VPN: change if the old ones breaks your trust, or pic

Re:

[AHuxley]

A VPN offers a nice encryption layer that hides all plain text from local police, local gov, lawyers, health services, your ISP.
That is great given how much is now been collected in many nations over months and can be searched and requested by a gov, local gov, public private partnership contractors or a lawyer for a civil matter in some nations.
In the UK "As the Investigatory Powers Bill passes into law, internet providers will be required to keep a full record of every site that each of its customers h

Re:

[Nethead]

I'm lucky that my ISP is a Native Sovereign Government (Indian Tribe) with a small user base and an attitude that anything like a DCMA just looks like extra work and screw that shit. Not the greatest speed (25/3) but damn good ping times. I even get a static IP which is really handy. That said, I do have PIA that I fire up from time to time and a few BSD boxen VMs scattered around the world.

See!

[Altrag]

Innovation! Look at all the new ways companies are figuring out to screw customers over! The possibilities are endless! MAGAMAGAMAGA!

Honeypots

[Anonymous Coward]

Just remember, most of the "private", "secure" email services turned out to be either direct honeypots or, even if legit at first, taken over later by the NSA or other agencies, with money and/or threats, and turned into a honeypot, as revealed by wikileaks papers. VPN will probably be the same

Roll your own

[DaMattster]

It's not difficult to roll your own VPN solution if you have some knowledge of BSD/Linux. This is really and truly the only way to ensure trust and even then it is not 100%. OpenVPN is not hard to install and configure but I am sure it is not immune from would-be intruders.

Re:Roll your own

[R.Mo_Robert]

It's not difficult to roll your own VPN solution if you have some knowledge of BSD/Linux. This is really and truly the only way to ensure trust and even then it is not 100%. OpenVPN is not hard to install and configure but I am sure it is not immune from would-be intruders.

Umm, how does that help? I do have a VPN server to remote in to my home network and access services, shares, and other resources I don't make publicly visible (which is almost everything--that I don't, I mean), but you seem to be missing the part where the type of VPN this article is talking about is for people who wish to disguise their network traffic from home (and elsewhere) by sending it over a VPN to a remote server, often in another country--the problem being that it's not always apparent if you can trust that server.

The law cancels a future regulation

[Attila Dimedici]

The summary continues to play into the hype about a law which merely cancels a regulation which had not yet gone into effect. The passage of the law changed NOTHING with regard to consumer privacy. It merely prevented a regulation from going into effect in December, which it was claimed would increase protections for consumer privacy (I have not studied the regulation in question, so I do not have much of an opinion of whether it would have actually done so. I am however skeptical about whether it would hav

Got to do something

[Wowsers]

We've got to do something to stop Internet Providers criminal activity. In the UK, ISP BT hacked their customers website traffic, changing the pages they were expecting to see, and inserting the adverts BT wanted you to see instead. This went to court, and despite this practice breaking many laws in hacking / interception of communications, identity fraud etc, somehow, the court let off BT with a slap - no prison time for anyone involved in this criminal activity. Read the saga about Phorm https://en.wikipe [wikipedia.org]

Speed Of VPNs and My Take On The OP

[AleksK]

I think it's not just tor... i've used hss proxy, ib and ivacy vpn too and pretty much every vpn is slow when it comes to encryption, including others too. it just shouldn't cross that line where it becomes downright unusable. the foregone speed is a trade-off for the encryption you get. about the OP, i read that thing over motherboard as well as troyhunt and i'm not sure if it's funny or ironic but in any case, these scams almost seem to leave users with more questions.