Looking for VPN recommendations
-
Ah, you're thinking of browsing. I'm more concerned about stuff like Microsofts CompatTelRunner that does scan your entire hard disks even if you don't participate in CEIP. MS states that (1) it should only be running if you participate, which is a blatant lie, (2) that you can uninstall and hide the related KB update(s), which doesn't help since they wrapped up all KB updates in the cumulative updates, and hidden updates will keep getting unhidden on a regular basis, (3) that it doesn't report any data that I should be concerned about, which I don't believe because of (1) and (2). Any confidential data stored on my disks, including e.g. stuff related to my work, is effectively compromised by MS, no less.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
In this case, you should not use a VPN to provide protection since VPN are not visible to applications, anything "your" application can do can also be done by third party applications ... I have not think this way before, but I belief there should be a solution to this problem using security gateways (black list them is one of potential the solution). But it's not build in yet, I will think about it
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
-
True. But supposedly many of them don't actually store these data. My greatest fear isn't so much who sees it now, but who may be gaining access to it for darker reasons in the future. With most internet companies located in the US, any of them might hand over data about me to any three letter 'intelligence' organization on a whim. Also, hackers have the nasty habit of breaking into even the most secured databases, and they may have even worse ideas about what they could do with it. Data that isn't stored, can't be handed over, or stolen.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
Stefan_Lang wrote:
many of them don't actually store these data
You just don't know it.
Stefan_Lang wrote:
Data that isn't stored, can't be handed over, or stolen.
What about hand over on the fly :)
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
-
I am talking about true VPN working at IP level, in which case the application has to resolve any none IP address into IP before using VPN ... Any one that claim otherwise is not providing true VPN service (they most likely are providing one endpoint SOCKS proxy service, but it's different from 1-NET which contains pair of SOCKS endpoints that forms a secured tunnel) Suppose a user has two zones (LANs), one is the one he/she want to secure (obscure, in OP's word) and the other one is "safe" and the application is in the first zone. The user want to delegate all his/her internet activity to the second one. If one use VPN to connect (tunnel) the two zones, the all the network layer "authorities" (service provider, ISP, etc ...) in the first zone still know what the use is doing since the use is making DNS requests in the first zone and they can control what are visible by the user by controlling the DNS providers. That is what leaky mean in my post. But using 1-NET secured tunnels, one can choose to do DNS requests inside the other zone ...
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
Abso-effin-lutely not. I don't know who you got that information from but it is 100% wrong. When you are connected to a VPN your DNS server becomes the DNS server assigned to the VPN connection, not your ISPs DNS server, and all DNS requests are encrypted and tunneled like all other packet. How do you think connecting to a corporate intranet through a VPN would work if it was using your ISP's public DNS server to resolve requests? It wouldn't... VPN doesn't work "on an IP level", it works on a packet level.
Blog: [Code Index] By Mike Marynowski | Business: Singulink
-
Abso-effin-lutely not. I don't know who you got that information from but it is 100% wrong. When you are connected to a VPN your DNS server becomes the DNS server assigned to the VPN connection, not your ISPs DNS server, and all DNS requests are encrypted and tunneled like all other packet. How do you think connecting to a corporate intranet through a VPN would work if it was using your ISP's public DNS server to resolve requests? It wouldn't... VPN doesn't work "on an IP level", it works on a packet level.
Blog: [Code Index] By Mike Marynowski | Business: Singulink
Unfortunately, sometimes your browser will just ignore that you have a VPN set up and will send the DNS request straight to your ISP. That’s called a DNS leak. This can lead to you think that you’ve stayed anonymous and that you’re safe from online surveillance, but you won’t be protected. How DNS Leaks Can Destroy Anonymity When Using a VPN, And How to Stop Them[^]. Therefore it's not 100% after all ... I mean works at level 3, level 2 knows no IPs so it does not know how to route base on IP addresses
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
-
Stefan_Lang wrote:
many of them don't actually store these data
You just don't know it.
Stefan_Lang wrote:
Data that isn't stored, can't be handed over, or stolen.
What about hand over on the fly :)
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
Shuqian Ying wrote:
Stefan_Lang wrote:
many of them don't actually store these data
You just don't know it.
Its' all about trust. If it turns out a VPN provider was lying about some relevant aspect of his business, that would ruin his business. I don't trust in VPN providers as much as the fact that they can't afford to compromise that trust.
Shuqian Ying wrote:
What about hand over on the fly :)
I would consider that less of a problem, since I'm much more concerned about data sitting around in a database somewhere, waiting to be hacked by malicious third parties. Also, what would be the point? If someone wanted to spy on traffic to and from me, he'd need to know my identity anyway, breaking the main layer of protection that a VPN provides. At that point, rather than spying on 193 VPN servers all over the world they could just ask my ISP to hand over the streams.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
I disabled the CompatTelRunner service only to find it had been re-enabled a few days later. Seems as if the only sure way is to pull the RJ45 out.
We're philosophical about power outages here. A.C. come, A.C. go.
If you don't uninstall the related Windows kb updates, it will be re-enabled automatically. If you don't hide them after uninstallation, they will be reinstalled with the next Windows update. Even if you hide them, they will be unhidden with the next Windows update rollup. Personally, I switched to manual updates, and when I do an update I will remove the pests that I don't want afterwards:
Quote:
KB971033 Description of the update for Windows Activation Technologies KB2952664 Compatibility update for upgrading Windows 7 KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows KB3021917 Update for Windows Customer Experience Improvement Program KB3022345 Update for customer experience and diagnostic telemetry KB3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1 KB3044374 Update that enables you to upgrade from Windows 8.1 to a later version of Windows KB3068708 Update for customer experience and diagnostic telemetry KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 KB3080149 (update for CEIP and telemetry)
(taken from Meine Methode die Telemetrydatenerfassung au… | Forum - heise online[^] ; also see Windows update KB2952664 (Compattelrunner.exe) cannot be uninstalled from Windows 7 - Super User[^] ) I expect this method will keep working for Windows 7 until MS stops rolling out updates.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
I know it easy if you use a third party service which host your "other endpoint" for you. But then you are letting the service provider as an insider of you network. That is why they almost all declare that they do not do logging, etc. Do you really trust them, that is the problem ... Try to host the other endpoint your self! Just try it, then you will know ...
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
Having the other endpoint of the VPN under your own control makes the whole thing quite useless for obfuscation. If you are the known owner of the VPNs exit point, then you are identifiable again. Using a VPN for obfuscation only makes sense if you are NOT the exit point yourself an - if possible - share the same exit point with hundreds of other "unknown" people. The downside is of course, that you have to trust the VPN provider that he does his job as expected and really makes it impossible to track the traffic back to you.
-
Unfortunately, sometimes your browser will just ignore that you have a VPN set up and will send the DNS request straight to your ISP. That’s called a DNS leak. This can lead to you think that you’ve stayed anonymous and that you’re safe from online surveillance, but you won’t be protected. How DNS Leaks Can Destroy Anonymity When Using a VPN, And How to Stop Them[^]. Therefore it's not 100% after all ... I mean works at level 3, level 2 knows no IPs so it does not know how to route base on IP addresses
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
The way you were describing it before you were implying that it is intended that VPNs work that way and all of them work that way, that you *WILL* get leaky protection from a VPN. That's not the case. If that's happening, its a bug or a bad configuration. As the article you linked to states, most of the top VPN providers provide leak detection/prevention already, so a good VPN is a perfectly reasonable way to fully protect yourself.
Blog: [Code Index] By Mike Marynowski | Business: Singulink
-
Unfortunately, sometimes your browser will just ignore that you have a VPN set up and will send the DNS request straight to your ISP. That’s called a DNS leak. This can lead to you think that you’ve stayed anonymous and that you’re safe from online surveillance, but you won’t be protected. How DNS Leaks Can Destroy Anonymity When Using a VPN, And How to Stop Them[^]. Therefore it's not 100% after all ... I mean works at level 3, level 2 knows no IPs so it does not know how to route base on IP addresses
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
"VPN only offer a leaky protection since it works at IP level" That's the part I'm referring to which was misleading. A properly configured VPN or one that checks for leaky DNS will keep you protected. As per your article: So which VPNs include DNS leak protection? According to BestVPNz.com, Private Internet Access, TorGuard (both of which made it to our best VPNs list), VPNArea, PureVPN, ExpressVPN, VPN.AC, and LiquidVPN all provide protection.
Blog: [Code Index] By Mike Marynowski | Business: Singulink
-
Thank you very much for the link. I always like a (somewhat?) neutral source to compare products.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
My only experience is with PIA (Private Internet Access) as well. It does well enough for what I need. Speeds were not that great in the beginning (2 maybe 3 years ago) but are now up to par. I notice only a marginal drop in bandwidth while connected, which is to be expected due to VPN overhead. They also have a large number of regions you can connect to for circumventing geo-tracking/fencing, et cetera, as well as offering port forwarding on a handful of those if that's something you need. They also include a few concurrent connections without using their client, so you can connect a mobile device as well without needing additional software (this has come in handy while traveling abroad; never know who is recording what off of those hotel wifi points...) For me, the price is more than reasonable for what I'm getting ($25 USD a year, iirc.) Your mileage may vary (obviously) based on your needs.
-
"VPN only offer a leaky protection since it works at IP level" That's the part I'm referring to which was misleading. A properly configured VPN or one that checks for leaky DNS will keep you protected. As per your article: So which VPNs include DNS leak protection? According to BestVPNz.com, Private Internet Access, TorGuard (both of which made it to our best VPNs list), VPNArea, PureVPN, ExpressVPN, VPN.AC, and LiquidVPN all provide protection.
Blog: [Code Index] By Mike Marynowski | Business: Singulink
Users need external means to patch the holes and it's not 100% sure, aren't they? That's what I meant ...
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
-
The way you were describing it before you were implying that it is intended that VPNs work that way and all of them work that way, that you *WILL* get leaky protection from a VPN. That's not the case. If that's happening, its a bug or a bad configuration. As the article you linked to states, most of the top VPN providers provide leak detection/prevention already, so a good VPN is a perfectly reasonable way to fully protect yourself.
Blog: [Code Index] By Mike Marynowski | Business: Singulink
Well, in the world of security, info breach/leak "Could" happen == "risk" :) And there are application scenarios that would favor different VPN connections for different application contexts at the same time, like connecting to different remote offices and browsing at the same time. One needs "Split tunneling" ... This is happening in our ever connecting and distributed online experiences
Find more in 1-NET: connects your resources anywhere[^]. Email searcher Email Aggregation Manager[^].
-
Ah, you're thinking of browsing. I'm more concerned about stuff like Microsofts CompatTelRunner that does scan your entire hard disks even if you don't participate in CEIP. MS states that (1) it should only be running if you participate, which is a blatant lie, (2) that you can uninstall and hide the related KB update(s), which doesn't help since they wrapped up all KB updates in the cumulative updates, and hidden updates will keep getting unhidden on a regular basis, (3) that it doesn't report any data that I should be concerned about, which I don't believe because of (1) and (2). Any confidential data stored on my disks, including e.g. stuff related to my work, is effectively compromised by MS, no less.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
I always thought "what faster way to 'innovate' than to steal the ideas of programmers everywhere?" Better yet, their working code.
-
I'm so fed up with more and more applications (including Windows itself) requiring internet connections and sending out tons of data with little or no control about what is sent and what it is used for. Also, more and more web sites liberally use geolocation data to artificially restrict what I can use, and how. While in some cases, there may be a legal foundation for this behaviour, I doubt that is true most of the time. It doesn't seem like anyone even cares to point that out - which to me is just another red flag, and I am well within my rights to deny that information. Anyway, I was wondering about ways to at least confound all these user data abusing techniques. There are only two things that came to my mind: using TOR, and using a VPN. I'm not sure how much either will help, but I understand that for VPN I need to choose a provider. Different providers provide different services, for a price - or, sometimes, free. And I have no idea what to look out for. So, my question to the community is, do you have recommendations for a first-time VPN user who just wants to retain a lttle more control over his personal data, even if obtained only through obscurity? I don't mind if down/upload speeds go down a bit. Also - this might be a stupid question, but I simply don't know - would it affect my choice of VPN if I were to use TOR, or does it even make sense to use TOR over a VPN? P.S. (2017-4-10): best info found so far: That One Privacy Site | VPN Section[^]
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
I'm running OpenDNS's Simple DNSCrypt to keep my ISP from snooping the packets of my DNS requests, which is still possible if you only use someone else's DNS servers (Google's, OpenDNS's, etc.) I recently became aware of and am considering FreedomBox which you can run on a RasPi among other hardware. Many features/services to choose from, VPN amongst them. Check out their FAQ page. Using the ad blocker has to make up for at least some of the lost speed, with some pages more than make up for. I used to run the UTM, Untangle, but changed the box I was running it on to be a small domain controller. A RasPi would be a much more energy efficient appliance these days.
-
I'm so fed up with more and more applications (including Windows itself) requiring internet connections and sending out tons of data with little or no control about what is sent and what it is used for. Also, more and more web sites liberally use geolocation data to artificially restrict what I can use, and how. While in some cases, there may be a legal foundation for this behaviour, I doubt that is true most of the time. It doesn't seem like anyone even cares to point that out - which to me is just another red flag, and I am well within my rights to deny that information. Anyway, I was wondering about ways to at least confound all these user data abusing techniques. There are only two things that came to my mind: using TOR, and using a VPN. I'm not sure how much either will help, but I understand that for VPN I need to choose a provider. Different providers provide different services, for a price - or, sometimes, free. And I have no idea what to look out for. So, my question to the community is, do you have recommendations for a first-time VPN user who just wants to retain a lttle more control over his personal data, even if obtained only through obscurity? I don't mind if down/upload speeds go down a bit. Also - this might be a stupid question, but I simply don't know - would it affect my choice of VPN if I were to use TOR, or does it even make sense to use TOR over a VPN? P.S. (2017-4-10): best info found so far: That One Privacy Site | VPN Section[^]
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
I found this Article very interesting: Post-FCC Privacy Rules, Should You VPN? — Krebs on Security[^] and in particular - this site, which was linked to from within: That One Privacy Site | Simple VPN Comparison Chart[^] Hope that helps.
-
I'm so fed up with more and more applications (including Windows itself) requiring internet connections and sending out tons of data with little or no control about what is sent and what it is used for. Also, more and more web sites liberally use geolocation data to artificially restrict what I can use, and how. While in some cases, there may be a legal foundation for this behaviour, I doubt that is true most of the time. It doesn't seem like anyone even cares to point that out - which to me is just another red flag, and I am well within my rights to deny that information. Anyway, I was wondering about ways to at least confound all these user data abusing techniques. There are only two things that came to my mind: using TOR, and using a VPN. I'm not sure how much either will help, but I understand that for VPN I need to choose a provider. Different providers provide different services, for a price - or, sometimes, free. And I have no idea what to look out for. So, my question to the community is, do you have recommendations for a first-time VPN user who just wants to retain a lttle more control over his personal data, even if obtained only through obscurity? I don't mind if down/upload speeds go down a bit. Also - this might be a stupid question, but I simply don't know - would it affect my choice of VPN if I were to use TOR, or does it even make sense to use TOR over a VPN? P.S. (2017-4-10): best info found so far: That One Privacy Site | VPN Section[^]
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
Buy VPN and the NSA will put you on a LIST!!!!
Idaho Edokpayi
-
Buy VPN and the NSA will put you on a LIST!!!!
Idaho Edokpayi
Unfortunately I'm already on it just for asking about it - as is everyone else answering in this thread :omg: ;P
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)