
How To Make VPNs Even More Secure - llambda
http://torrentfreak.com/how-to-make-vpns-even-more-secure-120419/
======
fl3tch
> "When anonymity is a factor, pay with an un-trackable currency," explains
> Andrew from PrivateInternetAccess.

> "For example, signup for an anonymous e-mail account using Tor and use a
> Bitcoin Mixer to send Bitcoins to a newly generated address in your local
> wallet.

Kind of pointless to go to such lengths when the VPN provider has your IP
address.

~~~
cookiecaper
Many VPN services claim that they do not maintain connection logs. Also, it's
much safer to use bitcoins and a masked email address in case of breach by a
party that doesn't have the authority to subpoena your ISP for the IP info.
Also, there are plenty of ways to misdirect via IP if there is any suspicion
that logs are maintained, and in that case they won't be able to easily tell
who you are, as they would if you had filed a real credit card (or even a real
email address).

~~~
fl3tch
> Many VPN services claim that they do not maintain connection logs

If you're paying for the service, then you need to authenticate to it either
with a password or certificate. Either way, the VPN provider knows when you're
connected. Also, to prevent sharing of accounts, they will often limit the
number of IP addresses you can connect from (within a certain period of time),
which means that almost all of them log IP addresses and connection times.
That information, combined with other evidence, could be enough to connect you
to certain activities.

For example, suppose you're harassing someone on a forum and they get the cops
involved. They know the date and time of all of your posts, so they go to your
VPN provider, and you're the only person who was connected every single time a
post was made. Now, it's good to catch people like that, but if you require
strong anonymity just use Tor.

~~~
Dylan16807
There is absolutely no reason they would have to to log ip addresses to
prevent account sharing. They can easily limit you to one logon at a time or
simply ignore sharing and limit each account's bandwidth, preferably rounded
to the megabyte or coarser.

------
reinhardt
Admittedly I know almost nothing about bitcoins but suggestions like "use a
patched Bitcoin client" and linking to Bitcoin-OTC,"a marketplace located in
#bitcoin-otc channel on the freenode IRC network" imply a certain level of
geekiness to even use this thing. Are there any good "bitcoins for dummies"
kind of resources, or software that hides most of the complexity under a
friendly UI for mere mortals?

~~~
jmillikin
Despite the title, this article isn't aimed at people looking for general-
purpose private/secure communication. It's specifically for those who want to
torrent pirated music/movies/tv, but do not want to leave any way for a
subpoena from the US government to reveal their contact information. The goal
isn't just privacy, but anonymity.

VPNs still work perfectly for private/secure communication, as long as you
trust whoever's on the other end -- for most people, this is their employer.

For those who truly do need to be anonymous, Tor is still the standard. It
doesn't work if you need to transfer terabytes of data anonymously, but it's
fine for browsing or small-scale file exchange (eg wikileaks).

------
zurn
So this seems to be about using IP tunneling that is terminated at a
commercial tunnel provider who promises anonymity, to hide your real address.
As opposed to the usual meaning of VPN referring to IPSec or similar for
confidentiality/integrity, and/or tunneling into the soft inside of the
corporate "intranet".

~~~
wmf
It's the same technology, just a different use case.

------
rollypolly
Are some ISPs more privacy-friendly than others? What should I look for when
looking for a privacy-friendly ISP?

~~~
reinhardt
Here is a good review: [https://torrentfreak.com/which-vpn-providers-really-
take-ano...](https://torrentfreak.com/which-vpn-providers-really-take-
anonymity-seriously-111007/)

------
noja
The weakpoint is payment for the VPN (although to be fair to the article, it
does cover this, albeit not in much depth)

~~~
johnpowell
I use a seedbox. The provider is in Canada and the server is Luxemburg. I
connect to that with sFTP.

And for normal Internet traffic I have a VPS in New Jersey (Linode) that runs
Squid that I route everything through.

While I am in no way totally private I am not the lowest hanging fruit.

------
huhtenberg
WTF is this, and what is it doing on my HN front page.

Is it just me or have the quality of HN content taken a sharp nosedive in just
few months? Another Erlang week seems to be in order.

