
Use Tor? Your privacy may be compromised - freepn
https://freepn.com/posts/will_tor_protect_me.html?pk_campaign=ab1&pk_kwd=Hacker%20News
======
smoyer
And why exactly should we trust FreePN? I'm not qualified to do a security
audit on the OSS code and unless you pay someone who's really good at
cryptography, I think that statement applies to the rest of your users.

EDIT: I should also note that I like the idea that FreePN is a peer-to-peer
network underneath. I think part of the problem with compromise that you've
outlined in this article is that there is a pretty limited number of TOR
nodes. With P2P, you scale out as you gain users, so the problem becomes
getting the first x users.

~~~
freepn
Hey smoyer! Ian from FreePN here -

> And why exactly should we trust FreePN? I'm not qualified to do a security
> audit on the OSS code and unless you pay someone who's really good at
> cryptography, I think that statement applies to the rest of your users.

That's a fair concern. We're a pretty small team at the moment, so haven't yet
had a chance to get an independent security audit done (though we do intend to
do so after we launch our alpha in around a month).

Our service is built on top of ZeroTier though (they haven't had a third-party
audit, but the founder does write a lot about their security from time to
time:
[https://news.ycombinator.com/user?id=api](https://news.ycombinator.com/user?id=api)).

We decided to make all of our code for the network open-source as a show of
good faith - we're trying to do everything with FreePN as transparently as
possible (which I feel is important, being a security / privacy product),
while still making it easy-to-use for less-techy people.

If you have any suggestions for how we can improve our messaging feel free to
shoot me an email (in profile).

~~~
smoyer
"FreePN is the only completely free, fast, secure, anonymous, unlimited-
bandwith VPN. It's also open-source." is already a mouthful but I think what
caught my eye when reading through the FAQ is that it's peer-to-peer. At that
point, I think the integrity of the client is key (as noted above) and I think
(as I'm imagining it) the idea that there's a coordinating server doesn't
really scare me.

I also find it interesting that you don't accept fiat currencies as donations.
Wouldn't these funds be useful when hiring a third-party auditor? Could a
crowd-funding campaign be used to fund the auditor?

If you trust the coordinating server and that the client is both trustworthy
and invulnerable, then I think it would be cool to have a ticker on your main
web-site with two numbers ... the number of clients downloaded and the number
of connections started through the coordinator in the last x period of time.

~~~
freepn
> Wouldn't these funds be useful when hiring a third-party auditor? Could a
> crowd-funding campaign be used to fund the auditor?

Actually that's a fair point & good idea I hadn't really considered. I'll
update the contribution FAQ section with a link to PayPal soon!

> it would be cool to have a ticker on your main web-site with two numbers ...
> the number of clients downloaded and the number of connections started
> through the coordinator in the last x period of time

I love this also. Once we launch the alpha will 100% incorporate these into
the landing page in some form!

~~~
smoyer
Let me know when you can accept USD and I'll be your first (small) donor!

~~~
freepn
Hi smoyer!

We took your advice and are starting to accept fiat currencies donations. Made
a PayPal page - [https://www.paypal.me/freepn](https://www.paypal.me/freepn).
Added the link to our website so that we can start collecting funds to pay for
a security audit post-launch.

Thanks for your help and support! We really appreciate it!

~~~
smoyer
The payment link you included on HN works ... the link from the FAQ gives a
404.

------
sarcasmatwork
Best practice for TOR:

\- Be aware that 3 letter agencies monitor TOR.

\- Use HTTPS for everything.

\- Dont goto personal stuff that could ID you.

A VPN service could also sniff the traffic and ID you. Work blocks freepn.com,
so cant read the article.

~~~
freepn
sarcasmatwork -

Ian from FreePN again. Does your work use OpenDNS or similar? We recently
acquired the domain (freepn.com) via secondary market, so have been slowly
working our way through some domain blocking issues (OpenDNS, Fortiguard,
etc.)

For anyone this is an issue for, here's the main points of the article:

Why isn't Tor enough?

\- Compromised Exit Nodes

\- Compromised Guard Nodes

\- Traffic Shaping

\- Human Error / What you do while using Tor matters

\- Increased use of Tor means increased exposure

