Free product, free support, no logs. They're either lying or trying to turn this into a freemium product at some point in the future. Everything else just seems unlikely.
Furthermore, their domain is protected by WhoisGuard (Panama). If they (the people involved, not the servers) were sitting in Sweden this would be unnecessary (compare IPredator). The IP address behind the website points to the same Swedish datacenter(s) that the services surrounding The Pirate Bay use as well (Portlane). IPredator itself seems to have moved to Cyprus though.
Uppercase and underlined "anonymous" next to plain text passwords via email is just unprofessional.
I can't tell you how happy I am to see this as the top comment.
Free is a con.
If you want a cheap VPN that you control (and that's faster than Tor), set up an endpoint on something that takes Bitcoin payment and pay with Bitcoins obtained via an anonymous route. This list might be helpful.
Okay but please don't mention 'Tor' side by side with VPNs they are essentially different services/solutions, for different needs. Even on HN I see that many people are so confused about Tor that consider the traffic encrypted by default (when it's not not) or they use tor to perform the usual daily web operations (Facebook, twitter, email, etc.) which totally beat the purpose of Tor but would be excellent use case for a (paid or self-hosted) VPN.
Depending on your needs, you can just roll your own with Amazon EC2. I use it for an SSH tunnel, mostly to use while at work. Not that I'm doing any weird browsing, I just don't like the thought of my employer keeping a log of what I am doing on my free time (https://xkcd.com/303/).
I wrote a script to spin up a new instance when I need it, and to terminate it when I don't. It should cost less than $10/mo, and I only pay for what I use.
There is always a server that knows who you are. Whether it's an OpenVPN server hosted on an EC2 instance or a TOR entry node.
Hosting you own VPN server seems overkill for this kind of use case. There are many trustworthy VPN providers that I'd recommend for use cases unrelated tor BitTorrent. A couple of years ago people recommended SwissVPN over and over to me, though I've never used it. I was a happy IPredator customer for quite some time.
If you want to host your own VPN server (let's face it, servers are useful anyway), I'd recommend cloud providers other than Amazon. Iceland, Sweden and Germany are very friendly countries.
> There is always a server that knows who you are. Whether it's a OpenVPN server hosted on an EC2 instance or a TOR entry node.
There's a fundamental difference here. With EC2, you get a server that knows who you are and what you're saying (at least they know who you're talking with, if you use HTTPS). The TOR entry node only knows who you are, but knows nothing about who you're communicating with or what you're saying.
There is always a server that knows who you are.
Whether it's an OpenVPN server hosted on an EC2
instance or a TOR entry node.
Correction: the TOR entry node only knows the data came from you, but there's no way for it to know whether the data originated from you or not. For all it knows, you could be a relay and the data came from someone else.
Right, but the discussion is about anonymous VPN use.
There's always a server that knows something - but using EC2 means it is extremely easy to tie to your identity through your credit card, shipping and billing addresses, etc.
And Amazon is in bed with everyone VPN users might want to stay anonymous from - so EC2 is an exceptionally poor choice if you care about anonymity.
Exactly, which is why I said "depending on your needs". It is great for use on public wifi, etc, to keep your traffic secure, not to keep you globally anonymous.
Here it is in all its Bash glory. It works locally on Linux Mint / Ubuntu. I hacked this together just yesterday so I'd be happy to see any improvements.
This assumes that you are somewhat familiar with EC2 and have already set up a keypair and a security group that allows incoming port 22. Just read the instructions at the top and change the settings to fit your needs.
Set your browser to use SOCKS host 127.0.0.1, port 5222 (or whatever you change it to). This allows you to have a browser using the tunnel and everything else using your native connection.
I'm not quite sure what the appeal of free VPN services are, or why anyone would trust them.
Setting up a VPN server takes very little time. From a default Ubuntu installation you only need to install the OpenVPN Access Server package, visit a web page and add a user.
You can do this from a cloud service provider in a location with favorable privacy laws, like Iceland. I do this with GreenQloud, and just spin up my VPN instance when I'm on an untrustworthy wifi network, behind a corporate firewall, traveling to a country that censors, or whatever. Powered on instances cost little, and powered off nearly nothing. The attack surface is low, as it's usually powered off.
People who wish to be nearly untraceable can use a prepaid credit card for anonymity.
I used a prepaid card to sign up for an AWS account because I'm not comfortable giving them my real one for a "free trial", they accepted it at the time, approx 1 year ago.
In the US and many other places, prepaid cards are not anonymous. IIRC you need ID of some kind to buy them in Germany, for example (similarly for SIM cards)
True, but they are not technically anonymous - you have to provide a name and address. And while the average person will not care, I'm sure an enterprising US district attorney will find a way to pile CFAA and other charges for providing wrong details on a prepaid card if they already are trying to nail you.
You can buy a prepaid card in most local grocery stores in Canada, no personal info required - though you can't buy a prepaid card with a prepaid card.
I always assumed money-laundering was what they were trying to protect against.
At first I figured if it was possible to buy a gift card with a gift card they wouldn't be able to track that very easily / as easily. But then, what about cash. So it does seem like kind of a moot point to me, maybe someone in Finance can explain the reasoning better?
1. We offer a free service.
2. With free support.
3. And we somehow have enough ips to go around for everyone?
4. Btw, we are not MITMing you or logging anything.
You don't need enough IPs to go around; you can always assign a private IP address and do NAT (this is how most VPNs work anyway).
But yeah, I don't understand how they're paying for it. My best guess would be they found a loophole to exploit peering agreements, similar to how small rural telephone companies will set up free conference bridges because the big telcos have to pay them connection fees.
Or they're just capturing info and selling it (unlikely; personal information just isn't worth that much and it's easy enough to buy already from data brokers).
Or they're MITMing the big ad networks and showing their own ads instead. I consider this the most likely scenario.
Oh sure, sorry I meant to imply that effectively those external ips they will be exposing to outside services will be banned fairly soon by a lot of things and marked as a vpn/proxy service.
On second reading I realize that I basically in no way say that.
Agreed with everything you said though, it's not legit.
This phrase should be put down with a shot in a back of its metaphorical head. Whisper Systems, TOR, tox are free. Should we apply the same principle to those products?
You're talking open source software vs. free services.
Free software is write once and release; it costs the author nothing to maintain it. Free services require maintenance and incur operating expenses that need to be covered somewhere.
Probably a better disambiguation would be "services" that are free. Open-source projects can always be validated to make sure that they are not monetizing their user-base.
Tor is a service but by reading the source code, you can see (if you understand the code) that nothing monetizable leaves your computer.
I don't have as much confidence in Tox just because it hasn't been around as long (and I haven't read the source).
Wikipedia is a service puts up a huge banner every year asking you to please give them money if you don't want them to be forced to show advertisements, implicitly making you the product.
I say, the lengths people go to justify a trite thought-terminating cliché don't fail to astonish me.
If the mere possibility than a service you use might in the future have ads is sufficient to justify the phrase "you are the product", then I don't see how anything can be an exception to that. After all, the next release of Tor might have ads! Who knows?
TOR isn't free. The support and development is paid for by donations and funding, the bandwidth (currently over 12000 MiB/s) is paid for by lot's of volunteers. I get your point though. The question isn't whether something is free to use, it's who's paying for incurring costs.
I always chuckle when I see a VPN service claim no logging. While it's probably true, they can't ever prove to you that that's actually the case, which makes the claim moot for anyone who actually cares about their privacy.
They will need to store them in plain text or encrypted plain text (which is just plain text with sugar on top) just due to the way some of the VPN protocols they support work.
They should avoid emailing them however, if they can.
That isn't the point, if they can send it in plaintext then they have it in a recoverable form. They shouldn't be storing your password atall. They should be storing a hash of your password.
And on top of all that, sending it plaintext via email, itself a largely open format, means they've broadcast it to all kinds of other potentially bad actors.
Plus it indicates (to me) a questionable grasp of security, not a great sign for a VPN provider.
It could very well just mean that the email is sent before any hashing occurs (as part of the registration controller, in other words) - but yeah, you're right, considering that email's physical equivalent is a postcard, it shows a tremendous lack of respect for the user. Kiss of death for a supposedly privacy focused operation like a VPN provider.
Dosen´t seem very legit. According to reddit it´s sluggish not really working and presumingly stealing information. Can anyone back this information? or counter it? I don´t feel like using this software it´s way too fishy.
Within less than an hour of being connected to FrootVPN through OpenVPN, incoming connection to sshd from sketchy IP followed by multiple attemped incoming connections to screensharing from another sketchy IP... bots, or not, I dont know...
But if every single comment thus far isn't enough of an indication.. as I have never experienced these security issues in the past, I think it's fair to say.. stay away, stay far away...
"We dont keep any logs of any kind. all we ask from you is your email address and username. and thats it. no other information is keept in our system."
One must immediately question a company whose customer facing copy appears in such a way.
"Hide your identity online and surf anonymous. When using our service you will be protected behind a encrypted tunnel and no traces can lead back too you"
Shouldn't that be "back to you"? Not back too you.
Furthermore, their domain is protected by WhoisGuard (Panama). If they (the people involved, not the servers) were sitting in Sweden this would be unnecessary (compare IPredator). The IP address behind the website points to the same Swedish datacenter(s) that the services surrounding The Pirate Bay use as well (Portlane). IPredator itself seems to have moved to Cyprus though.
Uppercase and underlined "anonymous" next to plain text passwords via email is just unprofessional.