Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

The SnitchMyAss/HideMyAss customer betrayal fiasco thread

Encouraging best practices in the VPN industry via independent, community-certified verification of clean installers and clean basic service operations. Let's reward the good, and make the bad a little bit less tempting 〰 github repo#cleanVPN
User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

The SnitchMyAss/HideMyAss customer betrayal fiasco thread

Postby Pattern_Juggled » Mon Jan 14, 2013 2:10 pm

{direct link: hidemyass.cryptostorm.org}


This is someplace to post the details - if anyone wants to dig in and re-document the whole sordid story.

A good way to know who isn't trustworthy is to see who actually cracks under pressure - for real, not just as a smear. And HMA surely did that. No question there.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: The HideMyAss "Hide My Asshat Snitching" Fiasco thread

Postby Pattern_Juggled » Mon Jan 14, 2013 2:17 pm

Can A VPN Offer 100% Anonymity?


In most instances using a Virtual Private Network (VPN) is quite sufficient to hide your online identity; however as Cody Kretsinger, who was using just one of these services, the UK based company Hide My Ass, had to find out, this might not always be the case. For the record, I do not condone illegal uses of VPN services or the Internet in general. So lets look at what happened:

In September 2011 the FBI arrested Cody Kretsinger, a 23-year old Phoenix resident and charged him with conspiracy and unauthorized impairment of a protected computer, the Sony Pictures website. According to Reuters, Kretsinger pleaded guilty to both charges and could face up to 15 years in prison. “I joined LulzSec, your honor, at which point we gained access to the Sony Pictures website”, Kretsinger, known online as “recursion”, told the judge after entering his guilty plea, as reported by Wire. LulzSec was considered a spinoff of Anonymus, a world-wide operating group of hacker-activists.

Earlier, in March 2011, the FBI had arrested a core member of LulzSec, Hector Xavier Monsegur, also known as “sabu”, who apparently turned into an informant for the FBI. In June hackers associated with LulzSec, allegedly including Kretsinger, hacked into SonyPictures.com and compromised personal information of more than 1 Million users. Sony Pictures had to notify 37,500 users that their personal info might be at risk.

London based Virtual Private Network provider Hide My Ass (HMA) appears to have played a vital role in Kretsinger’s arrest. Hackers assume fake online identities and go to great length to hide their location and other identifiable details for obvious reasons. A leaked IRC chat log revealed that hackers, including Kretsinger aka “recursion”, boasted about their illegal activities online and used HMA to conceal their identities.

It appears that the FBI traced a hack into Sony back to an IP address owned by HMA and promptly got a UK court order, demanding logs from HMA and incident HMA dubbed the “LulzSec Fiasco” in a post on their blog on September 23rd, 2011. When leaked IRC chat logs revealed that some LulzSec members used HMA to conceal their identities they didn’t take any action they state on their blog; however, later they made it clear that "Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences. They then went on to say that “We would also like to clear up some misconceptions about what we do and what we stand for. In 2005 we setup HMA primarily as a way to bypass censorship of the world-wide-web whether this be on a government or a corporate/localized scale. We truly believe the world-wide-web should be world-wide and not censored in anyway.” In later edits of this blog post they indicate that they do not log a user’s activity, just the log-on and log-off events, that they do this to identify abusive users, that they complied with UK law and finally, that there isn’t a UK law prohibiting them to aid Egyptian to access social networks, such as Twitter, which was blocked by that country’s government.

While I appreciate HMA addressing these issues openly rather than swiping them under the rug, like many other companies would have done, they do point to a serious flaw in the system. When you are selling a service that claims to protect a users privacy, hence identity, you can’t turn around later and reveal just that to authorities without appearing at least a little insincere.

Virtual Private Networks are used for many purposes, accessing blocked websites, accessing region restricted content, bypassing network filters, accessing Twitter, Facebook and Skype in countries that block such connections, or simpler applications like protecting your privacy when accessing a public Wifi spot and stopping your Internet Service Provider (or ISP) from snooping into your business.

It doesn’t take too much imagination to see that VPNs can also be used for outright illegal activities, copyright violations and hacking for example. All VPN providers know this and, while their terms and conditions always state that their services are not to be used for illegal activities, they derive a portion of their revenue from users who signed up for just that purpose, something all VPN providers are aware of.

As a VPN Service Provider your main selling points are privacy, anonymity, presence (as in how many countries you have IP addresses in) and speed. At the same time you are also running a business (if we neglect any hobbyists and non-profits for a moment) that was setup to make money, and as any legal entity you must comply with the laws and regulations of the country you are operating in. Many (if not most or even all) lease bandwidth and IP addresses from other providers, and abusive behaviors of their customers can easily jeopardize their business. Usually the term abusive behavior when used by a VPN service refers to bandwidth hogs, subscribers with (much) higher than average bandwidth usage, potentially slowing down the service for others. With speed being one of the main selling points it is easy to see why.

In response to the HMA LulzSec case, many VPN providers now quite prominently claim on their sites, that they don’t keep logs; yet many terms and conditions also alert users that they will investigate suspicious behavior, apparently referring to, what they consider to be, illegal activity. My question then is this: If a provider does not log your IP address and does not log your activity while using their system, how would they be able to investigate anything?

Please share your thoughts in the comments. In particular I'd love to see your thoughts regarding the following questions:

  • Do you use a VPN?
  • Do you really trust your VPN provider to keep your personal information confidential?
  • As a VPN provider, how do you protect your user’s privacy and identify abusive subscribers?
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

the lying DNI Clapper can't help but sigh a resigned sigh...

Postby Pattern_Juggled » Wed Jul 03, 2013 5:19 pm

People still pay Hide My Asshole for VPN service?

lolwut?

Image

It's a strange, strange world...
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

cryptostorm_admin
ForumHelper
Posts: 74
Joined: Tue Jan 01, 2013 5:43 pm
Contact:

Not for pr0n

Postby cryptostorm_admin » Mon Jul 22, 2013 9:42 am

The inestimable Pattern_Juggled has added some thoughts on 'Snitch My Ass' and the manner in which they've apparently mastered the shady "VPN review" website game - convincing these affiliate linkfarms to pimp them out as a top "privacy service," despite not only their history of betraying their customers but also their current - publicly stated - fawning enthusiasm for calling the cops on their own customers.

It's worth a read, if you've a few minutes to spare.

Edited to update CryptoCloud link to CryptoStorm. ~parityboy
cryptostorm_admin - a mostly-shared, admin team forum account (sort of a person, but also shared)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

Kantura
Posts: 7
Joined: Sat Apr 13, 2013 8:53 am

Re: The SnitchMyAss/HideMyAss customer betrayal fiasco threa

Postby Kantura » Fri Jan 03, 2014 8:09 pm

cryptouniversecovertest1-7.jpg

hidemyasscryptocomic.jpg
“Everybody’s a target; everybody with communication is a target.” -- NSA


Zol

Re: The SnitchMyAss/HideMyAss customer betrayal fiasco thread

Postby Zol » Sat Jan 24, 2015 12:09 am

What "hacker" would trust HMA in the first place. Personally I try to avoid commercialized VPNs, especially ones native to countries such as the UK and US

User avatar

Bottle 'o Rummm
Posts: 12
Joined: Thu Dec 18, 2014 9:14 pm

Re: The SnitchMyAss/HideMyAss customer betrayal fiasco thread

Postby Bottle 'o Rummm » Thu Jan 29, 2015 11:38 pm

Zol wrote:What "hacker" would trust HMA in the first place. Personally I try to avoid commercialized VPNs, especially ones native to countries such as the UK and US


So does everyone with common sense, but obviously the kid mentioned in the op lacked it.
Rum, obviously.


Return to “#cleanVPN ∴ encouraging transparency & clean code in network privacy service”

Who is online

Users browsing this forum: No registered users and 4 guests

cron

Login