marzametal wrote:I am interested in giving this a shot. I am just waiting for my payment for CC to clear before I can use CC as my VPN #1. I am currently looking at
which VPN providers really take anonymity seriously to figure out which will be my VPN #2.
That list is interesting. Here's the backstory, short version:
Years ago, the idea of doing a "no log" VPN service was heretical. When Cryptocloud was founded in early 2008, the founders decided to take a very public "no logging" stance. Nobody had done that previously, in the VPN market or as far as we know anywhere else in the network world. We took a great deal of heat for that (using the "we" here because Baneki was one of the founding members of the Cryptocloud project, and it fell specifically onto our team's shoulders to draft the first
Terms of Service from scratch).
Since then, "no logging" has become an empty marketing buzzword. There's dozens of VPN companies out there spouting off about "no logging," but if you look in their Terms of Service they
specifically state that they retain information and turn it over to LEO if requested - no subpoena required, nothing official, just a friendly "request" and these "no logging" VPN companies are dropping the dime on paying customers.
We're aware of one high-profile VPN company, who regularly gets on those "no logging" lists by spouting all the right words, but in a private conversation with a colleague stated flat-out that they log... and that they regularly turn over information to the FBI, secretly, upon request. Including logs. And, yes, including initiating realtime surveillance - #snitchware - on targets, if requested. No subpoena needed, no notification to the customer. No refund, either: they charge their customers money even as they're betraying them!
Anyhow, take those "no logging" marketing blurbs with a healthy handful of salt. It's very, very easy to copy and paste "no logging!!!!" into your website's html but much harder to actually
turn off logging in all systems, across a network, without error, and keep it turned off. Harder yet to resist pressure from LEO to "accidentally" turn logging back on, if requested, secretly.
Basically, you can tell the VPN companies that are "serious about privacy" because they're the ones that get targeted for
extra-legal harassment by the
U.S. Feds. Conversely, if a so-called privacy company has avoided involvement in any sort of public controversy, press smears against them, or outright conflict with law enforcement at some level or another... then there's a piece of the story that's not being told. Sorry, that's the way it works in the real world.
You look at lists like that, and ask yourself this: which of those companies would commit
"Privacy Seppuku" rather than betray their customers? Which has made any such commitment, publicly? None of them, sadly. They spout great words about how much "privacy" matters to them... but
read their Terms of Service, ffs! They say it right there, in black and white: we'll stab you in the back, dear customer, at the merest whiff of inconvenience to ourselves. And don't buy that "oh it's just legalese" crap - nobody writes that stuff into their website if they don't intend to use it to justify their customer betrayals in the future: "well, our Terms of Service say quite clearly that..."
Ahem. Apologies for the rant. We've just seen those lists turn into empty hype. The real privacy companies, the ones out on the front lines confronting the surveillance monstrosity on the battlefield, are often too damned busy to fuss around with TorrentFreak's beauty contests. It's a question of priorities. Every wonder why Hide My Ass has so effectively Googlebombed the results for "VPN" via Pagerank? Hint: it's not because they're investing their time and effort in building exceptional security technologies. We'd hire them for dirty SEO, sure - they kick ass at that. Protecting customers? Ahaha, that's
dark satire, surely...
1) Which VPN do I connect to first? (eg: CC VPN to the VPN I choose from the list, or vice-versa)
2) Is it possible to connect to a CC VPN twice? (eg: purchasing two accounts)
Topologically, using 2 accounts from the same provider (assuming at least one is paid for anonymously) works just as well as having separate providers. Yes, yes... there's a theoretical timing-based traffic analysis attack that a "rogue" VPN company could do in such a case, imputing via an incredibly tedious, manual procedure that those two VPN sessions are linked temporally... but not only has such an attack never happened, it's also far-fetched in terms of a host of practical considerations (if servers desynch time, even by a few hundred ms, then this timing attack becomes exponentially more complex until it's essentially an NP Complete task to solve with high confidence).
Years ago, our crew played around with "VPN over VPN" setups, as part of testing Sun's crypto acceleration hardware cards. It actually works, which is scary: if you know the tech fairly well, envision the amount of packet shuffling and crypto overhead that's taking place in a TCP-over-TCP wrapped session. <shivers> ...and then think of the error-checking, and the session-level stuff like packet ordering. Drop a packet and it's amazing the whole universe doesn't collapse in on itself. But it doesn't - it works.
That's what this stuff is, really: VPN over VPN. Wrap one VPN service
inside another VPN service, so that the tunnelled sessions embody a holarchic relationship with each other. That's distinct from "chaining" which is a serial configuration - and is, unfortunately,
associated with a number of snake-oil hucksters in the "VPN industry" who have pimped it for years as a solution to nonexistent problems... or just as outright honeypots for carders. So, fair warning there...
EDIT: I have been reading the following thread -
Manually preventing VPN DNS leakage in Windows, and would like to ask another question in relation to using a VPN within a VPN...
4) Will the "dnsfixsetup.exe" program run the 3 scripts for each connected VPN?
I might be misunderstanding this aspect. Start up PC. Connect to VPN 1. The scripts will be run. Load VM and connect to VPN 2. The scripts will run again? Maybe the scripts won't do anything when the 2nd VPN connects since everything has been set up when the 1st VPN connected...
All those tutorials for manually fiddling with Windows routing entries and/or metrics are, in my quite humble opinion, trouble on the hoof: they're complex enough to require fairly have networking expertise to do right, without error (at least CCNA level, basically) - and even so errors could happen and "fail open" with no way to be warned they're taking place.
Mostly, those "guides" have been collected here as a foundation on which the Leakblock project is based. Basically, all the existing "solutions" for preventing Windows leaks are dodgy, or complex, or incomplete... or all three. There's no good solution right now - but Leakblock addresses the issue in a way I think is structurally ideal.
Objects in mirror may appear larger than they are; your mileage may vary, etc.
Cheers,