What's new
  • Happy Birthday ICMag! Been 20 years since Gypsy Nirvana created the forum! We are celebrating with a 4/20 Giveaway and by launching a new Patreon tier called "420club". You can read more here.
  • Important notice: ICMag's T.O.U. has been updated. Please review it here. For your convenience, it is also available in the main forum menu, under 'Quick Links"!

OpenVPN - Peace of mind.

SubArctic7

SubArctic7

New member
I've done quite a bit of research over the years looking for the best way to keep my internet traffic secure and anonymous. I've tried and used many services, everything from proxies to ssh tunnels and I've been using an OpenVPN service from Perfect-Privacy for a while now and have been extremely pleased with it so far. FYI, I used to work in the networking field in the past (altho it changes and advances so damn fast) so this isn't a clueless newbs rant :)

These guys are the Nuts!! (if you play poker you know what I mean)

You can do an openvpn connection to one of their several servers around the world, then add a ssh tunnel to another servers squid proxy, and chain that to another servers socks 5 proxy. It can get pretty slow the more you chain it, but it's about as secure as you can get. Also, all their servers (according to them at least and I have been given no reason to doubt them) have highly encrypted hard drives on hardened Linux Servers and do not use any logging features at all.

I'd highly recommend service with http://www.perfect-privacy.com

Good luck and safe browsing/downloading.

Peace
 
I

idea

Member
so a vpn to an offshore server, an ssh tunnel, and a socks 5 proxy?
where are the squid proxy and the socks 5 proxy located and how do you have access to them? do you use some kind of free service?

i have been thinking about this topic a little and i don't know how to get a server or two somewhere that cannot be traced with money orders or something.
 
SubArctic7

SubArctic7

New member
The web address I provided can explain it much better than I can. Perfect-Privacy

The company Perfect-Privacy has servers around the world. When you have an account with them, you have access to all of their servers and services. You can pick which server or chain of servers you want to use every time you use the service. I change up which server I use now and then. One day I'll use the Moscow server, another day the Zurich, another day I'll use Plaza, or Hong Kong, etc..

It is not free, it's about €24.95 for one month, €49.95 for 3 months, or €149.95 for 12 months. Longer service contract, cheaper price. It is perfectly legal, you do not have to worry about sending cash or money orders, use your credit card. They do not log Any traffic and don't even have a logger installed on their system. So if any of their servers are confiscated for some reason, you have nothing to worry about.

btw, I am in no way associated with this company accept as just another (extreamly) satisfied customer. They don't know me from jack.

Happy surfing :jump:
 
E

eyes

Active member
Veteran
well cant the info sent back to the target location be translated or deciphered by the third party?also,your using another server to transmit your info to and fro,isnt that info recorded say in moscow?or cant that person hosting that server see the transmitting info?

anyone on a heads up that has networking/security skills on this subject please explain this in more depth than just the ad from the company?how is this taken to the next level beyond tor?
 
SubArctic7

SubArctic7

New member
eyes said:
well cant the info sent back to the target location be translated or deciphered by the third party?
Click to expand...

Info between icmag and the vpn/proxy server can be seen as it is not SSL encrypted same as using TOR. But would you be blathering your name and address or other identifying info here anyways? The point is to not be traced from icmag to your real IP.

also,your using another server to transmit your info to and fro,isnt that info recorded say in moscow?or cant that person hosting that server see the transmitting info?
Click to expand...

If the people running the server wanted to snoop, ya, they could. If the people programing for TOR wanted to do that, they could find a way as well. If icmag wanted to, they could as well. Lets say they snooped on everyones info, pass it on to whoever would want the info. How many customers would they have then? Not many. I used the service for downloading and seeding content that gets dmca slap downs before using it for here. One service I used previously actually sent me an email saying they got a dmca complaint after only 3 weeks of using it. Needless to say, I dropped them like a hot potato. Was a waste of money :/ In the end, you have to trust someone, icmag, TOR, Perfect-Privacy, Someone. If you didn't, you shouldn't be posting or even reading here. Like a king once said "Of course I'm paranoid, but am I paranoid enough?"

anyone on a heads up that has networking/security skills on this subject please explain this in more depth than just the ad from the company?how is this taken to the next level beyond tor?
Click to expand...

Getting more people with networking skills to comment would be great.

I worked in lvl 2 and 3 tech positions as well as management in/over IT departments. It is 4k+ encryption between you and the vpn server, no one, and I mean No one is decrypting that when done properly. To compare, the SSL encrypting you use to connect with your bank and CC company is 128 bit (https), this is 4096 bit. First you use preshared key and certificate encrypted communication with the server to establish a link/session, then the server and client make their own random key for the final link. This is the encryption the boys at the NSA would use. And they are paranoid enough to be put in straight jackets.

As for taking it to the next level beyond TOR? Can't give you authoritative info on that as I have not done deep research on TOR. Everything I know about TOR is second hand and brief overview of how it works. But from what I understand, it's top of the line for anonymity. Just low bandwidth which is fine for low bandwidth traffic like general web surfing. TOR would be great for using with things like icmag, but not torrents. Since I (and probably others) do both I use a high bandwidth service like this. Doing torrents is a great way to test a services anonymity as the RIAA/MPAA/RIAE and others like them are extremely aggressive at hunting down infringing file sharers. Another bunch that should be put in straight jackets...

The FAQ page for this service explains it in great detail.
 
G

gramsci.antonio

Active member
Veteran
never trust anyone with your sensible data.... it happened before that societies selling security services would have been found afterwards selling their data to the cops....

And i'm not speaking about some small shitty firm, i'm speaking about big corps like yahoo, or jap:

http://www.securityfocus.com/news/6779


so... if you want to be safe there's only one way: Do not connect.

Also because when using something like perfect privacy is by no mean safer: the LEO would sniff the ISP of icmag rather than yours (it's one line against thousands) and they can find your ip in the header of the packet... so you think you are safe but for LEOs it doesn't change a shit...


A good safety can be reach tough... trough several steps:

A) Steal the wireless connection. I use a wireless bridge, a 50$ antenna make me able to steal the connection of a guy in a house on the other side of my street.


B) Connect using SSL or TOR... Anyhow they have to be supported by the website: SSL need some software, TOR requires a site with low bandwidth request.... NOT LIKE ICMAG.
Moreover the site could make public their safety measure... so we can discuss about them... like using a ramdisk rather than regular disk (it's a top of the notch safety measure).
But i don't think the owner of this site is by any means interested in taking additional work for our privacy.... and this is sad.
 
G

gramsci.antonio

Active member
Veteran
SubArctic7 said:
If the people running the server wanted to snoop, ya, they could.
Click to expand...

and it happened before many time with closed source code.

If the people programing for TOR wanted to do that, they could find a way as well.
Click to expand...

no they can't. Open source code is peer reviewed, so anything odd would came immediately to the eyes of the community.

If icmag wanted to, they could as well. Lets say they snooped on everyones info, pass it on to whoever would want the info. How many customers would they have then? Not many.
Click to expand...

how could you know they are snooping traffic?

You can't, and even if you could, just like with jap, after a shortwhile people would forget and start using again your software.

I worked in lvl 2 and 3 tech positions as well as management in/over IT departments. It is 4k+ encryption between you and the vpn server, no one, and I mean No one is decrypting that when done properly. To compare, the SSL encrypting you use to connect with your bank and CC company is 128 bit (https), this is 4096 bit. First you use preshared key and certificate encrypted communication with the server to establish a link/session, then the server and client make their own random key for the final link. This is the encryption the boys at the NSA would use. And they are paranoid enough to be put in straight jackets.
.
Click to expand...


remember that always there can be a glitch in the software.... or in the algoritm.... or your hash keys could collide... and all this happens really often....
 
G

gramsci.antonio

Active member
Veteran
one more thing: you think you are safe, you take all the measures possibile, like a CIA undercover agent.

Then you open a page with a java applet, and it steals all your data.... and you're fucked up...

That's why i love icmag's link system... but with the latest windows (vista) even a jpg can steal your information... sigh :(


So, to be safe:

A) Use TOR
B) Steal the wireless
C) USE LINUX!!!! on a ramdisk if possible
D) disable javascripts... better: do not even install java!!!!
E) Add some random noise to you pics and remove exif data: if i have a low-compressed jpg and a camera, i can tell if that one was the camera which made the photo... this because every camera leaves a personal and unique fingerprint in the noise of the photo....
 
SubArctic7

SubArctic7

New member
It is very possible, even probable they do sniff icmag and other growing sites traffic. The only IP they will find is the proxy servers IP. Mine is stripped out on the first link to the vpn server, plus all traffic into the vpn server goes out of it using one IP. Then there is the proxy server after that as well, which uses one outbound IP for all inbound. I think I'm pretty safe. Not Perfectly safe. Only way to be perfectly safe is don't post or even visit these sites. I just try to make it way more complex and difficult for them to bother with me. If they Really want to get me, they probably could, but it will be a major bitch and take them a long time and a ton of man hours. More hours than they put into way bigger fish than me. I'm no big time dealer, just small fry that grows my own supply. Seriously considering a move to California, I easily qualify for a prescription. Only thing been holding me back is a damn good job here and all those fires and earth quakes over there. The BIG Quake is coming eventually, it's not a matter of if, just when. Not sure if I want to be anywhere near that :/

gramsci.antonio said:
and it happened before many time with closed source code.
Click to expand...

Good thing they run open source.

no they can't. Open source code is peer reviewed, so anything odd would came immediately to the eyes of the community.
Click to expand...

Steal DNS, poison update to clients... no one is safe. Pure safety doesn't exist. PP (perfect privacy) is vulnerable to the same thing btw.

You can't, and even if you could, just like with jap, after a shortwhile people would forget and start using again your software.
Click to expand...

Damn good point, won't/can't deny that.

remember that always there can be a glitch in the software.... or in the algoritm.... or your hash keys could collide... and all this happens really often....
Click to expand...

glitch=bug all software is vulnerable to that, open and closed source. But correct all the same. Still, look into Open VPN, with all the security features enabled like PP sets theirs up, its about as secure a connection as you can get anywhere. The best currently IMO.

one more thing: you think you are safe, you take all the measures possible, like a CIA undercover agent.

Then you open a page with a java applet, and it steals all your data.... and you're fucked up...
Click to expand...

Which is why you should have NoScript plug-in installed in Firefox, and Stealther to boot. But I trust icmag, if i didn't, I wouldn't post here and I let icmag scripts run.

That's why i love icmag's link system... but with the latest windows (vista) even a jpg can steal your information... sigh :(
Click to expand...

Totally agree, love their link system. Screw bleep bleep bleep vista and microsoft to boot. I run Linux, have not ran windows in many years, I don't trust them and their code sucks. (personal opinion)
So, to be safe:

A) Use TOR
B) Steal the wireless
C) USE LINUX!!!! on a ram disk if possible
D) disable JavaScript... better: do not even install java!!!!
E) Add some random noise to you pics and remove exif data: if i have a low-compressed jpg and a camera, i can tell if that one was the camera which made the photo... this because every camera leaves a personal and unique fingerprint in the noise of the photo....
Click to expand...

A) Won't deny TOR is good from what I have heard, not researched it enough to use it, after this discussion I believe I should.
B) I do, several AP's around me, couple are open, 1 uses wep (LOL), I switch between them, one is Real Slow so i don't really use it :/ But sometimes I do forget, usually when I'm really fried.
C) YES!!! I use a Linux virtual machine stored in a hidden True Crypt file inside a True Crypt file. ram drive would be more safe, but I use it for other stuff to. I like the way you think.
D) Again, Very good advice. NoScript plug-in, gotta love it.
E) All very good advice. I like how icmag strips all exif data on upload anyways. Catches me when I'm to stoned to remember :/ I never thought about adding noise. Glad you mentioned that. Will save at lower quality in future.

I'm not trying to argue with you (except on my IP being in header), you make very valid points and give good advice. Thx for the adding noise to jpegs trick :D

Peace
 
G

gramsci.antonio

Active member
Veteran
billy_big_bud! said:
hey gramsci, how do i get a wireless bridge?
Click to expand...

A wireless bridge is simply a wireless connection to a far spot, and it's done in two steps:

1) Get a wireless access: if you live in a condo in a crowdy city like new york, maybe you'll be lucky and you'll be able to find another wireless spot with your notebook. However if you're not lucky, or if you just want to improve the connection speed, you'll have to buy a new good antenna with an high gain. The gain measure how much noise the antenna can stand, thus imrpoving your speed or your maximum reach. You have two kind of antenna:
a) A omni-directional antenna, which is useful if you don't know where the signal come from

b) A directional antenna, which look like a satellite dish. It has WAY better performance, but you have to know the location of the spot. You could give a try by using a wireless scanner software, and moving your antenna little by little till you find a spot.

2) Breaking security. Your best bet is to find an unprotected spot, but maybe you won't be able. It's not so easy, so i will assume that you should be able to find an unprotected spot, anyhow on the internet you can find a lot of litterature on the subject.

Anyhow if you have a powereful nvidia graphic card, here's an interesting link: http://code.google.com/p/pyrit/

it's a project i've been interested lately, it's purely academic, anyhow it could be useful at the occurence.
 
G

gramsci.antonio

Active member
Veteran
SubArctic7 said:
It is very possible, even probable they do sniff icmag and other growing sites traffic. The only IP they will find is the proxy servers IP. Mine is stripped out on the first link to the vpn server, plus all traffic into the vpn server goes out of it using one IP. Then there is the proxy server after that as well, which uses one outbound IP for all inbound. I think I'm pretty safe. Not Perfectly safe. Only way to be perfectly safe is don't post or even visit these sites. I just try to make it way more complex and difficult for them to bother with me. If they Really want to get me, they probably could, but it will be a major bitch and take them a long time and a ton of man hours. More hours than they put into way bigger fish than me. I'm no big time dealer, just small fry that grows my own supply. Seriously considering a move to California, I easily qualify for a prescription. Only thing been holding me back is a damn good job here and all those fires and earth quakes over there. The BIG Quake is coming eventually, it's not a matter of if, just when. Not sure if I want to be anywhere near that :/
Click to expand...

Technically you're right, but there's a problem. Many years ago CISCO invented the nat translation to break trough the limitations of NAT. It is an protocol that allows people to communicate even if they don't have a public IP.

If they send you an udp packet and there's the right hardware, your computer will answer with its own identity (or the path to reach it).

The major transport layer protocols, TCP and UDP, have a checksum that covers all the data they carry, as well as the TCP/UDP header, plus a "pseudo-header" that contains the source and destination IP addresses of the packet carrying the TCP/UDP header.
Click to expand...

http://en.wikipedia.org/wiki/Network_address_translation#NAT_and_TCP.2FUDP

that's why stealing the connection it's so cool: they'll reach the hotspot, and not your pc :D

E) All very good advice. I like how icmag strips all exif data on upload anyways. Catches me when I'm to stoned to remember :/ I never thought about adding noise. Glad you mentioned that. Will save at lower quality in future.
Click to expand...

Just remember to add some noise rather than just compress, because you are trying to destroy a pattern rather than some data.
 
You must log in or register to reply here.

Latest posts

Latest posts

Top