Free VPN Providers

Article SOURCE as marked Free VPN Providers Virtual Private Network ('VPN')   VPN = "Virtual Private Network" = protection of:  online identity, privacy etc. Free VPN Services Free VPN services available (some listed below, as at 2013) What's Needed for VPN Online [subscriber VPN provider example used] 1  VPN Server linking up to VPN Provider end of the business, at different locations 2  VPN Protocols VPN provider uses:  secure, encrypted communications 'Tunnel' Looks like this is what the VPN provider does: "VPN creates a secure tunnel using most powerful VPN protocols – hides your original IP behind one of its own – encrypts all your communication and passes through the secure tunnel allowing you to surf the web freely and anonymously"  [https://hide.me/en/] The https://hide.me/en/ provider, for example, offers:   -- free web proxy   -- Get new digital identity  connect (via VNP servers / via 'encrypted tunnel')   -- assigned new online anonymous ID   -- actual IP address -- record reportedly not kept     -- for access to blocked websites (ie censored)   -- access to geo-restricted content   -- to surf the web anonymously   -- to encrypt whole internet connection   -- unblock Skype and other VoIP tools    -- chat - inside & outside of country location   -- ISP for real IP address sees:  unreadable encrypted traffic  [https://hide.me/en/] 3  Encryption Makes communications unreadable to all, other than the receiver. ISP for real IP address sees:  unreadable encrypted traffic. LINUX  -  Uh-Oh: *Ubuntu's integrated VPN client only supports PPTP which has known security issues, according to hide.me. Hide.me recommends:   OpenVPN IPsec IKEv2 (StrongSwan) for security & speed. Source https://hide.me/en/ FREE VPN PROVIDERS Info as at 2013: OpenVPN -- SSL/TLS based VPN -- provides high security & privacy *need to install open VPN client software to use OpenVPN service *does not work on mobile services HOWEVER:  works on Windows, Mac & Linus http://www.openvpn.net/ VPNBook = VPNBook = Romania-based = 100% free VPN service = advanced cryptographic techniques = free & secure PPTP & OpenVPN service access * Note:  PPTP has known security issues [as at 2013] = claims: do not collect any info or log any internet activity http://www.vpnbook.com/ SecurityKiss -- tunnel service -- ensures data security & privacy  -- redirects all your traffic through an impenetrable tunnel -- everything in the tunnel is encrypted http://www.securitykiss.com/ Get US VPN -- Free VPN service client -- service in Fast, Secure, Convenient -- from both USA & UK data centres http://www.websitevpn.com/ Tor Browser - Privacy Browser Tor Browser -- privacy / anonymising tool -- by 'bouncing your communications' -- around 'distributed network of relays' around world -- prevents successful surveillance of internet connection re sites visited -- prevents sites you visit knowing physical location -- permits access to blocked sites LINK | Tor Project Tor Browser sounds a lot like the above tools, I think. Not sure what the difference is. Check out the difference.  Difference noted section below. LINK | Post:  Tor vs. VPN ---------------------- ---------------------- COMMENT Got curious about masking online ID after downloading the WikiLeaks freebie book from Verso, and realising that my fake e-mail address and fake registration isn't much good when my online ID etc isn't masked.  Didn't think to use Tor, though.  Doh!  But because the Tor communication would have maybe been linked to the e-mail used, maybe that option wasn't as secure as it could be?  Not sure about that.  But I'm guessing a freshie e-mail might have been better than the temp sort of partitioned one.  LOL ...  I'm not really good at hiding. Being a tech dumb-dumb I didn't really know what I was supposed to do and, so far, I've been too lazy to make the effort to find out more about online privacy. Got onto  the above information in a round-about way, by following a trail from a comment about some download site, to references about 'Tor', 'Open Proxy' and VPN. Tor I'm good for, but I still haven't checked out 'Open Proxy' and I didn't really know what VPN was until today ... LOL.  If I came across it in my travels, I didn't take in the info or take an interest.  Not sure what this proxy stuff is about ... might have a look at some point.  In a rush now. The Romanian VPN:  would probably check to see what their relationship is like with the US before playing with that ... & probably keeping fingers crossed in case it's run by cyber crooks or something ... LOL.  Quick check indicates that VPNBook has been referred to in court discoveries and indictments against hactivist group members, by the look of this July 2013 article.  I've not read comments. OpenVPN sounds the best to me. Found out today that if you CTRL-C copy files and then delete the source of the files, you're left with nothing but a 'source not found' type message.  Lucky it was only a boring photo of my porridge breakfast (again) ... LOL. I Tor a little most days, but I'm still hooked on normal browsing. Reverted to Google search engine when I changed my OS (again) and stayed there because I was too lazy to find alternatives.  Due to Google's provision of assistance to US-led multiple state actor aggression in the Middle East, I've ditched Google for https://duckduckgo.com/ (doesn't track), but I find myself hopping back onto Google frequently, as it's hard adjusting to being somewhere else and scrolling through search engine data, sort of feeling like you might be missing out on something vital (or missing what you think is quick and easy detection of key info).  But in terms of the organisation overall, not too sure how reliable Google would actually be in that sense.  With the US state being embedded in Google and Google being in bed with the US state, they're probably hiding info from us instead of helping us find it.  ;) I'm over looking at this stuff:  OPSEC etc. might have to wait for another time.

TOR vs VPN | WHICH TO USE

Source The Tin Hat ... lol https://thetinhat.com/tutorials/darknets/tor-vpn.html   TOR vs VPN | WHICH TO USE Tor & VPN described as often conflated -- but Tor & VPN are different -- which is more suitable depends on context Essentially: Tor:  for activists & 'secret squirrels' / not for video downloads [caution:  not bullet-proof] vs VPN:  for (not vital) everyday anonymity / good for downloads VPNs -- take connection -- encrypt connection -- pass connection through server -- contact goes via VPN server to connection site sought -- ie:  it provides encryption & diversion of your online traffic A.     -- what you are doing & who you are connecting with not visible     -- eg. public wifi:  those watching get jumbled info sent to random server     -- same applies to Internet Service Provider (ISP) B. -- site visited does not know your geolocation (privacy enhanced)     -- this permits by-passing geographic restrictions on services Note: * what you do through VPN is know by operator of the VPN * VPN services claim not to log activity  but this is only a representation that may be dishonoured * eg. if VPN provider is issued with a court order for info on your activities * VPN provider would likely find some way to link your activity back to you * So:  VPN = good for low risk situations * BUT not so good for anonymity against a state actor Tor Browser -- works differently -- instead of connecting directly to server -- your connection is encrypted, bounced around x3 servers ('relays' or 'nodes') -- before being decrypted & sent to destination -- FIRST SERVER - knows your location -- SECOND SERVER - only knows data from FIRST SERVER -- THIRD SERVER - only knows that data from SECOND SERVER -- anonymity is provided as the third server cannot know origin of data -- majority of Tor servers not 'malicious' (do not log activity) -- nearly impossible to associate end-data of chain to origin -- very effective / takes significant state actor effort to de-anonymise -- bonus:  encryption by Tor to prevent - eg. ISP from seeing your traffic -- caution:  decryption at last server ('exit relay')  = point of vulnerability -- it is at this point your data can be spied upon -- therefore regular HTTP unencrypted connection relay of data (a no-no) -- can be read in its entirety at the exit relay by the operator of the exit relay -- however, using an add-on like HTTPS-Everywhere -- equals safely encrypted data -- with HTTPS even malicious server could not de-anonymise     * unless content contains personal info (email, name, address, etc)   COMMENT: I'm confused.  If HTTPS is supposed to be an encryption add-on -- how can a malicious server de-anonymise if personal data is included -- if encryption is supposed to be in place? -- makes no sense to me:  that's not encryption TOR - HIGHER SECURITY PRIVACY BROWSING ANONYMITY vs SPEED -- much slower than VPN -- but far better re anonymity -- avoid watching videos or downloading torrents -- bad for entire network & extremely slow -- best for high level anonymity needs -- eg. high threat levels = law enforcement scenarios -- journalists dealing w. sensitive sources, whistleblowers, political activists -- those living under oppressive state surveillance etc [comment:  all of us under US empire mass surveillance oppression ... LOL] -- use Tor if adversary is "more dangerous than a DMCA complaint" (copyright) -- promises provided by VPN companies = not enough. Use Tor. -- *do not treat Tor as if it were bullet-proof -- with enough time, de-anonymization is possible by agencies such eg. NSA -- using Tor = best bet, unless you are an NSA high-value target -- using tor for low bandwidth static sites helps 'populate' the Tor traffic -- & providing cover for those who need Tor for vital reasons -- note:  Tor is only an ANONYMITY TOOL -- without operational security (see OPSEC), anonymity tools rendered useless -- watch bad habits - can reveal ID to the motivated adversary -- keep torrenting to VPN -- VPN - EVERYDAY BROWSING PRIVACY -- VPN good for low-risk/bandwidth-heavy purposes -- VPN's are good for VIDEOS & TORRENTS task OPSEC -- operational security https://grugq.github.io/ The Grugq -- teach operational security (OPSEC) -- ie good security habits http://grugq.tumblr.com/ Source:  The Tin Hat https://thetinhat.com/tutorials/darknets/tor-vpn.html

Tor Vulnerability - Traffic Analysis Identifies Guard Servers

Vulnerability could make Tor, the anonymous network, less anonymous     by  Barb Darrow     @gigabarb July 29, 2015, 5:27 PM EDT The bad news; MIT and QCRI researchers found a vulnerability in the Tor network. The good news: they also found a fix. The Tor network—used by activists, journalists, law enforcement, and yes, criminals—is famous for cloaking web surfers’ identities and locations. And, apparently, it contains a vulnerability that poses a risk to all that protective anonymity, according to researchers at MIT and the Qatar Computing Research Institute (QCRI). The good (or bad) news—depending on how you view Tor— is they say they’ve also come up with a fix to the problem that they will demonstrate at the Usenix Security Symposium next month, according to an MIT News story “Shoring up Tor.” An estimated 2.5 million people—including journalists, political activists, terrorists or just consumers who don’t want to share their browsing histories with Facebook or other commercial entities—use Tor daily. And that is why the network is of keen interest not only to “repressive” regimes like Russia and Iran but to governments a lot closer to home, including our own. Not to put too fine a point on this, but one person’s activist could be another person’s terrorist, but I digress. DigitalTrends has a good description of the Tor basics:     Tor works by anonymizing the transport of your data. Like an onion, Tor encrypts the data you send through the web in multiple layers. Your data is then “relayed” through other computers. Each relay sheds one layer then finally arrives at the source in full form. The software bounces users around a network of open connections run by volunteers all over the globe. This prevents people from spying on your Internet connection and discovering sites you visit. Tor scrambles information that could pinpoint your exact physical location. By using a Tor-configured browser, the user enters her request, and it is automatically swaddled in those encryption layers and is sent it to the next, randomly chosen machine that runs Tor. This machine, called “the guard,” peels off the first encryption layer and forwards the still-masked request on until it finally reaches a randomly chosen “exit” machine that strips off the final layer encryption to reveal the destination. Only the guard machine knows the sender and only the exit machine knows the requested site; no single computer knows both. The network also offers “hidden services” that enable an activist to aggregate sensitive news reports and make them available to select users, but not the world at large. That is, the archive is not searchable or available on the public Internet. The creation of those collection points, which involves the building of what Tor calls a “circuit” of machines, offered the researchers a way to snoop on Tor. By connecting a ton of their own machines to the network and then analyzing traffic, they were able to identify likely guard machines. From the MIT report:     The researchers showed that simply by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit. Breaking Tor’s encryption wasn’t necessary.     Furthermore, by using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88 percent accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88 percent certainty, identify it as the service’s host. The researchers, including Albert Kwon, an MIT graduate student in electrical engineering and computer science, and Mashael AlSabah, assistant professor of computer science at Qatar University, and a QCRI researcher, said the fix lies in obscuring data traffic patterns to and from the guard machines in a way that renders such “traffic fingerprinting” ineffective. If the network sends around enough dummy packets so that all the data sequences look the same to prying eyes, problem solved, and anonymity remains safe. SOURCE http://fusion.net/story/175068/sorry-the-way-you-type-is-exposing-your-identity-online-even-if-youre-browsing-anonymously/ --------------------- COMMENT Tor anonymity browser: search/request via Tor browser, wrapped in encryption layers first server = random 'guard' server (knows where request came from) next server = does not know location of request or request final server = random 'exit' server knows the request no single server knows both location & search/request runs data via network of open connections / servers run by volunteers all over globe  So: scrambles info that could pinpoint your physical location anonymises the transport of your data encrypts the data you send (& relays through the web in multiple layers) each relay sheds one layer relay finally arrives at source in full form Thought this was interesting.  Imagine the Tor people are adapting to the fake packet fix, whatever that is.   My reference to 'server' should probably read 'node' in the Tor network, I would think.  ------- ------- ------- Data transferred by computer is sent via 'packets'.  Due to size constraints, data sent out is broken up and reassembled at the destination. TCP / IP TCP/IP protocols guide how data is sent TCP = Transmission Control Protocol (reliability of data / checks data for errors & resends if required)  IP = Internet Protocol (more direct 'step closer' transmission of data) TCP/IP = two separate protocol - used together Most common TCP/IP protocols: HTTP  - b/w client (ie browser) & server / non-secure data transmissions HTTPS - b/w client & server / SECURE data transmissions - eg. credit card transaction data or other private data   FTP - b/w two or more computers:  one computer sends data to (or receives data from) another computer DIRECTLY. web client =  browser web server = receives client/browser requests & relays data back to web client/browser These are just notes for my benefit.  Hoping I have the info. straight.  LOL    --------------------- MORE MIT researchers figure out how to break Tor anonymity without cracking encryption http://www.extremetech.com/extreme/211169-mit-researchers-figure-out-how-to-break-tor-anonymity-without-cracking-encryption Researchers mount successful attacks against Tor network—and show how to prevent them http://phys.org/news/2015-07-mount-successful-tor-networkand.html

Don't Get Angry: Encrypt

AUSTRALIAN DIGITAL RAPE BY BRADIS & CO Why people ignore data retentions many perils >> http://www.smh.com.au/business/why-people-ignore-data-retentions-many-perils-20150330-1m9gtb.html REMEDY Gnu Privacy Guard  (GnuPG aka GPG)  Encryption   https://www.gnupg.org/  http://en.wikipedia.org/wiki/GNU_Privacy_Guard Werner Koch caught my eye the other day, so I thought GnuPG (aka GPG) might be potential go-to encryption software. German, Werner Koch has authored this software based on open source GNU operating system software (by an MIT guy, Richard Stallman).  Being open source software is supposed to be a positive because it allows outsiders to spot vulnerabilities in code (I think). Werner Koch previously received grants from the German government (but they expired some time ago).  Koch is still kicking on, single-handedly patching the GnuPG program, but short on funding. TOR Anonymising  https://www.torproject.org/ Tor - Explained  .......................................................................... Tor originated with the US Navy and has received US govt funding.   Gee, even as I'm keying this in, Russian software is looking more and more appealing because I'm wondering if there's German backdoors in the encryption software and anticipating some NSA trick when it comes to the Tor anonymising software (see Silk Road FBI busts). I don't know enough to assess the merits of GnuPG or Tor (and wouldn't have a clue where to find Russian software), so this is pretty much it for the options (I think) ... except that you can use PGP (Pretty Good Privacy) instead of the GnuPG. Nope.  It looks like Philip Zimmerman has sold up, so GnuPG it is ... unless you're prepared to trust a US company:  Symantec. ...........................................................................  Photo: Alex Ellinghausen COPYRIGHT DISCLAIMER Copyright Disclaimer under section 107 of the Copyright Act 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education and research. Regarding the SMH article, 'rape by Bradis & Co' is my take rather than SMH's ... just so there's no confusion.  ;) That's pretty much what it is when everybody has been placed under state surveillance. State surveillance without cause or consent is an abuse of power.  To be the subject of such an abuse of power is to live in a prison state. The snail-mail version of this would have been going on back in the 50s and 60s, when the Australian govt was in full surveillance and political suppression and sabotage mode, to blot out the 'evil' of communism. But it isn't Russians and communists looking evil now; it's the totalitarian West. Instead of getting angry but then just accepting the inevitable prison population living conditions: a) use technology to secure privacy; & b) vote for non-mainstream politicians, rather than the corporate and US lackeys who have spent years spying on their own citizens (and nations abroad). Did a bit of a summary on encryption basics the other day ... but I think I've forgotten it already, so I'm going to have to start all over.  Intend to keep at it until I get some kind of feel and overview for privacy tech basics, from a consumer perspective.  Only I'm rather lazy ... The above links are just a starter and I don't really know what I'm on about, so it's best to do your own research. Discovered that free Russian e-mail services bypass the intrusions of freebie Western e-mail services.  English log-in is available. VIDEO GPG for Journalists - Windows edition | Encryption for Journalists | Anonymous 2013 from anon108 on Vimeo.