Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites!

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? LOOK NO MORE! EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | INSTANT SETUP & TONS OF FREE APPS | STARTING AT $5.00/MONTH!

  • Search By Author

Content Type


Forums

  • Invite Scene Official Information
    • Announcements
    • Suggestions and Ideas
    • Member Introductions
    • Competitions
  • Invite Scene Premium Membership
    • Make a Donation: Grab Your Premium Membership Now
  • Invite Scene VIP Giveaways & Requests
    • VIP Giveaways
    • VIP Requests
  • Invite Scene Official Store
    • Invite Scene Store: The Official Store for Private Torrent Invites
  • Invite Scene Marketplace
    • Premium Sellers Section
    • Buyer's Section
    • Trader's Section
    • Webmaster Marketplace
    • Service Offerings
    • Other Stuffs
  • Invite Scene Giveaways & Requests Section
    • Giveaways
    • Requests
  • Invite Scene Bittorrent World
    • Private Tracker News
    • BitTorrent World Discussion
    • Private Tracker Help
    • Tracker Reviews
    • Open Trackers
  • Invite Scene SeedBox Forum
    • Exclusive SeedBox Sellers Section
    • SeedBox Sellers Section
    • SeedBox Reviews
    • SeedBox Discussions
  • Making Money
    • Monetizing Techniques
    • Crypto Currency
    • Free Money Making Ebooks
  • Webmasters
    • Website Construction
  • Invite Scene General Topics
    • The Lounge
    • Movies, TV, and Videos
    • Melody, Harmony, Rhythm, and MP3
    • General PC Chat and Help
    • Security Hive
    • Guides and Tutorials
    • Gamers Hangout
    • The Graphic Design
  • Invite Scene Deal Disputes & Limitations
    • Deal Disputes
    • Archives

Categories

  • Bug Tracker
  • Suggestions Tracker

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Google+ Hangouts


Yahoo Messenger


Skype


Discord


AIM


ICQ


Interests

Found 19 results

  1. Site updates October 2020 October 19th 2020 Fix torrents_comments Fix comment link for torrents/collages Fix collage comment checking tool Fix torrent comment checking tool Fix tagmanager.js Fix tag manager Javascript tie-in Fix Javascript dererential loading Fix StyleName mapping Fix TPL function issues Final ChatPlugin fix Fix ChatPlugin Update torrent thanks Fix group cover image Update default database collation and character set Minor style tweak to feeds Fix latest forum posts layout Convert chat.php into Luminance Plugin Fix reported title addendum Fix layout of stats links on home page Add forums to stats and fix graph background rendering Move split_tags() to main_functions Better error handling in SetupPlugin Convert tag synonym to entity Make developer entity generation a little more robust Fix global typo of synomyn Fix typo in disabled_hits PM Convert user IP search query to prepared statement Fix torrent edit unlock Fix post counting for forum Fix donation address querying Remove old dead code from Repository class More fixes for readyToResend Harden ORM methods to throw better errors when data is passed incorrectly Fix display issues on security page Add webp to list of image extensions Add safety code for email history Safety code for column renames Even more cleanup for details page Fix thanks migration More cleanup to details page More cleanup of the torrent details page Modify styles to collect some common CSS code Reset BanReason when an account is enabled Add secure function to TPL service Fix access leak in staffpm tag Fix preview rendering restrictions Template torrent_username function Create Torrent and TorrentGroup Entities Fix username rendering on details page Cleanup details page Fix report comment restriction Migrate collages and torrents onto new comment system Change 'default' => 'NULL' to 'default' => null in entities Fix torrent comments Add comment restriction to requests too Fix holes in the restirction system for torrent and collage comments Add commenting restriction Move userpage template Minor fixes for torrent details page template Fix review status display on details page Add some logging to user inactivity disable in scheduler Tweak Plugins\SetupPlugin::updateStyles() Fix README typo Template torrent details page Fix bug in Stylesheet repo Remove redundant UFL function Update stylesheet system Create ORM Repository and Entity for bonus_shop_items Fix more SQL typos in scheduler Fix SQL typo in scheduler Fix potential apcu clash Increase top tags/contributors in collages from 5 to 10 Fix bug in SetupPlugin::update() Remove unnecessary DB queries from thread moderation Fix forum thread title handling during split/merge Fix bug in Services/Cache::enable() Fix some Javascript issues Perfromance fix for userpage loading as a regular user Improve debug tools Add TPL::static() method to access static members from templates Better template debugging Fix debug flags Add links to Security Logs and Disabled Hits tools Fixup references to users_history_ips Slightly better implementation for dupe limit Fix bug in main_functions.php:getStaffPMSubject() Upgrade IP history table and migrate data Remove errant space from new post(s) text Improve PHP ParseError error logs Fix bug in Forum enitity Fix forum management category dropdown Add capability to enforce unique torrents Cleanup tools page generation Fix prune tables A few more IP history fixes for linked functions Fix bugs in IP history queries Fix IP history recording Minor bugfixes Fix a couple of typos in entities Fix bug in configure for settings Fix permissions for presentation cloning Better error messages for repository errors Fix TagList parsing during presentation clone Allow staff to clone torrents Add ability for uploader to clone presentation Filter out radiance rejections form the logs Add user_info.AdminComment to URL rewriter fields Add extra debug to Core\Repository::save() Update Entity: rintState() to return string rather than output directly Fix IP history bug for 2FA users Fix column sorting in notifications page Improve DB error message Add a cast to array to avoid warning in main_functions.php::display_array() Big cleanup in scheduler Extend forum token timeouts to 24 hours (default) Fix a couple of minor warnings Remove Legacy table definition for invite_tree Fix stupid bug in Entities where circular virtual attributes would crash the system Fix result index in Legacy InviteTree Fix pagination on invite trees Another little tweak there Minor HTML tweak for invite tree Paginate invite tree Skip users already in the tree A few improvements to the InviteTree generation Clarify cover image error message Update invite tree render logic Fix bug in invite tree generation Correct rebuilding of invite trees and invite tree management Also include the actual fix for those null attributes Prevent entities from locally caching null attributes Remove unnecessary repositories Introduce Entities/InviteTree Cleanup DeveloperPlugin a little Cleanup automagic attributes in Entities\User Smarter entity handling Some more cache handling Remove dead code from Core/Repository::loadFromCache() Fix display of user flow graph in StatsPlugin Remove error.php Legacy endpoint Better path checking in LegacyPlugin Small tweaks to ForumPlugin Fix log parsing Better cache key for invites Fix issue in InviteManager Fix another bug in client repo Fix bug in client repo Add user dropdown to inbox Fix styling issue in Sarandafl theme Fix styling issue in Hempornium theme Add error catching to automatic IP range bans Fix styling issue in Rochelle theme Fix more caching issues Fix a bunch of caching issues Fix typo in Auth service Fix caching for new users Migrate old constant to new Luminance setting Tweak StaffPM styling Trying to fix user dropdown in PMs Fix afterdark colors in user dropdown Wrap post preview just as the actual content would be Fix comment history arrow text Fix comment history clickable arrow Fix readability of New! in Post History Fix Subscribe/Unsubscribe links in post history. Fix donation page styling Fix post edit/revert logic for Forums Fix email repository->get caching Fix empornium style Migrate post editing and reverting to Luminance Forum Plugin Set a cache expiry in Core/Repository::get() Fix another typo in Core/Repository.php Update styles ready for new forum post control HTML Define $user variable before accessing it in ForumPlugin Fix getUserName() common function Fix typo in Core/Repository.php Fix catchup logic Slight performance improvement for forum unread logic Cleanup some language in Forum templates Refine the unread post count logic Remove automatic query caching Avoid loading a stupid number for forum posts to get the unread count Meh, probably a better solution, but ugly! Yuk! Make New! green for modern style as well. Clarify post icons with hasUnread() function Slight performance boost Reintroduce the (New!) tag to forum post histories Fix staff multi-voting Fix post history viewing for users and thread subscriptions from post history page Add option to delete poll Migrate poll moderation to Luminance Forum plugin Migrate change vote function to Luminance Forum plugin Migrate add/remove poll option to Luminance Forum plugin Migrate poll voting to Luminance Forum plugin Fix poll indexes Fix dupechecker's reference to known file types datastructure Move staff_poll template into forum snippets Update forum rules edit link Use cache when loading thread details for rules Migrate forum rule to Luminance Forum Plugin Add tooltips to filetypes Fix ebup file typo Remove '.ogg' from list of video file extensions Silence HIBP errors for now Migrate filetypes to new system with SVG icons Cleanup subscriptions a bit Migrate post history to TWIG template Remove unnecessary loop in forum search Rewrite URLs for the recent forum posts tool Improve query performance for recent forum posts tool Also link to thread from all forum posts Migrate recent forum posts to Luminance Forum Plugin Refuse to accept uploads with hidden files/folders in the root Migrate forum management tool to Luminance Fix version of the link rewriter... I hope Update link rewriters a little Update unread posts links Extend token acceptance time to 2 hours for new threads and replies Fix stats pages Whoops, PHP doesn't use TWIG syntax... obviously Fix layout issue on subscriptions page Rework post merging Final two check_perms instances Refactor TWIG templates to use auth.isAllowed instead of legacy check_perms Trim dead code from takereport.php Ensure we can resolve ASNs in AuthenticationPlugin Get lastRead status directly from repository in ForumPlugin Fix links on forum subscriptions page Restyle subscriptions page a little more Restyle forum subscriptions some more Fix CSS classes on hidden forum subscription posts Migrate forum subscriptions to TWIG template Improve BBCode cleanup function and remove dead Legacy forum endpoints Migrate forum reply to Luminance Fix BBCode table transparency in rochelle theme Ensure IPs are handled correctly and checked for existence by the security repo Migrate a bunch of old service/repo accesses to native Add cache service to AuthenticationPlugin Rework forum subscription SQL Disable scheduled tag recount for now Derp Cleanup some leftover quotes in the upload logic Filter dupecheck on non zero unique matches instead of non empty dupelist Add easier link to MFD reason editor Fix the username filter on the userpage too Remove username filtering from moderation endpoint Normalize line endings during edit as well as upload Place tag auto-complete hover div vertically on caret Ensure that errors thrown during post deletion are rendered as JSON Fix BBCode error rendering Fix time functions Fix association of blank vote to the correct radial select Upgrade the decode filter for TWIG Well dammit that was stupid Okay, straight conversion won't work... need to decode Catch numeric entities in the title conversion as well Convert forum thread titles Fix ratiowatch message on userpage Fix forum post deletion bug Whooopsies Add site option to control automatic post timelock Tweak thread/forum HTML layout Fix afterdark CSS issue Fix cache bug in public requests Fix pinned posts Use a different strategy for normalizing line endings Migrate forum post delete to Luminance function Remove remnants of StickyPostID DB column God dammit, spoke too soon... Another final fix for sticky post migration Final fix for sticky post migration Add pernament version index to torrents_files Actually start recording the torrent file version Fix sticky post migration queries Migrate forum sticky posts to Luminance Flag Even better message length control Remove extra space from reportv2 announce message Allow code inside automatic codeblocks to wrap Fix promotions to *NOT* promote warned users Automatically handle code blocks correctly Update prism to 1.20.0 Fix typo: had an extra space in the regex Remove extra space from report announce message Slight code layout tweak Limit IRC announce taglist to 256 characters Use corrected tags for torrent announcements Fix autodl regex typo for size Integrate previous regex cleanup from autodl upstream Fix a minor typo in the luminance.tracker file Update announce pattern Remove the unnecessary space after 'anon' Add Irker announce for other reports Add Irker announce for torrent reports Fix anon username handling for staff uploads (shouldn't be happening, but for completeness) Prevent Irker errors from halting the upload process Fix dupe reports Fix stupid bug in Legacy forum code Remove almost all references to db_string from legacy forum code Fix code style in Articles plugin Minor tweak to irker options text Fix tag uses count regeneration query Minor tweaks to tracker and irker services Fix tag count recalculation batch query Migrate irker config to site options Fix 6 digit unicode characters in the DB class functions First cut of Irker integration Require both username and email address for account reactivation. Fix public page CSS for next version of Chrome Add reactivate to login watch filter Fix linked panel link/unlink Cleanup SQL in badge award scheduler Fix mass award bug Switch tracker comms to cURL Fix user dupes comment autoescapeing Fix warning status in username template Fix performance info display Fix page layout on the user search page Catch SystemError from failed peer history migration Modify the way exceptions are handled in the DB Service Update the bbCode replacement columns Fix broken references to Secretary::getHttpRemoteFile() Fix Secretary::checkRemoteUpdate() Extend public request checking to summoned status Fix SQL error in main_functions.php::getForwardedPostData() Fix scheduler performance issue Migrate Password and Passkey histories into IPv6 capable entities Fix imagehost whitelist links Migrate some Legacy tables to Entities Extend deduplication checker to unique indexes Forgot to add public request users to the tracker... ooops A few IP bans tweaks Use the cached repository version of imagehost whitelist everywhere Fix Automated ban "Reason" Reduce IPv4 range bans from /16 to /24 A few fixes in the scheduler Add unique index to ips Add ip table deduplication Fix automated IP range bans and extend to cover IPv6 Even better IP ban searching Fix IP ban search Fix Summary.txt for bookmark collector function Fix disabled hits message format Fix broken reference to Entities\IP::getRange() Update GeoPHP to a better fork and fix distance calculation More SQL filtering for IP migration Fix iterating on empty array rather than null object Improve IP migration queries Add legacy IP migration to SetupPlugin Fix broken references to IPRepository::getOrNew() Fix last activity in public request manager Update the request flood system to include reactivations Add Text class work-around to Articles plugin Fix broken references on user security page Why did that JS end up using tabs instead of spaces? Silly editor. Maybe a better jQuery work around Fix broken references to Restriction::isWarning() Fix request pagination layout Add pagination to public requests Make reports per page configurable Reverse order of old public requests Add public requests stats Add Summon option to reactivation requests Someone forgot to add a WHERE condition in that query... tut, tut, tut. Fix broken referneces to RestrictionRepository::checkUser() Fix broken references to Restriction::getRestrictions() Fix dupe linking in public requests manager Fix cache handling for public request count Fix poll label associations Fix errors if geoip cannot be resolved to a location Add public reactivation request Fix articles pretty links generation Add articles link rewriter Move user dupes to a less shitty place Move articles endpoint to articles/view Add inactivity exception to users being enabled Fix SQL type in main_functions.php Minor formatting fix in Entities::GeoLite.php Minor JS formatting fix Fix auto subscribe on new thread creation Update some DB queries is main_functions.php Fix main_functions.php::delete_torrent() Fix broken reference to InviteRepository::diableCache() Fix broken reference to EmailManager::sendConfirmation() Fix broken reference to Auth::twofactorEnable Fix broken reference to Auth::twofactorDisable() Fix broken references to Render::forumSelect() Update site options Fix legacy redirects Fix slot machine print_payout_table() Fix the slotmachine... fucking global variables! Fix typo in main_functions::update_site_options() Fix broken reference to Auth::twofactorCreateSecret() and Auth::checkPassword() Fix broken reference to Auth::setPassword() Fix broken reference to Stlesheet::getFilename() Fix broken reference to Guardian::logReset() Rewrite most of poll_mod.php Fix forum post delete An even better fix Fix bug in thread moderation Fix broken references to sendEmail() Fix src for default avatar on subscriptions page Fix broken reference to Guardian::logDisabled() Fix broken reference to ORM::getTableSpecification() Fix broken reference to RestrictionRepository::checkRestricted() Fix broken references to Guardian::logAttempt() Fix references to heavyInfo() Fix two factor authentication Fix broken class member reference Rename twofactor templates Ninja patches from live site Fix email blacklist check Huge code cleanup for legacy globals Some cleanup from PHPSTAN Cache per-user invite status Fix header check in Core\Request::setHttpHeaders() Even more caching in the forum magic access members Fix forums and improve performance Fix calls to UserRepository::getByUsername and EmailRepository::getByAddress Fix Secretary::createClient() SteupPlugin improvements and fixes Fix table migration PDOException Fix ORM typo Enormous code cleanup + torrent edit history Rename plotly fetch to update Move tools out of Render service into plugins Fix coding violations in the Articles Plugin Minor updates to tracker stats tool Article management functions moved to Article Plugin Better regex for dynamic image resizing Fixes for user poll display and some improvements to staff polls (still not ready, may delete) Add check in getStaffPMSubject that a StaffPM was actually loaded Even stronger protections on the upload_handle Legacy endpoint Only log tracker errors if debug mode is off Add tracker connection timeout and better log messages Update tracker stats tool Fix missing define in Legacy secton userhistory/ip_history_raw.php Fix tools menu order Update tools links with new Articles tool URL Add getClassByLevel() function to PermissionsRepository Fix help search and remove Legacy articles.php endpoint Move articles manager tool into ArticlesPlugin Update a bunch of legacy queries in main_functions.php Update reports code a bit Replace newlines in SQL with CHAR() function calls Fix potential math error in collages/add_torrent Filter out blank tags Fix potential array access error in Services/Render Fix potential array out of bounds issue in Validation class Convert articles section into a Luminance Plugin Change key from forums to forum for forum opensearch Extend AutoIncrement ID column for xbt_snatched and xbt_peers_history tables to 64bit integer Fix missing include for InputError in Crypto service Improve error log messages for failed DB queries Remove unnecessary included response types from SandBoxPlugin Clean up the layout in ForumPlugin a little Enhance entity generation from Developer plugin Enable anonymous repositories A better, more programatic way to build the regex filter list Escape smileys before regex filtering Convert User sandbox to a Luminance plugin Fix basic search rate limit exemption for Staff Minor refinements in getStaffPMSubject() Also allow users to see the pretty links if it's their StaffPM Minor tidy-up in the poll vote code Add StaffPM pretty links Forum poll votes is getting cleared somehow Fix the Dupe PM AGAIN! Tweak CSS to prevent signatures stretching posts out Fix featured poll logic Fix thread layout for polled threads Fix show votes logic in forum polls Fix taglist overflow wrapping Fix list margins Tweak poll vote logic to handle cache clearing better Fix forum search SQL bug Another long line CSS tweak Tweak overflow behavior for long lines Small tweak to light theme Fix list dot centering Tweak afterdark unread PM background color I derped the signature validation Fix minor bug in MFD message Fix invite display in advanced search Fix post link for unread posts page Some template tweaks for unread posts page Some tweaks to the unread posts page Old Gazelle cookie class is probably not needed anymore. Can't find where it was being used... Remove vestigial google chart Fix dupecheck to ensure it doesn't confuse filenames with filesizes Fix torrent report anti-ninja Fix dupe report PM SQL error Rework IP ban editing Refine the SQL query in user/linkedfunction.php::user_dupes_table() Minor cosmetic changes to the user settings page Enforce max signature and torrent signature weight Derp Add divide by zero protection to display_dupes.php Add checks for output of parse_url in main_functions.php::validate_imageurl() Catch RangeError thrown by DCrypto library Well, users can quote so that tag is probably useless. Fix unquoted constant in mod_thread.php Fix extraneous escape characters in auto-filled torrent title (from folder) Fix unsafe foreach in UserRank.php Fix unquoted constant Remove unnecessary function Fix total size header on user torrent pages Fix catcup link on unread forums page Fix the bitstamp ticker URL for BTC/EUR Fixup the donation page a little more Fix uninitialized variable warning in Text class Add some error checking code to the donations page BitcoinAverage now wants an API key... fuck that Do not silence tracker communication errors Rework the freeleech logic a bit to avoid type warnings Minor tweak to BBCode parser Collapse all output buffers before starting a ZipStream download Update URL validation regex Fix minor bug after BBCode parser redesign Fix PHP non-object warning on a new install's configuration Major refactor of the BBCode parser's inline regex logic Fix the thread renaming when trashing... shouldn't be forum title at all Fix trashing bug in forums Fix last read bug Fix dupe mass PM wording Fix anon username issue Fix bug in mod_thread when moving locked threads Cleanup some assumptions Rework the sitewide freeleech/doubleseed controls Extend the permissible length of URLs (bytesize), for some reason mb_strlen isn't working here Better URL parsing error messages from the text class Extend PFL/PDS options to include 4 weeks Add DocBlock for returnJSON() error function Fix missing variable in Text class Rearrange Error messages for exceptions Even better error messages... maybe Update error handling a little Fix never logged in users not being disabled Increase size of restriction comment Improve restriction notes Fix performance issue in forum subscriptions page Fix improper generic exception handling Rework the Legacy error integration a bit Fix the make default query string logic... wow, that's been broken a long time. :\ Fix smileys Fix Gazelle error rendering Fix torrent data inspection pages Fix torrent comment quoting Convert Gazelle users calls to Luminance in Legacy Text class Fix torrent stats tool Update torrent stats tool Fix the clear new issue Some cleanups Fix legacy login issues Fix login redirect for unlogged users Fix error handling for legacy pages Fix subscription cache handling Tweak escaping for the updated create_thread function
  2. Site updates October 2020 October 19th 2020 Fix torrents_comments Fix comment link for torrents/collages Fix collage comment checking tool Fix torrent comment checking tool Fix tagmanager.js Fix tag manager Javascript tie-in Fix Javascript dererential loading Fix StyleName mapping Fix TPL function issues Final ChatPlugin fix Fix ChatPlugin Update torrent thanks Fix group cover image Update default database collation and character set Minor style tweak to feeds Fix latest forum posts layout Convert chat.php into Luminance Plugin Fix reported title addendum Fix layout of stats links on home page Add forums to stats and fix graph background rendering Move split_tags() to main_functions Better error handling in SetupPlugin Convert tag synonym to entity Make developer entity generation a little more robust Fix global typo of synomyn Fix typo in disabled_hits PM Convert user IP search query to prepared statement Fix torrent edit unlock Fix post counting for forum Fix donation address querying Remove old dead code from Repository class More fixes for readyToResend Harden ORM methods to throw better errors when data is passed incorrectly Fix display issues on security page Add webp to list of image extensions Add safety code for email history Safety code for column renames Even more cleanup for details page Fix thanks migration More cleanup to details page More cleanup of the torrent details page Modify styles to collect some common CSS code Reset BanReason when an account is enabled Add secure function to TPL service Fix access leak in staffpm tag Fix preview rendering restrictions Template torrent_username function Create Torrent and TorrentGroup Entities Fix username rendering on details page Cleanup details page Fix report comment restriction Migrate collages and torrents onto new comment system Change 'default' => 'NULL' to 'default' => null in entities Fix torrent comments Add comment restriction to requests too Fix holes in the restirction system for torrent and collage comments Add commenting restriction Move userpage template Minor fixes for torrent details page template Fix review status display on details page Add some logging to user inactivity disable in scheduler Tweak Plugins\SetupPlugin::updateStyles() Fix README typo Template torrent details page Fix bug in Stylesheet repo Remove redundant UFL function Update stylesheet system Create ORM Repository and Entity for bonus_shop_items Fix more SQL typos in scheduler Fix SQL typo in scheduler Fix potential apcu clash Increase top tags/contributors in collages from 5 to 10 Fix bug in SetupPlugin::update() Remove unnecessary DB queries from thread moderation Fix forum thread title handling during split/merge Fix bug in Services/Cache::enable() Fix some Javascript issues Perfromance fix for userpage loading as a regular user Improve debug tools Add TPL::static() method to access static members from templates Better template debugging Fix debug flags Add links to Security Logs and Disabled Hits tools Fixup references to users_history_ips Slightly better implementation for dupe limit Fix bug in main_functions.php:getStaffPMSubject() Upgrade IP history table and migrate data Remove errant space from new post(s) text Improve PHP ParseError error logs Fix bug in Forum enitity Fix forum management category dropdown Add capability to enforce unique torrents Cleanup tools page generation Fix prune tables A few more IP history fixes for linked functions Fix bugs in IP history queries Fix IP history recording Minor bugfixes Fix a couple of typos in entities Fix bug in configure for settings Fix permissions for presentation cloning Better error messages for repository errors Fix TagList parsing during presentation clone Allow staff to clone torrents Add ability for uploader to clone presentation Filter out radiance rejections form the logs Add user_info.AdminComment to URL rewriter fields Add extra debug to Core\Repository::save() Update Entity: rintState() to return string rather than output directly Fix IP history bug for 2FA users Fix column sorting in notifications page Improve DB error message Add a cast to array to avoid warning in main_functions.php::display_array() Big cleanup in scheduler Extend forum token timeouts to 24 hours (default) Fix a couple of minor warnings Remove Legacy table definition for invite_tree Fix stupid bug in Entities where circular virtual attributes would crash the system Fix result index in Legacy InviteTree Fix pagination on invite trees Another little tweak there Minor HTML tweak for invite tree Paginate invite tree Skip users already in the tree A few improvements to the InviteTree generation Clarify cover image error message Update invite tree render logic Fix bug in invite tree generation Correct rebuilding of invite trees and invite tree management Also include the actual fix for those null attributes Prevent entities from locally caching null attributes Remove unnecessary repositories Introduce Entities/InviteTree Cleanup DeveloperPlugin a little Cleanup automagic attributes in Entities\User Smarter entity handling Some more cache handling Remove dead code from Core/Repository::loadFromCache() Fix display of user flow graph in StatsPlugin Remove error.php Legacy endpoint Better path checking in LegacyPlugin Small tweaks to ForumPlugin Fix log parsing Better cache key for invites Fix issue in InviteManager Fix another bug in client repo Fix bug in client repo Add user dropdown to inbox Fix styling issue in Sarandafl theme Fix styling issue in Hempornium theme Add error catching to automatic IP range bans Fix styling issue in Rochelle theme Fix more caching issues Fix a bunch of caching issues Fix typo in Auth service Fix caching for new users Migrate old constant to new Luminance setting Tweak StaffPM styling Trying to fix user dropdown in PMs Fix afterdark colors in user dropdown Wrap post preview just as the actual content would be Fix comment history arrow text Fix comment history clickable arrow Fix readability of New! in Post History Fix Subscribe/Unsubscribe links in post history. Fix donation page styling Fix post edit/revert logic for Forums Fix email repository->get caching Fix empornium style Migrate post editing and reverting to Luminance Forum Plugin Set a cache expiry in Core/Repository::get() Fix another typo in Core/Repository.php Update styles ready for new forum post control HTML Define $user variable before accessing it in ForumPlugin Fix getUserName() common function Fix typo in Core/Repository.php Fix catchup logic Slight performance improvement for forum unread logic Cleanup some language in Forum templates Refine the unread post count logic Remove automatic query caching Avoid loading a stupid number for forum posts to get the unread count Meh, probably a better solution, but ugly! Yuk! Make New! green for modern style as well. Clarify post icons with hasUnread() function Slight performance boost Reintroduce the (New!) tag to forum post histories Fix staff multi-voting Fix post history viewing for users and thread subscriptions from post history page Add option to delete poll Migrate poll moderation to Luminance Forum plugin Migrate change vote function to Luminance Forum plugin Migrate add/remove poll option to Luminance Forum plugin Migrate poll voting to Luminance Forum plugin Fix poll indexes Fix dupechecker's reference to known file types datastructure Move staff_poll template into forum snippets Update forum rules edit link Use cache when loading thread details for rules Migrate forum rule to Luminance Forum Plugin Add tooltips to filetypes Fix ebup file typo Remove '.ogg' from list of video file extensions Silence HIBP errors for now Migrate filetypes to new system with SVG icons Cleanup subscriptions a bit Migrate post history to TWIG template Remove unnecessary loop in forum search Rewrite URLs for the recent forum posts tool Improve query performance for recent forum posts tool Also link to thread from all forum posts Migrate recent forum posts to Luminance Forum Plugin Refuse to accept uploads with hidden files/folders in the root Migrate forum management tool to Luminance Fix version of the link rewriter... I hope Update link rewriters a little Update unread posts links Extend token acceptance time to 2 hours for new threads and replies Fix stats pages Whoops, PHP doesn't use TWIG syntax... obviously Fix layout issue on subscriptions page Rework post merging Final two check_perms instances Refactor TWIG templates to use auth.isAllowed instead of legacy check_perms Trim dead code from takereport.php Ensure we can resolve ASNs in AuthenticationPlugin Get lastRead status directly from repository in ForumPlugin Fix links on forum subscriptions page Restyle subscriptions page a little more Restyle forum subscriptions some more Fix CSS classes on hidden forum subscription posts Migrate forum subscriptions to TWIG template Improve BBCode cleanup function and remove dead Legacy forum endpoints Migrate forum reply to Luminance Fix BBCode table transparency in rochelle theme Ensure IPs are handled correctly and checked for existence by the security repo Migrate a bunch of old service/repo accesses to native Add cache service to AuthenticationPlugin Rework forum subscription SQL Disable scheduled tag recount for now Derp Cleanup some leftover quotes in the upload logic Filter dupecheck on non zero unique matches instead of non empty dupelist Add easier link to MFD reason editor Fix the username filter on the userpage too Remove username filtering from moderation endpoint Normalize line endings during edit as well as upload Place tag auto-complete hover div vertically on caret Ensure that errors thrown during post deletion are rendered as JSON Fix BBCode error rendering Fix time functions Fix association of blank vote to the correct radial select Upgrade the decode filter for TWIG Well dammit that was stupid Okay, straight conversion won't work... need to decode Catch numeric entities in the title conversion as well Convert forum thread titles Fix ratiowatch message on userpage Fix forum post deletion bug Whooopsies Add site option to control automatic post timelock Tweak thread/forum HTML layout Fix afterdark CSS issue Fix cache bug in public requests Fix pinned posts Use a different strategy for normalizing line endings Migrate forum post delete to Luminance function Remove remnants of StickyPostID DB column God dammit, spoke too soon... Another final fix for sticky post migration Final fix for sticky post migration Add pernament version index to torrents_files Actually start recording the torrent file version Fix sticky post migration queries Migrate forum sticky posts to Luminance Flag Even better message length control Remove extra space from reportv2 announce message Allow code inside automatic codeblocks to wrap Fix promotions to *NOT* promote warned users Automatically handle code blocks correctly Update prism to 1.20.0 Fix typo: had an extra space in the regex Remove extra space from report announce message Slight code layout tweak Limit IRC announce taglist to 256 characters Use corrected tags for torrent announcements Fix autodl regex typo for size Integrate previous regex cleanup from autodl upstream Fix a minor typo in the luminance.tracker file Update announce pattern Remove the unnecessary space after 'anon' Add Irker announce for other reports Add Irker announce for torrent reports Fix anon username handling for staff uploads (shouldn't be happening, but for completeness) Prevent Irker errors from halting the upload process Fix dupe reports Fix stupid bug in Legacy forum code Remove almost all references to db_string from legacy forum code Fix code style in Articles plugin Minor tweak to irker options text Fix tag uses count regeneration query Minor tweaks to tracker and irker services Fix tag count recalculation batch query Migrate irker config to site options Fix 6 digit unicode characters in the DB class functions First cut of Irker integration Require both username and email address for account reactivation. Fix public page CSS for next version of Chrome Add reactivate to login watch filter Fix linked panel link/unlink Cleanup SQL in badge award scheduler Fix mass award bug Switch tracker comms to cURL Fix user dupes comment autoescapeing Fix warning status in username template Fix performance info display Fix page layout on the user search page Catch SystemError from failed peer history migration Modify the way exceptions are handled in the DB Service Update the bbCode replacement columns Fix broken references to Secretary::getHttpRemoteFile() Fix Secretary::checkRemoteUpdate() Extend public request checking to summoned status Fix SQL error in main_functions.php::getForwardedPostData() Fix scheduler performance issue Migrate Password and Passkey histories into IPv6 capable entities Fix imagehost whitelist links Migrate some Legacy tables to Entities Extend deduplication checker to unique indexes Forgot to add public request users to the tracker... ooops A few IP bans tweaks Use the cached repository version of imagehost whitelist everywhere Fix Automated ban "Reason" Reduce IPv4 range bans from /16 to /24 A few fixes in the scheduler Add unique index to ips Add ip table deduplication Fix automated IP range bans and extend to cover IPv6 Even better IP ban searching Fix IP ban search Fix Summary.txt for bookmark collector function Fix disabled hits message format Fix broken reference to Entities\IP::getRange() Update GeoPHP to a better fork and fix distance calculation More SQL filtering for IP migration Fix iterating on empty array rather than null object Improve IP migration queries Add legacy IP migration to SetupPlugin Fix broken references to IPRepository::getOrNew() Fix last activity in public request manager Update the request flood system to include reactivations Add Text class work-around to Articles plugin Fix broken references on user security page Why did that JS end up using tabs instead of spaces? Silly editor. Maybe a better jQuery work around Fix broken references to Restriction::isWarning() Fix request pagination layout Add pagination to public requests Make reports per page configurable Reverse order of old public requests Add public requests stats Add Summon option to reactivation requests Someone forgot to add a WHERE condition in that query... tut, tut, tut. Fix broken referneces to RestrictionRepository::checkUser() Fix broken references to Restriction::getRestrictions() Fix dupe linking in public requests manager Fix cache handling for public request count Fix poll label associations Fix errors if geoip cannot be resolved to a location Add public reactivation request Fix articles pretty links generation Add articles link rewriter Move user dupes to a less shitty place Move articles endpoint to articles/view Add inactivity exception to users being enabled Fix SQL type in main_functions.php Minor formatting fix in Entities::GeoLite.php Minor JS formatting fix Fix auto subscribe on new thread creation Update some DB queries is main_functions.php Fix main_functions.php::delete_torrent() Fix broken reference to InviteRepository::diableCache() Fix broken reference to EmailManager::sendConfirmation() Fix broken reference to Auth::twofactorEnable Fix broken reference to Auth::twofactorDisable() Fix broken references to Render::forumSelect() Update site options Fix legacy redirects Fix slot machine print_payout_table() Fix the slotmachine... fucking global variables! Fix typo in main_functions::update_site_options() Fix broken reference to Auth::twofactorCreateSecret() and Auth::checkPassword() Fix broken reference to Auth::setPassword() Fix broken reference to Stlesheet::getFilename() Fix broken reference to Guardian::logReset() Rewrite most of poll_mod.php Fix forum post delete An even better fix Fix bug in thread moderation Fix broken references to sendEmail() Fix src for default avatar on subscriptions page Fix broken reference to Guardian::logDisabled() Fix broken reference to ORM::getTableSpecification() Fix broken reference to RestrictionRepository::checkRestricted() Fix broken references to Guardian::logAttempt() Fix references to heavyInfo() Fix two factor authentication Fix broken class member reference Rename twofactor templates Ninja patches from live site Fix email blacklist check Huge code cleanup for legacy globals Some cleanup from PHPSTAN Cache per-user invite status Fix header check in Core\Request::setHttpHeaders() Even more caching in the forum magic access members Fix forums and improve performance Fix calls to UserRepository::getByUsername and EmailRepository::getByAddress Fix Secretary::createClient() SteupPlugin improvements and fixes Fix table migration PDOException Fix ORM typo Enormous code cleanup + torrent edit history Rename plotly fetch to update Move tools out of Render service into plugins Fix coding violations in the Articles Plugin Minor updates to tracker stats tool Article management functions moved to Article Plugin Better regex for dynamic image resizing Fixes for user poll display and some improvements to staff polls (still not ready, may delete) Add check in getStaffPMSubject that a StaffPM was actually loaded Even stronger protections on the upload_handle Legacy endpoint Only log tracker errors if debug mode is off Add tracker connection timeout and better log messages Update tracker stats tool Fix missing define in Legacy secton userhistory/ip_history_raw.php Fix tools menu order Update tools links with new Articles tool URL Add getClassByLevel() function to PermissionsRepository Fix help search and remove Legacy articles.php endpoint Move articles manager tool into ArticlesPlugin Update a bunch of legacy queries in main_functions.php Update reports code a bit Replace newlines in SQL with CHAR() function calls Fix potential math error in collages/add_torrent Filter out blank tags Fix potential array access error in Services/Render Fix potential array out of bounds issue in Validation class Convert articles section into a Luminance Plugin Change key from forums to forum for forum opensearch Extend AutoIncrement ID column for xbt_snatched and xbt_peers_history tables to 64bit integer Fix missing include for InputError in Crypto service Improve error log messages for failed DB queries Remove unnecessary included response types from SandBoxPlugin Clean up the layout in ForumPlugin a little Enhance entity generation from Developer plugin Enable anonymous repositories A better, more programatic way to build the regex filter list Escape smileys before regex filtering Convert User sandbox to a Luminance plugin Fix basic search rate limit exemption for Staff Minor refinements in getStaffPMSubject() Also allow users to see the pretty links if it's their StaffPM Minor tidy-up in the poll vote code Add StaffPM pretty links Forum poll votes is getting cleared somehow Fix the Dupe PM AGAIN! Tweak CSS to prevent signatures stretching posts out Fix featured poll logic Fix thread layout for polled threads Fix show votes logic in forum polls Fix taglist overflow wrapping Fix list margins Tweak poll vote logic to handle cache clearing better Fix forum search SQL bug Another long line CSS tweak Tweak overflow behavior for long lines Small tweak to light theme Fix list dot centering Tweak afterdark unread PM background color I derped the signature validation Fix minor bug in MFD message Fix invite display in advanced search Fix post link for unread posts page Some template tweaks for unread posts page Some tweaks to the unread posts page Old Gazelle cookie class is probably not needed anymore. Can't find where it was being used... Remove vestigial google chart Fix dupecheck to ensure it doesn't confuse filenames with filesizes Fix torrent report anti-ninja Fix dupe report PM SQL error Rework IP ban editing Refine the SQL query in user/linkedfunction.php::user_dupes_table() Minor cosmetic changes to the user settings page Enforce max signature and torrent signature weight Derp Add divide by zero protection to display_dupes.php Add checks for output of parse_url in main_functions.php::validate_imageurl() Catch RangeError thrown by DCrypto library Well, users can quote so that tag is probably useless. Fix unquoted constant in mod_thread.php Fix extraneous escape characters in auto-filled torrent title (from folder) Fix unsafe foreach in UserRank.php Fix unquoted constant Remove unnecessary function Fix total size header on user torrent pages Fix catcup link on unread forums page Fix the bitstamp ticker URL for BTC/EUR Fixup the donation page a little more Fix uninitialized variable warning in Text class Add some error checking code to the donations page BitcoinAverage now wants an API key... fuck that Do not silence tracker communication errors Rework the freeleech logic a bit to avoid type warnings Minor tweak to BBCode parser Collapse all output buffers before starting a ZipStream download Update URL validation regex Fix minor bug after BBCode parser redesign Fix PHP non-object warning on a new install's configuration Major refactor of the BBCode parser's inline regex logic Fix the thread renaming when trashing... shouldn't be forum title at all Fix trashing bug in forums Fix last read bug Fix dupe mass PM wording Fix anon username issue Fix bug in mod_thread when moving locked threads Cleanup some assumptions Rework the sitewide freeleech/doubleseed controls Extend the permissible length of URLs (bytesize), for some reason mb_strlen isn't working here Better URL parsing error messages from the text class Extend PFL/PDS options to include 4 weeks Add DocBlock for returnJSON() error function Fix missing variable in Text class Rearrange Error messages for exceptions Even better error messages... maybe Update error handling a little Fix never logged in users not being disabled Increase size of restriction comment Improve restriction notes Fix performance issue in forum subscriptions page Fix improper generic exception handling Rework the Legacy error integration a bit Fix the make default query string logic... wow, that's been broken a long time. :\ Fix smileys Fix Gazelle error rendering Fix torrent data inspection pages Fix torrent comment quoting Convert Gazelle users calls to Luminance in Legacy Text class Fix torrent stats tool Update torrent stats tool Fix the clear new issue Some cleanups Fix legacy login issues Fix login redirect for unlogged users Fix error handling for legacy pages Fix subscription cache handling Tweak escaping for the updated create_thread function Discuss this post here
  3. The 2020 Mid-Year Update The moment you have all been waiting for, it's... The 2020 Mid-Year Solstice Update It has been a while coming and last it is here, a collection of items for you to peruse on what is happening around the site. Technical update This is for the geeks out there, if you don't know or care what Gazelle is, feel free to skip past. Gazelle, is (if you didn't know) the framework that was written by the What.cd developers, way back when. The good thing is that it has a lot of features. The bad this is, as the saying goes, someone learnt PHP while they were writing it. One good attempt the original developers did was to separate presentation logic in the sections and business login in classes. Except it was not followed closely: there is a lot of business logic in sections, and the paradigm used in classes was poor. So we are salvaging what we can and rewriting it using a modern object oriented approach, and writing new code in app. A rough metric is to look at lines of code. The following table shows the progress so far: +-----------------------------------------+ | app classes sections | | July 2018 888 53765 68092 | | March 2020 7138 40622 68085 | | July 2020 14815 36850 62638 | +-----------------------------------------+ One of the uglier sins the original coders made was mashing together strings and variables until it makes a database query and running it. https://imgs.xkcd.com/comics/exploits_of_a_mom.png As long as care is taken, there is no harm done, but it is awfully easy to rush things and let a vulnerability slip past. One of the things we have been doing is rewriting queries to use placeholders, which essentially means "run that query with these variables". For instance, in the past, to get the user id of a member based on their name, one might have written: $DB->query("SELECT ID FROM users_main WHERE Username = '" . db_string($username) . "'"); list($id) = $DB->next_record(MYSQLI_NUM, false); These days, we can now write $id = $DB->scalar("SELECT ID FROM users_main WHERE Username = ?", $username); It's a little thing, but we have been adding lots of similar things to make Gazelle safer and more concise, and hence easier to work with. So one of the metrics I keep my eye on are the number of query() calls that still exist in the codebase. And in that respect we are making good progress: +---------------------------------------+ | app classes sections | | July 2018 1 315 1586 | | March 2020 18 195 1104 | | July 2020 22 113 531 | +---------------------------------------+ Enough geeking out. While much of this work is simply maintaining the status quo (although sometimes breaking things along the way), we have been able to add some... New Features Some of these things have been around for a while, but not everyone may be aware of them since many of the announcements were squirreled away in the Suggestions forum. Release Types Demo, Sampler & Split are now recognized release types and you may categorize things as such. If you have uploaded a split or a sampler in the past, you can go back and change it to better reflect the contents (and if you do not (yet) have the ability to do so, you may request an edit to have it changed). New Collage Types Two new types have been added: Award and Series. See the definitions on the creation page to see if your new collage would be better suited to, e.g., an Award rather than a Chart. Logchecker The logchecker has had many, many bugfixes added and no longer requires Windows emulation to run the old EAC.EXE binary. Next User Class Most people have probably already spotted this, it lets you know what you are missing to rise to the next user class. Checksum Trumps Another little thing, it is now possible to report a checksum trump... as a Checksum Trump. No major change but it makes for nicer stats. Report Notifications When one of your uploads is reported, you will now receive a notification. If there is something you can do, (e.g. fix up tags or filenames) you will have a chance to step in and fix things before it is too late. Discogs Integration This project is still in its infancy, but we have decided to throw in our lot with Discogs, and follow their approach to dealing with disambiguation. New BBCode Markup You can reference a @user directly in a post (and they will receive a notification). You may also cite collages, forum threads and posts directly. See bbcode. Bonus rates The table can now be sorted by all columns! With a marker to indicate which column, and a new column to show BP acquired by fixed size, which helps people short on space decide which seeds to remove and optimize their BP accrual (which usually amounts to the most heavily seeded torrents). Latest uploads If you have logged in and viewed the front page, you have of course seen this. What you may not know are the conditions to be met. They are: The release is lossless (16- or 24-bit FLAC). No paranoia regarding your uploads The release group has cover artwork. (And a tip o' the hat to the dedicated crew who are adding missing artwork to existing releases and artists. We love you). Bounty Refunds It is now possible to request a refund, if you made a mistake. This is actually a side-effect of some new code to deal with a bunch of clowns who convinced themselves that ratio cheating was allowed and sanctioned on Orpheus. (Reality check: it is not). Their accounts were disabled, but in the meantime they had generated several TB of fake upload, which they showered over a number of requests, some of which had been filled. All of the request votes from these people were removed. And now as a result, we are able to remove bounty. That said, you should have a very good reason why. To date, this has only been granted once. And remember, rules are there for a reason. They will be enforced and nobody is above the law. People who dismiss them or think they do not need to follow them will wake up and discover their account is disabled. Decisions Taken Audience recordings [.AUD] Not going to happen. Apparently there are other sites that have the situation covered well enough and it is not something we need to spend resources on. Comedy and Spoken Word Is allowed only if ripped from CD. No WEB podcasts or other material of dubious origin. Welcome Jello Biafra, Whoopi Goldberg, Henry Rollins, Richard Pryor, George Carlin and more. MP3 V2 (VBR) The original idea for maintaining V2 was a thing called OrpheusTime (in fact, a project from the previous site). The idea was direct streaming over the BT protocol. The code was half written and then the developer disappeared and no-one else wanted to take it over. The next idea was to set it permanent Freeleech, to allow try-before-you-buy of the lossless format of a release. This idea was canned as well, since it is pretty easy to survive in the economy here, and there was a question of whether people would find ways to abuse it to generate buffer. Against this, the cost of tracking V2 must be considered. Currently the front-end proxy for the tracker (Ocelot) sustains around 70% load, which is closing in on the danger zone. In the not too distant future it will have to be moved to more powerful (read: expensive) hardware, so removing V2 sheds a few percent load and buys some extra time. Since there is no longer a viable use case for V2 and a good reason to remove it, V2 now enters a sunset phase and will be removed from the site. There is no need to launch a wave of reports, it will be done programmatically. The first visible step you will see is that V2 no longer accrue bonus points. There will be a follow-up blog post when that happens, and at that point you may as well begin to stop seeding V2 content. At some later date they will be deleted from the catalog. If V2 is the only format available in a group, it will of course stay, but trumpable by V0 or 320. And no, we are not going to begin to offer Opus or any other superior lossy format (see: oxymoron). When this is complete, we will angle back and implement the ability to upload sub-192k material (which will always be trumped by higher bitrates). Image Hosting Donations were a little rough late last year, and Staff stumped up the funds to keep the site going. Things have since picked up this year, and recently, to keep an eye on funding, I followed PTP's lead and added a percentage indicator in the header. Whether this has been an incentive, I don't know, but I am greatly pleased to see that in the past three months the rent for servers has been paid for entirely by our generous donors. We are now in good shape and in a position to move on the next major piece of infrastructure, which is storing and hosting our own images. One of my biggest wishes is not to be reliant on any third party hoster, commercial or otherwise. To that end, a server with 3TB of space is now online (this was the reason of the most recent maintenance), and this will provide us with many years of growth. Extra disk space is one thing. Some code has already been written, but more remains to be written. No ETA, but it is high priority. And once again, thank-you to all the donors who make this possible. Fun With Stats If you were wondering what the most used tags on Orpheus are, electronic kicks it of with 154,486 releases. electronic rock pop jazz hip.hop experimental folk ambient techno alternative Alternative has 31,757 uses, and not far behind is classical, with 30,931. The least used official tag is avant.garde.rock, with a mere 18 releases tagged so. And now to close, it's time for some... Staff Picks Only lossless formats are freeleech. They will be up for a week or two, so don't delay. More here One Last Thing™ Time for another round of bonus points giveaways (unless you have opted out of freeleech tokens, which is taken to imply that you are already swimming in points). This time, with a recent addition to Gazelle, you are awarded points based on your recent activity. If you have logged into the site after May 1st, you are awarded 2000 bonus points. If you are currently seeding at least one release that you have snatched, you are awarded 12000 bonus points. And finally, if you have uploaded at least one release since the equinox, you are awarded 16000 bonus points. If you have played your cards right, you have received 30000BP. This is something that will happen again in the future, and perhaps expanded with more conditions, so make sure you get in and make full use of the site Enjoy! , —Orpheus Staff Discuss this post here
  4. Battle of The Blutopians https://images2.imgbox.com/ef/5a/jDOqfcMG_o.png To celebrate our 3rd Anniversary – We considered many things, like awarding free bonus points to long time members, or having a freeleech or double upload event. However – we decided that it would be much more entertaining to host a battle royal and have our users fight it out for prizes! We are pleased to announce... Blutopia’s 1st Battle of The Blutopians There will be 5 events & 5 winners! The winners of each event will be awarded the brand new class of BluRoyalty for Six Months. This class will be entitled to Freeleech, Double Upload, and Immunity for the entire duration of their reign. You will also receive 1 million BON Credits , 10 Freeleech Tokens and 3 Invites. May the best Blutopians win! The Events: 1) 168 Hour Upload Challenge Upload as many New, not currently available releases to Blutopia. The Film, Anime, or TV Show must not be available on Blutopia in Any Form. The 168 hours begins on April 4th, 2020 (00:00 GMT) and ends April 11th, 2020 (00:00 GMT) TV Show Uploads MUST be complete seasons or series. Single Episodes will not be counted. Uploads must be well seeded until May 1st or they will disqualified. Click here to enter into the challenge. Please make a list of all your uploads which qualify in a reply to this topic. If this is not done you will not be entered into the contest Update your list as you go! Do not leave it to the end and do not make additional replies. Uploads that need to be corrected by Staff and/or breach the rules will be disqualified. Uploads will be determined to be unique by the TMDB ID. The first recorded Upload will be awarded the point for that release. Some users will have releases stuck in Mod Queue – As long as it was uploaded first, it will count. If there is a tie, the user with the most number of snatches across the qualifying torrents on May 1st will win. All Qualifying entries will be awarded Double Upload 2) Best Trailer/Commercial for Blutopia Create a video trailer for Blutopia that is 30 to 60 seconds in length. Use content from the Blutopia site, and library of torrents. Show off the features of the site and our great community. Use your creativity! Do not upload your trailer to YouTube! Create a torrent and make it available to download . Label it like this [Great Battle Submission] Blutopia Trailer - Creative Title Of Your Choice 1080p - Username Please encode you trailer to H.264 at 1080p Make sure your trailer is well seeded for the duration of the contest or you will be disqualified. All Trailers will be awarded Freeleech and Double Upload to encourage community judgment Community will judge with The Thank Button. On May 1st, 2020 (00:00 GMT) the Trailer with the most Thanks will win. Site Staff will vote if there is a tie. All Entries and Vote are due by May 1st, 2020 (00:00 GMT) 3) Best Original Fanres Edit Create a brand new Fanres edit of Any Movie or TV Series. This must be Original Content Create a torrent and make it available to download Label it as per the rules however prepend it with [Great Battle Submission] Please encode to H.264 at 1080p, or H.265 at 2160p. Make sure your edit is well seeded for the duration of the contest or you will be disqualified. All Submissions will be awarded Freeleech and Double Upload to encourage community judgment Community will judge with The Thank Button. On May 1st, 2020 (00:00 GMT) the Submission with the most Thanks will win. Site Staff will vote if there is a tie. All Entries and Vote are due by May 1st, 2020 (00:00 GMT) 4) Best Original Vector Icon Font for Blutopia Create an original Icon Font which can be used on Blutopia. This must be a drop in replacement for the current “Font Awesome” font. Click here to enter into the challenge.. Reply in the thread with your entry! A CSS stylesheet to override the existing Font Awesome stylesheet must be included. Include a screenshot of all included icons in your post. Include a permalink to a zip file containing the web ready font and css. You can host on GitHub or use https://anonfile.com/ A forum post will be written with guides, and tips on creating icon fonts. (Coming Soon - Still a WIP) Voting will be done using the Forums Like/Dislike buttons. Likes will add a vote, dislikes will subtract a vote. The design with the most votes will win Site Staff will vote if there is a tie All Entries and Vote are due by May 1st, 2020 (00:00 GMT) We may or may not use any of the entries on the live site when the contest is concluded. By entering the contest, all participants provides Blutopia with permission to use these on the Blutopia Site for as long as it exists. 5) Best Original Category & Type/Resolution Icons for Blutopia Create a set of original Icons for Categories, Types, and Resolution which can be used in Blutopia’s torrent pages and search results. Click here to enter into the challenge.. Reply in the thread with your entry! You must include a complete set of icons covering all categories, types, and resolutions. Icons must be in PNG or SVG format. Include a screenshot of all included icons in your post. Include a permalink to a zip file containing the web ready font and css. You can host on GitHub or use https://anonfile.com/ Categories: Movies, TV, FANRES, Anime, Trailers Type: Full Disc, Remux, Encode, WEB-DL, WEBRip, HDTV Resolution: 4320p, 2160p, 1080p, 1080i, 900p, 720p, 576p, 576i, 480p, 480i, Other Voting will be done using the Forums Like/Dislike buttons. Likes will add a vote, dislikes will subtract a vote. The design with the most votes will win. Site Staff will vote if there is a tie. All Entries and Vote are due by May 1st, 2020 (00:00 GMT) We may or may not use any of the entries on the live site when the contest is concluded. By entering the contest, all participants provides Blutopia with permission to use these on the Blutopia Site for as long as it exists.
  5. Google Translation: New security feature and user uploads Dear all guys and gals Today, we have introduced a security measure to the site that will allow you to enable 2 factor authentication (2FA) for your login. Some of you may know it from Facebook or Google where it is possible to set up your mobile phone to receive one-time codes when logging in to various services. This means that you can access your account at all times - even in the event that your username / password is leaked. This is 100% voluntary to use, and can be activated here: user.php?action=edit BONUS INFO: we have enabled the option of user uploads again for Power Users and above - but only if those have enabled 2FA! (sorry, but that's the only way we can keep uploads clean) Discuss and question here // Staff
  6. From site's staff on their Facebook page: Good morning folks! As I start another day of updating passwords I thought I would just clarify some things about the validation email option: 1) Everyone needs to change passwords...they could not be imported with the rest of the site so no matter how many times you try your old one it will not work! 2)By far the best option is to go to the login page and click "Forgot Password", enter your email address and keep an eye on your spam filter. 3)The mail can take up to 1 hour to arrive and then only has a validity of 2 hours before the invitation expires...ie wait until you are going to be around before you send the request. 4)If you have sent multiple forgot password requests (unnecessary) and they all arrive at similar times it is only the last one that will work. The best plan is to only send 1, wait a couple of hours and then contact me if it doesnt arrive 5)Before you try and access the site, even to get the validation email sent, you should clear cache and cookies, reboot your PC and delete any TVC bookmarks from your browser. Some of you obviously no longer have access to the emails you are registered with, or are unable to activate their emails and that is no problem, I can change your password manually, but with such a high volume of messages you could be waiting for many hours for a reply...yesterday I had a 6 hour backlog at the start of the day and finally managed to clear the inbox after a 12h marathon. This morning it is full again! Once I have assigned a new password for you it is not possible to change it back on site...the password/email edit for members is one of the things that is not yet up and running and attempting to use it invariably has led to members being locked out again. This will be fixed shortly, but for the moment please keep the temp passwords. As was the case yesterday, I can only reply to personal messages, not to comments on this or any other post on this page. Please do not forget to include your username with any message.....without knowing who you are I can't help you (and having to open messages and reply asking for further details is a waste of everyones time!) If you have not heard from me within a couple of hours please be patient....sending a follow-up message moves you up to the top of the inbox and I am working from the bottom up (so you will be waiting for even longer!). I will get to each and every one of you in turn. I also cannot deal with any other site related issues or questions, only password changes. Once you are back on the site you can look for help there, but please don't flood the forums reporting every bug you find....we know that there is a lot to do, we just wanted to give you you access to your site with a minimum of delay and that meant going live before we were actually ready to do so. If you have left me a message requesting a password change and later get in via the email please remember to let me know (or I will change your pass and you will be locked out again!) For people wanting to join the site: Please do not send me messages....it will do you no good . Sign-up will reopen briefly in a week or 2 once the site is stable again. My only priority is getting the existing members back in at the moment (and cluttering up my inbox only delays that process). Once you are back on the site please go to the home page and click on the green banner to read important information about the new site and changes Thanks for reading...I hope to have you all back in by the end of today! ps...please don't call me Sir, Mate or Fella...I am a lady!
  7. From site's staff on their Facebook page: Good morning Chaotics! I am now back answering your messages. There are a ton of them so please be patient and only contact me via pm on this page if you have failed to receive the "forgot password" email (can take up to an hour to arrive) or your registered email is no longer in use. No other issues can be dealt with on this page, nor do I have time to monitor replies to any of these updates, only messages. Please include your username with every message...I can't help if I don't know who you are!. Many people have sent messages saying that this that and the other doesn't work yet...thank you, but we know! We felt it more important to get the site up than to leave you all adrift and we will be working on the bits and bobs over the next couple of weeks. Please don't bog down the forums and staff messages with reports...all it does is slow the work down whilst we read and reply to them. If in a week or so there is something that you feel may have been overlooked that will be the time to post in the forum! One thing to be aware of...I have been manually resetting hundreds of passwords for you and you will need to keep those temporary passwords for the time being as it is not yet possible for members to edit their own accounts. Do not attempt to reset your password at this time or you may get locked out again! Once on the site please go to the home page and click on the green news banner to be made aware of important changes. Thanks for your amazing support....it is much appreciated!
  8. Site updates February 2018 February 8th 2018 Avoid division by zero on userpage Don't use entity cache when loading userpage Silence PHP warning in Peon::format_username() Reverse order of invitees on invite page Enhance get_pages() to work with both Luminance and Gazelle paths Pagify invites page Fix userclass error when mixing with promotion permissions Fix high memory usage by DB & Cache debug arrays Fix slot machine stats Fix recent snatches cookie state Fix recent snatches div show/hide Fix copy/pasta mistake in recent snatch div on userpage Fix snatched & grabbed on user.php Fix userpage donation div Fix toggle view issue in userpage Add decode to username as well, just in case Fix Titles with html characters Fix disabled icons in username template Fix Joined Date field on userpage Fix PHP warning in Peon::format_username() Fix user links from Peon::format_username() Fix retrun code in Request::checkReferer() when HTTP_REFERER is missing Fix PHP warning for System (no user) in Peon::format_username() Fix paranoia error in profile page (global weirdness) Bunch of bugfixes after deploy Fix description of site_search_many permission Fix torrent page caching with differnt $MaxMatches values Another update to tracker file from the AutoDL guys this time Fix staff buttons alignment in admin-sidebar (torrents) Convert article manager to PDO & TWIG Better IP displaying in security logs New security logs Update torrent download link processing and autodl config file Update luminance.tracker Add SQL transaction protection to user creation Fix the color of linked comments Fix typo in registration_log.php First draft of invites manager tool Fix wrong operator in canInvite check Hide invite form if user cannot invite (still able to see invitees list) Updates to registration log Add edit history and edit link for articles Upgrade ORM to be able to modify column types Convert news tool to PDO Migrate news tool to TWIG Update news manager to pagify Enable final email migration Fix binary issue with 2FA secret column. Add shortcut routes for setup plugin Add after-login feature in legacy routes Fix XSS and single-quote issue in torrents/delete.php Update advanced search such that it can be used without IP and Email privs Change user search bar from GET to POST Implement new user search for non-staff users Re-implement send_staff_pm function Fixes for advanced user search Update username template More ajax cleanup Strip down unused/broken ajax.php endpoints Make invite checking more robust Don't remove sessions when the user is disabled (could still be useful) Fix various issues with advanced searcg Fix permission issue when searching a specific thread Fix XSS in FwdBody PM Fix XSS in subscribed collages Fix typo in userpage.html.twig Fix setup configuration error (wrong var type) Fix email error in Auth service during user creation Fix error in IP entity Fix XSS in collage manage page Fix time_diff HTML escaping in userpage.html.twig Add authorization check when manually creating users Fix typo in userpage JS Fix CSS layout issue with CSS permissions class Migrate format_username to new TWIG based Peon::format_username function Redirect if logged in user_create form Fix a few invite path Fix reportv2 message preview Make 'Mass PM Snatchers' appear in Torrent Log Fix XSS in torrent log Log request edition CSS issue fix Switch to new invite page Fix layout issue on userpage Prettier error on top10 access Fix PHP Warning when user ID is not found Fix tracker history display on userpage Fix a bunch of undefined variables Rename IPRepository::new() for PHP 5.6 compat Fix HTML error in login page Migrate the remaining userpage display code to TWIG template Fixes for badge section of userpage Update userpage template Attempt to fix inlinesize BBCode bug Implement after-login redirection Don't show invites link if user has disabled priv Fix typo in Auth.php Don't update LastSeen field if the user has not pass 2FA login step Add paranoia to invitees list Change time_diff level in invitees list No invite sorting for now Move staffWatch logic to invite template WIP: new invite page (add/send new invite) Fix perm loading order in Peon.php (internal error on public_index) Fix single quotes parsing issue in takeinvite.php More userpage TWIG work Extend Repository::load() to short circuit if passes a valid object Rearrange invite email logic Fix public CSP Fix flash.success color Fix some more twig template references #3 A little template cleanup More userpage divs converted to TWIG WIP: new invite page Move some of the main column into TWIG template on the user page Fix tags on userpage a different way Fix some more twig template references #2 Fix some more twig template references Rename templates to have extension .twig Stage 1 of migrating userpage to TWIG template More userpage cleanup, almost all DB queries converted Upgrade to allow searching by user groups Fix confirmed XSS via the avatar on user page Fix IPs in user sessions page More cleanup on userpage More userpage cleanup Cleanup on userpage code Fix some IP related issues Update IP ban endtime options Fix bug in IPRepository Add CSRF to logout Cleanup some user moderation code Pagify subscribed collages Fixes to email and username validation More fixes for Email Repository Fix torrent zip for sections/torrents/redownload.php Tweak code sniffer config Fix invalid DB reference in advanced search Check if invited e-mail already exists in DB Fix so the tab key navs past the tags field on the upload form Fix email history elapsed time Fix IP error on sessions page Fix IP ban expiry query in scheduler Another fix for time functions Changes for floating torrent controls Move ASN monitoring to IP change Add http(s) to torrent file comment field Another scheduler fix Fix scheduler referencing old IP table Fix Guardian ban message Update login watch to use new IP scheme Reinstate IP ban check on every page Slight tweak to IPRepository.php Remove references to deprecated Luminance/Entity/IP::get_ip() Update email sending for disabled emails Back-off IP ban check interval IP bans rework continues Sidebar CSS tweak IP bans rework Update MFD messages Move the torrent "sidebar" to a header Fix DateTime in Invite expiration check Performance update for IP bans tool Fix pagination of IP bans and error in time_functions.php Add some safety catches for empty Urgent parameters Minor issue in remembering special gift ratio setting Fix wrong flasher call Fix time tooltip Add fixUser call for setup plugin Remove redundant urldecode calls Upgrade special gift system to use flasher and remember choices Update to official IPLib release Fix IP ban urlencode for IPv6 Fix time functions Fix IP bans to use upgraded IPLib Fix validation bug Scheduler SQL fix Various DB related fixes Some minor tweaks for importing What.CD gazelle tables Add reasonable error message when composer autoloader is missing Fix configure migration for gazelle to luminance Split articles edit and delete permissions Upgrade IP ban searching to handle ranges and provide invalid IP errors Fix post history paranoia Cleanup time functions a little and fix inactivity warning email time Centralize the torrent download function Tweaks to floating torrent controls Fix corrupted smiley floating sidebar on torrent details Add some checking on IP ban search Fix some IP ban stuff More updates to ORM Handle password migration a little smarter Add 2FA to user migration Fix PHP warning in table creation Better handling of duplicate emails during migration ORM fixes for legacy tables Update users_main and users_info table schemas to remove redundant columns Remove unneeded CLI stuff Allow importing already bcrypted passwords Fix function name typo More ORM upgrades Fix scripts Minor bug fixes Updated ORM legacy table handling Added settings for DB: strict mode, connection persistence and buffer size Enable MySQL safe mode DB hack for testing First cut of MySQL safe mode compliance (breakage expected) Add IPv6 bans Migrate IP bans fully into Luminance, check ip ban on every request, backend support for IPv6 bans Top10 update Add MathJax reprocessing to edit and preview functions Update gitignore Minor fixes and improvements More security enhancements (SRI) Unanswered Staff PMs now include User Resolved PMs CSS fixes Enable SameOrigin protected cookies Update modern style Add tag search box to header Users with disabled tag privs can no longer vote Fix presentation weight Remove old $ScriptStartTime usage Check permissions on bookmarks download Fix unpack warnings from Crypto service Minor bug fixes for Zip downloads Actually delete Legacy Zip this time More ZipStream fixes and updates, Legacy Zip removed Performance updates and fixes for ZipStreamer implemetation Add ZipStream for collages Add ZipStreamer as an experiment Remove forums link on userpage from comments paranoia Fix errors and warnings Fix receive typos Fix minor PHP errors in legacy sections #2 Fix minor PHP errors in legacy sections Fix SQL error in tag voting logic Fix request upload function Fix PHP warning when fecthing permissions for a user that does not exist Fix error in UserPlugin if email is not found during recovery Fix missing smilies when Text class is instanced multiple times Fix poll display when user voted blank Allow th bbcode tag as substitute for tr or td tags Add user group in Sentbox Fix unban from Login Watch Fix infinite redirect loop on locked sessions Fix PHP warning when CustomForums is null Remove MYSQL_ASSOC and MYSQL_NUM workarounds Minor formatting updates and query tidy-up Try to cope with huge snatch&grab lists better (100K+) Resolve some static files issues Interpolate PDO queries for debugger Fix Cache replace_value function Add native scheduler lock Pass through args in Cache->getStats() Update internal bitcoin binding Fix many, many, many absolute links with http:// addressing Fix some bad http references Fix Cache Service getStats for Memcached Fix rendering issue with table tags outside of their parent Update to README.md to announce PHP 7.0 compatibility Request search now allows Enter key to submit form Fix HTML in ban message Fix BannedUntil in IPRepository Fix infinite loop when CollageCovers = 0 Small code cleaning from IDE inspection Remove undefined var in Peon Fix duplicated DB entries in Debug Service Performance update for collage browse page Fix debug execution time
  9. BTN's 6th Annual Charity Drive! Happy Holidays and Happy New Year! We hope you've enjoyed our annual Advent Calendar... if you were lucky enough to win a gold star, you can redeem it here. They will likely expire at the end of January. It's also time for our 6th Annual Charity Drive! We'll have it open for entries through the end January. Start on your New Year's resolution to tidy up or get a jump on spring cleaning and find things to donate! You can donate new or used items to your local charity resell shops, to local soup kitchens, toy drives, or wherever you choose. Just make sure you're donating to a non-profit, and it's eligible (please make sure to read the rules below on how to show proof of your donation). In return, we will gift everyone who participates a small gift of bonus points and a few larger prizes for the top 3 donators. Rules 1) The contest runs until the end of January, 2018 (GMT). 2) You should submit all of your "entries" in a single post. Edit your post to include multiple images if necessary. 3) Main prizes will be awarded based on how many bonus points you've earned. 4) If you donate an item that does not have a set amount of bonus points, we will determine how many bonus points to award you at our discretion. 5) You must post a picture of the items and a picture of the items at the charity's dropbox as proof of your donation. Be sure to censor all personal information in these photos including location information. 6) Every photo must include a handwritten note with your BTN username and the day's date (if this is not included you will not be eligible to win any prizes). 7) You must post all entries in this thread. 8) Staff members cannot win main prizes. Prizes Main Prizes • 1st place receives a 30 day UltraSeedbox, a spiffy badge, and your choice of 15,000,000 BP or one invite (provided your invites are not disabled). • 2nd place receives a 30 day UltraSeedbox, 5,000,000 bonus points, and a spiffy badge. • 3rd place receives a 30 day UltraSeedbox, 3,000,000 bonus points and a spiffy badge. Other Prizes Every user will receive bonus points for each item they donate, as follows: • 3,000 bonus points per food item. • 5,000 bonus points per toy. • 5,000 bonus points per book. • 10,000 bonus points per article of clothing. • 20,000 bonus points per blanket. • 30,000 bonus points per coat. • Items not on this list will be awarded an amount of bonus points determined by staff.
  10. Donation System Update We are changing how our Donor rewards systems works. Effective immediately we are simplifying the rewards provided for donating. For every US dollar or equivalent donated you will get 1,400 bonus points and be given Donation Status for 3 days. Payments via Bitcoin will get an extra 100 bonus points, making 1,500 bonus points per $US equivalent. NOTE: Donations until the end of the month will go to FraMeSToR to fund UHD releases. You may use your bonus points to purchase your choice of Upload credit, Invites or to remove your HNR's. You can view what your bonus points can purchase HERE To keep the system in balance i have reduced the cost of clearing a HNR down to 3,500 bonus points. We currently accept donations in Euros(€), US Dollars(US$) Australian Dollars($A) and bitcoin (BTC). The site historically was created to record donations in $US dollars but currently, the majority of our costs are in euro's, so we would prefer payment in euro's if possible. However, please use whatever currency from above that is convenient for you. eg. If you are in USA pay in $US. Currently, US$10 = €8.30 and €10 = US$11.50 Based on your donation and current exchange rate we generally round to the nearest $USD and credit your rewards accordingly. What is Donation Status? Donation Status entitles you to the following; 1) Your account will be flagged with our sparkling donor stars as a thank you for your donation. 2) You get immunity from being suspended for HNR's. 3) You get immunity from being suspended for Inactivity. 4) Ability to request reseeds and torrents, regardless of your user class. 5) Ability to edit your own shouts, view chat history and NFOs, regardless of your user class. 6) Ability to delete your own torrents and delete your own torrent comments, regardless of your user class. 7) Ability to play site games (casino and blackjack). Donation Status DOES NOT; 1) Stop you from accumulating HNR's, it just prevents you from being immediately suspended for them. You must still meet our minimum seeding rules. If you have 5 or more HNR's when your donor status ends your account will be immediately suspended. 2) Give you immunity from being download disabled or suspended for a ratio below our minimum of 0.1. What are the donations used for? All donations are used to fund the site infrastructure. No profits are made from the site. I have just increased the total $USD amount represented in the donation bar at the top of the site to US$500. Donations can be made via PayPal or Bitcoin. If you are making donations greater than US$100 please contact staff for additional instructions. https://beyond-hd.me/contactstaff.php Please can you also include your Username in a note along with the donation, that way we can link your donation to your account. Better still if you can message us HERE To discuss donations and to obtain the Paypal and Bitcoin Wallet addresses go to this Forum Topic PLEASE NOTE: Various aspects of the site will need to be updated over the coming week to reflect the changes.
  11. A small update for you all! It has been quite a while since our last update and today we have some news for you! SSL tracker Problems with our https tracker server seem to be bigger than we initially thought. While we are doing our best to resolve this issue, we have temporarily changed the default tracker URL for all Apollo torrents to http://apollo.rip:2095/, our http tracker. This means that you will not have to change the tracker URL from the HTTPS to the HTTP tracker for your newly downloaded torrents. We sincerely apologize for this huge inconvenience and we will work to get it resolved ASAP! Note: This only goes for new downloads. If you already have torrents with the SSL tracker in your client, you will have to edit the announce URL to http://apollo.rip:2095/ /announce. Logchecker The development of our new logchecker has taken way longer than expected, however, we do have good news for you! As of a few days ago, the new logchecker has been finished and is currently being tested by staff. The new logchecker will fix a lot of things that was missing with the old one, including checksum checking. The absence of some key developers needed for the implementation means that we are expecting to release the new logchecker mid-october! JSON We also built in JSON "uploading" on the upload page. With this implementation, it is very easy to transfer torrent metadata from other Gazelle music sites into our upload form, making the uploading process much easier. A wiki article has been created with detailed information about this, as well as some explanation on how to use it. You can view the article here. Missing Lineage We also implemented a feature that enables us to tag a vinyl uploads with Missing Lineage, when these uploads are lacking lineage information. Torrents that have this tag will be trumpable by vinyl rips that do have proper lineage. There also is a new Better.php page listing all vinyl uploads that have this tag. Interview Bot Our new interview bot, Hermes, will make the interview process much easier, for both the interviewers and interviewees. The bot will reduce interview and queue times and make the management of awaiting users easier. Other features Once our logchecker is implemented mid-october, we will immediately pull all our focus on planned surprises, such as Bonus Points, among many others. Other small changes Apart from these bigger updates, we have also implemented a lot of smaller features and (bug)fixes: Implemented 2FA for logging in (thread) Implemented random.php and randomcollage.php (thread) Added better.php pages for missing album art, artist image, and artist description (thread) Added ratio after download indicator when viewing torrent description (thread) Fixed switching from "View Log" to any other "View ..." not properly closing the log view (thread) Added "Live Recording" to allowed upload types (thread) Added "DJ Mix" to allowed upload types (thread) Added "Demo" to allowed upload types (thread) Fixed various notices and "Catch Up" buttons not working around the site(threads 1, 2, 3, 4, 5) Fix RSS format bug (threads 1, 2) Fix CF IP showing up for users (threads 1, 2) Fix various bad URLs around the site (threads 1, 2, 3) Search for a user will redirect to that user's profile page automatically if only one result is returned Implemented AoTM front page box Fix linebreaks being removed from posts when editing them (thread) Fix timezone inconsistency in FL token list (thread) Fix various wiki links that pointed to non-existent articles ( Invite warning link to article not found, but Trim year field on upload form before validation (thread) Add abbreviations for secondary classes to be displayed next to username Fix the spacing (or lack thereof) for the "You might also like" feature when you get no search results Show tooltip for extra long thread names that are truncated on the list Implemented an interview site Improve the image proxy service built into Gazelle to fail on less images (and work on redirecting images) Add ability to use one-time only 2FA recovery keys on login process in lieu of 2FA code Fix bug where you cannot sort the sentbox (it would always just redirect you to the inbox) Fix some comments pages always saying "your" or "you" instead of the username if viewing a comment page for a different user Improve language on comments page to be more uniform across the different comment types Fix hitting the first/last links on collage page not underlining the page link it takes you too From now on, new implementations will also be posted in this thread We love you, ~APL Staff Discuss this post Here!
  12. Translate: There are probably many who would like to get involved in the site, they are active and want, but they did not know what to do. You now have the chance to get involved to help the staff. Until now, this topic has been created for Elite class or higher (once or twice a year). This time (after 2 years) we said to make this recruitment once and for all, so it would be right to the other site users. It's the first time (and probably the only time) in 10 years when we do that. Available positions: Torrent Editor - edit, correct, and check the torrents uploaded to the site. Moderator Forum - It's pretty clear. Coder - to be honest here, we are not looking for an internship now, but if there is an extraordinary and worthwhile app, we probably will consider it. So if you want you can apply here as well. You can apply for these posts. We bolded the Torrent Editor because we're focusing on that flag this time. Sure, you can apply for the rest, but Torrent Editor is what we are looking for the most now. Minimum requirements to apply: - seniority is one of the requirements, the Elite class was assured from the start, but because the topic is now public, those who have less than one year of joining the site can not participate! - activity on site over time (forum, comments, iRC etc - not all necessarily, but at least some). - knowing the Romanian language, especially the part with the writing. We do not accept writing ajea k p mess. - be active on the site for at least 1 hour daily. We know it's a hobby, that's why this 1-hour minimum. Those who are active for a long time have a plus. - the desire to be part of a young, professional and quality team! - you will be part of the staff of the largest private community in Romania, we have big claims about how we behave, character, etc. - no history. Those who have ever moved for serious language or deeds are not allowed to apply. What do I have to do internally? What responsibilities do I have? - Generally speaking, it's about "taking care of" a section on the site. - work in a team, organized, so you will not be alone. - More details will be received by those who are accepted and promoted. - there are benefits, not just responsibilities. You find them later. How do I apply? What should your CV contain? Where do I send it? Your CV consists of a PM. You will send a PM to this account: FileListInternship Here's what you will do: [Internship] EboLLa Application (change EboLLa with what username you have) In the PM you will make a small introduction about yourself. It should not contain personal data. What you are passionate about, hobbies, school, college, age, etc. Then you will say what you like most about the site and what not. What would you change if you could? And finally you will write why you really want to be interned and why we promote you. What does it recommend you? You can write anything you want here, and experience on other trackers if you have, etc. A small tip: present your intentions briefly and to the subject, do not bring details that are irrelevant. Careful!!! Applications are open for a few days. We'll announce one day before we close the apps. Be as original as possible, writing and formulation matter. PM to be exactly the same as in the above steps, with subject etc. Anyone who does not respect the format is disqualified from the start. We reserve the right not to promote anyone if the staff will not be satisfied with any applications. We want a lot of good luck and a lot of trouble! FileList Staff
  13. VPN services have become an important tool to counter the growing threat of Internet surveillance. Encrypting one's traffic through a VPN connection helps to keep online communications private, but is your VPN truly anonymous? We take a look at the logging policies of dozens of top VPN providers. Millions of Internet users around the world use a VPN to protect their privacy online. Unfortunately, however, not all VPN services are as private as you might think. In fact, some are known to keep extensive logs that can easily identify specific users on their network. This is the main reason why we have launched a yearly VPN review, asking providers about their respective logging policies as well as other security and privacy aspects. This year’s questions are as follows: 1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user/users of your service? If so, what information do you hold and for how long? 2. What is the registered name of the company and under what jurisdiction(s) does it operate? 3. Do you use any external visitor tracking, email providers or support tools that hold information about your users/visitors? 4. In the event you receive a takedown notice (DMCA or other), how are these handled? 5. What steps are taken when a valid court order or subpoena requires your company to identify an active user of your service? Has this ever happened? 6. Is BitTorrent and other file-sharing traffic allowed (and treated equally to other traffic) on all servers? If not, why? 7. Which payment systems do you use and how are these linked to individual user accounts? 8. What is the most secure VPN connection and encryption algorithm you would recommend to your users? 9. How do you currently handle IPv6 connections and potential IPv6 leaks? Do you provide DNS leak protection and tools such as “kill switches” if a connection drops? 10. Do you offer a custom VPN application to your users? If so, for which platforms? 11. Do you have physical control over your VPN servers and network or are they hosted by/accessible to a third party? Do you use your own DNS servers? 12. What countries are your servers located in? — Below is the list of responses from the VPN services in their own words. Providers who didn’t answer our questions directly or failed by logging extensively were excluded. We specifically chose to leave room for detailed answers where needed. The order of the list holds no value. PRIVATE INTERNET ACCESS 1. We do not store any logs relating to traffic, session, DNS or metadata. There are no logs for any person or entity to match an IP address and a timestamp to a user of our service. In other words, we do not log, period. Privacy is our policy. 2. Private Internet Access is operated by London Trust Media, Inc., with branches in the US and Iceland, which are a few of the countries that still respect privacy and do not have a mandatory data retention policy. Additionally, since we operate from the countries with the strongest of consumer protection laws, our beloved customers are able to purchase with confidence. 3. All of our VPN systems and tools are proprietary and maintained in house. We utilize some third-party tools in order to provide a better customer experience. By Q3 2017, all of these third party tools will be transitioned to in-house solutions. 4. We do not monitor our users, and we keep no logs, period. That said, we have an active, proprietary system in place to help mitigate abuse. 5. Every subpoena is scrutinized to the highest extent for compliance with both the “spirit” and “letter of the law.” While we have not received valid court orders, we periodically receive subpoenas from law enforcement agencies that we scrutinize for compliance and respond accordingly. This is all driven based upon our commitment to privacy. All this being said, we do not log and do not have any data on our customers other than their signup e-mail and account username. 6. BitTorrent and file-sharing traffic are allowed and treated equally to all other traffic (although it’s routed through a second VPN in some cases). We do not censor our traffic, period. 7. We utilize a variety of payment systems, including, but not limited to: PayPal, Credit Card (with Stripe), Amazon, Google, Bitcoin, CashU, and any major store-bought gift card and OKPay. Payment data is not linked nor linkable to user activity. 8. Currently, the most secure and practical encryption algorithm that we recommend to our users would be our cipher suite of AES-256 + RSA4096 + SHA256. 9. Yes, our users gain a plethora of additional protections, including but not limited to: (a) Kill Switch: Ensures that traffic is routed through the VPN such that if the VPN connection is unexpectedly terminated, the traffic will not route. (b) IPv6 Leak Protection: Protects clients from websites which may include IPv6 embeds, which could lead to IPv6 IP information coming out. (c) DNS Leak Protection: This is built-in and ensures that DNS requests are made through the VPN on a safe, private, no-log DNS daemon. (d) Shared IP System: We mix clients’ traffic with many other clients’ traffic through the use of an anonymous shared-IP system ensuring that our users blend in with the crowd. (e) MACE™: Protects users from malware, trackers, and ads 10. We have custom applications to which our users have left amazing reviews. PIA has clients for the following platforms: Windows, Mac OS X, Linux, Android, iOS and a Chrome Extension (Coming soon). Additionally, users of other operating systems can connect with other protocols including OpenVPN, SOCKS5 (unencrypted), and IPSec, among others. 11. We utilize our own bare metal servers in third-party datacenters that are operated by trusted friends and, now, business partners whom we have met and on which we have completed serious due diligence. Our servers are located in facilities including 100TB, Choopa, Leaseweb, among others. We also operate our own DNS servers on our high throughput network. These servers are private and do not log. 12. As of the beginning of 2017, We operate 3283 servers across 37 locations in 25 countries. For more information on what countries are available, please visit our network information page. Private Internet Access website EXPRESSVPN 1. ExpressVPN is an anonymous, offshore, zero-log VPN service provider. We are in the business of keeping our customers private and secure. We do not possess information that would enable us to identify a user by an IP and timestamp produced as part of an investigation. ExpressVPN IPs are shared among customers, and we don’t have the ability to match a customer to an IP address. We designed our network to maximize privacy protection for our customers. 2. Express VPN International Ltd. is a BVI (British Virgin Islands) company. The BVI is a small, independent nation in the Caribbean renowned as an offshore jurisdiction with strict privacy regulations and no data retention laws. 3. We use 3rd party website analytics tools such as Google Analytics. We use Zendesk for support tickets and Snapengage for live chat. We believe that these are secure platforms. Information about how you use the VPN itself (such as browsing history, traffic data or DNS queries) is never revealed to 3rd parties and is never logged or stored by ExpressVPN. 4. As we are a network service provider rather than a content host, there is nothing to take down. We also do not attempt to identify an ExpressVPN user in this case, report the user, or otherwise restrict service. Our customers should rest assured that their anonymity is protected. 5. VPN companies receive subpoenas and other legal requests as a matter of regular occurrence. This is one of the most significant advantages of our BVI jurisdiction. A court order would need to take place in the BVI for it to be legally valid. If we receive a request from another jurisdiction, we let them know that we don’t maintain logs that would enable us to match an IP address to an ExpressVPN user. 6. ExpressVPN allows all traffic including BitTorrent from all VPN servers and does not impose restrictions based on the type of traffic our users send. 7. ExpressVPN accepts all major credit cards including VISA, MasterCard and American Express. We also accept PayPal and a large number of local payment options. For users who want maximum privacy and don’t want to send us personally identifying payment information, we recommend bitcoin. In fact, we’ve written a complete guide to protecting your financial privacy with bitcoin. 8. In most cases we recommend (and default to) OpenVPN UDP. Our apps use a 4096-bit CA, AES-256-CBC encryption, TLSv1.2, and SHA512 signatures to authenticate our servers. 9. Yes, we call this leak protection feature “Network Lock”, and it is turned on by default. Network Lock prevents all types of traffic including IPv4, IPv6, and DNS from leaking outside of the VPN, such as when your Internet connection drops or in various additional scenarios where other VPNs might leak. 10. ExpressVPN has award-winning apps for Windows, Mac, iOS, Android, Linux, and routers. Our apps are designed to make it easy for users to choose a VPN location and get connected. They also offer much better security and privacy protection than manually configuring a VPN. With the ExpressVPN App for Routers, we make it easy to protect every device in your home using a VPN that is always connected. 11. Our VPN servers are hosted by trusted data centers with strong security practices. The data center employees do not have server credentials, and the server disks are fully encrypted to mitigate any risks from physical seizure. We run our own zero-knowledge DNS on every server (no 3rd party DNS). 12. ExpressVPN has thousands of high speed servers in 145 locations across 94 countries. See the full list here. ExpressVPN website NORDVPN 1. As stated in our terms of service, we do not monitor, record or store any VPN user logs. We do not store connection time stamps, used bandwidth, traffic logs, or IP addresses. 2. The registered company name is Tefincom co S.A., and it operates under the jurisdiction of Panama. 3. We use Google Analytics and a third-party ticket/live chat tools (Zendesk/Zopim). Google Analytics is used to improve our website and provide our users with the most relevant information. The ticket/live chat tool is used to provide the best support in the industry (available 24/7), but not tracking our users by any means. 4. We operate under Panama’s jurisdiction, where DMCA and similar orders have no legal bearing. Therefore, they do not apply to us. 5. If the order or subpoena is issued by a Panamanian court, we would have to provide the information if we had any. However, our zero-log policy means that we don’t have any information about our users’ online activity. So far, we haven’t had any such cases. 6. Yes, we allow P2P traffic. We have optimized a number of our servers specifically for file-sharing; ensuring other servers, which are meant for streaming and other purposes, have uninterrupted speeds. In any case, we do not engage in bandwidth throttling for P2P users. 7. Our customers can pay via credit card, PayPal and Bitcoin. We do store the standard billing information for refund purposes, but it can not be related to any Internet activity of a particular customer. Bitcoin is the most anonymous option, as we do not link the payment details with the user identity or other personal information. 8. NordVPN uses NGE (Next Generation Encryption) in IKEv2/IPsec. The ciphers used to generate Phase1 keys are AES-256-GCM for encryption, coupled with SHA2-384 to ensure integrity, combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie Hellmann keys. IKEv2 protocol is used by default in our OS X and iOS apps, and it can be manually setup on Windows and Android OS. We are also exploring possibilities to develop IKEv2 based apps for Android and Windows. At the moment, Windows and Android apps are using AES-256-CBC encryption with 2048-bit key. 9. Yes, we do provide both an automatic app-level kill switch and a feature for DNS leak protection. Our OS X, Windows, iOS and Android apps have IPv6 leak protection implemented. NordVPN service will not leak IPv6 address. 10. We have custom VPN applications for Windows, MacOS, Android, and iOS. All NordVPN apps are very easy to install and use, even with no previous experience with VPN services. 11. We use a hybrid model, whereby we control some of our servers but also partner with premium data centers with strong security practices. Furthermore, due to our special server configuration, no one can retain or collect any data. All servers have been set up with a zero logs policy. We do have specific requirements for network providers to ensure highest service quality for our customers. We do have our own DNS servers, and all DNS requests go through those. 12. At the moment, we have 741 servers in 58 countries. You can find the full list here. NordVPN user reviews TORGUARD 1. No logs or time stamps are kept whatsoever. TorGuard does not store any traffic logs or user session data on our network. In addition to a strict no-logging policy we run a shared IP configuration across all servers. Because there are no logs kept and multiple users share a single IP address, it is not possible to match any user with an IP and time stamp. 2. TorGuard is owned and operated by VPNetworks LLC under US jurisdiction, with our parent company VPNetworks LTD, LLC based in Nevis. 3. We use anonymized Google Analytics data to optimize our website and Sendgrid for transactional email. TorGuard’s 24/7 live chat services are provided through Livechatinc’s platform. Customer support desk requests are maintained by TorGuard’s own private ticketing system. 4. In the event a valid DMCA notice is received it is immediately processed by our abuse team. Due to our no log and no time stamp policy and shared IP network – we are unable to forward any requests to a single user. 5. If a court order is received, it is first handled by our legal team and examined for validity in our jurisdiction. Should it be deemed valid, our legal representation would be forced to further explain the nature of our network and shared IP configuration and the fact that we do not hold any identifying logs or time stamps to pinpoint any specific user. We have never been able to identify any active user from an IP and time stamp. 6. Yes, BitTorrent and all P2P traffic is allowed. By default we do not block or limit any types of traffic across our network. 7. We currently offer over 200 different payment options. This includes all forms of credit card, PayPal, Bitcoin, altcoins (e.g. Ether, litecoin + more), Alipay, UnionPay, CashU, 100+ Gift Card brands, and many other methods local payment options. No user can be linked back to a billing account because we maintain zero logs across our network. 8. For best security, we advise clients to use OpenVPN and select the cipher option AES-256-CBC, with 4096bit RSA and SHA512 HMAC. We use TLS 1.2 on all servers with perfect forward secrecy enabled. For faster speeds and “obfuscated” Stealth VPN access, we suggest using OpenConnect SSL VPN with cipher option AES-256-GCM. TorGuard offers a wide range of VPN protocols, including OpenVPN, L2TP, IPsec, SSTP, OpenConnect/AnyConnect (SSL VPN), and iKEV2 – we still offer PPTP for those of you who need it, but we don’t recommend it. 9. TorGuard’s VPN software provides strict security features by automatically disabling IPv6 and blocking any potential DNS or WebRTC leaks. We offer a full connection kill switch that safeguards your VPN traffic against accidental disconnects and can hard kill your interfaces if needed, and an application kill switch that can terminate specific apps if the VPN connection is interrupted for additional safety. All recommended security features are enabled the moment you install TorGuard to ensure by default you have max security while tunneling through our network. 10. TorGuard’s popular VPN client is available for all versions of Windows, Mac OSX, Linux, Android, and iOS. We also offer easy DDWRT and Tomato setup tools for VPN routers, and a Firefox/Chrome SSL proxy app. To stay up to date with current security threats, our VPN software is actively developed and constantly evolving. 11. We retain full physical control over all hardware and only seek partnerships with data centers who can meet our strict security criteria. All servers are deployed and managed exclusively by TorGuard staff. Because there are no logs kept on any TorGuard VPN and Proxy servers, there is no risk of data theft should a machine become seized. TorGuard VPN apps default to using internal secure no-log DNS servers that run on each VPN endpoint. We suggest this configuration for highest levels of privacy, however, clients can customize their DNS settings and choose from zero log TorGuard public DNS, Google DNS, Level3, or a customized DNS entry of their choosing. 12. TorGuard currently maintains thousands of servers in over 53 countries around the world, and we continue to expand the network every month. All customers get full access to our network. TorGuard Reviews ANONYMIZER 1. Anonymizer does not log ANY traffic that traverses our system, ever. We do not maintain any logs that would allow you to match an IP-address and time stamp to a user of our service. 2. Our company is registered as Anonymizer Inc. Anonymizer Inc. operates under U.S. jurisdiction where there are no data retention laws. 3. Anonymizer uses a ticketing system for support but does not request user verification unless it is needed specifically in support of a ticket. Anonymizer uses a bulk email service for email marketing but does not store any details on the individual email address that would connect them to being an existing customer. Anonymizer uses Google Analytics and Google AdWords to support general marketing to new customers. Both of these tools do not store identifiable information on any unique customer or any way to identify a specific individual as a user of our service. We also actively ensure no link is created from the data in either system to any specific customer following a trial or purchase of our product. 4. Since Anonymizer does not log any traffic that comes over our system, we have nothing to provide in response to DMCA requests. None of our users have ever been issued a DMCA takedown notice or the European equivalent. We’ve been around for over two decades – making us one of the oldest services out there – and we’ve never turned over information of that kind. 5. Anonymizer Inc. is required by law to respond to all valid court orders and subpoenas. Since we do not log any traffic that comes over our system, we have nothing to provide in response to requests associated with service use. If a user paid by credit card we can only confirm that they purchased access to our service. There is, and would be, no way to connect a specific user to specific traffic ever. There have been instances where we did receive valid court orders and followed the procedures above. In our 20 years of service, we have never identified details about a customer’s traffic or activities. 6. All traffic is allowed on all of our servers, so long as it complies with our EULA and Terms of Service. 7. Anonymizer Inc. uses a payment processor for our credit card payments. There is a record of the payment for the service and the billing information associated with the credit card confirming the service has been paid for. We also offer a cash payment option. Cash payment options do not store any details. 8. We would recommend OpenVPN for a user that is looking for the most secure connection. We feel it is the most reliable and stable connection protocol currently. Our OpenVPN implementation uses AES-256. We also offer L2TP/IPSEC. 9. Anonymizer’s client software does not support IPv6 connections. All customers are asked to disable IPv6 connections for the application to function. Our client software does have the option to enable a kill switch that prevents any web traffic from exiting your machine without going through the VPN. 10. We offer a custom VPN application for MacOS and Windows. Our default application log only logs fatal errors that occur within the application which prevents the application from running. 11. We own ALL of our hardware and have full physical control of our servers. No third party has access to our environment. We operate our own DNS servers. 12. We have servers in the United States and Netherlands. Anonymizer website IPREDATOR 1. No logs are retained that would allow the correlation of a user’s IP address to a VPN address. The session database does not include the origin IP address of the user. Once a connection has been terminated the session information is deleted from the session database. 2. The name of the company is PrivActually Ltd. which operates out of Cyprus. 3. We do not use any visitor tracking mechanism, not even passive ones analyzing the webserver logs. We run our own mail infrastructure and do not use 3rd party products like Gmail. Neither do we use data hogs like a ticket system to manage support requests. We stick to a simple mail system and delete old data after three months from our mail boxes. 4. The staff forwards DMCA notices to the BOFH Notices sent via paper are usually converted into energy by combustion … to power the data center in the basement where the BOFH lives. Digital SPAM^WDMCA notices are looped back into the kernel to increase the VPNs /dev/random devices entropy. 5. We evaluate the request according to the legal frameworks set forth in the jurisdictions we operate in and react accordingly. We had multiple cases where somebody tried but did not succeed to identify active users on the system. 6. Besides filtering SMTP on port 25 we do not impose any restrictions on protocols our users can use on the VPN, quite the contrary. We believe our role is to provide a net-neutral internet access. Every user is free to share his/her/its files. We are conservative people and firmly believe in the heritage of our society, which was built upon the free exchange of cultural knowledge. This new age patent system, and the idea that we need companies who milk creators are simply alien to us. 7. We offer PayPal, Bitcoins, Payza, and Payson fully integrated. OkPay, Transferwise, WU, PerfectMoney, Webmoney, Amazon Giftcards, Cash and Credit Cards on request. An internal transaction ID is used to line payments to their payment processors. We do not store any other data about payments associated with the user’s account. 8. We provide up to date config files and enforce TLS1.2 for the control channel on all supported systems. For further protection, we provide detailed setup instructions for our users. Besides the public and VPN internal DNS servers we also support DNSCrypt as a means to encrypt DNS requests. Howto’s for kill switches are available as well. We do not enforce a particular client. 9. Users can connect to a dual stack VPN pool that provides IPv4 as well as IPv6 connectivity. Unfortunately enabling IPv6 for all clients still breaks quite a few setups. Hopefully broader adoption of the OpenVPN 2.4 branch will allow us to work properly. Users can use this page to check for a number of leaks. Kill switches that provide protection from connection drops are part of the client installation. There is not much we can do against that on the server side. If the user’s client of choice has built-in support for kill switches, he/she can just use that. If people use the vanilla OpenVPN client, the up/down script hooks provide everything needed to handle custom configs to terminate applications when the VPN connection drops. DNS and IPv6 leaks are just two issues among many that users face in their quest for online privacy. Most privacy issues cannot be easily fixed by the VPN provider itself, but require knowledge and diligence of the users themselves. We therefore ask our users to go through our interactive checklist to improve their online piracy. 10. No, we do not offer a custom VPN application to our users. Users are free to choose which client they want to use. We think that giving users a closed source client is against our core principles. 11. We own our complete setup, network, and data center with everything in it – no 3rd parties are allowed access. We do not trust in 3rd parties operating our core infrastructure. There are dedicated DNS servers that are given to clients for resolving DNS queries from within the VPN. Furthermore, we encourage users to use DNScrypt or similar technologies. Ideally splitting their DNS queries over multiple DNScrypt instances and running a local resolver to minimize DNS requests in the first place. 12. They are in Sweden due to the laws that allow us to run our service in a privacy-protecting manner. In times where basically everyone in the VPN market is advertising with servers in a gazillion countries, this might seem like a disadvantage. We see this very differently. The core for any privacy service is trust in the integrity of the underlying infrastructure. Everything else has to build upon that. There is no way we could run such a tight ship and controlled environment with servers all over the world, and we will not compromise on the quality of our setup. Ipredator website SLICKVPN 1. SlickVPN does not log any traffic nor session data of any kind. 2. Slick Networks, Inc. is our recognized corporate name. We operate a complex business structure with multiple layers of Offshore Holding Companies, Subsidiary Holding Companies, and finally some Operating Companies to help protect our interests. The main marketing entity for our business is based in the United States of America and an operational entity is based out of Nevis. 3. We utilize third party email systems to contact clients who opt in for our newsletters and Google Analytics for basic website traffic monitoring and troubleshooting. 4. If a valid DMCA complaint is received while the offending connection is still active, we stop the session and notify the active user of that session. Otherwise, we are unable to act on any complaint as we have no way of tracking down the user. It is important to note that we ALMOST NEVER receive a VALID DMCA complaint while a user is still in an active session. 5. This has never happened in the history of our company. Our customer’s privacy is of top most importance to us. We are required to comply with all valid court orders. We would proceed with the court order with complete transparency, but we have no data to provide any court in any jurisdiction. We would not rule out relocating our businesses to a new jurisdiction if required. 6. Yes, all traffic is allowed. 7. We accept PayPal, Credit Cards, Bitcoin, Cash, and Money Orders. We keep user authentication and billing information on independent platforms. One platform is operated out of the United States of America and the other platform is operated out of Nevis. We offer the ability for the customer to permanently delete their payment information from our servers at any point. All customer data is automatically removed from our records shortly after the customer ceases being a paying member. 8. We recommend using OpenVPN if at all possible (available for Windows, Apple, Linux, iOS, Android) and it uses the AES-256-CBC algorithm for encryption. 9. Our Windows and Mac client disable IPv6 as part of our IP and DNS leak protection. Our IP leak protection proactively keeps your IPv4 and IPv6 traffic from leaking to untrusted networks. Your network will be disabled if you lose the connection to our servers and the only way to restore the network is manual intervention by the user. 10. Yes. Our users are provided with a custom client, designed by our in-house engineers. Currently, the client works with Windows and Mac products. Our client does NOT store logs on customer computers by default. We also provide guides for every other platform. 11. We run a mix. We physically control some of our server locations where we have a heavier load. Other locations are hosted with third parties unless there is enough demand in that location to justify racking our own server setup. To ensure redundancy, we host with multiple providers in each location. We have server locations in over forty countries. In all cases, our network nodes load over our encrypted network stack and run from ramdisk. Anyone taking control of the server would have no usable data on the disk. We run an algorithm to randomly reboot each server on a regular basis so we can clear the ramdisk. DNS is assigned by the server when a user logs in. 12. At SlickVPN we actually go through the expense of putting a physical server in each country that we list. SlickVPN offers service in 40 countries around the world SlickVPN reviews MULLVAD 1. No. 2. Amagicom AB, Sweden. 3. We have no external elements at all on our website. We do use external email and encourage people who send us email to use PGP encryption, which is the only effective way to keep email somewhat private. The decrypted content is only available to us. 4. There is no such Swedish law that applies to us. 5. We get requests from governments from time to time. They never get any information about our users. We make sure not to store sensitive information that can be tied to publicly available information so that we have nothing to give out. We believe it is not possible in Swedish law to construct a court order that would compel us to actually give out information about our users. Not that we would anyway. We started this service for political reasons and would rather discontinue it than having it work against its purpose. 6. We do not block or throttle BitTorrent or other file-sharing protocols. All traffic is treated equally. 7. We explain that in more detail here, but we offer Bank Wire, Swish, PayPal (CreditCards), Bitcoin and cash. Cash and Bitcoin are the most anonymous. We run our own full Bitcoin node and don’t use third parties for any step in the bitcoin payment process, from the generation of QR codes to adding time to accounts. 8. OpenVPN, AES256, handshake encryption RSA-2048. 9. We offer the option to tunnel or not tunnel IPv6 (if not – IPv6 is blocked), and the kill-switch and DNS leak protection works the same for IPv6 as IPv4. There is both a kill switch in our client and a SOCK5 proxy that is only accessible via our VPN (i.e. if you set your browser to use it, the browser will not work if the VPN is down). 10. Yes: Windows, Mac, Linux 11. We have physical control at four sites. Three in Sweden and one in Amsterdam (I.e. all servers in Sweden and Amsterdam). The rest is hosted by carefully selected providers. Yes, we use our own DNS servers. 12. Australia, Austria, Belgium, Bulgaria, Canada, Czech Rep., Denmark, Germany, Lithuania, Israel, Italy, Netherlands, Norway, Romania, Singapore, Spain, Sweden, Switzerland, UK, USA An up to date list is available here. Mullvad website BLACKVPN 1. No. We purge all this information when the user disconnects from the VPN. 2. The name of the company is BLACKVPN LIMITED and is registered in Hong Kong and operates under the jurisdiction of Hong Kong. 3. We run our own email server plus support and live chat systems using open source tools. We use StreamSend for sending generic welcome and renewal reminder emails, as well as for the occasional news updates. We have Twitter widgets on our frontpage that may track visitors. We use Google Analytics as well as our own website analytics (Piwik). 4. We block the port on the server listed in the notice. 5. If we received a valid court order from a Hong Kong court, then we would be legally obliged to obey it. So far this has never happened. 6. Bittorrent traffic is not restricted in our Privacy VPN locations, but due to stricter enforcement of DMA notices in the USA and UK we restrict most BitTorrent traffic and only whitelist torrents of open source software. 7. PayPal, Bitcoin and PaymentWall (for Credit Cards and Bank Transfers). The transaction details (ID, time, amount, etc) are linked to each user account. 8. We recommend to use OpenVPN 2.4 and we support the new GCM cipher mode (AES-256-GCM) together with 4096 bit RSA and Diffie Hellman keys. With OpenVPN, we also enforce DHE/ECDHE enabled cipher suites and key exchange is done with Diffie-Hellman, providing forward secrecy. 9. For OpenVPN, we stop IPv6 leaks with the OpenVPN config, and we also disable and blackhole all IPv6 traffic server side. The open source OpenVPN client has DNS leak prevention built in and in most cases will not leak data during reconnections. Our upcoming custom VPN app will be able to provide 100% IPV6 and DNS leak protection client side and will also have a “kill switch”. 10. We have a custom open source Android app and we are working on custom Windows/MacOS app aswell. For the moment we build pre-configured versions of the open source OpenVPN clients for Windows and MacOS. 11. We use dedicated servers which are hosted in 3rd party data centers, but they do not have access to login or manage the server. We run our own DNS servers which do not save any logs. 12. USA, UK, Australia, Brazil, Canada, Czech Republic, Estonia, France, Germany, Japan, Lithuania, Luxembourg, Netherlands, Norway, Romania, Russia, Spain, Switzerland and Ukraine. BlackVPN website VPNAREA 1. We do not keep or record any logs. We’re therefore not able to match an IP-address and a time stamp to a user of our service. We also do not keep or record any usage logs. 2. The registered name of our company is “Offshore Security EOOD” (spelled “ОФШОР СЕКЮРИТИ ЕООД” in Bulgarian). We’re a VAT registered business. We operate under the jurisdiction of Bulgaria. 3. The only external tool we use is Zopim LiveChat. Our email system is hosted on our own servers in Switzerland. We use Email and OsTickets for support which are hosted on our own servers in Switzerland. We also offer Skype as a support option. 4. DMCA notices are not forwarded to our members as we’re unable to identify a responsible user due to not having any logs. We would reply to the DMCA notices explaining that we do not host or hold any copyrighted content ourselves and we’re not able to identify or penalize a user of our service. 5. This has not happened yet. Shall it happen our attorney will examine the validity of the court order in accordance with our jurisdiction, we will then delegate our no logs policy to the appropriate party pointing out that we’re not able to match a user to an IP or timestamp due to not keeping or recording any logs. 6. BitTorrent/P2P is allowed on most of our servers but not all of them. Why not? Some servers that we use are not tolerant to DMCA notices, but some of our members utilize them for other activities not related to Torrenting. That is why we keep them in our network despite the inability to use P2P/torrents on them. Most of our VPN servers and locations do allow torrents and P2P. 7. We accept PayPal, Credit/Debit cards and Webmoney via 3rd party payment processor, Bitcoin, Payza. We do not require personal details to register an account with us. In the case of Bitcoin payments, we do not link users to transactions. In the case of PayPal/Payza/Card payments we link usernames to their transactions so we can process a refund. We do not have recurring payments system. 8. We use AES-256-CBC + RSA2048 + SHA256 cipher on all our VPN servers without exception. We also have Double VPN servers, where for example the traffic goes through Russia and Israel before reaching the final destination. 9. In both our Windows and Mac software we have the optional setting to disable IPv6 connectivity on the computer to prevent IPv6 leaks. We have DNS leak protection as an optional setting in our Windows, Mac and Android apps. We have Killswitch in our Windows and Mac software. 10. We do have custom VPN applications for Windows, Mac, Android. We’ve custom app for iOS too, which servers as a helper tool for “OpenVPN Connect”. 11. We work with reliable and established data centers. Nobody but us has virtual access to our servers. The entire logs directories are wiped out and disabled, rendering possible physical brute force access to the servers useless in terms of identifying users. 12. We currently have servers in 65 countries. VPNArea website IPVANISH 1. IPVanish is a no log VPN. 2. Mudhook Marketing, Inc. The State of Florida 3. We use basic inbound marketing tools like Google Analytics, but we do not track or store personally identifiable information (PII) from these tools. We also do not track the browsing activities of users who are logged into our VPN service. 4. We do not store, host, stream or provide any content, media, images or files that would be subject to a properly formed takedown notice. 5. First, any request has to be a valid and lawful request before we will even acknowledge the request. If the request is for user data or identification of a subscriber based on an IP address, we inform the agency making the request that we do not keep any logs and we operate in a Jurisdiction that does not require mandatory data retention. Sometimes, legal agencies or authorities may not be happy with this response. We politely remind them that IPVanish operates within the letter of the law and is a valid and needed service to protect the privacy of its subscribers. 6. Yes, BitTorrent and other file-sharing traffic is allowed. 7. Bitcoin, PayPal, and all major credit cards are accepted. Payments and service use are in no way linked. 8. We recommend OpenVPN with 256 bit AES as the most secure VPN connection and encryption algorithm. 9. IPVanish has a Kill Switch feature that terminates all network traffic to prevent any DNS leaks in the event your VPN connection drops. We also have a user-enabled option that automatically changes your IP address randomly at selected time intervals. We currently do not support IPv6. This will be rolled in with an upcoming update. All traffic is forced over IPv4 to prevent IP leaks. 10. We offer a custom VPN application for iOS, Android, Windows, and Mac. IPVanish is also configurable with DD-WRT and Tomato routers (pre-configured routers available), gaming consoles, Ubuntu and Chromebook. 11. We own and have physical control over our entire operational infrastructure, including the servers. Unlike other VPN services, we actually own and operate a global IP network backbone optimized for VPN delivery which insures the fastest speeds of any VPN provider. 12. We have servers in over 60 countries including the US, Australia, United Kingdom, Canada and more. You can view the complete list on our VPN servers page. IPVanish website IVPN 1. No, not doing so is fundamental to any privacy service regardless of the security or policies implemented to protect the log data. In addition, it is not within our interest to do so as it would increase our liability and is not required by the laws of any jurisdiction that IVPN operates in. 2. Privatus Limited, Gibraltar. 3. No. We made a strategic decision from day one that no company or customer data would ever be stored on 3rd party systems. Our customer support software, email, web analytics (Piwik), issue tracker, monitoring servers, code repos, configuration management servers etc all run on our own dedicated servers that we setup, configure and manage. No 3rd parties have access to our servers or data. 4. Our legal department sends a reply stating that we do not store content on our servers and that our VPN servers act only as a conduit for data. In addition, we inform them that we never store the IP addresses of customers connected to our network nor are we legally required to do so. 5. Firstly, this has never happened. However, if asked to identify a customer based on a timestamp and/or IP address then we would reply factually that we do not store this information, so we are unable to provide it. If they provide us with an email address and we are asked for the customer’s identity, then we would reply that we do not store any personal data. If the company is served with a valid court order that did not breach the Data Protection Act 2004, we could only confirm that an email address was or was not associated with an active account at the time in question. 6. Yes, all file sharing traffic is permitted and treated equally on all servers. We do encourage customers to use non-USA based exit servers for P2P as any company receiving a large number of DMCA notices is exposing themselves to legal action and our upstream providers have threatened to disconnect our servers in the past. 7. We accept Bitcoin, Cash, PayPal and credit cards. When using cash, there is no link to a user account within our system. When using Bitcoin, we store the Bitcoin transaction ID in our system. If you wish to remain anonymous to IVPN you should take the necessary precautions when purchasing Bitcoin. When paying with PayPal or a credit card a token is stored that is used to process recurring payments. This information is deleted immediately when an account is terminated. 8. We provide RSA-4096 / AES-256 with OpenVPN, which we believe is more than secure enough for our customers’ needs. If you are the target of a state level adversary or other such well-funded body you should be far more concerned with increasing your general opsec (e.g. $5 wrench – https://xkcd.com/538/) than worrying about 2048 vs 4096 bit keys. 9. This is a huge problem for most VPN providers as shown by the comprehensive tests undertaken at VPNtesting.info (IVPN sponsored this project). The IVPN client offers an advanced VPN firewall that blocks every type of IP leak possible including IPv6, DNS, network failures, WebRTC STUN etc.). It is impossible to any data to leak if a connection drops as the firewall will not deactivate until explicitly instructed to do so. It also has an ‘always on’ mode that will be activated on boot before any process on the computer starts to ensure than no packets are ever able to leak outside of the VPN tunnel, regardless of the connection state of the VPN. 10. Yes, we offer a custom OpenVPN client for Windows and MacOS which includes our advanced VPN firewall that blocks every type of possible IP leak. We have also recently released an iOS app and plan to release an Android version later this year. 11. We use bare metal dedicated servers leased from 3rd party data centers in each country where we have a presence. We install each server using our own custom images and employ full disk encryption to ensure that if a server is ever seized the data is worthless. We also operate an exclusive multi-hop network allowing customers to choose an entry and exit server in different jurisdictions which would make the task of legally gaining access to servers at the same time significantly more difficult. We run our own network of log free DNS servers that are only accessible to our customers. 12. A full list is available here. IVPN website LIQUIDVPN 1. No we do not store any logs that could be used to match an IP address and timestamp back to a LiquidVPN user. 2. LiquidVPN INC. Cheyenne, Wyoming 3. We use Google Analytics on our front end web site. Everything else is self-hosted. 4. If the data center requires us to answer DMCA complaints, then we let them know that these files are not hosted locally and that because we do not keep logs on user activity it is impossible for us to investigate the DMCA complaint further. 5. No we have not received any court orders. We would have to explain to law enforcement that the only way we could provide information about a user on our network was if they were able to provide us with enough information to identify the user in our system. Basically they would need to provide billing information or the users registered email address. If they were able to provide this information we would be required to hand over the user’s email address, registered first name and transactional information. There is no other way to identify a user on our system. We would publish any correspondence from law enforcement to our transparency section on the website and if we were not allowed to do that we would stop updating our Warrant Canary. 6. All file sharing traffic is allowed and given equal priority on any server within our network. 7. For anonymity, we recommend bitcoin which requires a first name and email address only. We accept PayPal which requires a first name and email address. Finally, when a user pays via credit card their address, first name and email address is required. 8. I would recommend users connect to any of our OpenVPN servers because they use 256 Bit AES / Camellia, 4096 Bit RSA keys, they use TLS-DHE-RSA-AES-256-CBC-SHA, SHA2 HMAC digest (SHA512) if they want added privacy we would recommend using IP Modulation which randomly modifies the source public IP address per packet on all of a user’s traffic. 9. IPv6 support is on the roadmap for this year. Until its fully supported IPv6 leaks are blocked via our client. We do provide DNS leak protection and a full on VPN firewall that goes well beyond the protection from a standard VPN killswitch. 10. Our custom applications work for Windows, Mac and Android. 11. All of our VPN servers are bare metal servers that we control. Our servers are not accessible by anyone except us. We do provide private DNS servers and SmartDNS for free. Users can access USA and UK content from any server on our network. 12. We have servers in 17 data centers and 11 countries in North America, Europe and Asia. LiquidVPN website SMARTVPN 1. We don’t have enough space on our servers PoPs to keep logs (True story). 2. The company name is Anonymous SARL and operates under the jurisdiction of the Kingdom of Morocco. 3. We use Google Analytics and Tawk live support. 4. What about ignoring them? Since there is nothing to takedown. 5. This has never happened before, but we won’t be able to cater to their demand as we can’t identify that user within our system. 6. BitTorrent and other P2P protocols are allowed on all our servers. 7. We use BitPay (BitCoins) and PayPal 8. We recommend OpenVPN for Desktop and IKEv2 for Mobile devices. For encryption we use the AES-256-CBC algorithm. DNS leak protection is already enabled however “kill switches” will be available soon. 9. We don’t provide IPv6 support as of now. 10. We provide a custom VPN application for Mac and Windows-based on OpenVPN, and Mobile apps (Android and iOS) based on IKEv2. 11. We have a mix. Physical control over most of our infrastructure and some exotic locations are hosted by 3rd party partners. 12. A full list is available here. SmartVPN website PRIVATEVPN 1. We do not keep ANY logs that allow us or a third party to match an IP address and a time stamp to a user of our service. We highly value the privacy of our customers. 2. Privat Kommunikation Sverige AB and we operate under Swedish jurisdiction. 3. We use a service from Provide Support (ToS) for live support. They do not hold any information about the chat session. From Provide support: Chat conversation transcripts are not stored on Provide Support chat servers. They remain on the chat server for the duration of the chat session, then optionally sent by email according to the user account settings, and then destroyed. We’re also using Google Analytics and Statcounter for collecting static of how many visitors we have, popular pages and conversion of all ads. This data is used for optimization of the website and advertising. 4. We’ll say that we don’t store any logs of our customers’ activity. Privacy and anonymity of our customers are something we really value and due to our non-logging policy, DMCA notices will be ignored. 5. Due to our policy of NOT keeping any logs, there is nothing to provide about users of our service. To clarify, we do not log or have any data on our customer’s activities. We have never received any court order. 6. Yes, we allow Torrent traffic on all servers. All traffic is treated equally and we do not, under any circumstances, throttle our traffic. We buy high-capacity internet traffic so we can meet the demands. On some locations, we use Tier1 IP transit providers for best speed and routing to other peers. 7. PayPal, Stripe and Bitcoin. Every payment has an order number, which is always linked to a user. Otherwise, we would not know who has made a payment. To be clear, no one can link a payment to an IP address you get from our service or online user activity. 8. OpenVPN TUN with AES-256. On top is a 2048-bit DH key 9. For our Windows VPN client, we have a feature called “Connection guard”, which will close a selected program(s) if the connection drops. We have no tools yet for DNS leaks but the best way, which is always 100%, is to change the local DNS on the device to DNS servers we provide. Right now, our developers are working on a new feature that will protect from DNS leaks and a new version of the kill switch. Protection against IPv6 leaks will also be implemented in new VPN application. 10. Yes, we’re offering our own customized VPN application for Windows, iOS (iPhone/iPad), Android and MacOS(OS X) with features that help to protect our customers. 11. We have physical control over our servers and network in Sweden. We’re only using trusted data centers with strong security. Our providers have no access to PrivateVPN’s servers and most importantly, there are no customer data/activities stored on the VPN servers or on any other system we have. 12. See here and here. PrivateVPN website CRYPTOSTORM 1. Nope, no logs. We use OpenVPN with logs set to /dev/null, and we’ve even gone the extra mile by preventing client IPs from appearing in the temporary “status” logs using our patch available at https://cryptostorm.is/noip.diff. 2. We’re a decentralized project, with intentional separation of loosely-integrated project components. We own no intellectual property, patents, trademarks, or other such things that would require a corporate entity in which ownership could be enforced by the implied threat of State-backed violence; all our code is published and licensed opensource. 3. No, we don’t use any external visitor tracking or email providers. 4. Our choice is to reply to any such messages that are not obviously generated by automated (and quite likely illegal) spambots. In our replies, we ask for sufficient forensic data to ascertain whether the allegation has enough merit to warrant any further consideration. We have yet to receive such forensic data in response to such queries, despite many hundreds of such replies over the years. 5. See above. We have never received any valid court orders requesting the identity of a user, but if we ever did receive such a request, it would be impossible for us to comply as we keep no such information. 6. Yes, all traffic is allowed. 7. We accept PayPal and payments using Stripe (includes Bitcoin), although we will manually process any other altcoin if a customer wishes. We don’t have financial information connected in any way to the real-life identity of our network members; our token-based authentication system removes this systemic connection, and thus obviates any temptation to “squeeze” us for private data about network membership. We quite simply know nothing about anyone using our network, save for the fact that they have a non-expired (SHA512 hash of a) token when they connect. Also, we now process Stripe orders instantly in-browser. 8. We only support one cipher suite on-net. Offering “musical chairs” style cipher suite roulette is bad opsec, bad cryptography, and bad administrative practice. There is no need to support deprecated, weak, or known-broken suites in these network security models; unlike browser-based https/tls, there are no legacy client-side software suites that must be supported. As such, any excuse for deploying weak cipher suites is untenable. Everyone on Cryptostorm receives equal and full security attention, including those using our free/capped service “Cryptofree.” There are no “kill switch” tools available today that actually work. We have tested them, and until we have developed tools that pass intensive forensic scrutiny at the NIC level, we will not claim to have such. Several in-house projects are in the works, but none are ready yet for public testing. We take standard steps to encourage client-side computing environments to route DNS queries through our sessions when connected. However, we cannot control things such as router-based DNS queries, Teredo-based queries that slip out via IPv6, or unscrupulous application-layer queries to DNS resolvers that, while sent in-tunnel, nevertheless may be using arbitrary resolver addressing. Our Windows client attempts to prevent some of this, but it’s currently impossible to do so completely. We are saddened to see others who claim they have such “magical” tools; getting a “pass” from a handful of “DNS leak” websites is not the same as protecting all DNS query traffic. Those who fail to understand that are in need of remedial work on network architecture. As we run our own mesh-based system of DNS resolvers, “deepDNS”, we have full and arbitrary control over all levels of DNS resolution presentation to third parties. 9. We only handle IPv4 connections, we are currently looking into IPv6, but that’s work in progress. Our widget prevents against IPv6 leaks, and we advise our customers on how to prevent leaks on other platforms. 10. We offer an open source application written in Perl (dubbed the “CS widget”), source code available at GitHub. Currently only for Windows, but we are working on porting it to Linux. The application is essentially an OpenVPN GUI with some tweaks here and there to prevent different types of leaks (DNS, IPv6, etc.) and to make connecting as easy as possible. Output from the back end OpenVPN process is shown in the GUI. When you exit the program, that data is forgotten. 11. We deploy nodes in commodity data centers that are themselves stripped of all customer data and thus disposable in the face of any potential attacks that may compromise integrity. We have in the past taken down such nodes based on an alert from onboard systems and offsite, independently maintained remote logs that confirmed a violation was taking place. It is important to note that such events do not explicitly require us to have physical control of the machine in question: we push nameserver updates, via our HAF (Hostname Assignment Framework) out via redundant, parallel channels to all connected members and by doing so we can take down any node on the network within less than 10 minutes of initial commit. We have constructed a mesh-topology system of redundant, self-administered secure DNS resolvers which has been collected under the label of “deepDNS”. deepDNS is a full in-house mechanism that prevents any DNS related metadata from being tied to any particular customer. It also allows us to provide other useful features such as transparent .onion, .i2p, .p2p, etc. access. There is also DNSCrypt support on all deepDNS servers to help protect pre-connect DNS queries. 12. Our server list is available here. CryptoStorm website BOLEHVPN 1. We do not keep any logs on our VPN servers that would allow us to do this. 2. BV Internet Services Limited, Seychelles 3. We use Zendesk to deal with support queries and do track referrals from affiliates. We however provide the option to send us PGP encrypted messages via e-mail and also Zendesk. We also do not use Cloudflare. We also have an opt-in only education/blog list that uses Hubspot. For announcements we use our own e-mail system. 4. We generally find providers that are friendly towards such DMCA notices or where it cannot be avoided, we just keep them as Surfing/Streaming servers with P2P disabled. These servers are more for geo-location or general purpose surfing rather than P2P. We at no times give out customer information to handle this. 5. There has been a German police request for certain information in relation to a blackmail incident. Despite it appearing legitimate, we could not assist as we did not have any user logs. We maintain a warrant canary at https://www.bolehvpn.net/canary.txt which we do update once a month or when there is a request for information (even if we have not complied with it). 6. Most servers support P2P except those marked as Surfing-Streaming which are with providers with strict DMCA requirements. All other servers support P2P and are not treated differently from any other traffic. 7. Paypal, Paymentwall, Coinpayments, Paydollar, MolPay and we also accept direct Bitcoin/Dash payments. 8. We recommend OpenVPN and our cloak servers that use AES-256 bit encryption and a XOR patch that obfuscates your traffic as being VPN traffic. 9. We provide IPv6 leakage protection. 10. We have a custom application for Windows and Mac and also a slightly modified version for Android. 11. They are bare metal boxes hosted in various providers. We do use our own DNS servers. 12. Canada, France, Germany, Italy, Japan, Luxembourg, Malaysia, Netherlands, Singapore, Sweden, Switzerland, United Kingdom and USA. BolehVPN website AZIREVPN 1. No, we don’t. 2. The registered name is Netbouncer AB, operating under Swedish jurisdiction. 3. No, we refuse to use 3rd party software. E-mail, ticket system and other services are hosted in-house on open-source software. 4. We politely inform the sender party that we cannot help them since it is not possible for us to identify the user. 5. This has not happened yet, but in the case a valid court order would be issued, we will inform the other party that is it not possible to identify an active user of our service. 6. Yes, all protocols are allowed. 7. We accept payments through Bitcoin (Bitpay), Paypal, Credit Cards and Swish. 8. We recommend our users to use our default configuration we supply with OpenVPN 2.4: – AES-256-GCM data-channel – TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS – HMAC-SHA512 authentication – 4096 bit key size using a Diffie-Hellman key exchange – 2048 bit TLS additional auth key – 2048 bit TLS additional crypt key 9. We assign IPv6 addresses on all our locations, overriding the local IPv6 assigned to the client. Currently we provide guides to prevent DNS leaks and also for kill switches on some operating systems. Our new client will soon get integrated kill switch, and DNS leak prevention is already in place for some platforms. 10. Yes, we do offer a custom VPN application for all desktop platforms (Windows, MacOS and Linux), with source-code released on Github. 11. Yes, we own our hardware, co-located in dedicated racks on different data centers around the globe. We do host our own DNS servers. One thing that is very important for us is the hardware installation on new locations – we always bring the hardware there on our own, to make sure that it is being installed as per our own guidelines and no kind of foul play by another party can take place. Next step is the start video documenting the process for each new location for full transparency. 12. As of now; Sweden, US, United Kingdom and Spain. With Canada, Moldova and more US locations during 2017’s roadmap. AzireVPN website[/expand] VPNBARON 1. No, we don’t! No traffic logs are recorded. We monitor only the number of simultaneous user connections on our network as a whole, and do not link the user to a particular server. This helps us avoid infinite simultaneous connections from a single user. 2. Our registered legal name is Hexville SRL. We’re under Romanian jurisdiction, inside of the European Union. EU takes privacy issues more seriously than the US, as many already know. 3. For our sales site analytics, we rely on Google Analytics. Other than that, all our systems and support tools belong to us and are hosted in-house. 4. None of our users ever received a DMCA notice while connected to our service, being unable to detect the source user, due to our no traffic logging policy. On our end, we have an internal procedure of dealing with the DMCA claim that goes unnoticed by our users and of the users’ privacy is not affected. 5. No subpoena has been received by our company. If it will happen, we’ll be sure to assist as much as we’re legally obliged. Keep in mind that we don’t have any information stored about our users, except their login credentials. 6. Yes, it is allowed. We don’t restrict traffic in any way. Net neutrality is king. 7. We use Bitcoins (and many other kinds of virtual currencies), PayPal and Credit Cards. The lack of traffic logs does not allow any linkage between the individual accounts. 8. We take security very seriously at VPNBaron. We use only OpenVPN protocol, one of the most secure and hard to crack protocols, with AES-256-CBC cipher, TLSv1/SSLv3 DHE-RSA-AES512-SHA, 2048 bit RSA. On top of the OpenVPN, you can also choose one of the two anti DPI (Deep Package Inspection) protocols: “TOR’s OBFSPROXY Scamblesuit” and “SSL” that mask your VPN connection from your ISP. These protocols come handy in places that actively block VPN connections, like China, Egypt or university campuses. 9. There is no difference in user experience regardless of the users’ IP type. Using the OpenVPN protocol, we do not have IPv6 leaks as these issues have been addressed in the latest OpenVPN versions. The same goes for DNS Leaks. OpenVPN has added a setting that deals with DNS leaks. On top of that, we also provide another DNS Leak protection system that we developed before the protocol was updated and a killswitch feature that disables the network card if there is any risk of the users’ privacy being breached, temporarily disconnected the device from the internet. These settings can be activated or deactivated as the user wishes. 10. We offer a light and easy to use app for windows. For the other platforms we offer automation scripts and visual guides that get the user up and running in no time, regardless of the users’ tech savviness. 11. Our VPN servers have minimal data and do not store any private information. We do not have physical control of the servers, but we have unlimited access. This allows us to offer locations from all over the world. 12. We offer more than 30 servers in 18 countries and we’re expanding fast. You can find the full list here. VPNBaron website ACEVPN 1. We do not log, period. We respect our users’ privacy. IPs are shared amongst users and our configuration makes it extremely difficult to single out any user. 2. We are registered in the USA and operate as Acevpn.com and the name of the company is Securenet. 3. We use Google Analytics on www.acevpn.com (marketing site). For emails, we use Google cloud and these are regularly purged. 4. We block the port mentioned in the complaint. IPs are shared by other users and our configuration makes it extremely difficult to single out any user. We do not share or sell any information to 3rd parties. 5. To date, we have not received a court order or subpoena. Our users cannot be identified based on IP address. 6. We have special servers for P2P and are in data centers that allow such traffic. These servers also have additional security to protect privacy when P2P programs are running. 7. We accept Bitcoin, PayPal, and Credit cards for payments. We store billing information on a secure server separate from VPN servers. 8. For higher security needs we suggest using our IPSEC IKEv2 VPN or our OpenVPN with Elliptic Curve Encryption which we are rolling out as we speak. Both these protocols use next gen cryptographic algorithms and AES 256 bit data encryption suitable for top secret communication. Read about our IKEv2 implementation. 9. We provide kill switches if a connection drops. Our servers are tested for DNS leaks. Our service is currently IPv4 only, so no ipv6 leaks. 10. We use an unmodified OpenVPN client that is signed by the developers. Our users are encouraged to use a VPN client of their choice. We do not offer custom applications at this time. 11. We have full control over our servers. Servers are housed in reputed data centers. Many of them are ISO certified and are designed to the highest specifications for performance, reliability, and security. We operate our own DNS servers (Smart DNS) for streaming videos. For VPN, we use Google and Level3 DNS. 12. We have servers in 26+ countries and over 50+ locations. AceVPN website OCTANEVPN 1. No. Our gateway servers operate out of an encrypted RAM Disk volume that loads remotely on boot. When they are powered down, the RAM Disk is lost. 2. We operate as two separate companies. Octane Networks is a US registered company and handles customer-facing communications. The infrastructure company is a Nevis-based company and manages all the network infrastructure. 3. We use Google Analytics for general website trends. We use Hotjar occasionally for A/B and user experience testing. Support is internal. 4. If we receive a DMCA notice or its equivalent based on activity that occurred in the past, we respond that we do not host any content and have no logs. If we receive a realtime DMCA notice where the customer VPN session is still active when the DMCA notice is processed, we notify the customer if we have sufficient information to do so. No customer data is used to respond to DMCA notices. 5. This has not happened. Our customers’ privacy is a top priority for us. We would handle a court order with complete transparency. A court order would likely be based on an issue traced to a gateway server IP address and would, therefore, be received by our network operations company which is Nevis based. The validity of court orders from other countries would be difficult to enforce. The network company has no customer data and no log data, so if it were compelled to respond to a court order, our response would likely lack the type of information requested. Our marketing company is US-based and would respond to an order issued by a court of competent jurisdiction. The marketing company does not have access to any data related to network operations or user activity, so there is not much information that a court order could reveal. 6. P2P is allowed. We operate with net neutrality with the exception of restricting outgoing SMTP to prevent spammers from abusing the service. 7. Bitcoin, Credit/Debit Card, and PayPal. If complete payment anonymity is desired, we suggest using Bitcoin or a gift/disposable credit card. Methods such as PayPal or Credit/Debit card are connected to an account token so that future renewal payments can be properly processed and credited. We allow customers to edit their account information. With our US/Nevis operating structure, customer payment systems information is separate from network operations. 8. We recommend using the AES-256-CBC cipher with OpenVPN, which is used with our client. IPSec is available for native Apple device support and PPTP is offered for other legacy devices, but OpenVPN offers the best security and speed and is our recommended protocol 9. Our client disables IPv6 completely as part of our DNS and IP leak protection in our Windows and Mac OS X OctaneVPN clients. Our OpenVPN based client’s IP leak protection works by removing all routes except the VPN route from the device when the client has an active VPN connection. This a better option than a ‘kill switch’ because our client ensures the VPN is active before it allows any data to leave the device, whereas a ‘kill switch’ typically monitors the connection periodically, and, if it detects a drop in the VPN connection, reacts. With a ‘kill switch’, data sent during the time between checks is potentially vulnerable to a dropped connection. Our system is proactive vs a reactive kill switch. Customers should be vigilant as other software such as JavaScript, Flash, Java and WebRTC can leak IP independently of their VPN connection. Customers might want to consider creating a profile in their web browser specifically tailored toward web browsing privacy by disabling 3rd party plugins/extensions. 10. Yes, for Windows and Mac OS X. We support a number of protocols and software configurations. 11. In our more active gateway locations, we colocate. In locations with lower utilization, we normally host. All of our network infrastructure is set up so that each gateway boots, creates an encrypted RAM Disk, and authenticates with a central server before loading its configuration over our encrypted network remotely. The individual gateways only have a boot script – no data or config information is on the individual gateways. If we lost access to a gateway due to a third party action, the encrypted RAM Disk would vanish upon powering down. 12. We have gateways in 45 countries and 92 cities. OctaneVPN website PROXPN 1. We do not log any information about IP usage, in fact in most locations we NAT everything so it is not even possible to be able identify a requester and a user account and a source IP. 2. proXPN B.V. out of the Netherlands 3. We utilize a tracking cookie for affiliate sales that expires in 30 days. We use SendGrid for email which sends out the welcome and support emails, but email information is never shared with another 3rd party. 4. We respond and have internal processes that deal with these requests that do not include or disclose any customer information. 5. We keep no record of how users are mapped to IPs so we have nothing to give. 6. We don’t block, filter or throttle any BitTorrent or file-sharing traffic. 7. Visa, MasterCard, American Express, PayPal and Bitcoin. 8. We currently support IP SEC, OpenVPN and PPTP. IP SEC tends to be the fastest and most reliable, however as it is UDP some locations may restrict access. Open VPN over TCP is also reliable but slower than Open VPN over UDP. 9. We provide DNS leak protection. “VPN Guard” is a kill switch on our desktop application. 10. Yes, we have clients for Windows XP and up, MacOS 10.6 and up, Linux Debian but also works on other flavors such as Ubuntu, and on mobile we support iOS and Android. 11. We run and maintain our own core servers and we also serve our own DNS. 12. USA, Canada, Costa Rica, UK, Iceland, Netherlands, Germany, Switzerland, Sweden, China, Romania, Singapore, Australia, France and Japan. proXPN website HIDE.ME 1. No, we don’t keep any logs. We have developed our system with an eye on our customers’ privacy, so we created a distributed VPN cluster with independent public nodes that do not store any customer data or logs at all. We have also been audited by one of the finest independent security experts, Leon Juranic, who has certified us to be completely log free. 2. Hide.me VPN is operated by eVenture Limited and based in Malaysia with no legal obligation to store any user logs at all. 3. Our landing pages, which are solely used for advertising purposes, include a limited amount of third-party tracking scripts, namely Google Analytics. However, no personal information that could be linked with VPN usage is shared with these providers. We do not send information that could compromise someone’s security over email. 4. Since we don’t store any logs and/or host copyright infringing material on our services, we’ll reply to these notices accordingly. 5. It has never happened but in such a scenario, we won’t be able to entertain the court orders because our infrastructure is built in a way that it does not store any logs and there is no way we could link any particular cyber activity to any particular user. In case we are forced to store user logs, we would prefer to close down rather than putting our users at risk who have put their trust in us. 6. There is no effective way of blocking file-sharing traffic without monitoring our customers which is against our principles and would be even illegal. Usually we only recommend our customers to avoid the US & UK locations for file-sharing but it is on a self-regulatory basis since these countries have strong anti-copyright laws in place. 7. We support over 200+ international payment methods, including Bitcoin, Paypal, Credit Cards, Bank transfer and UKash. All payments are handled by external payment providers and are linked to a temporary payment ID. This temporary payment ID can not be connected to the user’s VPN account/activity. After the payment is completed, the temporary payment ID will be permanently removed from the database. 8. After all, modern VPN protocols that we all support – like IKEv2, OpenVPN and SSTP, are considered secure even after the NSA leaks. We follow cryptographic standards and configured our VPN servers accordingly in order to support a secure key exchange with 8192-bit keys and a strong symmetric encryption (AES-256) for the data transfer. 9. Our users’ privacy is of utmost concern to us. Our Windows client has the features such as kill switch, Auto Connect, Auto Reconnect etc which makes sure that the user is always encrypted and anonymous. Even if one of our customers decides not to use the client, in our community there is a big variety of tutorials to help our customers to protect themselves against any sort of leaks. Above all, we have put in some additional layers of security which include default protection against IP and DNS leaks. To ensure IP leak protection, as soon as the VPN connection is established, our application deletes the default gateway of the user’s’ Internet Connection so their local network becomes inaccessible. In such an instance you enforce the VPN usage adding another layer of security making IP leaks impossible and that’s not it. Our Windows app also blocks outgoing IPv6 connections automatically to prevent IP leaks. It won’t affect a user’s overall Internet connectivity if your ISP assigns you an IPv6 address. 10. We have our own VPN application for Windows, Mac, Android and iOS 11. We operate our own non-logging DNS-servers to protect our customers from DNS hijacking and similar attacks. We operate 32 server locations in 27 different countries. However we do not own physical hardware, there is an intrusion detection and other various security measures in place to ensure the integrity and security of all our single servers. We choose all third party hosting providers very carefully, so we can assure that there are certain security standards in place (ISO 27001) and no unauthorized person could access our servers. Among our reputable partners are Leaseweb, NFOrce, Equinix and Softlayer. 12. Our servers are located in countries all over the world, among the most popular ones are Canada, Netherlands, Singapore, Germany, Brazil, Mexico and Australia. Below is the complete list of countries, alternatively you can view all available locations here. Hide.me website AIRVPN 1. No, we don’t. 2. It is “AIR” and it is registered in Italy. 3. No, absolutely not. 4. They are ignored. 5. No court order or magistrate decree has ever been issued to disclose the identity of any of our customers, but we will of course do our best to comply with a valid and jurisdictionally competent magistrate decree or order. However, it must also be said that we can not provide information that we don’t have. Up to now, no personal information has ever been given away, while data about traffic is not even kept by us (we do not inspect, log or monitor traffic in any case). 6. Yes, it’s allowed on every and each server. We do not discriminate against any protocol. Our infrastructure is totally agnostic and we do not even monitor traffic to see which protocols are being used. 7. We accept Bitcoin, a wide range of cryptocurrencies, PayPal and major credit cards. About PayPal and credit cards, the usual information pertaining to the transaction and account/credit card holder are retained by the financial institutions, and it is possible to correlate a payment to a user (which is good for refund purposes when required). When this is unacceptable for security reasons, then Bitcoin or some other cryptocoin should be used. Bitcoin is not anonymous by itself, but it can be provided with a rather good anonymity layer simply by running the Bitcoin client behind Tor. On top of that we also accept some cryptocurrency which offers intrinsically and by default a strong anonymity layer protecting the transactions. 8. We would recommend our setup which includes Perfect Forward Secrecy, 4096 bit RSA keys, 4096 bit Diffie-Hellman keys and authentication on both sides not based on username/password. In general, we would also recommend to be cautious and get well documented before jumping to ECC. Our service setup, based on OpenVPN, is the following: DATA CHANNEL CIPHERS AES-256-CBC with HMAC-SHA1 for authentication CONTROL CHANNEL CIPHERS AES-256-GCM with HMAC-SHA384 for authentication AES-256-CBC with HMAC-SHA1 for authentication 4096 bit Diffie-Hellman keys size TLS Ciphers (IANA names): TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 TLS additional authorization layer key: 2048 bit Perfect Forward Secrecy through Diffie-Hellman key exchange DHE. After the initial key negotiation, re-keying is performed every 60 minutes (this value can be lowered unilaterally by the client) 9 and 10) Our free and open source software “Eddie” (released under GPLv3) for GNU/Linux, Windows, OS X and MacOS, implements features which prevent the typical DNS leaks in Windows and any other leak (for example in case of unexpected VPN disconnection). Leaks prevention, called “Network Lock”, is not a trivial kill-switch, but it prevents various leaks that a classical kill switch can’t block: leaks caused by WebRTC, by programs binding to all interfaces on a misconfigured system and by malevolent software which tries to determine the “real” IP address. We block outbound IPv6 packets at the moment on client side (a solution preferred over disabling IPv6, which remains anyway an optional feature). In 2016 we planned IPv6 support for half or late 2017 and at the moment we are fine with this deadline. We provide guides, based on firewalls and not, to prevent leaks on various systems for all those persons who can’t or don’t wish to use our client software Eddie. 11. Our servers are housed in data centers which we have physical access to, provided that the access is arranged well in advance for security reasons. Access to servers is also guaranteed to the data center technicians, for any need of on-site support. 12. We have servers located in several countries. We offer a public real-time servers monitor in one of our web pages which provides a lot of information (including location, of course) for each server. AirVPN website HIDEIPVPN 1. We store no logs related to any IP address. There is no way for any third-party to match user IP to any specific activity in the internet. 2. Registered name of the company is Server Management LLC and we operate under US jurisdiction. 3. We use live chat provided by WHMCS and Google Apps for incoming email. For outgoing email we use our own SMTP server. 4. Since no information is stored on any of our servers there is nothing that we can take down. We reply to the data center or copyright holder that we do not log our users’ traffic and we use shared IP-addresses, which make it impossible to track who downloaded/uploaded any data from the internet using our VPN. 5. HideIPVPN may disclose information, including but not limited to, information concerning a client, a transmission made using our network, or a website, in order to comply with a court order, subpoena, summons, discovery request, warrant, statute, regulation, or governmental request. But due to the fact that we have a no-logs policy and we use Shared IPs there won’t be anything to disclose. This has never happened so far. 6. This type of traffic is welcomed on our German (DE VPN) and Dutch (NL VPN) servers. It is not allowed on US, UK, Canada, Poland and French servers as stated in our TOS – the reason for this is our agreements with data centers. We also have a specific VPN plan for torrents. 7. HideIPVPN accepts following methods: PayPal, Bitcoin, Credit & Debit cards. 8. SoftEther VPN protocol. Users can currently use our VPN applications on Windows and OSX systems. Both versions have a “kill switch” feature in case connection drops. Our apps can re-establish VPN connection and once active restart closed applications. Also, the app has the option to enable DNS leak protection. 9. Our VPN servers have been checked against those issues. Users were warned about DNS leak danger. Our free VPN app has both kill switch and DNS protection leak options for our clients to use. When customers are using our software we disable IPv6 through the VPN connection. For now we are working to re-route IPv6 traffic via VPN over OpenVPN and SoftEther. 10. Yes, we recommend to our customers to use our free VPN application for an easier, faster and better connection. It works with Windows, MacOS, iOS and Android. 11. We don’t have physical control of our VPN servers. Servers are outsourced in premium data centers with high-quality tier1 networks. For our VPN we use Google DNS servers and for Smart DNS we use our own DNS servers. 12. At the moment we have 29 servers located in 7 countries – US, UK, Netherlands, Germany, Canada, Poland and France. HideIPVPN website VPN LAND 1. We can’t match a VPN IP-address and timestamp to a specific user or his or her IP-address. We do not watch what our users do online, neither record their Internet activities. For billing purposes, order IP addresses of users are stored permanently. 2. VPNLand Inc. Registered in Toronto, Canada. 3. Yes we use several third party vendors, such as Zopim for online chat messages and Picreel for promotional purposes. 4. In most cases DMCA emails are ignored. We had to block non-common ports on our USA servers, so no DMCA emails coming against our US VPN Servers. 5. It hasn’t happened. In case if it happens we’ll definitely analyze it and take proper actions. 6. P2P traffic is blocked on our USA servers, other jurisdictions are OK for p2p. All traffic is treated equally. 7. PayPal, Credit cards, webmoney, Paymentwall, Bluesnap. We use WHMCS for billing/support (see also question 1). 8. OpenVPN – 256bit. 9. IPv6 traffic is filtered. Unfortunately no “kill-switch” feature at the moment. 10. Yes. Windows. Mobile app is currently under development. 11. We own some of the servers in Toronto. Other countries are rented servers. 12. See here. VPN Land website VPN.HT 1. We do not keep such data (logs). 2. VPN.ht Limited is incorporated in Hong Kong 3. Google Analytics. We are switching this to PIWIK 4. We do not handle DMCA notices, our data center partners do, and in all cases we do not keep logs so we cannot identify the customer. 5. We will stop updating our Warrant Canary. 6. All Protocol are allowed in all our locations. 7. We accept various payment methods: Credit card / PayPal / Bitcoin / Other national Payments. All are linked by an email. 8. For general use 128bit AES, but we do offer 256bit AES as Maximum encryption level. 9. We are currently deploying our Ipv6 network across our servers. We provide all our VPN users with a private log-less DNS server. Our application also offers various features such as a Kill switch. 10. Our application is open-source and can be found on github.com/vpnht. Currently, we are offering custom applications for Windows / Mac / Android / iOS. 11. We don’t, but we do have a strong relationship with our partners who operate data centers. 12. We have 127 servers in around 33 countries and we try our best to expand to locations most requested by our customers. VPN.ht website OVPN 1. Our entire infrastructure and VPN service is built to ensure that no logs can be stored – anywhere. Our servers are locked in cabinets and operate without any hard drives. We use a tailored version of Debian, which doesn’t support SATA controllers, USB ports etc. To further increase security, we use TRESOR and grsecurity to be resistant to cold boot attacks. 2. OVPN Integritet AB (Org no. 556999-4469). We operate under Swedish jurisdiction. 3. For website insights, we use Piwik, an Open Source solution that we host ourselves. The last two bytes of visitors’ IP addresses are anonymized; hence no individual users can be identified. For support, we use an internally built system. The mail server is hosted by Glesys, a trusted provider in Sweden. Automatic emails from the website are sent using Mailgun, but we never send any sensitive information via email. Zopim is used for live chat, which we will eventually migrate from when we’ve built a satisfactory in-house solution. 4. Since we don’t store any content, such requests aren’t applicable to us. 5. No court orders have ever been received. However, the police have contacted us numerous times regarding whom had a specific IP address at a particular time. Due to the reasons mentioned in #1, we can’t provide them with any answers. We published an open letter to the Swedish police to disclose that we are unable to provide any user information they request. We also have an insurance that covers trial expenses enabling us to take any requests to court in case an agency doubts our truthfulness. 6. Yes. 7. Bitcoin, Braintree for credit cards, PayPal & cash payments via postal mail. There’s a connection between payments and accounts, which is required in order to know who bought what. We recommend all users to pay anonymously. 8. We only provide OpenVPN and utilize AES-256-CBC, and a 2048-bit Diffie–Hellman key along with a 1024-bit TLS key to ensure that the key exchange can be done safely during the authentication phase. 9. We tunnel both IPv4 and IPv6 and therefore no leaks should happen. Our custom client has DNS leak protection as well as a killswitch to ensure our users safety. 10. Yes, we offer a custom VPN client for Windows, OS X and Ubuntu. We’ve also developed and manufactured a router with extensive functionality and security precautions, named OVPNbox. 11. Yes – we own all the servers used to operate OVPN. Our servers are locked in separate cabinets in each data center. However, using physical force one could break open the cabinets and therefore get physical access to our servers. To mitigate these extreme scenarios we have focused immensely on the physical security of our servers. Someone can literally be standing right next to our servers and will still fail to extract any data. More information on OVPN’s physical security is available here. 12. Canada, Germany, the Netherlands and Sweden. OVPN website PERFECT PRIVACY 1. We do not log or store any traffic, IP addresses, or any other kind of data that would allow identification of our users or their activities. The anonymity and privacy of our users are our highest priority, and the Perfect Privacy infrastructure was built with this in mind. 2. Perfect Privacy is registered in Zug, Switzerland. 3. All email and support tools are developed and hosted in-house under our control. We do use Google Analytics for website optimization and better market reach, but with the anonymizeIp parameter set. However, Perfect Privacy users are exempted from any tracking by Google Analytics and are also able to use our TrackStop filter which will block any tracking (as well as ads and known malware domains) directly on our servers. 4. Because we do not host any data, DMCA notices do not directly affect us. However, we do receive copyright violation notices for filesharing in which case we truthfully reply that we have no data that would allow us to identify the party responsibly. 5. The only step on our side is to inform the contacting party that we do not have any data that would allow the identification of a user. There had been incidents in the past where Perfect Privacy servers have been seized but never was any user information compromised that way. Since no logs are stored in the first place and additionally all our services are running within ramdisks, a server seizure will never compromise our customers. 6. Yes, Bittorrent and other file-sharing is generally allowed and treated equally to other traffic. However, at certain locations that are known to treat copyright violations rather harshly (very quick termination of servers), we block the most popular torrent trackers to reduce the impact of this problem. Currently this is the case for servers located in the United States and France. 7. We offer a variety of payment options ranging from anonymous methods such as sending cash, or Bitcoin. However, we also offer payment with PayPal and credit cards for users who prefer these options. We keep no data about the payment except for when the payment was received which is linked only to an anonymous account number. 8. While we offer a range of connection possibilities we would recommend using OpenVPN with 256 bit AES encryption. Additional security can be established by using a cascaded connection: The Perfect Privacy VPN Manager allows to cascade your OpenVPN connection over up to four freely choosable servers. 9. Perfect Privacy provides full IPv6 support (meaning you will get an IPv6 address even if your ISP does not offer IPv6) and as such it is fully integrated in the firewall protection. The “Kill Switch” is activated by default and will prevent any IP and DNS leaks for both IPv4 and IPv6. 10. Yes, we offer custom clients for Windows, Linux, MacOS X and Android at the moment. At the time of this article, the Linux, Mac and Android clients are still in open beta. More functionality will be added to these clients in the near future. 11. Our VPN servers run in various data centers around the world. While we have no physical access to the servers, they all are running within RAM disks only and are fully encrypted. 12. We offer servers in 23 countries. For full details about all servers locations please check our server status site as we are constantly adding new servers. Perfect Privacy website VPN UNLIMITED 1. No, we do not keep logs that allow us to match IP or DNS addresses of online services our customers visit from their accounts. 2. KeepSolid Inc. We operate under the USA jurisdiction. 3. We use Zendesk for technical support purpose, Fabric to get statistics on crashes and fix bugs asap. We send emails to our customers via SparkPost. Emails are not linked to any personal information of our users and we take special care of security of our users email addresses too. On our site we use Google Analytics to collect anonymous statistics on page views, clicks, etc. Our users’ personal information is not stored or disclosed to third parties. 4. As we do not log any of the customers’ information or session data, VPN Unlimited users are protected by legal definition. There is a US consumer protection law that can be used to protect our customers. 5. We have no information we could disclose as we don’t log addresses of sites our customers visit. 6. We allow legal peer-to-peer file sharing using servers in France, Luxembourg, Romania, Canada, and San Francisco. VPN Unlimited is not to be widely used for torrenting as its primary task is to protect users’ online privacy and anonymity. 7. We accept over 100 payment methods: from credit cards to PayPal to Bitcoin to payments through mobile operators. And, of course, users can use their Apple or Amazon ID account, from the purchasing tab inside the app to prolong their subscription to our service. All of the payment systems we use ensure 99.99% security. 8. We recommend using KeepSolid Wise that enables AES256 encryption with additional obfuscation for users from countries with heavily censored access to web resources (like China, the United Arab Emirates, Turkey, etc.). It’s also the most secure protocol for usage in a dangerous internet environment (e.g. in public WiFi networks). 9. We partially support IPv6. The service doesn’t have a “kill switch” feature yet, and DNS leak protection works on Windows. We are also working on an update to add a DNS firewall that will protect our users from tracking, malware and ads. 10. We offer store versions along with standalone apps for iOS, Android, Mac, Windows (desktop), Windows Phone, and Linux users. Last year we launched plugins for Google Chrome and Mozilla Firefox. We collaborate with FlashRouters so users can purchase a router, protected by our VPN. Also, users can get personal servers with dedicated IP addresses for their use. 11. We do not own data centers. We rent physical and virtual servers from well-trusted companies like LeaseWeb, OVH, RedStation, ServerCentral, IBM SoftLayer, etc. We have full control over DNS servers that are being used for work via VPN. 12. Servers are located in 51 countries. We regularly launch new servers in new regions. The whole list is available on our site. Users can contact us through this page and suggest a location for us to launch the next server in. VPN Unlimited website IVACY 1. Ivacy believes in anonymity and therefore we do not maintain user activity logs. We only keep track of login attempts because we allow 5 multiple/simultaneous connections with one VPN account. We come across encrypted credentials in this process. The process is fully automated and we keep this info till the user is connected. It is automatically deleted as soon as user disconnects from our server. Since we don’t come across any personal IP address in this process, we can’t map any connection to any IP address. 2. Ivacy is registered under PMG Private Limited. Our headquarter is based in Singapore; one of the few nations without mandatory data retention laws. Working out of the region allows us to further ensure the anonymity of our users- something we hold very dear. At the present moment in time, there seems to be no legal hindrance or government intervention that could harm our reasoning behind working out of Singapore. 3. We use Aweber for sending emails to our customers, and our live chat services are managed by Livechatinc’s platform. 4. We cannot relate any specific activity with any specific user, since we don’t keep any logs or records. Moreover, working from Singapore, one of the few nations without mandatory data retention laws, allows us to further ensure the anonymity of our users. We have not come across such an event, but if we do receive any legal notice, we cannot do anything more than to ignore it simply because they have no legal binding to us. Since we are based in Singapore, all legal notices have to be dealt with according to Singapore laws first. 5. Again, such a scenario has not presented itself yet. We do not log any traffic or session data so we cannot identify and connect a specific activity with a particular user of our service. 6. We are proud to mention here that we allow P2P traffic on many of our marked servers including servers in UK, USA and Canada. 7. We accept payment through major credit cards, BitCoin, PayPal, Webmoney and Perfect Money. Apart from the aforementioned payment methods, we also accept more than 120 region based payments through PaymentWall. When a customer places an order, we immediately send a payment confirmation email to let him know that he has placed an order successfully. Then our merchant takes over and verifies the information given by the customer and lets us know whether to deliver the order or not. This process normally takes typically from 5 – 60 minutes. 8. We offer and recommend 256 bit encryption in addition to SSL based protocols (i.e. SSTP and OpenVPN). We offer our own DNS servers, an “Internet Kill Switch” and Split Tunneling features. 9. We have IPv6 Leak Protection feature in our Apps. Customers can enable it via settings; and we highly recommend them to do so. We provide DNS leak protection by providing our own DNS servers. We also have Internet Kill Switch in our Windows and Android apps. Soon we are launching same for Mac and iOS devices. 10. Yes, we offer custom VPN applications to our users. These include VPN Apps for Windows, Android, Mac and iOS. We also have a dedicated VPN addon for Kodi running on OpenELEC based devices and Raspberry Pi. 11. We physically control some of our server locations where we have a heavier load. Other locations are hosted with third parties until we have enough traffic in that location to justify racking our own server setup. We host with multiple providers in each location. We have server locations in more than forty countries. In all cases, our network nodes load over our encrypted network. Anyone taking control of the server would have no usable data on the disk. Yes, we have our own DNS servers. 12. We have servers located in more than 40 countries. You can find the complete list of servers here. Ivacy website WHATTHESERVER 1. Our OpenVPN servers are configured with “verb 0” so that they keep no logs at all. Our SOCKS Proxy servers do keep authentication logs which include the IP address, but these logs are cleared every 6 hours. We have a session management system that tracks which users are logged into which servers, however that system operates on real-time data and does not log events. 2. What The * Services, LLC is incorporated in the USA. 3. We use Google Analytics on our website for visitors. 4. We respond saying that we are a VPS/VPN provider and that we do not have the logs requested nor any other logs about our customers usage of our service. 5. We have not yet received such a court order or subpoena for user information. However, if we do in the future, we will take several steps. First, we would consult with our lawyers to confirm the validity of the order/subpoena, and respond accordingly if it is NOT a valid order/subpoena. Then we would alert our user of the event if we are legally able to. If the order/subpoena is valid, we would see if we have the ability to provide the information requested, and respond accordingly we do NOT have the information requested. If we DO have the information requested, we would immediately reconfigure our systems to stop keeping that information. Then we would consult with our lawyer to determine if there is anyway we can fight the order/subpoena and/or what is the minimum level of compliance we must meet. 6. BitTorrent and other file-sharing traffic is allowed on all VPN/Proxy servers which are NOT located in the USA. 7. Our payment options include PayPal, Bit-Pay (bitcoin), PerfectMoney, and Coinbase (bitcoin). When a user selects a payment method our system will remember that payment method and link it to their account. For this reason, we suggest that our users do not put in their real name & contact information, and that they should pay us anonymously via Bitcoin. 8. All of our OpenVPN and SOCKS Proxy servers are running OpenBSD and are using LibreSSL instead of OpenSSL. This protects our servers from a wide range of attacks on the encryption. Our OpenVPN Servers use AES-256-CBC & SHA512 HMAC for the Data Channel, and DHE-RSA-AES256-GCM-SHA384 on the Control Channel. Our OpenVPN Servers are also configured with 4096bit RSA keys and a custom 4096bit Diffie-Hellman parameters. Our SOCKS Proxy is based on OpenSSH, so they support any ciphers the client wants to use. With OpenSSH, the Client decides what cipher to use instead of the Server. We push routes to our OpenVPN Clients which instruct them to route all IP traffic which is not destined for their local network to be routed through the VPN. This includes DNS traffic. We push OpenVPN Client configuration files which include “resolv-retry infinite” and “perstist-tun”, which when combined should prevent the Client from sending traffic in-the-clear unless the user manually kills the OpenVPN connection. Furthermore, all of our OpenVPN and SOCKS Proxy servers are full IPv4/IPv6 Dual-Stack and we push a default route for both IPv4 and IPv6 to our clients. This is critical because if your home ISP gives you an IPv6 address, your computer will use IPv6 instead of IPv4. You will leak a significant amount of traffic if we did not push you a default route for IPv6. 9. We do not offer DNS leak protection via kill switches. 10. We do not offer a custom VPN application. Instead, we instruct our users to install an OpenVPN client of their choice from a trusted source i.e. openvpn.net. 11. All of our infrastructure is hosted in 3rd party colocations. However, we use full-disk-encryption on all of our servers. 12. We have servers in the USA, Germany, Netherlands, and Sweden. WhatTheServer website HEADVPN 1. We DO NOT keep any logs. We do not store logs relating to traffic, session, DNS or metadata. 2. We’re registered in the United Kingdom under the name “HEADVPN LTD” 3. We are using Live chat provided by Tawk.to and Google Apps for incoming email. We use Google Analytics and a WHMCS ticket tool. 4. Since we don’t keep any information on any of our servers there is nothing that we can take down. If we receive a valid DMCA notice we can only take action if the connection is still active (we notify the user and stop the session). 5. We haven’t received any court orders. If that happens, the agency will be informed that no user information is available as we DO NOT keep logs. 6. For P2P/Bittorent traffic we have special VPN servers (which are located in a data center that allows such traffic). On other VPN servers, P2P/Bittorent traffic is blocked. 7. We accept all forms of Credit/Debit cards payments through the Stripe payment gateway and PayPal payment method. We do not store any billing information such as credit cards or addresses. 8. We provide all kinds of encryption methods, including PPTP, L2TP/IPsec, SSTP, OpenVPN and SoftEther protocols. We recommend using OpenVPN protocol as it’s the most secure and using RSA 4096 bit and AES 256 bit encryption keys. 9. DNS leak protection is best handled by using OpenVPN protocol (AES-256-CBC algorithm for encryption). 10. For the time being we do not provide a custom tool (in progress). 11. All our VPN servers are hosted in 3rd party data centers with the highest specifications for performance, reliability and security. We have direct access to each server and they all are running within RAM disks (which are fully encrypted). 12. Our VPN servers are located in the United Kingdom, United States, Germany and Netherlands. HeadVPN website PUREVPN 1. PureVPN believes in anonymity and therefore we do not maintain user activity logs. To better our services and enhance usability of our software, we only monitor access attempts to our server and this is done only for security and troubleshooting purposes. 2. The registered company name is GZ Systems Ltd. We are headquartered in Hong Kong; one of the few nations without mandatory data retention laws. 3. PureVPN does not store any personally identifiable information. 3rd party tools, such as Google analytics, are only used for the purpose of marketing and for improving customer experience. 4. We take DMCA notices quite seriously and encourage our users to comply with necessary guidelines to avoid such notifications. Actions taken cannot be broadly stated. They are dealt with on a case by case basis. 5. Such a scenario has not occurred yet. If it does occur, we will act in the best interest of the user and the law. 6. File-sharing is allowed on some servers. We uphold regional copyright laws and closely monitor changing policies on the matter and is thus subject to change. You can always refer to our customer support for details on which servers allow file-sharing. 7. We accept payment through major credit cards, BitCoin, PayPal, AliPay, Webmoney, Yandex, Ukash, CashU, Giropay, Necard, Mercado Pago, MyCard Wallet and more. When you place an order, we immediately send a payment confirmation email to let you know that you have placed an order successfully. Then our merchant takes over and verifies the information given by you and lets us know whether to deliver the order or not. This process normally takes typically from 5 – 60 minutes or so. We do not come across anyone’s IP address in the process. 8. We offer and recommend 256 bit encryption in addition to SSL-based protocols (i.e. SSTP and OpenVPN). We offer our own DNS servers, an “Internet Kill Switch” and Split Tunneling features. As far as incoming traffic is concerned, we offer NAT Firewall, Web Protection and a Stealth VPN feature allowing you to browse websites via virtual browsers eliminating cookie usage. 9. We provide IPv6 leak protection including DNS leak protection and internet kill switch as standard features to our clients. 10. We offer custom VPN applications for multiple platforms including but not limited to Windows, Mac , IOS , Android. PureVPN is also compatible with routers, gaming consoles, BoxeeBox, Roku, Apple TV, Android TV and 20+ other OS and devices. 11. PureVPN provides one of the largest networks. We have servers in 100+ countries. An infrastructure of such magnitude would be rather difficult to maintain and thus we have agreements with Data centers throughout the world. These Data centers are bound by contract and thus cannot interfere with our data without our instruction. 12. We have more than 750+ servers. They are based in 5 continents which makes us spread over the world. PureVPN website PROXY.SH 1. We do not keep any logs whatsoever. We even have an anonymous token-based authenticating system. 2. We are a not-for-profit unit part of offshore-based digital incubator Three Monkeys International Inc. It operates from the Republic of Seychelles. 3. We use Google Translate & Google Maps across some of our web app’s elements for UX gains. These can be turned off with a JavaScript blocker. We also use Mandrill for a reliable email delivery, but users may still subscribe to our services with a non-working or disposable e-mail address. Everything else, from support to billing, is organised in-house. We do not use any CRM, and we do not have any advertising or marketing channel. We only rely on word-of-mouth. 4. We immediately block the affected port on the related node, and then we publish the notice to both our Transparency Report and our Twitter account. In the event we are restricted from releasing it, we make use of our warrant canary. 5. We respond that we are unable to identify any of our users, but that our premises are open for inspection by any forensic expert. We also inform our members through Twitter and our transparency report about the situation. In case we are unable to speak, we make use of our warrant canary and warn our users that we updated the latter. Finally, we make sure to drop the VPN node as soon as it is possible. This has happened once. 6. Absolutely. We do not discriminate any traffic type. 7. We accept more than 100 various payment methods & crypto-currencies. Our gateways are G2A, SafeCharge, Paymentwall, Okpay, Blockchain and eDigiCash. There is no recurring subscription, and all billing information is processed by the gateways: the only information we retain is a transaction ID and the e-mail address of the user account. 8. For maximum stealth, we recommend our RSA 4096-bit + TOR’s obfsproxy (obfs4) integration. And for encryption strength, we recommend ECC + XOR (secp384r1). Both are available directly within our custom-made, open-sourced OpenVPN client. 9. Safejumper, our open-sourced OpenVPN client, gives you protection against both DNS and IPv6 leaks. It also comes with a robust “kill switch” that literary kills the network interface if the connection drops. Our various web apps also test other potential leaks such as GPS or WebRTC and teach you how to fix them. We also have an extended literature to help you fix any leaks (DNS, IPv6, torrent, etc.) manually. 10. Safejumper, our custom-built OpenVPN client, is made fully open source on Github, and it is available on Windows, Mac, Linux, Android and iOS. 11. Of course, we run our own OpenNIC-compliant DNS servers. Also, we use our own physical servers in friendly data centers for our core services and our biggest VPN nodes. Our VPN network is also supplemented with a variety of bare-metal dedicated servers or virtual private servers across the world. 12. We provide VPN nodes in 57 countries, across more than 300 locations. Proxy.sh website VPN SECURE 1. We do not keep any logs. 2. VPNSecure Trust. Australia. 3. Google Analytics / Zendesk chat. Email servers and support system is hosted in-house. 4. We do not keep information on our users and are unable to identify the user belonging to the notice. 5. We provide the information we can correlate from the court order, which is zero. Because we do not log the information pointing to an IP address of our servers, it does not denote a specific user. Users are provided shared IPs so traffic is mixed between them. 6. We allo P2P. Previously P2P was not allowed on *some* servers, however we have migrated away from these locations. 7. Bitcoin / Perfect Money / PayPal / Credit Card / PaymentWall, if we need to look at a payment we receive this information by asking the customer to determine which payment is theirs. 8. We have multiple cipher options, AES-256-CBC & 2048bit encrypted unique keys per user account along with our Stealth VPN option. 9. We block IPv6 in multiple places, DNS servers do not respond to IPv6 records along with blocking at the OS level. We also provide UDP blocking which protects P2P users. DNS Leak fix is on by default. 10. Yes, we have our own OpenVPN application for Linux / Windows / MacOS X / Android / iPhone. 11. The main infrastructure is colocated and owed by VPNSecure, remote endpoints are leased servers, these are configured with encrypted folders meaning any third-party that tried to access the server would be unable to access any VPN specific information. VPNSecure looks after all infrastructure and VPN endpoints internally, we do not out-source this. 12. 47+ Countries VPN Secure website SECUREVPN.TO 1. We don’t log any individually identifying information. The privacy of our customers is our top priority. Our service has been awarded with the first and up to now the only “Privacy badge” by an independent review of That One Privacy Guy. 2. Our service is operated by a group of autonomous privacy activists outside of “Fourteen Eyes” or “Enemy of the Internet” countries. Each server is handled with the jurisdiction at the server’s location. 3. Our website has been developed by ourselves and we don’t use any external service providers. 4. We reply to takedown notices, but can’t be forced to hand out information because of our non-logging policy. 5. This hasn’t happened yet, but if we were forced to identify any of our customers at a specific server location, we would drop this location immediately. Under no circumstances are we going to log, monitor or share any information about our customers. 6. Yes, it is allowed and treated equally on all servers. 7. We offer a wide range of anonymous payment methods like Bitcoin, Dash, Ethereum, Paysafecard and Perfect Money. No external payment processor receives any information because all payments are processed by our own payment interface. 8. We would recommend OpenVPN, available in UDP and TCP mode. We are using AES-256-GCM (OpenVPN 2.4.*) / AES-256-CBC (OpenVPN 2.3.*) for traffic encryption, 4096 bit RSA keys for the key exchange and SHA-512 as HMAC. These settings offer you the highest grade of security available. 9. We fully support IPv6 internet connections. Our homemade VPN Client provides advanced security features like a Kill Switch, DNS Leak Protection, IP Leak Protection, IPv6 Leak Protection, WebRTC Leak Protection and many more. 10. Our VPN Client is available for Windows and doesn’t store any logs. We plan to offer a version for Linux, Mac and mobile devices. 11. We rent 35 servers in 25 countries and are continuously expanding our server park. It is impossible to have physical control over all widespread servers, but we have taken security measures to prevent unintended server access. At the moment we are using excellent anycast nameservers of UltraDNS. 12. You can find our server list under the following link. SecureVPN.to website IBVPN 1. We do not spy on our users and we don’t monitor their Internet usage. We do not keep logs with our users’ activity. 2. Company’s registered name is Amplusnet SRL. We are located in Romania, which means we are under EU jurisdiction. 3. For the presentation part of our web site (the front end) we are using Google Analytics & Google Translate and CDN. Occasionally we are running A/B tests and promotional campaigns that might involve using third party tools like optimizely / marketizator / picreel. For the secure part of our web site (the back end) we do not use external e-mail providers (we host our own mail server) and we host a dedicated WHMCS installation for billing and support tickets. To provide quick support and a user-friendly service experience, our users can contact us via live chat (Zopim) but activity logs are deleted on a daily basis. There is no way to associate any information provided via live chat with the users’ account. 4. So far we have not received any DMCA notices for any P2P server from our server list. That is normal considering that the servers are located in DMCA-free zones. Before we allow our clients to use a P2P server we test it for several months in order to make sure that the speeds are fine and we do not receive any complaints from the server provider. For the rest of the servers, P2P and file sharing activities are not allowed/supported. 5. So far, we have not received any valid court orders. As stated in our TOS, we do not support criminal activities, and in case of a valid court order we must comply with the EU law under which we operate. 6. We allow BitTorrent and other file-sharing traffic on specific servers located in Netherlands, Luxembourg, Canada, Sweden, Russia, Hong Kong, Lithuania, Bulgaria and Ukraine. Based on our legal research, we consider that it is NOT safe for our users to allow such activities on servers located, for example, in the United States or United Kingdom. 7. We accept various payment methods like Credit cards, PayPal, prepaid credit cards, Payza, SMS, iDeal, OOOPay and many more. Payments are performed exclusively by third party processors, thus no credit card info, PayPal ids or other identification info are stored in our database. For those who would like to keep a low profile, we accept BitCoin, LiteCoin, WebMoney, Perfect Money etc. 8. The most secure VPN connection is Open VPN, which provides 256 bit Blowfish algorithm encryption. We also support SSTP and SoftEther on most of the servers. 9. A Kill Switch has been implemented with our VPN Clients. When enabled, the Kill Switch closes all applications (that are running and have been added to the Kill Switch app list) in case of an unwanted VPN disconnection. Our latest applications allow customers to disable IPv6 Traffic, to make sure that only our DNS servers are used while connected to the VPN and there is an option that filter the DNS requests by using the firewall – to avoid leaks. 10. We currently provide custom VPN apps for Windows, Android, iOS and Mac OS X. We also offer browser extensions (cross-platform) for Chrome and Firefox that are able to route the HTTP and HTTPS requests. 11. We do not have physical control over our VPN servers, but we have full control to them and all servers are entirely managed personally by our technical staff. Admin access to servers is not provided for any third party. 12. Our servers are located in dozens of countries. A full list is available here. ibVPN website TRUST.ZONE 1. Trust.Zone doesn’t store any logs. All we need from users is just an email to sign up. No names, no personal info, no tracking, no logs. 2. Trust.Zone is under Seychelles jurisdiction and we operate according to law in Seychelles. There is no mandatory data retention law in Seychelles. In our jurisdiction a court order would not be enforceable and since we don’t store any logs , there is nothing to be taken from our servers. The company is operated by Extra Solutions Ltd. 3. Trust.Zone does not use any third-party support tools, tracking systems like Google Analytics or live chats that hold user information. 4. If we receive any type of DMCA requests or Copyright Infringement Notices – we ignore them. Why? Trust.Zone is under Seychelles offshore jurisdiction. There is no mandatory data retention law in Seychelles. The laws of Seychelles are very friendly to Internet users. Under Seychelles jurisdiction a court order would not be enforceable and since we don’t store any logs, there is nothing to be had from our servers. 5. A court order would not be enforceable because we do not log information and therefore there is nothing to be had from our servers. Trust.Zone is a VPN provider with a Warrant Canary. Trust.Zone has not received or has been subject to any searches, seizures of data or requirements to log any actions of our customers. 6. We don’t restrict any kind of traffic. Trust.Zone does not throttle or block any protocols, IP addresses, servers or any type of traffic whatsoever. Trust.Zone is recommended to use as the “best vpn for torrenting” by the biggest Bittorent websites in the world – ExtraTorrrent (#2 – according to TorrentFreak), 1337x.to (#6) and TORRENTZ2 (#5 – according to TorrentFreak). 7. All major credit cards are accepted. Besides, Bitcoin, PayPal, Webmoney, Alipay, wire transfer and many other types of payments are available. To stay completely anonymous, we highly recommend using anonymous payments via Bitcoin. Trust.Zone offers 10% OFF for everyone who pays with Bitcoin. No logs, no names, offshore jurisdiction, and anonymous payments – we’re trying to do all the best for our users to get their freedom on the Internet back. 8. Trust.Zone uses the highest level of data encryption. We use a protocol which is faster than OpenVPN and also includes Perfect Forward Secrecy (PFS). The most unique feature of Trust.Zone VPN is that you can forward your VPN traffic via ports – 21 (SCP, SFTP), 22 (FTP), 80 (HTTP), 443 (HTTPS) or 1194 (OpenVPN), most of which can’t be blocked by your ISP. Trust.Zone uses AES-256 Encryption by default. We also offer L2TP over IPsec which also uses 256bit AES Encryption. 9. Trust.Zone offers a kill-switch. Trust.Zone has no support for IPv6 connections to avoid any leaks. We also provide users with additional recommendations to be sure that there are no any DNS or IP leaks. 10. Trust.Zone provides users with one-click, easy-to-use application for Windows. Trust.Zone supports all major OS and devices – Windows, iOS, Android, Linux, Windows Mobile, Mac, DD-WRT routers and other OpenVPN compatible devices. 11. We have a mixed infrastructure. Trust.Zone owns some physical servers and we have access to them physically. In locations with lower utilization, we normally host with third parties. But the most important point is that we use dedicated servers in this case only, with full control by our network administrators. DNS queries go through our own DNS servers. We also may use Google DNS depending on platform. 12. We are operating with 100+ servers in 30+ countries and still growing. The full map of the server locations is available here. Trust.Zone website DOUBLEHOP 1. Zero, zip, zilch, nada. For realsies, /dev/null 2>&1. We have nothing to share with authorities, even if we felt compelled to. 2. We’re incorporated as Doublehop GmbH in the Seychelles. We operate as Doublehop.me, Doublehop, and Doublehop VPN. 3. We do not use any external visitor tracking services such as AdSense. We use Mandrill to deliver email automatically when orders are placed. In the interest of full disclosure, please be advised that Mandrill provides analytical statistics relating to email (e.g., open rates and clicks). We disable these features unless we are doing web development and need to quickly confirm that changes do not impact email delivery. We also permit registration via Telegram Messenger as a more secure alternative to email. A Telegram message is automatically sent to confirm an order and payment. We use Amazon S3 to provide access to client certificates. Files are protected in transit by TLS and at rest by server-side encryption. 4. Not applicable. To quell overofficious legal demands, all legal complaints and requests (DMCA, Trademark, Defamation, Court Order, Law Enforcement, Private Information, Data Protection, Government, etc) are forwarded to Lumen. 5. We’ll respond with one-liners from Fifty Shades We have nothing to share with authorities, even if we felt compelled to. If we run into trouble, we’ll stop updating our Warrant Canary. 6. Yes, P2P is permitted on all Doublehop VPN servers and treated equally to other traffic, although we encourage our users to avoid using USA-based exit nodes for such traffic. For example, it’s better to connect to USA as a Doublehop VPN entry node, and exit Netherlands than it is to connect to Netherlands as an entry node, exiting USA. 7. Doublehop’s only accepted payment method is Bitcoin. Since we do not require our clients to reveal their identity to use our services, paying with Bitcoin offers privacy when used properly. A new Bitcoin address is generated for each order, and monitored for 72 hours before being scrubbed from the order details. 8. Our users VPN to Country_A, and we route them over an encrypted interconnection to another data center; the traffic then exits Country_B. We use a modern cipher (AES-256-CBC) between clients and nodes, with RSA-4096 for key exchange/certs, and force client use of TLS >=1.2 with the tls-version-min OpenVPN directive. We have h/w crypto acceleration on all our boxes. Our VPN clients see: Cipher ‘AES-256-CBC’ initialized with 256 bit key. TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA 9. We don’t provide custom tools for good reason (see Q.10 for more info). DNS leak protection is best handled by the hosts file or by pushing OpenVPN options to clients. We use OpenVPN options to offer DNS leak protection (which Windows 10 is prone to). 10. No, the standard OpenVPN client is more transparent and open to peer review. Some VPN providers offer custom software that can introduce security issues or store connection logs. We provide configs for Linux, Android, iOS, Mac OS X (Viscosity), and Windows Vista+. 11. We use dedicated servers that employ RAM disks, software based full disk encryption, or hardware-based full disk encryption, depending on their role and specifications. This ensures that any intervention from a provider won’t assist in any investigation. Traffic between nodes is multiplexed, defeating passive correlation. And furthermore, Doublehop VPN doubles security and privacy with double hops across multiple legal jurisdictions, to disrupt potential investigations. Our clients are permitted to use whichever DNS they’re most comfortable with! By default, we use Google DNS to ensure that users receive localized content from the exit node chosen. This is especially important when it comes to streaming (e.g., Netflix, Pandora) from a USA exit node. We’re looking to add a SmartDNS and DNSCrypt server in the near future to provide additional options for our clients. 12. Netherlands, Spain, Finland, Canada, and USA, all configured as Doublehop VPN pairs (Map). Doublehop website SHADEYOU VPN 1. ShadeYou VPN does not keep any logs. The highest level of privacy is a main mission of ShadeYou VPN. To use our service only a username and e-mail are required. No personal or real data is required. 2. We are incorporated as DATA ACCENTS LP and operate under jurisdiction of United Kingdom. 3. We are using Google Analytics as a tool which allow us to improve our website and bring our users better experience. Also we are using SiteHeart online support. But none of these tools track / hold personal information. 4. The abuse team of ShadeYou VPN answers as follows: a) we do not store any illegal content on our servers. b) every our user agrees with our privacy policy while registering, so we warned that illegal actions are prohibited and at this time we are not responsible. c) we have no any personal data of our users or any logs of their activities that can be shared with third-parties because we simple do not store it. 5. Sharing any personal data of our users is absolutely impossible since we do not store it and do not keep any logs. Yes such kind of situation has happened but there is not even one existing case when we have shared any information about our users with any 3rd parties. 6. BitTorrent and any other file-sharing traffic is allowed mostly on all our servers. There’s only a few exceptions (such as when traffic is limited on the servers). 7. ShadeYou VPN uses payment systems including PayPal, Perfect Money, Webmoney, Qiwi, Yandex Money, Easy Pay, Ligpay, UnionPay, AliPay, MINT, CashU, Ukash also accept payments via Visa, Master Card, Maestro and Discover. Of course Bitcoin is available. 8. We strongly recommend to use OpenVPN since it is the most safe and uses the strongest encryption (TLS Protocol with 4096-bit key length and AES-256-CBC crypto-algorithm). 9. We are not working with IPv6 at the moment but we are working on it. We support “Kill switches” and DNS leak protection using our desktop client. 10. Yes, we offer our own application which is available on the Windows OS. It is very simple and easy-to-use. Mobile clients are developing at the moment. 11. All our servers are collocated around the world in DC’s of different leading hosting companies. Yes, we are using our own DNS servers. 12. Here is an overview. ShadeYou VPN website OVPN.TO 1. Short answer: No! We don’t create or keep any logs. 2. We’re not a company and we operate under no jurisdiction. Servers are running under their local jurisdiction and have to follow local laws. 3. No. 4. We check portforwards, close them and send the notice into your account. 5. We have never received any valid court order or subpoena. Anyways, we’re unable to identify our clients and we’d shutdown affected servers when needed. 6. BitTorrent and other file-sharing traffic is allowed, but we’d recommend downloading from Usenet. 7. We support Bitcoin, Litecoin and other Crypto Currency, WebMoney.ru, PerfectMoney.is and some pre-paid vouchers. No references are left after transaction with Crypto Currency and you can always ask us to update your payment id. 8. We recommend AES-256-CBC/GCM cipher and HMAC SHA512 with 4096 bit certificates, standard setting on all servers. 9. Yes, we support Linux with IPtables and Windows with our Client Software. 10. We offer an open-source Client for Windows and headless API script for Linux. 11. We use rented dedicated servers from different providers and we provide are own DNS servers. 12. Check our server page. oVPN.to website CACTUSVPN 1. We don’t keep any logs. 2. CactusVPN Inc., Canada 3. No. 4. We have not received any official notices yet. We will only respond to local court orders. 5. If we have a valid order from Canadian authorities we have to help them identify the user. But as we do not keep any logs we just can’t do that. We have not received any orders yet. 6. Yes, it is allowed on Dutch and Romanian servers. 7. PayPal, Credit Card, BitCoin and a list of other not so popular payment options. 8. We recommend users to use SoftEther with ECDHE-RSA-AES128-GCM-SHA256 cipher suite. 9. Yes, we have these features. For now we do not support IPv6. We recommend our clients to disable IPv6 when they use the VPN service. with the current version of CactusVPN software for Windows, we implemented a feature that disables IPv6 automatically when the VPN is connecting and reenable it when VPN is disconnecting. 10. We have VPN apps for Windows, MacOS, iOS and Android. 11. We use servers from various Data centers. 12. US, UK, Canada, Netherlands, Germany, France, Romania. CactusVPN website VPN PROVIDERS WITH SOME LOGS (MAX 7 DAYS) VPN.AC 1. We keep connection logs for 1 day to help us in troubleshooting customers’ connection problems but also to identify attacks (e.g. bruteforce, account theft). This information contains IP address, connection start and end time, protocol used (including port) and amount of data transferred. 2. Netsec Interactive Solutions SRL, registered in Romania. 3. No. 4. We are handling DMCA complaints internally without involving the users (i.e. we are not forwarding anything). We use shared IP addresses so it’s not possible to identify the users. 5. It has never happened. In such an event, we would rely on legal advice. 6. It is allowed. 7. Bitcoin, PayPal, Credit/Debit cards, Perfect Money, pre-paid voucher cards and more. 8. OpenVPN using Elliptic Curve Cryptography for Key Exchange (ECDHE, curve secp256k1) is used by default in most cases. We also support and RSA-4096, SHA256 and SHA512 for digest/HMAC. For data encryption we use AES-256-GCM and AES-128-GCM. 9. Our client software can block IPv6 traffic. DNS leak protection is forced by default and it’s not optional. A ‘kill switch’ is available with our client software. 10. We offer clients for Windows, MacOS, Android, iOS, Linux (still in beta), as well as browser addons for Chrome, Firefox, Opera. 11. We have physical control of our servers in Romania. In other countries we rent or collocate our hardware. We have some measures in place to prevent and alert us in case of unauthorized physical access. We use our own DNS resolvers and we encrypt all DNS queries from VPN gateways to DNS resolvers. 12. Locations are listed in real-time here. VPN.ac website ONEVPN 1. The answer to this question is 50% ‘Yes’ and 50% ‘No’. We do not keep any log of users’ original IP which can lead anyone to their physical location. We do maintain the login and logout time against the client area username for the bandwidth usage by user. We keep the bandwidth usage data only for 7 days until the money-back guarantee is valid. On the eight day, we discard the data and keep zero logs of our paid users. 2. OneVPN is a product of Unravel Technologies, a Hong Kong based registered company. 3. No, we do not use any external visitor trackers or support tools. For communicating with customers regarding their initial credentials, inquires, support tickets and complaints, we have a customized in-house emailing portal. For sending marketing emails and Newsletters, we use Sandy (Amazon based email portal). 4. Based in Hong Kong, we are not bound by any law to keep logs of our users. The only information we have about our client is the login and logout time. This information can only lead towards OneVPN’s server which the user might have connected to. We cannot provide any further information because we do not have any. If any DMCA or other notice landed to us, all we can provide them is login and logout time. 5. First of all, in all ten months of our operations it has never happened to us. If any such scenario arises in future, we cannot identify the user as we do not have any logs of our user’s identity. We can only lead to the server the user once connected to. 6. Yes, BitTorrent and other file-sharing traffic is allowed on all OneVPN’s servers except USA, Canada, and Australia. We have physical servers and in the aforementioned countries P2P file sharing is not allowed. Users can connect to Netherlands, Germany, France, or any other server to download torrents. 7. We offer PayPal, Web Money, BitCoin, and Credit Card option via third party merchants. The user visits OneVPN’s website and selects the payment method. Once the payment is made by the user, it goes directly to the Payment merchant. The Payment Merchant verifies the payment and gives OneVPN the go head. We send the credentials for the user via email. Once the payment is through it lands in OneVPN’s account. In the entire process, the user provides the required information to the Payment Merchant and not to OneVPN. This way every user is anonymous to us. 8. OneVPN is among the few VPN providers to offer Openconnect via Cisco Anyconnect. This protocol helps users to achieve the highest level of security with 256bit AES encryption and the fastest speed at the same time. We highly recommend all our users to use Openconnect protocol. 9. We do not support IPV6. Hence, it eliminates all vulnerabilities associated with IPV6 leaks. The best and most recommended way to avoid IPv6 leaks is to disable the functionality from your desktop interface. Yes, we do provide DNS leak protection and NAT firewall comes with all our VPN servers. The user does not need any manual configuration or prior setting for DNS leak protection. We also provide an Internet Kill Switch feature in our Windows App. You can also configure the Kill Switch option on your Mac while using OneVPN. 10. We offer customized VPN apps for Windows, Mac, and Android. 11. We have selected the best data centers to host our servers. We operate 100% physical servers which all run on BSD. All our VPN servers have their own DNS. 12. We have 60+ VPN servers deployed in 20 countries. You can check the complete list of all the locations here. OneVPN website IRONSOCKET 1. We keep limited session logs for all of our services. These logs record the duration of a connection, the IP address used for the connection and the number of bytes transferred. These logs are typically kept for 72 hours, usually less, after which they are purged. We log this data for fraud and abuse detection/prevention. Since we use shared IPs on our servers, and do not log activity, it is difficult to associate specific activity with individual users. 2. IronSocket is owned and operated by Pusa and Daga Hong Kong Limited in the jurisdiction of the Hong Kong Special Administrative Region. 3. We do not use any third-party email providers or support tools. We use Google Analytics and HasOffers which have minimal visitor tracking information used for website usage reporting and management of our affiliate program, respectively. 4. IronSocket is not subject to the DMCA or any international equivalent. We do NOT host any user uploaded content on any of our servers. While IronSocket is not subject to DMCA, some of our hosting and data center partners reside in locations that are. If they escalate a DMCA notice to us, we reply to the provider that we are a service provider like them, and that we do not log our user’s activity. 5. This has not happened. It is our policy to cooperate with legal orders that are valid under Hong Kong SAR law. The process to address such request is: 1. Verify the order is legal and valid 2. Consult with legal counsel to determine what we are required to provide 3. Determine if we have the data being requested Because of our privacy policy, terms of service, shared IP usage, and anonymous payment methods, it would be difficult to impossible to associate a specific activity with an individual user. 6. P2P traffic is allowed on servers in countries where such traffic is not restricted. We do not allow P2P on all servers due to the legal pressure on the data centers in certain regions of the world. All traffic is treated equally on our network. 7. We accept credit / debit card payments via SafeCharge and PayPal. Bitcoin transactions are processed by BitPay and major US brand gift cards are handled by PayGarden. We do not collect sensitive payment information. Any sensitive payment information is maintained by each respective payment processor and is linked by a unique transaction number. 8. OpenVPN with strong encryption: AES 256-bit encryption with SHA256 message authentication, using a 4096-bit key for secure authentication. 9. We are currently beta testing a new client for Microsoft Windows systems that offers DNS leak protection and VPN drop protection. VPN drop protection has the option of killing specific applications or the system’s network connection. 10. We are currently beta testing a new client for Microsoft Windows systems that offers support for the OpenVPN, L2TP, and PPTP VPN protocols. 11. We host and maintain our own DNS servers. We manage all our VPN servers but they are hosted and maintained by third-party data centers. We vet all providers prior to engaging their services and we continuously evaluate the quality of service and responsiveness to our requirements and requests. 12. We have hundreds of servers in 38 different countries and are always adding more. The most up-to-date list can be found here. IronSocket website SEED4.ME 1. We do not analyze or DPI traffic. We also do not keep logs on VPN nodes. General connection logs are stored on a secure server for 7 days to solve network issues if there are any. These logs are deleted after seven days if there are no network problems. 2. Taiwan. Seed4.Me Inc., We are not aware of any legislation requiring us to share client information and we are not aware of any precedents in Taiwan where client information was disclosed. We do not hold much information anyway. On the other hand, we do not welcome illegal activities which potentially harm other people. 3. Currently we utilize Google Analytics and G Suite (ex. Google Apps). Regarding G Suite, we do not store any sensitive information there, only support issues. 4. In case of abuse, we null route the IP to keep ourselves in compliance with the DMCA. Currently we use simple firewall rules to block torrents in countries where DMCA applies. 5. We will act in accordance with the laws of the jurisdiction, only if a court order comes from a jurisdiction where the affected server is located. Fortunately, as I said before, we do not keep any logs on VPN nodes, on the other hand we do not encourage illegal activity. This has never happened. 6. Torrents are allowed on our VPN servers in Switzerland and Sweden. These are torrent-friendly countries with high-quality data centers and network. We treat BitTorrent, P2P, streaming and any other traffic equally on all servers. 7. We accept Bitcoin, PayPal, Visa, MasterCard, Webmoney, QIWI, Yandex.Money, Bank transfer and In-App purchases in our mobile apps. We do not store sensitive payment information on our servers, in most cases payment system simply sends us a notification about successful payment with the amount of payment. We validate this data and grant access to VPN. BTW, we do not require the name of the card holder when he pays for the VPN in our desktop app. 8. Obfuscated OpenVPN with 2048-bit key will be a good choice, it’s available in our Desktop and Android apps. Also, our iOS App has Automatic protection option that guarantees for example that all outgoing connections on open Wi-Fi will be encrypted and passed through secure VPN channel. 9. We do provide DNS leak protection in our Desktop app and we suggest that customers turn off IPv6 support. We don’t provide a kill switch for desktop yet. We are still compatible with free software that prevents unsecured connections after VPN connection goes down. 10. We have apps for Windows, iOS, Android and Amazon Kindle. 11. All servers are remotely administered by our team only, no outsourcing. No data is stored on VPN nodes (if the node is confiscated, there will not be any data). We prefer to deal with trustworthy Tier-3 (PCI-DSS) data centers and providers to ensure reliable service with high security. As for DNS, we use Google, users can override these settings with their own. 12. Currently we offer VPN nodes in 17 countries: USA, UK, Canada, France, Russia, Switzerland (torrent-friendly), Sweden (torrent-friendly), Ukraine, Netherlands, Spain, Germany, Italy, India, Hong Kong, Singapore, Israel and South Korea. Seed4.me website Note: several of the providers listed in this article are TorrentFreak sponsors. —– https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/
  14. POST HERE 3 RATIO PROFS,EDIT YOUR USERNAME..
  15. Irc changes For the last few months Irc has been getting alot of spam from People wanting invites ect this has now got to the point where we need to control it. Due to this we have set the main Channel to Members only to join this channel you need to Click on your username at the top of the page and then Click edit Profile. Look down and your see IRC Options Click Enable IRC Access (Generate Key) then Save at the bottom of the page your see then that the system has made you a key. Now join IRC like you Normaly would and Type /msg tl-monkey !invite YOURKEYHERE. Your then be joined to the main members Channel (Make sure to user your SITE username or it will not invite you)
  16. Irc changes For the last few months Irc has been getting alot of spam from People wanting invites ect this has now got to the point where we need to control it. Due to this we have set the main Channel to Members only to join this channel you need to Click on your username at the top of the page and then Click edit Profile. Look down and your see IRC Options Click Enable IRC Access (Generate Key) then Save at the bottom of the page your see then that the system has made you a key. Now join IRC like you Normaly would and Type /msg tl-monkey !invite YOURKEYHERE. Your then be joined to the main members Channel (Make sure to user your SITE username or it will not invite you)
  17. Security Guide The new branch of PHPBB - PHPBB 3 is quite secure. After some major security flaws in PHPBB 2 the PHPBB developers have paid great attention to the security of their product's new branch - PHPBB 3. According to the script's changelog and the users' reports there have been just several minor security issues. They have been resolved quite fast. Still, in this article we will list useful practices that will additionally improve the security of your PHPBB 3 forum. TIPS Keep your software up--to-date This rule is valid for all the applications that you use. Keep your local computer software (OS, anti-virus program, firewall, web browsers, etc.) and web applications (scripts, extensions, components, modules,plugins) upgraded to the corresponding latest stable versions. Custom Database tables prefix A wise solution is to set a custom database tables prefix during the PHPBB 3 installation. If your hosting provider supports an auto-installer like Softaculous just enter the new value in the "Table Prefix" field. The manual phpBB3 installation also allows to enter the chosen table prefix in the "Prefix for tables in database:" field. The change of the tables prefix in an existing phpBB 3 installation is more difficult. First, you should edit the config.php file and replace the new prefix in the following field: $table_prefix = 'phpbb_'; If you have custom modules integrated in your forum check whether they have additional configuration files. You might need to complete the same change in them. Next, you should rename all the tables in the database. You can run the queries through a tool like phpMyAdmin. The query for each table should be: RENAME TABLE phpbb_table_name TO newprefix_table_name; Additional admin login page To add a new layer of security to your admin login functionality you should password protect the admin folder. In PHPBB 3 the default admin folder is called "adm". Usually the hosting providers have a password protection tool embedded in their control panels. If your hosting provider uses cPanel you can password protect the folder through the Password Protect Directories tool. The tool will create a .htaccess file under the "adm" folder. Make sure that the used password is different from the one set during the initial PHPBB 3 installation Always use strong passwords that contain random sequence of letters, numbers and special characters. Restrict the admin folder access If you are using a computer with static IP to access your forum you can restrict the access to the admin area. Enter the code listed below in the .htaccess file under the "adm" folder. It will allow access only from your local computer. Order Deny, Allow Deny from all Allow from 123.123.123.123 Instead of 123.123.123.123 use your IP. It can be checked at: http://whatismyipaddress.com/ The file can be edited either with FTP or with cPanel->File Manager. You can add more IPs to the list, separated with blank spaces. Backup your forum Often, keeping backups of your script will allow you fast and easy to restore the stable functionality of your web site. It does not matter if the script has been compromised by hackers or it has been broken by a custom code modification performed from your end. The backup restore will bring the web site to its normal state. Usually the hosting providers create daily or weekly backups of your account. Still, you can additionally take care of this task. Detailed instructions can be found in this knowledge base article. Enhance the users registration PHPBB 3 has some useful options which will stop most of the malicious users' registrations attempts. Open your forum's admin area and load the "User registration settings" section. For the "Account activation" option pick "By user (email verification)". During the registration the user will have to provide a valid e-mail account and approve the registration through a confirmation link message delivered to it. For "Password complexity" select "Must contain symbols". In this way the user will have to enter letters, numbers and symbols in the chosen password. Leave the default values of the other options. Forums that follow the above-mentioned tips experience 80% less security problems. If despite the measures taken, your forum gets hacked, you should contact your host for assistance and try to get more specific security tips from the community via the discussions boards. Credits for this materials: http://www.siteground.com/phpbb-security.htm Top 5 Security Mods for phpBB No forum software is fully secure from the onslaught of hackers and spammers, and needs to keep being updated by new modifications and plugins to safeguard against such attacks. The open source nature of phpBB makes it more vulnerable to attacks. phpBB developers are constantly working towards identifying security gaps and trying to fix them. Some of the main features added to provide protection to your forum from being attacked by hackers are: Providing a sophisticated authorization system; Effective encryption which basically helps by ensuring the safety of the passwords in the data base; Proper running of the URL and cookie sessions. 5 Security Mods for phpBB Some helpful security mods for phpBB are: RAC Mod: In this Mod, the administrator defines an auth code which you need to enter while registering. After this, the administrator may ask you a question, the answer to which is the code. The advancements made to this mod are: Language variable being used properly; phpBB templates being used properly; Unnecessary steps have been removed; Instructions are made more detailed. Peoplesign CAPTCHA Plugin: This is a unique and new picture based CAPTCHA which gives its owners millions of different ways to customize and use it as per their liking. It is easy to install. People visiting the forum are given a picture-based text to enter the forum and by this means automated bots can be kept away. Show Password Strength: This mod reflects the strength of the password to its users. It displays a color code to show the password strength which is green for strong and red for weak. Along with this, there is a text indicator such as ‘Very Strong’, ‘Strong’, ‘Good’, ‘Weak’ and ‘Very Weak’ for passwords. The basis on which the password strength is graded are: Mixed case alphabets; Numbers; Special characters; More than 12 characters in the password. Breizh Ajax Checks: This mod is fast and the language can be changed in the ajax on the registration page. Through this mod, checks can be performed in real time in the registration page as well as edit account setting page for email address, password and username. Key CAPTCHA: It is an innovative anti-spam service which is provided free. It provides protection to your website from spam and also works as an instrument for income acquisition. Contrasting other captchas, there is no requirement to type any text here. phpBB is not fully protected from all attacks by hackers and spammers present on the net. While there are people working towards mods to improve the scenario, one should take precautions and be vigilant to ensure that the forum is not attacked. phpBB security does not merely involve protecting your forum from being hacked, but it also involves the security of personal information and data of visitors and the integrity of the member list as well as the community. Some issues that may take up a lot of admin and moderator time may be automated signups, member list abuses, email address harvesting and dropping links. Credits for this materials: http://www.webmasterscafe.com/top-5-security-mods-for-phpbb/
  18. Security Guide TIPS In this section of the tutorial you will find several tips how to improve the security of your Invision Power Board. 1. Do not allow HTML for your board except for user groups that you can fully trust. When creating a forum you can choose not to allow HTML code to be posted in various sections for the board. You can disallow HTML code in all of the areas listed below: To disable HTML in signatures and the about me section for members go to System tab-> System Settings -> Members tab -> User Profiles. To disable HTML in personal messages between users go to System tab -> System Settings -> Members tab -> Personal Message Set-up To disable the HTML in posts for specific user groups go to Members tab -> Manage User Groups -> Edit for the group -> Global tab 2. For the lost password recovery it is best to use the email random password option. This option can be altered via the IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy. Note that it is highly advisable to email the new password instead of letting the user enter it manually as it is much less likely that the user account email address is compromised. 3. Setup a limited amount of failed login attempts. If the number is reached the user is locked out of the forum for a set time. This option can be altered via your the IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Brute-force Account Locking section. The other two options below allows you to define if blocked accounts will be automatically unlocked and if so after how many minutes. 4. Use secure mail form for member to member communication. This way it will not be possible to get the emails of your board users and use them for spam and other fraudulent activities. You can enable secure form email for member to member communication via IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Use secure mail form for member to member mails 5. Remove the admincp link from your board and modify the name of the administrator directory to something else. The link to the admin panel that is by default included on your forum index can be removed. This is highly advisable along with renaming the admincp folder to something else. The option can be altered via IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Remove the ACP link from the board 6. It is highly advisable to manually approve new accounts registration as well as leave the option to verify the registration via email. This option might not be suitable for very popular forums that have lots of new user registrations on a daily basis. However, for closed communities it is best if you have all new user registrations manually approved by forum administrators. This way you can prevent spam bots and unauthorized users from posting on your forum with 100% success. The highest possible security is forcing users to first verify the new account registration via the email address they provided upon registering the new account. Once the new account registration is verified via email it is queued for approval via the board administrator. This option can be chosen via IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> New registration email validation. You might want to take some time and also adjust the options below to your convenience. 7. Force user login before the board is viewed. This way only registered users can view and post on your online board. Note that in this case guests on your online board won't be able to view any of the forums. The option is available at IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Force guests to log in before allowing access to the board The alternative is to set specific permissions for each forum and thus allow some general purpose forums to be viewable for Guest users. For example you might want to make news and forum rules viewable for everyone so they can check them prior to registering. To achieve this all you need to do is use the permissions matrix when creating a new forum or category. Do not add permissions for the group that guest users are automatically assigned to. This way none of your forums will be accessible for users that are not registered and logged in except for forums you explicitly add permissions to. It is highly advisable to set only Show Forum and Read Topics permissions in such cases. 8. Do not display the version of IPB you are running. Otherwise it will be much easier to search for possible exploits for the specific version if one is trying to compromise your board. Displaying the IPBoard version can be turned off via IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Privacy section -> Display IPB version on your site. There are various options you can manage for your IPBoard. Most of the other features that can be a security issue are set to the highest possible security by default. Bear in mind that you should carefully read and understand what each option does prior to making changes in order to avoid any issues with your online board. Thanks for this valuable material goes to: http://www.siteground.com/tutorials/ipb/ipb-security.htm HACKS I want to show you a few important things, that many of you may know, but others wont. So lets start with the server and permissions: Never - and really never - set 777 permission on ANY directory/file. That would allow malicious users to execute/delete/move/edit your files easily. Do not make .htaccess files readable - they could leak important data. How to set permissions: chmod xxx -R /dir/to/files Secure phpmyadmin - there are several ways to do so, but a simple .htaccess file should be enough. The htaccess file can look like this (i use it like this): AuthType Basic AuthName "Restricted Files" AuthUserFile /path/to/passwords/.htpasswd Require valid-user add a file called .htaccess (it must have the . before htaccess and it needs to be in the directory you want to secure. For phpmyadmin its usually /usr/share/phpmyadmin) Do not run apache as root - if you do so, a malicious user could use exploits to gain access to the apache2 user - that could lead to a real disaster. use this tutorial to change your user for apache2: http://ubuntuforums....ad.php?t=927142 Secure php - turn off unnecessary features and set up open_basedir, it could save your server. This should help with turning off features for php: http://stackoverflow...erous-functions If you use apache, use mod_antiloris What does mod_antiloris do? Well its easy: There is a tool called slowloris. People use it to DoS a server - that means, they attack it, so the server shuts down. How does mod_antiloris do this? It opens a lot of apache processes so the apache server simply cant get enough ram anymore and shuts down automatically. Why do they use that tool? Because it uses so little resources that it makes it really easy to bring a server down. What does mod_antiloris do now? Well a server understands requests like this: SYN - ACK - SYN - ACK Well slowloris does this: ACK - ACK - ACK - ACK The server opens processes and never closes them since no SYN is coming back. mod_antiloris detects those malicious requests and closes them itself. Note: To install mod_antiloris, you need to look for it on google, I can not go indepth with the setup, since I only use Ubuntu as my server. Turn off php error reporting. No one needs to see php errors on the page. They could cause to a leak of data and in this case, there is a Full path disclosure script out there that could tell an attacker what your directory is called. To disable it you can add: error_reporting(0); @ini_set('display_errors', 0); to the end of your index file. Now to the IPB Setup and file Setup: Use .htaccess for the admin directory. (Refer to the Security center for this) Rename the admin directory. (Referr to the Security center) Remove dav.php if it isnt necessary. (In terminal: rm /path/to/dav.php) Use hooks like StopForumSpam to prevent fraud on your forum. (Use the StopForumSpam website for more info, they have in-depth tutorials for this on their site) Before you install a skin, check it. The skin "Glare by Tom Christian" reveals your admin directory in the source code for example, no matter what you set it up to do. You can do so by simply opening your source code on the index page of your forum and searching for your ACP link. Then when you found it you can easily referr to the CSS files (Look and Feel - Edit Skin CSS - globalTemplate) Change your display name. Users can use bruteforce to get your password, but what if they don't know what your username is called? They can´t brute it. You can do so in the members tab in the ACP. Do not allow signatures which are too big (I know its not security related but it can slow down your site dramatically) This can be done within the IPB ACP (resize images) Follow the things written in your Security Center, IPB knows what they write. Use the Checkers (Whitespace Checker and so on) weekly so you see if something goes wrong. Remove users using odd usernames. What do I mean with odd? <script>alert(blabla)</script> is surely odd and it shows that the user tried to do an XSS attack. XSS can be used for attacks to get sensitive data or deface your website. Other things you can do is on files that really should not be viewable via php as regardless of the request placing: if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) { exit('Denied.'); } After: <?php Result: <?php if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) { exit('Denied.'); } Also adding blocks via the htaccess is also wise for things such as conf_global.php, initdata.php, and constants.php <Files conf_global.php> deny from all </Files> <Files initdata.php> deny from all </Files> <Files constants.php> deny from all </Files> Or, you can also do this and it will work. Rename your conf_global.php to w/e you want, make a new conf_global.php and place this in it: <?php if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) { exit('Denied.'); } @include('yournewconfigname.php'); ?> Thanks for this valuable material goes to: http://invision-virus.com/forum/index.php/topic/530-how-to-secure-your-ipb-version-properly/
  19. .::IS::. Members We have noticed that a lot of newly registered members, particularly members who are new to the torrent world are unsure about the rarity of trackers and how hard it is to obtain invites or accounts. We have had these questions sent to us via PM and seen a lot of members asking in the shoutbox. For these reasons the .::IS::. moderation team have complied a list. Obviously, its impossible to include every tracker in the list and some can be argued as it is opinion based. Nevertheless, the key/most popular trackers are included and for the purpose intended the list is accurate enough. We have also copied and pasted a section of the rules, regarding safety tips as tracker safety is also important. To conclude, a list of trackers which do and don't ban on IP/Email change, originally written by Pirata. The idea of this, is one thread with all the necessary information to help our members ------------------------------------- Tracker Levels \\ Level 10 ArtOfMisDirection[AOM] HDBits.Org ExigoMusic FunSharing.Net[FSC] Level 10 trackers are the hardest trackers of all to get into. Accounts will sell for ridiculously high prices and will be very rarely given away if ever. \\ Level 9 DeepBassNine[DB9] Pedros MagicTorrents InTheShadow[iTS] Level 9 trackers are extremely difficult trackers too get into due to their limited membership count. Accounts and invites sell for very high prices and will be rarely given away. \\ Level 8 EndOfTheInterNet[EOTI] TS-Tracker NorBits HD-Spain FeedThe.Net[FTN] Level 8 trackers are even rarer trackers too get into due to their limited membership count. Accounts and invites sell for high prices and will be rarely given away. \\ Level 7 Polish Tracker SceneHD.Org BroadCasThe.Net[bTN] Bit Vault Level 7 trackers are rarer trackers too get into. Accounts are much easy to obtain than invites. These trackers will be occasionally given away. \\ Level 6 Bitme.Org CHDBits.Org PassThePopCorn[PTP] What.CD TheVault.Bz Music-Vids LzTr Fuxor Gnoms.me[Aka Sinderella] WorldInHD[WIHD] NextGen.Org The Occult.bz x264.Me HD Wing Revolt[Forum] Level 6 trackers are still rare but with patience, it is possible to obtain invites. These will be given away but not to anyone. \\ Level 5 CartoonChaos.Org BitmeTv.Org AwesomeHD DVDSeed HDCorea RevolutionTT BitHumen SparVar PixelHD ScienceHD Bibliotik TorrentGUI[TTG] Level 5 trackers are still rare but with patience, it is possible to obtain invites. These will be given away but not to anyone. \\ Level 4 PreTome.Info HDSource NCore PornBits ThePlace PirateThe.Net[PTN] HDCenter HDRoad StopThePress.es LosslessCub Level 4 trackers are harder to obtain than level 3 but are still regularly given away. \\ Level 3 RacingFor.Me PianoSheets HQMusic TehConnection TranceTraffic TranceRoute Waffles.Fm ComicBT KaraGarga SceneAccess.Org TheGFT VideoSeed AvLossLess PlanetQ AceHD TheGeeks.Bz BaconBits CrypticHavenComedyClub[CCC] HDSky.Me TheHorrorChannel Open.CD Jpopsuki Level 3 trackers are harder to obtain than level 2 but still regularly given away. \\ Level 2 IPT TL TD HDbits.Ro SDBits Fielist Zamunda Libble Extremebits Elbitz Bitspyder Docspedia ProAudioTorrents My Anonamouse IFR Level 2 trackers are very easy to obtain as they regularly offer invites to their members. These are always given away for free. \\ Level 1 Xtreme Wrestling Torrents World Boxing Video Archive Pro Wrestling Torrents Torrent Shack T3nnis.TV Sport-Scene (SSC) RuTracker.org Pussy Torrents PSYtorrent Panda.CD PornBytes Feed The Brain Bluebird-HD.Org SeedGames.org Games-HD.com The Sports Torrent Network [TSTN] Blu-Evolution (BluEvo) IceTorrent Xtreme-Torrent LastTorrents Acid Lounge ExtremeBits AudioNews AppzUniverse HD Space Level 1 trackers are extremely easy to obtain as they regularly offer open sign up/registration, sometimes monthly, sometimes permanently. ------------------------------------- Safety Tips Username: Your choice of username is extremely important. For your own safety it is recommended that you never use the same or similar username on Invite Scene and the trackers you are using. If you do this then you only have yourself to blame as you’re putting your account(s) at risk. Please contact an admin immediately for a username change if you have already made this mistake. CSS Security: If you don’t want to risk losing your current private trackers then it is highly recommended that you use a different browser for Invite Scene and your trackers. Many trackers have now blacklisted numerous invite based forums and are using browser manipulation to access the browsers loophole to view previously visited websites. To avoid this, as previously mentioned, use different browsers. If you have already made this mistake then immediately delete your history and cookies, then implement the above solution. Also you can read this thread regarding CSS - http://www.invitescene.com/index.php?/topic/1416-security-warning-css-hack-read-this-carefully/ Password: It is highly recommended that you use a strong password for your accounts such as emails, trackers and forums. A strong password would constitute at-least twelve or more characters and digits, including variation such as upper-case characters, lower-case characters, numbers and special characters. Links: Avoid clicking any links from users. This includes emails, private messages and forum threads/posts. There are many scammers and hackers online who can easily disguise a link as something genuine, however the purpose is actually to snatch your IP or install a virus. E-mail address: Please, under no circumstances ever post your email address in public. This includes when you are applying for an invite in a GA thread. By doing this you can compromise your accounts safety and your inviters account safety. Screenshots: Always edit screenshots. Never post public screenshots which reveal your trackers username or ratio stats. In addition, only send un-edited screenshots to staff members on request, never to normal users on the forum. Further Advice Middleman: Middleman can be requested in certain situations, such as dealing with a seller that has little or no feedback or who you do not trust. It is highly recommended that you contact a staff member in this situation. Scammed: If you have being scammed, immediately contact a staff member or open a dispute thread. All proofs should be saved and forwarded to a moderator. Banned countries: Always check the banned countries list before you trade, sell or buy a tracker. IP / email / password Change: Please be aware that certain trackers ban accounts for email, password and/or country IP change. If you’re unsure of your responsible always contact the seller/buyer/trader first who will normally provide you with safety tips before a deal is made. Trusted members: Always buy/trade accounts from trusted sellers or staff members. Please under no circumstance buy from users who have low rep, feedback and post count on here, no matter how good the deal appears to be. If the deal is too good too be true, it probably is. Accounts or Invites?: To avoid any complications it is much better to buy an account combined with an email. However, invites are generally much safer. ------------------------------------- Trackers that Ban after IP change: x264.me What.cd BCG SceneHD FSC DB9 Pedro's BTMusic GFT TS-Tracker Music-vids iTS PTP Awesome-HD RevTT Trackers That Don't ban after IP change (if you don't change the details immediately) PTN BitMe BitMeTV Exigo ThePlace TheVault FTN HDbits.org Trackers that don't ban after IP change: All Other Trackers. ------------------------------------- Banned Countries list Algeria : FileList.ro Zamunda Argentina : SCC - Signup is banned What.cd - Irc invite banned Belize : SCC Brazil : x264.me - Complete Ban RevTT - Signup banned SCC - Signup banned Torrentbytes What.cd - Irc invite banned Black Cats Games - Signup banned BitMeTV - Banned IP's range 200.x.x.x, 201.x.x.x (LACNIC's ips) Chile : SCC China : Demonoid.me HDBits.org SCC - Signup banned ScenePalace.org SDBits.org What.cd - Irc invite banned Croatia : BitMe - Some IP's BitmeTV - Some IP's Egypt : GFT - Signup banned HDBits.org RevTT - Signup banned SCC BlackCats-Games - Some IP's SDBits - Signup banned Freshon - Signup banned ( some IP's work ) x264.me Complet Ban What.cd - Irc invite banned BitMe.Org - TEData ISP BitmeTV - TEData ISP BitSpyder.net - TEData ISP ( Banned IP's 41.233.XXX.XXX and rest of IP's work ) Fux0r : some IP's DVDSeed.eu Georgia : What.CD - IRC Invites banned Germany : Demonoid Hungary : What.CD India : TorrentBytes - BSNL ISP HDBits.org - BSNL ISP RevTT - Signup Ban ( existing users & users who signed up from a country which is not banned signup can use their account from India ) SCC - Signup Ban ( existing users & users who signed up from a country which is not banned signup can use their account from India ) Torrentbytes - BSNL ISP What.cd - Irc invite banned x264 Iran : RevTT LFM Israel : Bitme BitmeTV HDBits.org SDBits.org RevTT - Signup SCC - Signup Torrent-Damage Torrentbytes TheBox.bz - Signup TheVault.bz BlackCats-Games - Signup What.CD - IRC Invites x264.me Complet ban LFM Fux0r TheGeeks.bz Italy : x264.me Complete ban Korea : What - IRC invites banned Kuwait : BitMe.Org MusicVids - Banned IP's 62.150.xx.xx TvTorrents.com - Qualitynet ISP only Latvia : SCC - Signup Malaysia : x264.me Complete ban Marocco : What.CD - IRC invites banned SCC - Signup Mexico : What.cd - Irc invite banned Pakistan : RevTT - Invites banned SCC - Only invite banned, only some ipA´s What.CD - IRC invite banned BlackCats-Games - Some IP's Poland : BitMeTV - Non static IP's HDBits.org SDBits SCC - Invites banned What.CD - IRC Invites Portugal : BitMeTV - Some IP's RevTT - Invites banned SCC - Invites banned What.CD - IRC invite banned x264.me Complet ban Romania : AceTorrents GFT - Request invites RevTT - Signup banned SCC ScenePalace.org - Signup banned What.cd - IRC invites banned Pedro's x264.me Complet BAN Lossless World Digital Hive The Camorra Fux0r Satclubbing Exigo Russia : HDCity.Org What.CD - IRC Invites banned Saudi Arabia : What.cd RevTT x264.me Complet ban LFM Slovenia : SCC - Signup banned What.CD - IRC invite banned Sweden : TorrentBytes Sri Lanka : BitMe.Org SCC Thailand : What.cd - IRC Invites banned Taiwan : What.CD - IRC Invites banned Tunisia : FileList.ro Dvdseed.eu Zamunda Turkey : Bitme GFT - Request of invite RevTT SCC SDBits Torrentbytes - Banned ip's starting with 78. x264.me Complet BAN Ukraine : Demonoid SCC - Invites What.CD - IRC Invites banned Vietnam : HDBits FTN ------------------------------------- In The END , We Hope That You All Read This Thread Carefully . For Your Own Safety In Trackers/Forum Dealings. Best Regards, .::IS::.Staff Team