Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? LOOK NO MORE! EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | INSTANT SETUP & TONS OF FREE APPS | STARTING AT $5.00/MONTH!

Search the Community

Showing results for tags 'vpn'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Invite Scene Official Information
    • Announcements
    • Suggestions and Ideas
    • Member Introductions
    • Competitions
  • Invite Scene Premium Membership
    • Make a Donation: Grab Your Premium Membership Now
  • Invite Scene VIP Giveaways & Requests
    • VIP Giveaways
    • VIP Requests
  • Invite Scene Official Store
    • Invite Scene Store: The Official Store for Private Torrent Invites
  • Invite Scene Marketplace
    • Premium Sellers Section
    • Buyer's Section
    • Trader's Section
    • Webmaster Marketplace
    • Service Offerings
    • Other Stuffs
  • Invite Scene Giveaways & Requests Section
    • Giveaways
    • Requests
  • Invite Scene Bittorrent World
    • Private Tracker News
    • BitTorrent World Discussion
    • Private Tracker Help
    • Tracker Reviews
    • Open Trackers
  • Invite Scene SeedBox Forum
    • Exclusive SeedBox Sellers Section
    • SeedBox Sellers Section
    • SeedBox Reviews
    • SeedBox Discussions
  • Making Money
    • Monetizing Techniques
    • Crypto Currency
    • Free Money Making Ebooks
  • Webmasters
    • Website Construction
  • Invite Scene General Topics
    • The Lounge
    • Movies, TV, and Videos
    • Melody, Harmony, Rhythm, and MP3
    • General PC Chat and Help
    • Security Hive
    • Guides and Tutorials
    • Gamers Hangout
    • The Graphic Design
  • Invite Scene Deal Disputes & Limitations
    • Deal Disputes
    • Archives

Categories

  • Bug Tracker
  • Suggestions Tracker

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Google+ Hangouts


Yahoo Messenger


Skype


Discord


AIM


ICQ


Interests

Found 31 results

  1. Providers who defied TV company demands to switch off their VPN services have caved in following legal threats. CallPlus and Bypass Network Services faced action from media giants including Sky and TVNZ for allowing their customers to access geo-restricted content. Their 'Global Mode' services will be terminated by September 1. Unlocking geo-restricted digital content is an activity carried out by millions every day, but the practice is frowned upon by entertainment industry companies. The large amounts of time, effort and financial planning that go into complex licensing agreements can be undone in an instant by a user of a VPN or ‘smart’ DNS service, opening up services like Netflix and breaking down barriers to U.S-based products such as Hulu. In April, media companies SKY, TVNZ, Lightbox and MediaWorks told several Kiwi ISPs that if they didn’t stop providing geo-unblocking services to their subscribers, legal action wouldn’t be far ahead. Within days and following claims of breaches of the Copyright Act, Unlimited Internet pulled its VPN service. However, CallPlus and Bypass Network Services stood firm and stated that they weren’t going to be bullied. Now, just two months later, both providers have caved in to the demands of the media companies. The news was revealed in the briefest of announcements posted to the NZX by Sky TV this morning. “The legal proceedings against ‘Global Mode’ service providers have been settled. As a result, from 1 September 2015, the ‘Global Mode’ service will not be available to any person for use in New Zealand,†the statement reads. The news will come as a blow to users of the ‘Global Mode’ service who will now have to find alternatives if they wish to continue accessing geo-locked content. While that will be extremely easy, Global Mode was a free product so it’s likely that additional costs could be on the horizon. InternetNZ, the non-profit group that oversees the Internet in New Zealand, says it is “deeply disappointed†by the news. “Global Mode was a great example of Internet-based innovation that challenged traditional content distribution models. It was by no means clear that the service was illegal, and we were keen to see the matter go before the courts to provide users and the industry with clarity,†said InternetNZ Chief Executive Jordan Carter. “Withdrawing the service and settling before court seems a worse outcome for all concerned. The media companies have said that they wanted to clarify their own legal rights over content – a settlement doesn’t achieve this, and leaves us all none the wiser.†Noting that both Internet users and innovation have “taken a back seat to entrenched old media interestsâ€, the InternetNZ chief called for a revised look at local copyright legislation. “This outcome makes it ever more important that we review New Zealand copyright law, to ensure that the interests of consumers and creators are appropriately balanced.†Those looking for the all-important details on why the companies backed down will be disappointed. The details of the settlement between the providers and entertainment companies are confidential. Submissions will be made to the court but they will not be for public consumption. https://torrentfreak.com/isps-dump-vpn-after-legal-threats-from-big-media-150624/
  2. Copyright holder and government efforts to stop people from accessing websites simply won't succeed according to the boss of a leading VPN provider. Speaking in the wake of the latest developments in Australia, CyberGhost chief Robert Knapp says those doing the blocking should consider the technical abilities of who they are taking on. After years of pressure but mere months of deliberations, yesterday the Australian government imposed a new copyright law on its citizens. As soon as it receives the formality of royal assent, the Copyright Amendment (Online Infringement) Bill 2015 will enter into force and soon after it’s expected that rightsholders will make their first moves to have a site blocked. After the passing of the law yesterday a lot of furious people took to the web, many decrying the censorship and filtering efforts of the Australian government. But despite the outcry there are others who are not only relaxed about the upcoming efforts but also stand to profit handsomely from them. They are of course VPN providers, services setup to cut through web-blockades and similar efforts like a hot knife through butter. They’re already extremely popular in Australia due to their geo-unblocking abilities and will now do even more business as a result of the country’s new law. However, there are still those that remain concerned over the future of VPNs and their status as site-blocking kryptonite. Might the government eventually run out of patience and do a U-turn on assurances they won’t tackle the technology by blocking? Would it matter, practically, if they did? Robert Knapp, chief executive at CyberGhost, one of the more popular VPN providers, doesn’t think so. He is calm, taking developments completely in his stride, and foresees no threat to his business. “We see in general the same that you see in nature if somebody tries to block a river floating – the water finds his way,†Knapp says. Despite attempts by the Australian Greens to have VPNs exempted from the new law, it is unlikely that services who play by the rules (i.e do not promote their products for infringing purposes) will be blocked. However, if the authorities want to test the waters, companies like CyberGhost will be up for the challenge. “They should also then realize with whom they play in the same league,†Knapp says. “Maybe they do it [blocking], maybe they don’t do it, it’s kind of a technical race. So it’s our daily business. They might do it, we will find a way to keep our servers running.†While most people understand that blocking a determined service provider could descend into an endless arms-race, rightsholders are also keenly aware of the political fallout from attacking legitimate technologies. “We didn’t intend this law to be used specifically against VPN because there are many legitimate uses of VPN and the intention of the law is not to stop people using the internet for legitimate purposes,†a Foxtel spokesperson told Mumbrella this morning. And herein lies the problem. By driving traffic underground, into the encrypted tunnels of VPNs, rightsholders now have even less of an idea of who is pirating what and from where. VPNs are a legitimate but “dual use†technology, one that can be used for privacy or indeed piracy purposes. It’s a giant loophole that will be difficult to close. Nevertheless, companies like Foxtel say they will keep an developments. “We would obviously be concerned if it meant there was a hole in the law,†the spokesman said. “We will be monitoring how things go and see if there is a serious issue in the future.†So what next for Australia’s blocking regime? If history from the UK repeats itself (and there’s every reason to believe that it will), rightsholders will first take on a site that is guaranteed to tick every ‘pirate’ box. That forerunner is almost certain to be The Pirate Bay, a site that is not only located overseas as the legislation requires, but one that also has no respect for copyright. The fact that it has been blocked in plenty of other regions already will be the icing on the cake. Once the case against The Pirate Bay is complete then other “structurally similar†sites will be tackled with relative ease and since none of their operators will be appearing in court to defend themselves, expect the process to be streamlined in favor of copyright holders. https://torrentfreak.com/surprise-vpn-provider-expects-victory-in-site-block-arms-race-150623/
  3. As Australia's site blocking Bill took a step closer to becoming law yesterday, Communications Minister Malcolm Turnbull made it extra clear that VPN use won't be a problem under the legislation. Ordering "the big boys" to sort out the VPN issue between themselves, Turnbull told rightsholders to leave consumers alone. After struggling with the issue of online piracy for many years, last week the Australian parliamentary committee investigating the government’s ‘pirate’ site-blocking Bill gave the legislation the green light. After Coalition and Labor senators endorsed the Bill with four modifications, it is now guaranteed to become law. Last evening the Bill passed the Australian House of Representatives but while doing so provoked interesting comment from Communications Minister Malcolm Turnbull on the issue of VPN use. Noting that there is no “silver bullet†to deal with Internet piracy, Turnbull said that the Bill contains a number of safeguards and amendments designed to protect “public and private interestsâ€, including the use of VPNs that are promoted or used for legitimate purposes. “VPNs have a wide range of legitimate purposes, not least of which is the preservation of privacy — something which every citizen is entitled to secure for themselves — and [VPN providers] have no oversight, control or influence over their customers’ activities,†Turnbull said. The Communications Minister went on to give the example of an Australian consumer using a VPN to ‘trick’ a U.S.-based site into thinking they were located inside the United States. “This Australian could then — and this is widely done — purchase the content in the normal way with a credit card. The owner of the Australian rights to the content so acquired might well be quite unhappy about that, but they could take a remedy against the American site or the underlying owner of the rights. This bill does not apply to a site like this. It is not intended to apply to VPNs,†Turnbull confirmed. There are key reasons why the Copyright Amendment (Online Infringement) Bill 2015 does not apply to VPN use, but for clarity’s sake, Turnbull spelled them out. “Where someone is using a VPN to access, for example, Netflix from the United States to get content in respect of which Netflix does not have an Australian licence, this bill would not deal with that, because you could not say that Netflix in the United States has as its primary purpose the infringement, or facilitation of the infringement, of copyright,†the Minister said. Indeed, for this scenario to be covered by the legislation then Netflix and/or the VPN provider would need to show a general disregard for copyright and meet several of at least eight criteria laid out in the Bill, including demonstrating “flagrant†infringement. Turnbull went on to make it clear that if local entertainment companies have a problem with Australians utilizing VPNs to obtain a better content offering, then they should direct their grievances overseas and leave the man in the street alone. “If Australian rights owners have got issues about American sites selling content to Australians in respect of which they do not have Australian rights, they should take it up with them. The big boys can sort it out between themselves and leave the consumers out of it,†Turnbull said. Finally, the timely delivery of quality content at a fair price has always been a problem in Australia and one of the key local drivers behind both piracy and the VPN ‘problem’. Thankfully the issue was underlined by the Communications Minister who noted that blocking alone would not solve the country’s problems. “The bill is not intended to operate in a vacuum. The availability of content that is timely and affordable is a key factor in the solution to online copyright infringement,†Turnbull said. “When infringing sources of content are disrupted, this disruption will be most effective if Australian consumers have legitimate sources to turn to that provide content at competitive prices and at the same time that it is available overseas.†Whether that situation comes to pass is up to the entertainment industries but if grand efforts aren’t made, Aussies will use their VPNs not only to access Netflix, but also evade every site blocking measure this legislation hopes to impose. https://torrentfreak.com/netflix-vpn-problem-leave-consumers-alone-aussie-minister-says-150617/
  4. The new boss of Canadian telecoms giant Bell Media has confessed that her own daughter is a "thief". Speaking at the Canadian Telecom Summit, Mary Ann Turcke says her 15-year-old was using a VPN to access Netflix's superior U.S. service but she quickly put a stop to it. Netflix could've done so earlier, she added, but chose not to. While the video entertainment business needs to do better, Netflix is definitely going some way to filling the online movie and TV show streaming void. Nevertheless, even when consumers put their hands in their pockets for the service, elements of the industry still find cause to complain. The issue is one of geo-location. Essentially, users of Netflix in the United States get a more content-rich service than those accessing it from elsewhere. These restrictions are easily overcome by using a VPN service to tunnel in to the U.S. from outside but that annoys content companies no end. Licensing deals are to be respected, they argue. Just lately critics of the phenomenon have switched from using terms such as “geo-blockingâ€, favoring the emotive “Netflix piracy†and “Netflix theft†instead. Yesterday another heavyweight poured more fuel on the fire and pointed the finger at her own family while doing so. Mary Ann Turcke is the new boss of BCE Inc.’s Bell Media division in Canada. In a keynote speech to the Canadian Telecom Summit yesterday, Turcke raised the issue of Netflix but surprisingly relayed a story from within her own household, triggered by a ‘Life Pro Tip’ from her own daughter. “Mom, did you know that you can hack into U.S. Netflix and get sooo many more shows?†Turcke’s 15-year-old-daughter revealed. But far from mom being impressed at the ingenuity of her child, mom found her actions tantamount to theft. “She is 15 and she was stealing,†Turcke told the Toronto audience. “Suffice to say, there is no more VPNing.†For the teenager and probably most adults, this must be a frustrating concept to grasp. After shunning the lure of The Pirate Bay and its first-run movies on tap – for free, someone in the household has done the ‘right’ thing and bought Netflix. Yet someone, somewhere, has deemed Canadians to be unworthy of the full service and when that injustice gets addressed, mom plays the ‘thief’ card. “It takes behavioral change and it is the people — friend to friend, parent to child, coworker to coworker — that set the cultural framework for acceptable and unacceptable behaviour,†Turcke said. “It has to become socially unacceptable to admit to another human being that you are VPNing into U.S. Netflix. Like throwing garbage out of your car window, you just don’t do it. We have to get engaged and tell people they’re stealing.†Despite Ms. Turcke’s enthusiasm for establishing geo-busting as a crime, Canadian law professor Michael Geist previously rejected the assertion, an opinion also shared by Ottawa intellectual property lawyer Howard Knopf. “This is another manifestation of that good old Canadian phenomenon known as cross-border shopping in a free market,†Knopf said. “‎Some Canadian rights owners and licensees seem to think it’s smart to limit Canadian choice and raise Canadian prices. Maybe they are being shortsighted or greedy but that’s what they try to do.†While Turcke sees her own child as the thief, she also lays blame at the door of Netflix for not doing more to stop so-called ‘VPN pirates’. “Digital-rights management is one of the most sophisticated and heavily negotiated relationship aspects of our deals with Hollywood,†Turcke said. “As an industry, the players up and down the value chain can’t allow Netflix to continue doing what they’re doing, and Netflix has a choice to stop it. This is a business model decision on Netflix’s part. It’s not a technical problem.†But while Turcke criticizes Netflix for allowing people to access what they like, the notion of providing content on customer-friendly terms is certainly not alien to the entertainment industry veteran. “We, Bell Media, we, the industry, need to make our content more accessible. Viewers are demanding simplicity. And they will seek it out,†she said. Noting that consumers are simply not willing to tolerate restrictions surrounding online streaming rights, ‘windowing’ and national borders, Turcke warned the audience: “It is enough to drive anyone to the dreaded Netflix. Legally or illegally.†https://torrentfreak.com/my-daughter-is-a-netflix-vpn-thief-media-boss-confesses-150604/
  5. The PR disaster for geo-unblocking software Hola has deepened with a report from cybersecurity firm Vectra. In addition to revealing a console within the software that allows an attacker to "accomplish almost anything", Vectra has discovered that Hola had already been exploited by "bad guys" before reports surfaced against the company last week. After a flurry of reports, last week the people behind geo-unblocking software Hola were forced to concede that their users’ bandwidth is being sold elsewhere for commercial purposes. But for the Israel-based company, that was the tip of the iceberg. Following an initial unproofed report that the software operates as a botnet, this weekend researchers published an advisory confirming serious problems with the tool. “The Hola Unblocker Windows client, Firefox addon, Chrome extension and Android application contain multiple vulnerabilities which allow a remote or local attacker to gain code execution and potentially escalate privileges on a user’s system,†the advisory reads. Yesterday and after several days of intense pressure, Hola published a response in which it quoted Steve Jobs and admitted that mistakes had been made. Hola said that it would now be making it “completely clear†to its users that their resources are being used elsewhere in exchange for a free product. Hola also confirmed that two vulnerabilities found by the researchers at Adios-Hola had now been fixed, but the researchers quickly fired back. “We know this to be false,†they wrote in an update. “The vulnerabilities are *still* there, they just broke our vulnerability checker and exploit demonstration. Not only that; there weren’t two vulnerabilities, there were six.†With Hola saying it now intends to put things right (it says it has committed to an external audit with “one of the big 4 auditing companiesâ€) the company stood by its claims that its software does not turn users’ computers into a botnet. Today, however, an analysis by cybersecurity firm Vectra is painting Hola in an even more unfavorable light. In its report Vectra not only insists that Hola behaves like a botnet, but it’s possible it has malicious features by design. “While analyzing Hola, Vectra Threat Labs researchers found that in addition to behaving like a botnet, Hola contains a variety of capabilities that almost appear to be designed to enable a targeted, human-driven cyber attack on the network in which an Hola user’s machine resides,†the company writes. “First, the Hola software can download and install any additional software without the user’s knowledge. This is because in addition to being signed with a valid code-signing certificate, once Hola has been installed, the software installs its own code-signing certificate on the user’s system.†If the implications of that aren’t entirely clear, Vectra assists on that front too. On Windows machines, the certificate is added to the Trusted Publishers Certificate Store which allows *any code* to be installed and run with no notification given to the user. That is frightening. Furthermore, Vectra found that Hola contains a built-in console (“zconsoleâ€) that is not only constantly active but also has powerful functions including the ability to kill running processes, download a file and run it whilst bypassing anti-virus software, plus read and write content to any IP address or device. “These capabilities enable a competent attacker to accomplish almost anything. This shifts the discussion away from a leaky and unscrupulous anonymity network, and instead forces us to acknowledge the possibility that an attacker could easily use Hola as a platform to launch a targeted attack within any network containing the Hola software,†Vectra says. Finally, Vectra says that while analyzing the protocol used by Hola, its researchers found five different malware samples on VirusTotal that contain the Hola protocol. Worryingly, they existed before the recent bad press. “Unsurprisingly, this means that bad guys had realized the potential of Hola before the recent flurry of public reports by the good guys,†the company adds. For now, Hola is making a big show of the updates being made to its FAQ as part of its efforts to be more transparent. However, items in the FAQ are still phrased in a manner that portrays criticized elements of the service as positive features, something that is likely to mislead non-tech oriented users. “Since [Hola] uses real peers to route your traffic and not proxy servers, it makes you more anonymous and more secure than regular VPN services,†one item reads. How Hola will respond to Vectra’s latest analysis remains to be seen, but at this point there appears little that the company can say or do to pacify much of the hardcore tech community. That being said, if Joe Public still can’t see the harm in a free “community†VPN operating a commercial division with full access to his computer, Hola might settle for that. https://torrentfreak.com/hola-vpn-already-exploited-by-bad-guys-security-firm-says-150602/
  6. In the wake of a UN report urging the protection of encryption and anonymity, a website run by a human rights organization that monitors web-censorship and pirate site blockades in Russia has been ordered to be blocked. The portal, which offers advice on how to use tools such as VPNs, TOR and Pirate Browser, has been declared illegal by a court. While there is still much resistance to the practice in the United States, having websites blocked at the ISP level is becoming easier in many other countries around the world. One country where the process is becoming ever more streamlined is Russia. The country blocks hundreds of websites on many grounds, from copyright infringement to the publication of extremist propaganda, suicide discussion and the promotion of drugs. Keeping a close eye on Russia’s constantly expanding website blocklist is RosComSvoboda. The project advocates human rights and freedoms on the Internet, monitors and publishes data on blockades, and provides assistance to Internet users and website operators who are wrongfully subjected to restrictions. Now, however, RosKomSvoboda will have to fight for its own freedoms after a local court ordered ISPs to block an advice portal operated by the group. The site, RUBlacklist, is an information resource aimed at users who wish to learn about tools that can be used to circumvent censorship. It doesn’t host any tools itself but offers advice on VPNs, proxies, TOR and The Pirate Bay’s Pirate Browser. Also detailed are various anonymizer services (which are presented via a linked Google search), Opera browser’s ‘turbo mode’ (which is often used in the UK to unblock torrent sites) and open source anonymous network I2P (soon to feature in a Popcorn Time fork). Unfortunately, Russian authorities view this education as problematic. During an investigation carried out by the Anapa district’s prosecutor’s office it was determined that RosKomSvoboda’s advice undermines government blocks. “Due to anonymizer sites, in particular http://rublacklist.net/bypass, users can have full access to all the banned sites anonymously and via spoofing. That is, with the help of this site, citizens can get unlimited anonymous access to banned content, including extremist material,†a ruling from the Anapa Court reads. Describing the portal as an anonymization service, the Court ordered RosKomSvoboda’s advice center to be blocked at the ISP level. Needless to say the operators of RosKomSvoboda are outraged that their anti-censorship efforts will now be censored. Group chief Artyom Kozlyuk slammed the decision, describing both the prosecutor’s lawsuit and the Court ruling as “absurdâ€. “Law enforcement has demonstrated its complete incompetence in the basic knowledge of all the common technical aspects of the Internet, though even youngsters can understand it,†Kozlyuk says. “Anonymizers, proxies and browsers are multitask instruments, helping to search for information on the Internet. If we follow the reasoning of the prosecutor and the court, then the following stuff should be prohibited as well: knives, as they can become a tool for murder; hammers, as they can be used as a tool of torture; planes, because if they fall they can lead to many deaths. “To conclude, I would love to ask the prosecutor of Anapa to consider the possibility of prohibiting paper and ink, because with these tools one can draw a very melancholic picture of this ruling’s complete ignorance.†RosKomSvoboda’s legal team say they intend to appeal the ruling which was the result of a legal procedure that took place without their knowledge. “We can only guess why the project is considered to be an anonymizer. It’s likely that no one in Anapa city court understands what they are dealing with,†says RosKomSvoboda lawyer Sarkis Darbinian. “We see that these kinds of rulings are being stamped on a legal conveyor belt. Moreover, we see the obvious violation of the fundamental principles of civil procedure – an adversarial system.†The court ruling against RUBlacklist arrives at the same time as a report from the United Nations which urges member states to do everything they can to encourage encryption and anonymity online. https://torrentfreak.com/court-orders-vpn-tor-proxy-advice-site-to-be-blocked-150530/
  7. The operator of 8chan says the bandwidth of millions of Hola users is being sold for reuse, with some of it even being used to attack his site. Speaking with TorrentFreak, Hola founder Ofer Vilenski says that users' idle resources are indeed utilized for commercial sale, but that has been the agreement all along. Faced with increasing local website censorship and Internet services that restrict access depending on where a user is based, more and more people are turning to specialist services designed to overcome such limitations. With prices plummeting to just a few dollars a month in recent years, VPNs are now within the budgets of most people. However, there are always those who prefer to get such services for free, without giving much consideration to how that might be economically viable. One of the most popular free VPN/geo-unblocking solutions on the planet is operated by Israel-based Hola. It can be added to most popular browsers in seconds and has an impressive seven million users on Chrome alone. Overall the company boasts 46 million users of its service. Now, however, the company is facing accusations from 8chan message board operator Fredrick Brennan. He claims that Hola users’ computers were used to attack his website without their knowledge, and that was made possible by the way Hola is setup. “When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this,†Brennan says. This means that rather than having their IP addresses cloaked behind a private server, free Hola users are regularly exposing their IP addresses to the world but associated with other people’s traffic – no matter what that might contain. While this will come as a surprise to many, Hola says it has never tried to hide the methods it employs to offer a free service. Speaking with TorrentFreak, Hola founder Ofer Vilenski says that his company offers two tiers of service – the free option (which sees traffic routed between Hola users) and a premium service, which operates like a traditional VPN. However, Brennan says that Hola goes a step further, by selling Hola users’ bandwidth to another company. “Hola has gotten greedy. They recently (late 2014) realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet (right now, for HTTP requests only) at 8chan owner says. TorrentFreak asked Vilenski about Brennan’s claims. Again, there was no denial. “We have always made it clear that Hola is built for the user and with the user in mind. We’ve explained the technical aspects of it in our FAQ and have always advertised in our FAQ the ability to pay for non-commercial use,†Vilenski says. And this is how it works. Hola generates revenue by selling a premium service to customers through its Luminati brand. The resources and bandwidth for the Luminati product are provided by Hola users’ computers when they are sitting idle. In basic terms, Hola users get their service for free as long as they’re prepared to let Hola hand their resources to Luminati for resale. Any users who don’t want this to happen can buy Hola for $5 per month. Fair enough perhaps – but how does Luminati feature in Brennan’s problems? It appears his interest in the service was piqued after 8chan was hit by multiple denial of service attacks this week which originated from the Luminati / Hola network. “An attacker used the Luminati network to send thousands of legitimate-looking POST requests to 8chan’s post.php in 30 seconds, representing a 100x spike over peak traffic and crashing PHP-FPM,†Brennan says. Again, TorrentFreak asked Vilenski for his input. Again, there was no denial. “8chan was hit with an attack from a hacker with the handle of BUI. This person then wrote about how he used the Luminati commercial VPN network to hack 8chan. He could have used any commercial VPN network, but chose to do so with ours,†Vilenski explains. “If 8chan was harmed, then a reasonable course of action would be to obtain a court order for information and we can release the contact information of this user so that they can further pursue the damages with him.†Vilenski says that Hola screens users of its “commercial network†(Luminati) prior to them being allowed to use it but in this case “BUI†slipped through the net. “Adjustments†have been made, Hola’s founder says. “We have communicated directly with the founder of 8Chan to make sure that once we terminated BUI’s account they’ve had no further problems, and it seems that this is the case,†Vilenski says. It is likely the majority of Hola’s users have no idea how the company’s business model operates, even though it is made fairly clear in its extensive FAQ/ToS. Installing a browser extension takes seconds and if it works as advertised, most people will be happy. Whether this episode will affect Hola’s business moving forward is open to question but for those with a few dollars to spend there are plenty of options in the market. Until then, however, those looking for free options should read the small print before clicking install. https://torrentfreak.com/hola-vpn-sells-users-bandwidth-150528/
  8. MPAA chief Chris Dodd has urged theater owners and customers alike to support WhereToWatch, a "one-stop shop" designed to quickly guide audiences to legal content. Following its launch everyone could access the resource but perhaps fittingly, users outside the U.S. now need a VPN to receive advice. At the same time as the Hollywood studios complain endlessly about piracy, the counter argument that they simply haven’t done enough to make content available legally online persists. Without a similarly complex system of release windowing and geo-restriction, the music industry has largely overcome those obstacles. Meanwhile, however, Hollywood appears largely hamstrung by its own business model, leaving itself open to criticism that it hasn’t done enough to provide legal alternatives to torrent and streaming sites. In an attempt to dispel claims that content simply isn’t available, the MPAA came up with WhereToWatch, a searchable database listing where movies and TV-shows can be watched legally. Due to poor coding the site initially proved impossible for Google and Bing to index, a situation that has improved somewhat since last November. Yesterday during a speech at CinemaCon, MPAA chief Chris Dodd again urged theater owners and customers alike to spread the word that in order in to protect the industry and its workers, consumers need to access content from legal resources. “That’s why we at the MPAA created WhereToWatch.com – a one-stop shop, guiding your audiences to content quickly, simply, and – most importantly – legally. And if what they’re looking for is online, WhereToWatch.com will show which sites and at what prices that film is available,†Dodd said. “On a broader level, this effort is also a crucial recognition of the changing technological landscape, and the need to continue evolving to meet the demands of our consumers,†he continued. “That will mean finding new ways to enable audiences to see movies where and how they want, while maintaining the magic and unrivaled appeal of the theater-going experience that has been this industry’s driving force for well over a century.†But while recognizing that consumers should be able to see content at a time and place of their choosing – a major complaint that has persisted for well over a decade – consumers wanting to find out where to watch that content legally are also faced with a dilemma. Since its triumphant launch in November last year, the operators of WheretoWatch have now chosen to give it the same treatment that Hollywood bestows on its movies – by geo-restricting it. For the hundreds of millions of citizens outside the United States who are also expected to consume film and TV content legally, the above message is nothing less than they’ve come to expect. Free and equal access to content is not something the major studios and their distributors are good at, and that is now reflected by the very resource that former senator Dodd spent so long championing yesterday. But never fear. Thanks to the wonders of tunneling technology, last evening TF was able to find a VPN exit node in Seattle that enabled us to sneak past the MPAA guard dogs. Once on WhereToWatch.com we were able to search for a number of films and find out where we could obtain them legally. The irony was headache inducing. Overall it’s a ridiculous situation. The music industry largely managed to solve these issues years ago but for as long as users are forced to jump through hoops to obtain or even learn about the availability of legal content (not to mention waiting for extended periods, Australian style), piracy will persist. And when other MPAA strategies such as site-blocking and “three strikes†systems are already being exported to all corners of the globe at huge expense, one has to wonder why the obvious solution isn’t being taken first. https://torrentfreak.com/hollywood-anti-piracy-initiative-requires-a-vpn-outside-the-u-s-150422/
  9. HBO has started to crack down on paying customers who access the HBO Now service from outside the United States. Subscribers from countries including Canada, the UK, Germany and Australia who use VPNs and other unblocking tools are now being threatened with account terminations. In an effort to gain more subscribers HBOlaunched its standalone “HBO Now†service earlier this year. The subscription allows Americans to access HBO’s content, including Game of Thrones, without the need to have a television subscription. With the offer HBO hopes to drive people away from pirate sites, but it also created a new form of unauthorized use. As with Netflix and Hulu, many people outside the U.S. signed up for the service through VPNs and other geo-unblocking tools. Although they are paying customers, using HBO Now from outside the U.S. is not permitted under the company’s terms of use. While Netflix is still fairly lax about geo-unblocking, HBO is now cracking down on the practice. A few days ago thousands of VPN and proxy “pirates†started to receive worrying email warnings. “It has come to our attention that you may have signed up for and viewed video content on the HBO NOW streaming service from outside of the authorized service area (the United States, including D.C. and certain US territories),†HBO writes. “We would like to take this opportunity to remind you that the HBO NOW streaming service is only available to residents of the United States, for use within the United States. Any other access is prohibited by our Terms of Use.†HBO Now warning The emails in question target users all over the world, including Canada, the UK,Germany and Australia. Unless they were flagged by mistake, HBO will terminate the accounts of affected subscribers within days and without the option of a refund. HBO is cracking down on VPN and proxy pirates to protect the value of their licensing deals. If millions of foreigners use the U.S. version, local partners in these countries are going to complain. However, since legal options are often lacking there’s little doubt that many ‘unauthorized’ viewers will find less official ways to access the shows they love to watch. This time, however, HBO will not get a dime. https://torrentfreak.com/hbo-cracks-down-on-paying-vpn-pirates-150420/
  10. In a submission to the Copyright Amendment (Online Infringement) Bill 2015, the Australian Communications Consumer Action Network has addressed site blocking and potential threats to VPN use. While the former could descend into an expensive consumer-funded game of whac-a-mole, clarification is required to remove potential threats to VPNs. After Attorney-General George Brandis and Communications Minister Malcolm Turnbull asked the Australian Cabinet to approve the development of a new legal mechanism allowing rightsholders to obtain site-blocking injunctions, legislation was introduced to parliament last month. What followed is a still-current six-week consultation period for additional submissions, with various groups invited to voice their opinions and concerns. While the site-blocking elements of the Copyright Amendment (Online Infringement) Bill 2015 are likely to please rightsholders, concerns remain that not only will the legislation fail to achieve its aims, but may also have unintended consequences that could stifle consumer choice. In its submission the Australian Communications Consumer Action Network (ACCAN), the body that represents the interests of consumers on communications issues including broadband and emerging Internet services, three key issues are raised – VPN use, efficacy and cost of blocking, plus consumer interests. The VPN problem ACCAN is concerned over some of the wording employed in the amendments. Instead of referencing “website blockingâ€, the legislation speaks about “online locationsâ€. While this appears to be an effort to future-proof the Bill, it also has the potential for additional consequences should rightsholders decide to exploit the ambiguity. “Our first concern relates to the scope of activities that may be picked up by an interpretation of an ‘online location’ which ‘facilitates an infringement’ of copyright,†ACCAN writes. “Without clear legal precedent, there is ambiguity under the Copyright Act about what constitutes infringement in relation to the use of a Virtual Private Network (VPN) to gain access to geo-blocked products and services. If this ambiguity is not cleared up, this amendment may have the unintended consequence of blocking these services and in turn harm competition and consumer choice.†And confusion does exist. On his website Minister for Communications Malcolm Turnbull says that the Copyright Act does not make it illegal to use a VPN to access overseas content. On the other hand, the Australian Copyright Council believes that using a VPN to download content licensed overseas is “likely to be an infringement of copyright in Australia.†While it was previously reported that the Bill had been delayed due to modifications aimed at protecting VPN-like services, ACCAN says that it would prefer clarity on the matter. “While this ambiguity exists there is a risk that rights holders will attempt to use this injunctive power to block VPN websites and limit consumer access to paid content overseas,†the group writes. And the threat is real. As reported last week, New Zealand based media companies report that they are on the verge of suing local ISPs who provide VPN services designed to unlock overseas content. Avoiding the same thing Down Under is a priority for ACCAN. Protecting the public interest In most countries where rightsholders have demanded site blocking on copyright grounds, ISPs have refused to block voluntarily and have insisted on a court order. This has resulted in processes where movie and recording industry companies become the plaintiffs and ISPs the defendants. The sites themselves aren’t involved in the process, and neither are their users. “[We] remain concerned that a judge in an ex parte hearing will not have the requisite evidence at hand to weigh the public interest against those of rights holders,†ACCAN writes. “The amendment creates no right for legitimate users of a site to present evidence on any adverse consequences of an injunction. There should be a presumption in the Bill in favor of allowing parties to become interveners or amicus curiae in the context of these injunction applications.†Efficacy and costs of blocking Like many other similarly focused groups, ACCAN is concerned that not only will site / online location blocking prove ineffective when it comes to stopping infringement, but the bill for the exercise will ultimately fall at the feet of the consumer. Citing Dutch studies which found that blocking The Pirate Bay enjoyed only short-lived success, ACCAN voices concerns that once one site is blocked, users will simply migrate elsewhere. “This research confirmed the findings in other studies which found that legal action against file sharing often has an immediate effect, but this typically fades out after a period of six months as new sources for pirated content emerge. ACCAN’s concern is that this website blocking bill may devolve into an expensive game of ‘whack-a-mole’, which consumers will end up paying for through higher internet bills,†the group writes. Similar fears over consumers picking up costs for online infringement enforcement have been voiced across Europe and in the United States, but in no cases has that caused a court to deny rightsholders the opportunity to protect their copyrights. It is guaranteed that one way or another – via their Internet bill or through the cost of media – Aussies will eventually pay for the proposed enforcement measures The Bill is currently under review by the Senate Legal and Constitutional Affairs Legislation Committee, with a report due in a little under a month. https://torrentfreak.com/vpn-and-site-blocking-attacked-by-consumer-group-150420/
  11. A pair of Internet providers who defied TV company demands to switch off their VPN services will be sued in the coming days. CallPlus and Bypass Network Services face legal action from media giants including Sky and TVNZ for allowing their customers to use a VPN to buy geo-restricted content. As Internet users demand more freedom online alongside an ability to consume media in a manner of their choosing, tools allowing them to do so are gaining in popularity. Notable has been the rise of VPN services, which not only provide an increased level of privacy but also allow users to appear in any country they choose. This opens up a whole new world of content availability – such as better service from Netflix – often at better prices than those offered on home turf. While popular with consumers, this behavior is frowned upon by distribution companies that spend huge sums of money on content licensing deals specific to their regions of coverage. Losing customers to overseas providers isn’t part of their plan and now some are doing something about it. Earlier this month media companies SKY, TVNZ, Lightbox and MediaWorks told several Kiwi ISPs that if they don’t stop providing VPN services to their subscribers, legal trouble would be on the horizon. Within days one of their targets, Unlimited Internet, pulled its VPN service after receiving a letter from a lawfirm claiming breaches of the Copyright Act. However, CallPlus and Bypass Network Services have no intention of caving in to the media giants’ demands. “To receive without warning a grossly threatening legal letter like that from four of the largest companies in New Zealand is not something we are used to,†wrote Bypass CEO Patrick Jordan-Smith in a letter to the media companies. “It smacks of bullying to be honest, especially since your letter doesn’t actually say why you think we are breaching copyright.†Pulling no punches and describing his adversaries as a “gangâ€, Jordan-Smith likens the threats to those employed by copyright trolls in the United States. “Your letter gets pretty close to the speculative invoicing type letters that lawyers for copyright owners sometimes send in the US ‘pay up or shutdown or else were are going to sue you’! Not fair,†he writes. “We have been providing the Global Mode facility for 2 years. In all that time, none of your Big Media Gang have ever written to us. We assumed they were OK with Global Mode and we continued to spend money innovating the facility and providing innovative NZ ISPs with a service that their customers were telling them they wanted – a service that lets people pay for content rather than pirate it.†The response from Bypass hasn’t been well received by the media companies who now say they will carry through with their threats to sue over breaches of copyright. “Our position has not changed and unless they remove the unlawful service we will begin court action in the next few days,†says TVNZ chief executive, Kevin Kenrick. “Each of our businesses invests significant sums of money into the rights to screen content sourced legitimately from the creators and owners of that copyrighted material. This is being undermined by the companies who profit from promoting illegitimate ways to access that content.†Claiming that the action is aimed at defending the value of content rights in the digital world, Kenrick says that the legal action is not consumer focused. “This is not about taking action against individual consumers or restricting choice, indeed each of our businesses are investing heavily in more choice so New Zealanders can have legitimate access to the latest TV shows and movies,†the CEO concludes. While the commercial position of the TVNZ chief is understandable, his claim that this legal action isn’t aimed at reducing choice simply doesn’t stack up. Kiwis using Netflix locally get access to around 220 TV series and 900 movies, while those using a VPN to tunnel into the United States enjoy around 940 TV series and 6,170 movies, something which Bypass Networks believes is completely legal. “[We provide our service] on our understanding that geo-unblocking to allow people to digitally import content purchased overseas is perfectly legal. If you say it is not, then we are going to need a lot more detail from you to understand why,†Jordan-Smith informs his adversaries. “Simply sending us a threatening letter, as frightening as that may be, does not get us there and is not a fair reason for us to shut down our whole business.†https://torrentfreak.com/tv-companies-will-sue-vpn-providers-in-days-150417/
  12. Piracy is a hot topic around the world and in Australia the issue has made mainstream headlines over the past week. After the announcement of a new anti-piracy scheme and the news of copyright trolls coming Down Under this week, VPN usage has surged to unprecedented levels. This week news broke that the makers of Dallas Buyers Club have the court’s approval to go after 4,726 alleged movie pirates in Australia, opening the door to many more copyright lawsuits. Around the same time the country’s largest Internet providers submitted their online anti-piracy code, announcing that 200,000 piracy warnings will be sent out each year. Facing increased monitoring and potential legal action many file-sharers have taken counter measures, hiding their IP-addresses so their sharing activities can no longer be linked to their ISP account. Early March, the initial announcement of the warning letters already increased interest in VPNs and other anonymizing services, but this week’s surge broke new records. Data from Google trends reveals that interest in anonymizing services has soared, with searches for “VPN†quadrupling in recent weeks. This effect, shown in the graph below, is limited to Australia and likely a direct result of the recent anti-piracy threats. The effects are clearly noticeable at VPN providers as well, in both traffic and sales. TorGuard, a VPN and BitTorrent proxy provider, has seen the number of Australian visitors spike this week, for example. “Over the past week TorGuard has seen a massive jump in Australian subscribers. Traffic from this region is currently up over 150% and recent trends indicate that the upsurge is here to stay,†TorGuard’s Ben Van der Pelt tells us. “VPN router sales to Australia have also increased significantly with AU orders now representing 50% of all weekly shipments.†TorGuard traffic from Australia The recent events are expected to drive tens of thousands of new users to anonymizing services. However, it appears that even before the surge they were already commonly used Down Under. A survey among 1,008 Australians early March showed that 16% of the respondents already used VPNs or Tor to increase privacy. The Essential survey shows that anonymizing tools are most prevalent among people aged 18-34. While copyright holders don’t like the increased interest in these evasion tools, it may not all be bad news. In fact, to a certain degree it shows that pirates are spooked by the new initiatives. Where some decide to go underground, others may choose to pirate less. And for the “trolls†there are still plenty of unsecured file-sharers out there. https://torrentfreak.com/anti-piracy-threats-trigger-massive-surge-in-vpn-usage-150411/
  13. Following copyright threats from large media companies a Kiwi ISP has taken down its VPN service. Lightbox, MediaWorks, SKY, and TVNZ had threatened legal action against services that bypass geo-restrictions on sites such as Netflix and Hulu. Other ISPs offering similar products are currently standing firm. While VPN services have always been associated with privacy, in recent years they have bloomed into tools providing much more than a simple way to stay cloaked online. For a relatively small fee, users of the most popular VPN services can tunnel out of their country of origin and reappear in any one of dozens of countries around the world. This opens up a whole new world of media consumption opportunities. Citizens of the United States, for example, can access BBC iPlayer just like any other Brit might, while those in the UK looking to sample the widest possible Netflix offering can easily tunnel right back into the U.S. This cross-border content consumption is not popular with entertainment companies and distributors. It not only undermines their ability to set prices on a per-region basis, but also drives a truck through hard-negotiated licensing agreements. Tired of dealing with ISPs including Slingshot who offer a dedicated ‘global mode‘ VPN service for customers, last week media companies in New Zealand ran out of patience. “We pay considerable amounts of money for content rights, particularly exclusive content rights. These rights are being knowingly and illegally impinged, which is a significant issue that may ultimately need to be resolved in court in order to provide future clarity for all parties involved,†Lightbox, MediaWorks, SKY, and TVNZ said in a joint statement. “This is not about taking action against consumers; this is a business-to-business issue and is about creating a fair playing field.†Before being granted limited local access to Netflix just last month, Kiwis were required to level their own playing fields by paying for a VPN service and an account at an overseas supplier in order to legally obtain a decent range of premium content. However, the media companies now want to bring an end to that free choice via legal action. Today they claimed their first scalp. This morning Unlimited Internet became the first ISP to respond to media company pressure by pulling its geo-unblocking service known as “TV VPN†after receiving a warning letter from a lawfirm. The letter, which has been sent out to several local ISPs, informs Unlimited Internet that its VPN service infringes the Copyright Act of 1994. Unlimited Internet director Ben Simpson says that while his company doesn’t necessarily agree with that assertion, it has taken down the service nonetheless. “Geo-unblocking services are a direct result of consumer demand for access to content that is not made available to the New Zealand market,†Simpson says. “To be on the safe side, we have taken legal advice on this matter and I have made a firm call that we will sit on the sideline until a legal precedent has been set.†Currently there are no signs that other ISPs intend to cave in to the media companies’ demands but even if all Kiwi companies cease their VPN activities, the problem will persist. International VPN providers, such as those listed here, will be more than happy to provide services to New Zealanders enabling them to tunnel into any country they choose. The other possibility is that consumers will shun paying for content and turn back to file-sharing networks instead. If they do those VPNs will still come in handy but for entirely different reasons, ones that will see entertainment companies missing out on the spoils altogether. https://torrentfreak.com/isp-pulls-vpn-service-after-geo-unblocking-legal-threats-150407/
  14. If using your Android device on an open Wi-Fi network fills you with dread, fear not. Google is working on a VPN service that will ease those worries. How many times have you been on public Wi-Fi and needed to transmit some form of private, sensitive data? The answer is usually to wait until you get back to the office or home, when you're connected to a wireless connection you can trust. Soon, that will no longer be necessary, as Google plans on rolling out their own VPN service. The Google VPN can be found in Android 5.15 -- however, it isn't ready yet for prime time. But when a viable version does finally roll out, you can be sure this will be a feature many business professionals will want to take advantage of. My major question, regarding a Google VPN, is whether or not it speaks to Google's bigger plans. Yes, I'm talking about Google Wi-Fi. Imagine having Google wireless available as well as being able to connect to a Google VPN to ensure the security of your data. This could be a game changer for many users. There is one major caveat to this -- if you don't have Lollipop, you need not apply. That's more of an issue than one might think. Consider that less than 2% of Android devices are using Lollipop, and only a fraction of those device have Android 5.1 (the iteration that includes the slightest hint of the VPN service), very few will actually be able to experience the VPN service -- even when it's ready for prime time. That's right, if you don't have at least Android 5.1, there will be no Google VPN available. Some people might simply say "Use your provider network to ensure your data security." But not all providers are created equal. Data breaches happen. AT&T, Verizon, and T-Mobile all have suffered data breaches. Take a look at this interactive chart that offers information on the largest data breaches across the world. On that chart, locate Google. It's not as easy as you might think. Considering the amount of data that passes through the Google systems and services on a daily basis, you'd think the search giant would rank near the top. The truth of the matter is that Google properties are one of the most secure on the internet. With that in mind, who would you rather trust securing your data? The small coffee shop you use as your office? Your carrier? Not me. I'll trust Google every time. Of course, there will always be naysayers who refuse to trust Google with their data -- or even their internet searches. That, in my opinion, isn't an issue that takes data security into account. Those who don't trust Google are looking at the issue with personal privacy in mind. But we all know that having a connected life these days is akin to handing over at least a modicum of your personal privacy. Amazon will know what you like to shop for Facebook will know how to target ads to you Google will know what you search for Yes, there are steps to take to prevent the above, but it's an active, on-going process -- one that most average users aren't willing to take. But the idea of data security should be considered far more important than the privacy of your online search patterns. And this Google VPN service (when it rolls out) will go a very long way to securing that data. It could be a major game changer for on-the-go power users, especially those whose companies either do not have a VPN setup or have a poorly configured VPN (which occurs more often than you'd think). There are also people who will point to a number of VPN clients/services already available on the Google Play Store. However, these would require you to hand over your data security (in some cases) to small companies that can't possibly stand up to the level of security offered by Google. Personally, I think the Google VPN service is long overdue. I've connected to open Wi-Fi and limited my usage too often because the network simply could not be trusted. Having a built-in VPN ready for action would render this fear unnecessary. Now, all I have to do is finally get the Lollipop upgrade. What do you think? Is the Google VPN a good idea, a bad idea, or something you'll never try? Let us know your thoughts in the discussion thread below. http://www.techrepublic.com/article/google-vpn-is-on-its-way/
  15. In recent months Hollywood has pushed Netflix to ensure that VPN users can't access their services. Netflix honors these requests, but according to CEO Reed Hastings there's a better way to deal with the issue. The company would like to get rid of Hollywood's geographical restrictions entirely and render 'VPN piracy' obsolete. After years of waiting, Netflix officially launches in Australia today. As a result, the tens of thousands of Aussie “VPN-pirates†who already used the U.S. version through a loophole, can now use it legally in their home country. While Netflix’s rollout is a step in the right direction, the content selection will also be somewhat of a disappointment to those who are used to the U.S. offering. Because of complicated licensing agreements Netflix has a much more limited content library Down Under. For the movie and TV studios geographical licensing agreements are a core part of their business. However, it also means that many Aussie pirates won’t be canceling their VPN subscriptions just yet. Speaking out on the controversial VPN use, Netflix CEO Reed Hastings says that the problem can be fixed if the industry starts to offer the same content globally, without artificial barriers. According to Hastings the VPN issue is a relatively small problem compared to traditional forms of piracy, and relatively easy to make obsolete. “The VPN thing is a small little asterisk compared to piracy,†Reed notes. “Piracy is really the problem around the world.†According to Netflix the ‘VPN pirates’ are willing to pay, they just can’t get what they want through their local Netflix. “The basic solution is for Netflix to get global and have its content be the same all around the world so there’s no incentive to [use a VPN]. Then we can work on the more important part which is piracy,†Hastings says. The availability issue is fixable, Hastings believes, although it’s questionable whether Hollywood is ready to switch to global licensing deals. Lacking availability is at the root of both traditional and VPN piracy and Netflix hopes that the industry will address this problem. If that’s done, they can focus on those pirates who simply don’t want to pay. “The key thing about piracy is that some fraction of it is because [users] couldn’t get the content. That part we can fix. Some part of piracy however is because they just don’t want to pay. That’s a harder part. As an industry, we need to fix global content,†Netflix’s CEO says. Hastings’ comments are in line with the stance of Europe’s Vice-President for the Digital Single Market Andrus Ansip. The EU commissioner previously called for the abolition of Netflix’s geographical restrictions in Europe, labeling them as “discriminationâ€. https://torrentfreak.com/netflix-wants-to-make-vpn-piracy-obsolete-150325/
  16. VPN services have become an important tool to counter the growing threat of Internet surveillance, but unfortunately not all VPNs are as anonymous as one might hope. In fact, some VPN services log users' IP-addresses and other private info for months. To find out how anonymous VPNs really are, TF asked the leading providers about their logging practices and other privacy sensitive policies. By now most Internet users are well aware of the fact that pretty much every step they take on the Internet is logged or monitored. To prevent their IP-addresses from being visible to the rest of the Internet, millions of people have signed up to a VPN service. Using a VPN allows users to use the Internet anonymously and prevent snooping. Unfortunately, not all VPN services are as anonymous as they claim, as several incidents have shown in the past. By popular demand we now present the fourth iteration of our VPN services “logging†review. In addition to questions about logging practices, we also asked VPN providers about other privacy sensitive policies, so prospective users can make an informed decision. — 1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long? 2. Under what jurisdiction(s) does your company operate? 3. What tools are used to monitor and mitigate abuse of your service? 4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users? 5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled? 6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened? 7. Does your company have a warrant canary or a similar solution to alert customers to gag orders? 8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why? 9. Which payment systems do you use and how are these linked to individual user accounts? 10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches†if a connection drops and DNS leak protection? 11. Do you use your own DNS servers? (if not, which servers do you use?) 12. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located? — Below is the list of responses we received from various VPN providers, in their own words. In some cases we asked for further clarification. VPN providers who keep logs for longer than 7 days were excluded, and others who simply failed to respond. Please note that several VPN companies listed here do log to some extent. We therefore divided the responses into a category of providers who keep no logs (page 1/2) and one for who keep usage and/or session logs (page 3). The order of the VPNs within each category holds no value. We are also working on a convenient overview page as well as dedicated review pages for all providers, with the option for users to rate theirs and add a custom review. These will be added in the near future. VPNS THAT KEEP NO LOGS PRIVATE INTERNET ACCESS 1. We do not log, period. This includes, but is not limited to, any traffic data, DNS data or meta (session) data. Privacy IS our policy. 2. We choose to operate in the US in order to provide no logging service, as there is no mandatory data retention law in the US. Additionally, our beloved clients are given access to some of the strongest consumer protection laws, and thus, are able to purchase with confidence. 3. We do not monitor our users, period. That said, we have a proprietary system in place to help mitigate abuse. 4. We utilize SendGrid as an external mailing system and encourage users to create an anonymous e-mail when signing up depending on their adversarial risk level. Our support system is in-house as we utilize Kayako. 5. We have a proprietary system in place that allows us to comply in full with DMCA takedown notices without disrupting our users’ privacy. Because we do not log our users’ activities in order to protect and respect their privacy, we are unable to identify particular users that may be infringing the lawful copyrights of others. 6. We do not log and therefore are unable to provide information about any users of our service. We have not, to date, been served with a valid court order that has required us to provide something we do not have. 7. We do not have a warrant canary in place at this time as the concept of a warrant canary is, in fact, flawed at this time, or in other words, is “security theater.†8. We do not attempt to filter, monitor, censor or interfere in our users’ activity in any way, shape or form. BitTorrent is, by definition, allowed. 9. We utilize a variety of payment systems including, but not limited to, PayPal, Stripe, Amazon, Google, Bitcoin, Stellar, CashU, Ripple, Most Major Store Bought Gift card, PIA Gift cards (available in retail stores for “cashâ€), and more. We utilize a hashing system to keep track of payments and credit them properly while ensuring the strongest levels of privacy for our users. 10. The most secure VPN connection and encryption algorithm that we would recommend to our users would be our suite of AES-256, RSA 4096 and SHA1 or 256. However, AES-128 should still be considered quite safe. For users of Private Internet Access specifically, we offer addon tools to help ensure our beloved clients’ privacies including: – Kill Switch : Ensures that traffic is only routed through the VPN such that if the VPN connection is unexpectedly terminated, the traffic would simply not be routed. – IPv6 Leak Protection : Protects clients from websites which may include IPv6 embeds which could leak IPv6 IP information. – DNS Leak Protection : This is built in and ensures that DNS requests are made through the VPN on a safe, private no-log DNS daemon. – Shared IP System : We mix clients’ traffic with many clients’ traffic through the use of an anonymous shared-IP system ensuring that our users blend in with the crowd. 11. We are currently using our own DNS caching. 12. We utilize third party datacenters that are operated by trusted friends and, now, business partners who we have met and completed our due diligence on. Our servers are located in: USA, Canada, UK, Switzerland, Amsterdam, Sweden, Paris, Germany, Romania, Hong Kong, Israel, Australia and Japan. We have over 2,000 servers deployed at the time of writing with over 1,000 in manufacture/shipment at this time. Private Internet Access website TORGUARD 1. No logs are kept whatsoever. TorGuard does not store any traffic logs or user session data on our network because since day one we engineered every aspect of the operation from the ground up, permitting us full control over the smallest details. In addition to a strict no logging policy we run a shared IP configuration that provides an added layer of anonymity to all users. With hundreds of active sessions sharing a single IP address at any given time it becomes impossible to back trace usage. 2. At the time of this writing our headquarters currently operates from the United States. Due to the lack of data retention laws in the US, our legal team has determined this location to be in the best interest of privacy for the time being. Although TorGuard’s HQ is in the US, we take the commitment to user privacy seriously and will uphold this obligation at all costs, even if it means transferring services or relocating company assets. 3. Our network team uses a combination of open source monitoring apps and custom developed tools to mitigate any ongoing abuse of our services. This allows us to closely monitor server load and uptime so we can pinpoint and resolve potential problems quickly. If abuse reports are received from an upstream provider, we block them in real-time by employing various levels of firewall rules to large blocks of servers. Should these methods fail, our team is quick to recycle entire IP blocks and re-deploy new servers as a last resort. 4. For basic troubleshooting and customer service purposes we utilize Livechatinc for our chat support. TorGuard staff does make use of Google Apps for company email, however no identifying client information like passwords, or billing info is ever shared among either of these platforms. All clients retain full control over account changes in our secure member’s area without any information passing through an insecure channel. 5. Because we do not host any content it is not possible for us to remove anything from a server. In the event a DMCA notice is received it is immediately processed by our abuse team. Due to our shared network configuration we are unable to forward any requests to a single user. In order to satisfy legal requirements from bandwidth providers we may temporarily block infringing protocols, ports, or IPs. 6. If a court order is received, it is first handled by our legal team and examined for validity in our jurisdiction. Should it be deemed valid, our legal representation would be forced to further explain the nature of a shared IP configuration and the fact that we do not hold any identifying logs. No, we remain unable to identify any active user from an external IP address and time stamp. 7. No, at this time we do not have a warrant canary. 8. Yes, TorGuard was designed with the BitTorrent enthusiast in mind. P2P is allowed on all servers, although for best performance we suggest using locations that are optimized for torrents. Users can find these servers clearly labeled in our VPN software. 9. We currently accept over 200 different payment options through all forms of credit card, PayPal, Bitcoin, altcoins (e.g. dogecoin, litecoin + more), Paysafecard, Alipay, CashU, Gift Cards, and many other methods. No usage can be linked back to a billing account due to the fact that we maintain zero logs across our network. 10. For best security we advise clients to use OpenVPN connections only and for encryption use AES256 with 2048bit RSA. Additionally, TorGuard VPN offers “Stealth†protection against DPI (Deep Packet Inspection) interference from a nosey ISP so you can access the open web freely even from behind the Great Firewall of China. These options are available on select locations and offer excellent security due to the cryptography techniques used to obfuscate traffic. Our VPN software uses OpenVPN exclusively and features built in DNS leak protection, an App Killswitch, and a connection Killswitch. We have also just released a built in WebRTC leak block feature for Windows Vista/7/8 users. 11. Yes, we offer private, no log DNS servers which can be obtained by contacting our support desk. By default we also use Google DNS and OpenDNS for performance reasons on select servers. 12. TorGuard currently maintains 1000+ servers in over 44 countries around the world and we continue to expand the network every month. We retain full physical control over all hardware and only seek partnerships with data centers who can meet our strict security criteria. All servers are deployed and managed exclusively by our in house networking team via a single, secure key. We have servers in Australia, Belgium, Brazil, Canada, China, Costa Rica, Czech Republic, Denmark, Egypt, Finland, France, Germany, Greece, Hong Kong, Iceland, India, Indonesia, Ireland, Italy, Japan, Korea, Latvia, Luxembourg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Panama, Poland, Portugal, Romania, Russia, Saudi Arabia, Singapore, South Africa, Spain, Sweden, Switzerland, Tunisia, Turkey, United Kingdom, USA, and Vietnam. TorGuard website IPVANISH 1. IPVanish has a zero-log policy. We keep NO traffic logs on any customer, ever. 2. IPVanish is headquartered in the US and thus operates under US law. 3. IPVanish monitors CPU utilization, bandwidth and connection counts. When thresholds are passed, a server may be removed from rotation as to not affect other users. 4. IPVanish does not use any external support tools that hold user information. We do, however, operate an opt-in newsletter that is hosted at Constant Contact. Customers are in no way obligated to sign up for the newsletter. 5. IPVanish keeps no logs of any user’s activity and responds accordingly. 6. IPVanish, like every other company, follows the law in order to remain in business. Only US law applies. 7. No. 8. P2P is permitted. IPVanish does not block or throttle any ports, protocols, servers or any type of traffic whatsoever. 9. Bitcoin, PayPal and all major credit cards are accepted. Payments and service use are in no way linked. User authentication and billing info are also managed on completely different and independent platforms. 10. We recommend OpenVPN with 256 bit AES as the most secure VPN connection and encryption algorithm. IPVanish’s service and software also currently provide DNS leak prevention. We are developing a kill switch in upcoming releases of our software. 11. IPVanish does use its own DNS servers. Local DNS is handled by the server a user connects to. 12. IPVanish is one of the only tier-1 VPN networks, meaning we own and operate every aspect of our VPN platform, including physical control of our VPN servers. This gives IPVanish users security and speed advantages over other VPN services. IPVanish servers can be found in over 60 countries including the US, UK, Canada, Netherlands and Australia. IPVanish website IVPN 1. No, this is fundamental to the service we provide. It is also in our interests not to do so as it minimizes our own liability. 2. Gibraltar. In 2014 we decided to move the company from Malta to Gibraltar in light of the new 2015 EU VAT regulations which affect all VPN service providers based in the EU. The EU VAT regulations now require companies to collect two pieces of non-conflicting evidence about the location of a customer; this would be at a minimum the customer’s physical address and IP address. 3. We have built a number of bespoke systems over the last 5 years as we’ve encountered and addressed most types of abuse. At a high level we use Zabbix, an open-source monitoring tool that alerts us to incidents. As examples we have built an anti-spam rate-limiter based on iptables so we don’t have to block any email ports and forked a tool called PSAD which allows us to detect attacks originating from our own network in real time. 4. No. We made a strategic decision from the beginning that no company or customer data would ever be stored on 3rd party systems. Our customer support software, email, web analytics (Piwik), issue tracker, monitoring servers, code repo’s, configuration management servers etc. all run on our own dedicated servers that we setup, configure and manage. 5. Our legal department sends a reply stating that we do not store content on our servers and that our VPN servers act only as a conduit for data. In addition, we never store the IP addresses of customers connected to our network nor are we legally required to do so. 6. That would depend on the information with which we were provided. If asked to identify a customer based on a timestamp and/or IP address then we would reply factually that we do not store this information, so we are unable to provide it. If they provide us with an email address and asked for the customer’s identity then we reply that we do not store any personal data, we only store a customer’s email address. If the company were served with a valid court order that did not breach the Data Protection Act 2004 we could only confirm that an email address was or was not associated with an active account at the time in question. We have never been served with a valid court order. 7. Yes absolutely, we’ve published a canary since August 2014. 8. Yes, we don’t block BitTorrent or any other protocol on any of our servers. We do kindly request that our customers use non-USA based exit servers for P2P. Any company receiving a large number of DMCA notices is exposing themselves to legal action and our upstream providers have threatened to disconnect our servers in the past. 9. We accept Bitcoin, Cash and Paypal. When using cash there is no link to a user account within our system. When using Bitcoin, we store the Bitcoin transaction ID in our system. If you wish to remain anonymous to IVPN you should take the necessary precautions when purchasing Bitcoin (See part 7 of our advanced privacy guides). With Paypal we store the subscription ID in our system so we can associate incoming subscription payments. This information is deleted immediately when an account is terminated. 10. We provide RSA-4096 / AES-256 with OpenVPN, which we believe is more than secure enough for our customers’ needs. If you are the target of a state level adversary or other such well-funded body you should be far more concerned with increasing your general opsec than worrying about 2048 vs 4096 bit keys. The IVPN client offers an advanced VPN firewall that blocks every type of IP leak possible (DNS, network failures, WebRTC STUN, IPv6 etc.). It also has an ‘always on’ mode that will be activated on boot before any process on the computer starts. This will ensure than no packets are ever able to leak outside of the VPN tunnel. 11. Yes. Once connected to the VPN all DNS requests are sent to our pool of internal recursive DNS servers. We do not use forwarding DNS servers that forward the requests to a public DNS server such as OpenDNS or Google. 12. We use dedicated servers leased from 3rd party data centers in each country where we have a presence. We employ software controls such as full disk encryption and no logging to ensure that if a server is ever seized it’s data is worthless. We also operate a multi-hop network so customers can choose an entry and exit server in different jurisdictions to make the adversaries job of correlating the traffic entering and exiting our network significantly more complicated. We have servers located in Switzerland, Germany, Iceland, Netherlands, Romania, France, Hong-Kong, USA, UK and Canada. IVPN website PRIVATEVPN 1.We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user of our service. The only thing we log are e-mails and user names but it’s not possible to bind an activity on the Internet to a user on PrivateVPN. 2. We operate in Swedish jurisdiction. 3. If there’s abuse, we advise that service to block our IP in the first instance, and second, we can block traffic to the abused service. 4. No. We use a service from Provide Support (ToS) for live support. They do not hold any information about the chat session. From Provide support: Chat conversation transcripts are not stored on Provide Support chat servers. They remain on the chat server for the duration of the chat session, then optionally sent by email according to the user account settings, and then destroyed. 5. This depends on the country in which we’re receiving a DMCA takedown. For example, we’ve received a DMCA takedown for UK and Finland and our response was to close P2P traffic in those countries. 6. If we get a court order to monitor a specific IP then we need to do it, and this applies to every VPN company out there. 7. We’re working on a solution where we publish a statement that we haven’t received legal process. One we receive a legal process, this canary statement is removed. 8. Yes, we allow Torrent traffic. 9. PayPal, Payson, 2Chrckout and Bitcoin. Every payment has an order number, which is linked to a user. Otherwise we wouldn’t know who has made a payment. To be clear, you can’t link a payment to an IP address you get from us. 10. OpenVPN TUN with AES-256. On top is a 2048-bit DH key. For our Windows VPN client, we have a feature called “Connection guardâ€, which will close a selected program(s) if the connection drop. We have no tools for DNS leak but we’re working on a protection that detects the DNS leak and fixes this by changing to a secure DNS server. 11. We use a DNS from Censurfridns. 12. We have physical control over our servers and network in Sweden. All other servers and networks are hosted by ReTN, Kaia Global Networks, Leaseweb, FDCServers, Blix, Zen systems, Wholesale Internet, Creanova, UK2, Fastweb, Server.lu, Selectel, Amanah and Netrouting. We have servers located in: Sweden, United States, Switzerland, Great Britain, France, Denmark, Luxembourg, Finland, Norway, Romania, Russia, Germany, Netherlands, Canada and Ukraine. PrivateVPN website PRQ 1. No 2. Swedish 3. Our own. 4. No 5. We do not care about DMCA. 6. We only require a working e-mail address to be a customer, no other information is kept. 7. No. 8. As long as the usage doesn’t violate the ToS, we do not care. 9. None of the payment methods are linked to a user. 10. OpenVPN, customers have to monitor their service/usage. 11. Yes. 12. Everything is inhouse in Sweden. PRQ website MULLVAD 1. No. This would make both us and our users more vulnerable so we certainly don’t. To make it harder to watch the activities of an IP address from the outside we also have many users sharing addresses, both for IPv4 and IPv6. 2. Swedish. 3. We don’t monitor our users. In the rare cases of such egregious network abuse that we can’t help but notice (such as DoS attacks) we stop it using basic network tools. 4. We do use external providers and encourage people sending us email to use PGP encryption, which is the only effective way to keep email somewhat private. The decrypted content is only available to us. 5. There is no such Swedish law that is applicable to us. 6. We get requests from governments from time to time. They never get any information about our users. We make sure not to store sensitive information that can be tied to publicly available information, so that we have nothing to give out. We believe it is not possible in Swedish law to construct a court order that would compel us to actually give out information about our users. Not that we would anyway. We started this service for political reasons and would rather discontinue it than having it work against its purpose. 7. Under current Swedish law there is no way for them to force us to secretly act against our users so a warrant canary would serve no purpose. Also, we would not continue to operate under such conditions anyway. 8. Yes. 9. Bitcoin (we were the first service to accept it), cash (in the mail), bank transfers, and PayPal / credit cards. Payments are tied to accounts but accounts are just random numbers with no personal information attached that users can create at will. With the anonymous payments possible with cash and Bitcoin it can be anonymous all the way. 10. OpenVPN (using the Mullvad client program). Regarding crypto, ideally we would recommend Ed25519 for certificates, Curve25519 for key exchange (ECDHE), and ChaCha20-Poly1305 for data streams but that suite isn’t supported by OpenVPN. We therefore recommend and by default use RSA-2048, D-H (DHE) and AES-256-CBC-SHA. We have a “kill switch,†DNS leak protection and IPv6 leak protection (and IPv6 tunnelling). 11. Yes, we use our own DNS servers. 12. We have a range of servers. From on one end servers lovingly assembled and configured by us with ambitious physical security in data centers owned and operated by people we trust personally and whose ideology we like. On the other end rented hardware in big data centers. Which to use depends on the threat model and performance requirements. Currently we have servers hosted by GleSYS Internet Services, 31173 Services and Leaseweb in Sweden, the Netherlands, USA and Germany. Mullvad website BOLEHVPN 1. No. 2. Malaysia. This may change in the near future and we will post an announcement when this is confirmed. 3. We do monitor general traffic patterns to see if there is any unusual activity that would warrant a further investigation. 4. We use ZenDesk and Zopim but are moving to use OSTicket which is open source. This should happen in the next 1-2 months. 5. Generally we work with the providers to resolve the issue and we have never given up any of our customer information. Generally we terminate our relationship with the provider if this is not acceptable. Our US servers under DMCA jurisdiction or UK (European equivalent) have P2P locked down. 6. This has not happened yet but we do not keep any user logs so there is not much that can be provided especially if the payment is via an anonymous channel. One of our founders is a lawyer so such requests will be examined on their validity and we will resist such requests if done without proper cause or legal backing. 7. Yes. 8. Yes it is allowed except on those marked Surfing-Streaming only which are restricted either due to the provider’s policies or limited bandwidth. 9. We use MolPay, PayPal, Coinbase, Coinpayments and direct deposits. On our system it is only marked with the Invoice ID, the account it’s for, the method of payment and whether it’s paid or not. We however of course do not have control of what is stored with the payment providers. 10. Our Cloak configurations implement 256 bit AES and a SHA-512 HMAC combined with a scrambling obfuscation layer. We do have a lock down/kill switch feature and DNS leak protection. 11. Yes we do use our own DNS servers. 12. Our VPN servers are hosted by third parties however for competitive reasons, we rather not mention our providers (not that it would be hard to find out with some digging). However none of these servers hold anything sensitive as they are authenticated purely using PKI infrastructure and as long as our users regularly update their configurations they should be fine. We do however have physical control over the servers that handle our customer’s information. BolehVPN website NORDVPN 1. Do we keep logs? What is that? Seriously, we have a strict no-logs policy over our customers. The only information we keep is customers’ e-mail addresses which are needed for our service registration (we keep the e-mail addresses until the customer closes the account). 2. NordVPN is based out of Panama. 3. No tools are used to monitor our customers in any case. We are only able to see the servers’ load, which helps us optimize our service and provide the best possible Internet speed to our users. 4. We use the third-party live support tool, but it is not linked to the customers’ accounts. 5. When we receive any type of legal notices, we cannot do anything more than to ignore them, simply because they have no legal bearing to us. Since we are based in Panama, all legal notices have to be dealt with according to Panamanian laws first. Luckily they are very friendly to Internet users. 6.If we receive a valid court order, firstly it would have to comply with the laws of Panama. In that case, the court settlement should happen in Panama first, however were this to happen, we would not be able to provide any information because we keep exactly nothing about our users. 7. We do not have a warrant canary or any other alert system, because as it was mentioned above, we operate under the laws of Panama and we guarantee that any information about our customers will not be distributed to any third party. 8. We do not restrict any BitTorrent or other file-sharing applications on most of our servers. 9. We accept payments via Bitcoin, Credit Card, PayPal, Banklink, Webmoney (Paysera). Bitcoin is the best payment option to maintain your anonymity as it has only the paid amount linked to the client. Users who purchase services via PayPal are linked with the usual information the seller can see about the buyer. 10. We have high anonymity solutions which we would like to recommend to everyone seeking real privacy. One of them is Double VPN. The traffic is routed through at least two hoops before it reaches the Internet. The connection is encrypted within two layers of cipher AES-256-CBC encryption. Another security solution – Tor over VPN. Firstly, the traffic is encrypted within NordVPN layer and later sent to the Tor network and exits to the Internet through one of the Tor exit relays. Both of these security solutions give a great encryption and anonymity combination. The benefit of using these solutions is that the chances of being tracked are eliminated. In addition, you are able to access .onion websites when connected to Tor over VPN. Furthermore, our regular servers have a strong encryption which is 2048bit SSL for OpenVPN protocol, AES-256bit for L2TP. In addition to that, we have advanced security solutions, such as the “kill switch†and DNS leak protection which provide the maximum possible security level for our customers. 11. NordVPN has its own DNS servers, also our customers can use any DNS server they like. 12. Our servers are outsourced and hosted by a third parties. Currently our servers are in 26 countries: Australia, Austria, Brazil, Canada, Chile, France, Germany, Hong Kong, Iceland, Isle of Man, Israel, Italy, Liechtenstein, Lithuania, Netherlands, Panama, Poland, Romania, Russia, Singapore, South Africa, Spain, Sweden, Switzerland, United Kingdom and United States. NordVPN website TORRENTPRIVACY 1. We don’t keep any logs with IP addresses. The only information we save is an email. It’s impossible to connect specific activity to a user. 2. Our company is under Seychelles jurisdiction. 3. We do not monitor any user’s traffic or activity for any reason. 4. We use third-party solutions for user communications and emailing. Both are running on our servers. 5. We have small amount of abuses. Usually we receive them through email and all of them are bot generated. As we don’t keep any content we just answer that we don’t have anything or ignore them. 6. It has never happened for 8 years. We will ignore any requests from all jurisdiction except Seychelles. We have no information regarding our customers’ IP addresses and activity on the Internet. 7. No, we don’t bother our users. 8. Yes we support all kind of traffic on all servers. 9. We are using PayPal but payment as a fact proves nothing. Also we are going to expand our payment types for the crypto currencies in the nearest future. 10. We are recommending to use the most simple and secure way — OpenVPN with AES-256 encryption. To protect the torrent downloads we suggest to create a proxy SSH tunnel for your torrent client. In this case you are encrypting only your P2P connection when your browser or Skype uses your default connection. When using standard VPN in case of disconnection your data flows unencrypted. Implementing our SSH tunnel will save from such leaking cause traffic will be stopped. 11. Yes. We are using our own DNS servers. 12. We use third party datacenters for VPN and SSH data transmission in the USA, UK and Netherlands. The whole system is located on our own servers. TorrentPrivacy website PROXY.SH 1. We do not keep any log at all. 2. Republic of Seychelles. And of course, every jurisdiction where each of our servers are, for their specific cases. 3. IPtables, TCPdump and Wireshark, for which their use is always informed at least 24 hours in advance via our Network Alerts and/or Transparency Report. 4. All our emails, panels and support are in-house. We host our own WHMCS instance for billing and support. We host server details, project management and financial management on Redmine that we of course self-run. The only third-party connections we have are Google Analytics and Google Translate on our public website (not panel), for obvious convenience gains, but the data they fetch can easily be hidden or faked. We may also sometimes route email through Mandrill but never with user information. We also have our OpenVPN client’s code hosted at Github, but this is because we are preparing to open source it. 5. We block the affected port and explain to upstream provider and/or complainant that we cannot identify the user who did the infringement, and we can therefore not pass the notice on. We also publish a transparency report and send a copy to the Chilling Effects Clearinghouse. If there are too many infringements, we may block all ports and strengthen firewall rules to satisfy upstream provider, but this may lead us to simply drop the server on short-term due to it becoming unusable. 6. We first post the court order to public and inform our users through our blog, much-followed Twitter account, transparency report and/or network alert. If we are unable to do so, we use our warrant canary. Then, we would explain to the court that we have no technical capacity to identify the user and we are ready to give access to competent and legitimate forensic experts. To this date, no valid court order has been received and acknowledged by us. 7. Yes, proxy.sh/canary. 8. We do not discriminate activity across our network. We are unable to decrypt traffic to differentiate file-sharing traffic from other activities, and this would be against our ethics anyway. The use of BitTorrent and similar is solely limited to the fact you can whether open/use the ports you wish for it on a selected server. 9. We support hundreds of payment methods, from PayPal to Bitcoin through SMS to Ukash and Paysafecard. We use third-party payment providers who handle and carry themselves the payments and the associated user information needed for them (e.g. a name with a credit card). We never have access to those. When we need to identify a payment for a user, we always need to ask him or her for references (to then ask the payment provider if the payment exists) because we do not originally have them. Last but not least, we also have an option to kill accounts and turn them into completelyanonymous tokens with no panel or membership link at all, for the most paranoid customers (in the positive sense of the term). 10. We currently provide Serpent in non-stable & limited beta and it is the strongest encryption algorithm we have. We also openly provide to our experienced users ECDH curve secp384r1 and curve22519 through a 4096-bit Diffie-Hellman key. We definitely recommend such a setup but it requires software compiling skills (you need OpenVPN’s master branch). This setup also allows you to enjoy OpenVPN’s XOR capacity for scrambling traffic. We also provide integration of TOR’s obfsproxy for similar ends. Finally, for more neophyte users, we provide 4096-bit RSA as default standard. It is the strongest encryption that latest stable OpenVPN provides. Cipher and hash are the strongest available and respectively 256-bit CBC/ARS and SHA512. Our custom OpenVPN client of course provides a kill switch and DNS leak protection. 11. Yes, we provide our own OpenNIC DNS servers as well as DNSCrypt capacity. 12. We use a mix of collocation (physically-owned), dedicated and virtual private servers – also known as a private/public cloud combination. All our VPN servers are running from RAM and are disintegrated on shutdown or reboot. About two-third of them are in the public cloud (especially for most exotic locations). Our network spans across more than 40 countries. Proxy.sh website HIDEIPVPN 1. We have revised our policy. Currently we store no logs related to any IP address. There is no way for any third-party to match user IP to any specific activity in the internet. 2. We operate under US jurisdiction. 3. We would have to get into details of each individual point of our ToS. For basics like P2P and torrent traffic on servers that do not allow for such transmissions or connecting to more than three VPN servers at the same time by the same user account. But we do not monitor users’ traffic. Also, since our users use shared IP address of VPN server, there is no way any third party could connect any online activity to a user’s IP address. 4. We are using Google apps for incoming mail and our own mail server for outgoing mail. 5. Since no information is stored on any of our servers there is nothing that we can take down. We reply to the data center or copyright holder that we do not log our users’ traffic and we use shared IP-addresses, which make impossible to track who downloaded any data from the internet using our VPN. 6. We would reply that we do not have measures that would us allow to identify a specific user. It has not happened so far. 7. Currently not. We will consider if our customers would welcome such a feature. So far we have never been asked for such information. 8. This type of traffic is welcomed on our German (DE VPN) and Dutch (NL VPN) servers. It is not allowed on US, UK and Canada servers as stated in our ToS – reason for this is our agreements with data centers. We also have a specific VPN plan for torrents. 9. Currently HideIPVPN accepts the following methods: PayPal, Bitcoin, Credit & Debit cards, AliPay, Web Money, Yandex Money, Boleto Bancario, Qiwi. 10. We would say SoftEther VPN protocol looks very promising and secure. Users can currently use our VPN applications on Windows and OSX systems. Both versions have a “kill switch†feature in case connection drops. Also, our apps are able to re-establish VPN connection and once active restart closed applications. Currently our software does not provide DNS leak protection. However a new version of VPN client is in the works and will be updated with such a feature. We can let you know once it is out. At this time we can say it will be very soon. 11. For VPN we use Google DNS servers, and for SmartDNS we use our own DNS servers. 12. We don’t have physical control of our VPN servers. Servers are outsourced in premium datacenters with high quality tier1 networks. Countries now include – US/UK/NL/DE/CA HideIPVPN website BTGUARD 1. We do not keep any logs whatsoever. 2. United States 3. Custom programs that analyze traffic on the fly and do not store logs. 4. No, all data is stored on servers we control. 5. We do not have any open incoming ports, so it’s not possible for us to “takedown†any broadcasting content. 6. We would take every step within the law to fight such an order and it has never happened. 7. No. 8. Yes, all types of traffic our allowed with our services. 9. We accept PayPal and Bitcoin. All payments are linked to users’ accounts because they have to be for disputes and refunds. 10. We recommend OpenVPN and 128-bit blowfish. We offer instructions for some third party VPN monitoring software. 11. We use our own DNS servers. 12. We have physical control over all our servers. Our servers we offer services with are located in the Netherlands, Canada, and Singapore. Our mail servers are located in Luxembourg. BTGuard website SLICKVPN 1. SlickVPN does not log any traffic nor session data of any kind. 2. We operate a complex business structure with multiple layers of Offshore Holding Companies, Subsidiary Holding Companies, and finally some Operating Companies to help protect our interests. We will not disclose the exact hierarchy of our corporate structures, but will say the main marketing entity for our business is based in the United States of America and an operational entity is based out of Nevis. 3. We do not monitor any customer’s activity in any way. We have chosen to disallow outgoing SMTP which helps mitigate SPAM issues. 4. No. We do utilize third party email systems to contact clients who opt in for our newsletters. 5. If a valid DMCA complaint is received while the offending connection is still active, we stop the session and notify the active user of that session, otherwise we are unable to act on any complaint as we have no way of tracking down the user. It is important to note that we ALMOST NEVER receive a VALID DMCA complaint while a user is still in an active session. 6. Our customer’s privacy is of top most importance to us. We are required to comply with all valid court orders. We would proceed with the court order with complete transparency, but we have no data to provide any court in any jurisdiction. We would not rule out relocating our businesses to a new jurisdiction if required. 7. Yes. We maintain a passive warrant canary, updated weekly, and are investigating a way to legally provide a passive warrant canary which will be customized on a “per user†basis, allowing each user to check their account status individually. It is important to note that the person(s) responsible for updating our warrant canary are located outside of any of the countries where our servers are located. 8. Yes, all traffic is allowed. 9. We accept PayPal, Credit Cards, Bitcoin, Cash, and Money Orders. We keep user authentication and billing information on independent platforms. One platform is operated out of the United States of America and the other platform is operated out of Nevis. We offer the ability for the customer to permanently delete their payment information from our servers at any point. All customer data is automatically removed from our records shortly after the customer ceases being a paying member. 10. We recommend using OpenVPN if at all possible (available for Windows, Apple, Linux, iOS, Android) and it uses the AES-256-CBC algorithm for encryption. Our Windows and Mac client incorporates IP and DNS leak protection which prevents DNS leaks and provides better protection than ordinary ‘kill-switches’. Our IP leak protection proactively keeps your IP from leaking to the internet. This was one of the first features we discussed internally when we were developing our network, it is a necessity for any good VPN provider. 11. Yes. 12. We run a mix. We physically control some of our server locations where we have a heavier load. Other locations are hosted with third parties until we have enough traffic in that location to justify racking our own server setup. To ensure redundancy, we host with multiple providers in each location. We have server locations in over forty countries. In all cases, our network nodes load over our encrypted network stack and run from ramdisk. Anyone taking control of the server would have no usable data on the disk. We run an algorithm to randomly reboot each server on a regular basis so we can clear the ramdisk. SlickVPN website OCTANEVPN 1. No. We cannot locate an individual user by IP address and timestamp. There are no logs written to disk on our gateways. The gateway servers keep the currently authenticated customers in the server’s RAM so they can properly connect and route incoming traffic to those customers. Obviously, if a server is powered down or restarted, the contents of the RAM are lost. We keep gateway performance data such as CPU loading, I/O rates and maximum simultaneous connections so that we can manage and optimize our network. 2. We operate two independent companies with different ownership structures – a network operations company and a marketing company. The network operations company operates out of Nevis. The marketing company operates under US jurisdiction and manages the website, customer accounts and support. The US company has no access to network operations and the Nevis company has no customer account data. 3. We are not in the business of monitoring customer traffic in any way. Spam emails were our biggest issue and early on we decided to prevent outgoing SMTP. Otherwise, the only other abuse tools we use are related to counting the number of active connections authenticated on an account to control account sharing issues. We use a NAT firewall on incoming connections to our gateways to add an extra layer of security for our customers. 4. No. We do use a service to send generic emails. 5. Due to the structure of our network operations company, it is unusual that we would receive a notice. There should be no cause for the marketing company to receive a notice. If we receive a DMCA notice or its equivalent based on activity that occurred in the past, we respond that we do not host any content and have no logs. If we receive a DMCA notice based on very recent activity and the customer’s current VPN session during which it was generated is still active on the gateway, we may put the account on hold temporarily and notify the customer. No customer data is used to respond to DMCA notices. 6. Our customers’ privacy is a top priority for us. We would proceed with a court order with complete transparency. A court order would likely be based on an issue traced to a gateway server IP address and would, therefore, be received by our our network operations company which is Nevis based. The validity of court orders from other countries would be difficult to enforce. The network company has no customer data. Our marketing company is US based and would respond to an order issued by a court of competent jurisdiction. The marketing company does not have access to any data related to network operations or user activity, so there is not much information that a court order could reveal. This has not happened. 7. We are discussing internally and reviewing existing law related to how gag orders are issued to determine the best way to offer this measure of customer confidence. 8. Yes. We operate with network neutrality except for outgoing SMTP. 9. Bitcoin and other cryptocurriences such as Darkcoin, Credit/Debit Card, and PayPal. If complete payment anonymity is desired, we suggest using Bitcoin, DarkCoin, or a gift/disposable credit card. Methods such as PayPal or Credit/Debit card are connected to an account token so that future renewal payments can be properly processed and credited. We allow customers to edit their account information. With our US/Nevis operating structure, customer payment systems information is separate from network operations. 10. We recommend using the AES-256-CBC cipher with OpenVPN, which is used with our client. IPSec is available for native Apple device support and PPTP is offered for other legacy devices, but OpenVPN offers the best security and speed and is our recommended protocol We provide both DNS and IP leak protection in our Windows and Mac OctaneVPN client. Our OpenVPN based client’s IP leak protection works by removing all routes except the VPN route from the device when the client has an active VPN connection. This a better option than a ‘kill switch’ because our client ensures the VPN is active before it allows any data to leave the device, whereas a ‘kill switch’ typically monitors the connection periodically, and, if it detects a drop in the VPN connection, reacts. 11. Yes and we physically control them. You can choose others if you prefer. 12. In our more active gateway locations, we colocate. In locations with lower utilization, we normally host with third parties until volume at that location justifies a physical investment there. The hosted locations may have different providers based on geography. We operate gateways in over 44 countries and 90 cities. Upon booting, all our gateways load over our encrypted network from a master node and operate from encrypted ramdisk. If an entity took physical control of a gateway server, the ramdisk is encrypted and would vanish upon powering down. Torrentfreak
  17. — 1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long? 2. Under what jurisdiction(s) does your company operate? 3. What tools are used to monitor and mitigate abuse of your service? 4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users? 5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled? 6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened? 7. Does your company have a warrant canary or a similar solution to alert customers to gag orders? 8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why? 9. Which payment systems do you use and how are these linked to individual user accounts? 10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches†if a connection drops and DNS leak protection? 11. Do you use your own DNS servers? (if not, which servers do you use?) 12. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located? — VPNS THAT KEEP SOME LOGS IPREDATOR 1. We try to store the least amount of data legally possible anywhere. We keep a record of when you logged in for debugging, which happens encrypted and off-site in a different jurisdiction. IP addresses are encrypted and can only be decrypted by non-support staff to ensure a proper process. These are saved for three days. For example, to work around issues where the police ruffles up the support staff a bit to get data for an abuse report. In the database we only store the details users give us on sign-up and a limited backlog of basic payment information (no PSP processor TX-IDs). We do not run a ticket system, all support emails are deleted after 3 months. Inactive accounts are deleted after 3 months. We do not track you on our website or keep any website logs. We do not rent servers and have control over our network infrastructure. Our primary objective is to protect your anonymity from legal abuse, but not to cover up ethically serious crimes. As stated in the past we are open to an audit of our infrastructure and processes by a trustworthy 3rd party. 2. We only operate servers in Sweden. This includes understanding jurisdictional limitations and engineering our environment according to them, not making claims we cannot hold when things get serious. Offenses penalized by anything less than prison time do not qualify for such a request. For a valid request IPredator then has to hand over the subscription information entered by you, which is all that we are required to do. 3. We only use email to handle abuse related support issues. If a user decides to abuse one of our machines for a DOS attack we use rate limiters on the switches to mitigate this. So far no other tools are needed to deal with abuse. Abuse cases that are not covered by that are forwarded to the BOFH. As long as the BOFH does not wake up or considers the abuse to be substantial all is fine. Imagine Bilbo wading through Smaugs gold. Once awake anything can happen … (in terms of mitigation) 4. No, since those systems tend to be data graves and we do not trust 3rd parties with our users data. 5. The staff forwards them to the BOFH. Notices sent via paper are usually converted into energy by combustion … to power the data center in the basement where the BOFH lives. Digital SPAM^WDMCA notices are looped back into the kernel to increase the VPNs /dev/random devices entropy. 6. Please see 2). 7. Yes we do, for the newest canary see here. 8. Besides filtering SMTP on port 25 we do not impose any restrictions on protocols our users can use on the VPN, quite on the contrary. We believe our role is to provide a net-neutral access. Every user is free to share his/her/its files. We are conservative people and firmly believe in the heritage of our society, which was built upon the free exchange of cultural knowledge. This new age patent system, and the idea that we need companies who milk creators are simply alien to us. Imagine the world going to hell tomorrow … how much will be lost if we do not make sure that there are backup copies. In kopimism we firmly believe that to copy is ones sacred birth right. After all we are all imperfect copies of our parents. The act of copying is natural … without it we would not be here in the first place … 9. We offer PayPal, Bitcoins, Payza, and PaySon fully integrated. OkPay, Transferwise, WU, PerfectMoney, Webmoney, Amazon Giftcards, Cash and Credit Cards on request. An internal transaction ID is used to link payments to their payment processors. We do not store any other data about payments associated with the users account. 10. At the moment OpenVPN with Elliptic Curve Cryptography (brainpoolP512r1 curve), ephemeral Diffie-Hellmann key exchange, and AES 128/256 along with seems to be the best default choice. In our current default VPN configurations we encourage the use of TLS 1.2, but we provide backwards compatibility in case certain VPN clients have issues with such configurations. Other configs are available on request. We also provide guides on how to limit traffic to just the VPN connection and provide different DNS servers for the occasion: Public resolvers and internals for use when connected to the VPN, since lately there is also the possibility of using DNScrypt if you are into that. 11. We do provide our own DNS servers and also separate between public resolvers and those only accessible from inside the VPN. 12. We run our service on our own hardware and have complete control over our network. There are no third parties involved in our setup which is run out of Sweden. Ipredator website TIGERVPN 1. Since hundreds of people share the same IP, our accounting data (start time – end time, & generated Traffic) does not allow any further breakdown. We save those records for 3 days (in line with our 3 day money back guarantee) and only keep the traffic per month value until the next billing cycle starts. 2. Tiger At Work is a Limited Liability Company with operation in Slovakia. 3. We don’t use any tools for monitoring or mitigation. 4. We use Freshdesk as Support Software, however no data is stored in that 3rd party app as it’s a read only tool for us. E.g. when a customer submits a ticket via our App we reply and he gets that message within the app. The only thing stored in the “cloud†is the conversation itself. We aim to keep all data inhouse, which is what we did for hardware, software and infrastructure. 5. We’ve never received a DMCA takedown notice, however, our architecture won’t allow us to single out a customer. We hope that our premium product does not attract too many “issues†and we hope that our customers keep within the safe range. 6. This has never happened, so let’s not paint the devil on the wall. 7. As we can’t single out our customers, we can’t notify or warn them. 8. We usually allow torrents, but not in Amsterdam and the US. 9. We are one of the few PCI complaint merchants, so we can handle all payment data for credit card transactions ourselves on our own servers. Meaning that we don’t use tools like Chargify or other POS systems. We only save a token which is a system to system key and it does not link any card data to our customers. A similar token system is used with PayPal, but here the payment is processed with them. We also allow Bitcoin transactions, that’s the ultimate secure payment source, we also roll out prepaid cards which you will be able to buy in shops and internet cafes in cash soon. 10. Our Apps are set per default in OpenVPN mode, which is the algorithm we approve and recommend. Our Win + Mac + Android apps are equipped with kill switch functionality, however we need to fine tune them a bit over the next couple of weeks. 11. Yes we use our own DNS servers 12. We are in full control of our equipment, hardware and upstream. We operate 55 locations in 40 countries from Australia to Emirates, HongKong to Denver, London to Serbia. We have a lot of locations covered. tigerVPN website SWITCHVPN.TO 1. SwitchVPN does not monitor, record, store any kind of users activity or IP addresses so it’s impossible to pin point any user at any time. SwitchVPN uses Shared IP address, which means the same Public IP is being used by other users too making it further inpossible to track any user. In order to maintain our top notch service, troubleshoot any performance issues and protect the service from getting abused, we log only the duration of VPN connections, bandwidth consumed and VPN server connected. This by no means allow us to match an IP address and a time stamp. These logs are regularly recycled and destroyed automatically. 2. SwitchVPN operates under Indian jurisdiction. 3. We have firewalls and filters in place to block spamming and filters on US servers to block P2P activity to prevent DMCA notices. 4. We use Zopim Live Chat for Live Support and Ticket system. 5. SwitchVPN does not keep logs and assigns its customers with Shared IP address which makes it impossible to indiviually identify an indiviual with copyright abuse or other online activity. 6. As we do not hold any logs and also we use shared IPs, its impossible to identify any user at any time. 7. We are Indian based company, so not applicable. 8. We allow BitTorrent on all servers except VPN servers based in US. However we request our clients to use Netherlands, Romania, Russian and other servers which tolerate P2P and are specially optimized for P2P usage. 9. We accept all the leading payment methods like Bitcoin, Perfect Money, PayPal, Credit Card, PaySafeCard, Skrill, WebMoney and AliPay. 10. We recommend our clients to use OpenVPN with 256 AES, 2048bit RSA, SSTP ( 2048bit Encryption) and L2TP Over IPsec which also uses 256bit AES Encryption for most secure VPN connection 11. Yes, we have started implementing our own DNS Servers on some of our servers which is in beta and we would apply it on all of our servers in future. 12. We have full control over our VPN Servers and network. We own our hardware with multiple datacenters and we only outsource servers where there is complete privacy and no logging. We have servers located in 29 Countries ie. USA, United Kingdom, Germany, Netherlands, Canada, Sweden, Czech Republic, Singapore, Malaysia, Hong Kong, Latvia, Luxembourg, Switzerland, France, Italy, Romania, Russia, Japan, Belgium, Spain, Denmark, Poland, Australia, Brazil, Ireland, Iceland, India, Chile and Austria. SwitchVPN.to website VPN UNLIMITED 1. We do not keep the logs of the websites our customers visit, we only store the data related to the amount of traffic downloaded by the user. This information is available to be viewed in his account only. Also, it is crucial to point out that every time a customer logs into VPN Unlimited, the system assigns a dynamic IP-addresses. They are not static and there is no way that we can log the exact IP-addresses or particular time stamps of VPN Unlimited customers. 2. VPN Unlimited is owned by New York based company, Simplex Solutions Inc. 3. As we have mentioned before, we do not keep any visited websites but we keep traffic data logs. However, if we notice any spam related activities or other illegal actions, the user’s account will be blocked without any extensive or preliminary warning. 4. Our support team uses Zendesk to address the issues from our customers, but we do not store or give the users’ personal information to third parties. 5. All our servers are located in datacenters, operated under jurisdictions of countries they are located in. We use Bittorrent and SMTP traffic filters to minimize such threats. But in any case, we do not provide information about our customers to copyright holders or any other third parties. 6. To this date, we have not received any court notices; therefore, no actions were done. As we do not log any of the customers’ information or session data, VPN Unlimited customers are protected by legal definition. Also, there are consumer protection laws in the US that can be used to protect our customers too. 7. We do not have any system such as a “warrant canary†for our users. There has been no situation that has required such measures. 8. The primary goal of VPN Unlimited is not to download torrents, but to offer online security. There are limited cases when our technical team had to decrease the connection speed because of torrenting. 9. We accept PayPal payments as our primary payment system as well as using your Apple or Amazon ID account from the Purchasing tab inside the app. Soon we will be able to accept Bitcoins and process the payments via some national payment systems. We ensure that all the mentioned above payment system offer 99.99% security. 10. VPN Unlimited uses the best security options via a high level of data encryption. The most secure VPN connection and encryption algorithm lies in transmitted data through iOS or Mac Os X’s built-in IPSec client using strong AES-CBC-128 encryption. Windows users are protected with the use of AES-256 with SHA1 and OpenVPN protocol. We are working on such tools as “kill switches†and plan to implement them into VPN Unlimited in one of the upcoming updates. 11. We use our own DNS servers that forward domain data from Google DNS. Forwarding makes any kind of user tracking impossible, but Google DNS is uncensored, fast and stable. 12. We rent our servers from numerous well-known companies like LeaseWeb, OVH, RedStation, ServerCentral, IBM SoftLayer, etc. Servers are located in 13 countries which are: Canada, France, Germany, Luxembourg, Netherlands, Romania, UK, USA, Panama, Hong Kong, Singapore, Japan, Ukrain and Finland. VPN Unlimited website FACELESS 1. For each user we keep only number of sessions, and bandwidth use (uploaded and downloads). Those logs are kept for one week. It is possible to match an IP and time stamp during one day. 2. The company operates under Cyprus jurisdiction. 3. There are no any specific tools. We just react on any possible reports from our hosting provider. 4. No. We use our internal server email system for supporting our customers. 5. We block an activity for an IP and a port specified in the notice. 6. We will provide an email address and logs we physically have at the time an order arrives. It will be done only if the order is in force in the country where the server is located. 7. No, we don’t have any kind of warrant canary. 8. Yes, file-sharing traffic is allowed on all our servers. 9. VISA, MasterCard, and PayPal via Plimus.com. Payments are linked to user accounts via order IDs. 10. We recommend RSA-1024. It’s more than enough for everybody. Nobody will be able to decrypt it before the whole universe collapses. 11. No, we use Google public DNS. 12. They are hosted by a third party: Leaseweb, IWeb and Infobox in the USA, The Netherlands and Russia. Faceless website BLACKVPN 1. Yes we keep connection logs which contain the time of connection and the internal IP address assigned. This information is kept for 7 days on our Privacy VPNs and 30 days on our TV VPNs (USA, UK & Singapore). We NEVER log a user’s real IP address, only the shared BlackVPN IP address they were assigned. 2. BlackVPN operates under the jurisdiction of Hong Kong which has no mandatory Data Retention laws. This helps to impede the requests from international law enforcement and spy agencies like NSA/GCHQ. China is not interested in policing the internet outside its Great Firewall and does not interfere with Hong Kong in this regard. 3. Since we do not monitor or log any VPN activity we have no internal tools for detecting abuse on our VPN servers. Instead we respond to abuse complaints from 3rd parties (which usually contain an hostname/IP + port) by temporarily blocking access to that hostname/IP or port. In rare cases we may monitor a specific IP/port that is being abused via the traffic going through our VPN firewalls (using iptables) in order to warn or ban the offending user. The last time this happened the user responsible found that their computer was infected with malware which was causing the abuse without their knowledge. 4. We run our own mail servers for @blackvpn.com, host our own support systems (osTicket and Live Helper Chat – which have both been configured not to log IPs), plus host our own website analytics (Piwik). We use a 3rd party email service only for sending generic emails in bulk (such as security alerts, renewal reminders, updates from blackVPN, etc.) which contain no identifying information. We also use a 3rd party system for our blog (medium.com/@blackVPN) and of course our social media. 5. On our Privacy VPNs these are ignored because they are located in countries which do not enforce DMCA notices (or equivalent copyright alerts). On our TV VPNs we warn any customers who were sharing that IP address at the time and will ban repeat offenders from the TV VPNs. 6. To identify an active user of our service we legally require a valid court order from a Hong Kong court. So far this has never happened. We have received requests from various international law enforcement agencies asking us to assist them, however our response has always been to ask for a valid court order from Hong Kong. Recently we were asked by Hong Kong police to come to Hong Kong in person to make a statement regarding an investigation by the UK authorities. With the help of the EFF we found new legal counsel in Hong Kong who quietly resolved the issue with the Hong Kong police, resulting in the UK authorities withdrawing their request. Any future requests from international authorities will be handled by our lawyers in a similar way. 7. Hong Kong does not have an equivalent to America’s NSLs and is unable to legally issue a gag order. Since none of the BlackVPN team are in Hong Kong it’s difficult for them to intimidate us that way. We do not have a warrant canary as we’ve never seen one used effectively. In the worst case scenario we would simply “do a Lavabit†and hit the kill switch to shutdown all our systems until the authorities or the offender went away. 8. Yes it is allowed on our Privacy VPNs but not allowed on our TV VPNs (USA, UK and Singapore). Extreme pressure is being applied to the network providers in these countries to minimise copyright infringement so if we don’t take action our servers will soon get cut off. 9. We accept PayPal, Credit Cards (via CardPay) and Bitcoin (via BitPay). All payment information is stored by our payment providers and is linked to a blackVPN account via their own transaction IDs. 10. OpenVPN is the only protocol that can be considered secure after recent leaks show the NSA can decrypt PPTP and IPSec protocols (source). Since our beginning in 2009 all openVPN connections have been forced to use the AES-256-CBC cypher for maximum security and after the recent Heartbleed bug we switched to new 4096-bit Diffie-Hellman keys too. We encourage the use of open source software such as OpenVPN and Tunnelblick, neither of which have a kill switch or DNS leak protection. Our VPN routers use firewall rules to only allow internet access while the VPN connection is established, which is a more reliable solution than a “kill switchâ€. 11. Yes we run our own DNS servers however we use censurfridns.dk (which does not log or censor DNS queries) as a DNS forwarder. 12. We do not have physical control over our VPN servers and network since we lease bare-metal dedicated servers in various data centres around the world for our VPNs and infrastructure. Management of these servers is performed ONLY by the blackVPN founders – no employees of the company have access to the VPN servers or infrastructure. Our VPN servers are located in the USA, UK, Canada, Netherlands, Switzerland, Luxembourg, Estonia, Lithuania, Russia, Ukraine, Panama and Singapore. Other infrastructure servers (such as databases, mail servers, etc) are hosted in places with strong privacy protection laws such as Iceland, Switzerland or the Netherlands. BlackVPN website ANONYMIZER 1. Anonymizer does not log ANY traffic that traverses our system, ever. We do log when a user connects, and the IP address they connected from (which is needed for customer support and ensure system optimization), but that log purges every 24 hours. We don’t log when users disconnect, how much data they used, where they went, at anytime, ever. We would also like to point out that all of our customers exit out and share the same IP, which changes on a daily basis, and we don’t even track that. If asked what IP we used last week, we wouldn’t have any way to know for certain. 2. Anonymizer Inc. operates under US jurisdiction. The US is still one of the best countries to operate privacy services out of due to a lack of mandatory data retention laws. 3. We can’t. We don’t monitor or log traffic or user activity. When we receive reports of abuse, we have no way to isolate or remediate it because we don’t monitor. 4. Anonymizer uses a ticketing system for support tracking but does not request verification of a user actually having access with us unless it is needed specifically in support of the ticket. Anonymizer uses a bulk email service for our email marketing system but does not store any details about the users account beyond their email address. 5. Since Anonymizer does not log any traffic that comes over our system, we have nothing to provide in response to DMCA requests. None of our users have ever been issued a DMCA take down notice or the European equivalent. We’re over 18 years old now, and if not the oldest service out there, certainly one of the oldest, and we’ve never turned over information of that kind. 6. Anonymizer Inc. only responds to official valid court orders in which we comply with information that we have available. Since we do not log any traffic that comes over our system, we have nothing to provide in response to requests associated to service use. If a user paid by credit card we can confirm that they purchased access to our service only. There is, and would be, no way to ever connect a specific user to specific traffic. There has been instances were we did receive valid court orders and followed our above procedures. We have never identified details about a customer’s traffic or activities. 7. Anonymizer does not use a warrant canary or similar solution to gag orders as we feel they are largely ineffective and offer a false sense of security. 8. Any traffic is allowed on our servers. Due to not logging or monitoring any traffic it would be impossible for us to know if any user were to be engaging any specific kinds of activity on our service. 9. Anonymizer Inc. uses a payment processor for our credit card payments. There is a record of the payment for the service and the billing information associated to the credit card to confirm the service has been paid for. We also offer Cash and will soon offer crypto-currency options to include Bitcoin. Cash payment options do not store any details (e.g. Billing address and customer name) of the transaction beyond the account username and the service being paid for by cash; there is no way for us to connect an individual to a specific account. 10. We would recommend OpenVPN for a user that is looking for the most secure connection. We feel it is the most reliable and stable connection protocol currently. Our OpenVPN implementation uses AES-256. We also offer L2TP, which is IPSEC. Anonymizer’s client software has the option to enable a kill switch that prevents any web traffic for exiting your machine without going through the VPN. 11. Yes, we operate our own DNS. 12. We own ALL our hardware, and have full control of our servers. No third party has access to our environment. We don’t leverage VPS or third party hosts, which we feel would be compromising our customer’s security. Anonymizer website IRONSOCKET 1. We keep limited session logs for all of our services which include VPN, HTTP, SOCKS5 and Smart DNS Proxy. Session logs record the time and date of the user’s session connection and disconnection, the IP address used for the session, and a numerical representation of how many bytes were transferred. These logs are typically kept for 72 hours, usually less, after which they are purged. The main reason we retain this data is to prevent fraud and abuse. Since we use Shared IPs on our servers, and do not log activity, it is very hard, if not impossible, to know what a user is doing. 2. We operate under the laws of the SAR of Hong Kong, which has no data retention law whatsoever. 3. For reasons of security, we don’t disclose our exact security systems and processes. Additionally, we do not monitor what activity users do when using our services, regardless of the service used (VPN, HTTP, SOCKS5, Smart DNS Proxy). 4. No. We do not use any external email providers. We also do not use any third party support tools. We utilize Facebook and Twitter as a means of social contact with users and we provide light support for general questions however any account specific issue must go through our ticket system. At no time do we ever link a user’s social media account to an IronSocket account. 5. IronSocket is not subject to the DMCA or its European equivalent. We do NOT host any user uploaded content on any of our servers. While IronSocket is not subject to DMCA, some of our hosting partners are. If they receive and escalate a DMCA notice to us, we reply to the provider that we do not log our user’s activity, we utilize shared IP addresses, and it is next to impossible to determine any activity of our users. We then confirm P2P is not being used on servers where P2P is not allowed. 6. We cooperate with proper legal processes valid under Hong Kong jurisdiction. The first step is to determine the validity of the court order, and if valid, determine if we have any data available to identify the active user of our service. Because of our privacy policy, terms of service, and anonymous payment methods, it would be almost impossible to identify any user engaging in any specific activity while using any one of our services. This situation has never happened. 7. As of February 2015, IronSocket has never been compelled by court order, secret or otherwise, to share any business or customer information with any government or law enforcement agency. We do not currently have this posted on our website but it will be included in our transparency report section which is scheduled to be published to our website later this year. 8. We allow Torrent/P2P file-sharing traffic on specific servers that have been optimized for file sharing performance. The list of servers that allow P2P file sharing can be found here. We do not allow BitTorrent/P2P on all of our servers due to the legal pressure on the data centers we use in the US, UK, Canada, and other countries. 9. We accept payments in cash, credit cards via PayPal, Bitcoin via BitPay and gift cards via PayGarden. We do not retain specific payment information, such as credit card information, linked to individual user accounts. That is maintained by the payment processor, not us. If you wish to pay in an anonymous fashion we recommend paying by cash, Bitcoin, or gift card. These methods provide the highest levels of anonymity for users. 10. We recommend the IronSocket VPN network; based on OpenVPN, a full-featured SSL VPN. Our users are given the encryption options of Strong, Light and None. We recommend using the default Strong encryption setting, which utilizes AES 256-bit Data Encryption with SHA256 Message Authentication, using a 4096-bit key for secure authentication. 11. Yes, we use our own DNS servers. We currently provide DNS servers in 8 different regions for increased redundancy and improved query speeds. We push our own DNS server IP addresses to our VPN clients. 12. Our global network of VPN and Proxy servers are all self-managed and are hosted in a number of third party datacenters. We vet all datacenter relationships prior to engaging in business, and regularly re-evaluate them to assure security practices, personnel, and policies are established, trained, and enforced. We have servers located in the following countries: Argentina, Australia, Brazil, Canada, Cyprus, Denmark, Egypt, France, Germany, Hong Kong, Iceland, India, Indonesia, Ireland, Italy, Japan, Luxembourg, Mexico, Netherlands, New Zealand, Norway, Panama, Philippines, Romania, Russia, Saudi Arabia, Singapore, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, Ukraine, United Kingdom, and United States. IronSocket website VPN.AC 1. We keep connection logs for 1 day to help us in troubleshooting customers’ connection problems but also to identify attacks (e.g. bruteforce). This information contains IP address, connection start and end time, protocol used (including port) and amount of data transferred. 2. Our company is incorporated in Romania since 2009. Data retention has been declared unconstitutional in our country and even before of Constitutional Court’s decision, it wasn’t applying to VPN service providers. 3. We do not monitor traffic. We monitor bandwidth usage per server but that’s a different topic. Abuse issues are solved effectively by adding firewall rules on-the-fly, even automatically, without monitoring or logging actual traffic. 4. Support (ticketing, livechat) is operated in our own environment. Email is not used to transmit information provided by users, such as part of ticketing conversations. We only provide a notice that a reply has been made and is available in our online ticketing system, after logging in. We also don’t use any 3rd party tracking services like Google Analytics. Backups, APIs and everything else related to our service are hosted in our own environment and we make use of strong encryption for storing them. 5. We are handling DMCA complaints internally without involving the users (i.e. we are not forwarding anything). We use shared IP addresses so it’s not possible to identify the users. 6. It never happened. In such event, we would rely on legal advice. 7. No. We may consider using one at a later date, but at this moment we believe its effectiveness and legality are questionable, and we don’t want to have one just as “yet another feature†for marketing & PR purposes. Having a warrant canary or not, the customer still has to trust the provider for using the service. 8. Yes, it is allowed. 9. Mostly PayPal, bitcoin, credit/debit cards, pre-paid cards (including anonymous vouchers). 10. OpenVPN using Elliptic Curve Cryptography for Key Exchange (ECDHE) is used by default in most cases. We also provide support for ECC keys (secp256k1) and RSA-4096, SHA256 and SHA512 for digest/HMAC. For data encryption we use mostly AES-256 and AES-128. Yes, we provide tools and instructions for setting up “kill switches†and solving DNS leaking issues. 11. We use our own DNS resolvers, outside of USA for good reasons. We also generate millions of DNS queries artificially on a daily basis and they are mixed with the queries coming from users. 12. We have physical control of our servers in Romania. In other countries we rent or collocate our hardware. We have some measures in place to prevent and alert us in case of unauthorized physical access – but that’s realistically limited, though. Some of the hosting providers we host with are LeaseWeb, Voxility, Private Layer, Softlayer, UK2, QuadraNet, Root SA, Ecatel, NForce, Sweden Dedicated, OVH, Online.net in the following countries: Netherlands, Germany, Romania, Luxembourg, Switzerland, Sweden, France, USA, Canada, UK, Mexico, Japan, Australia, Singapore and Hong Kong. VPN.ac website SEED4.ME 1. We do not analyze or DPI traffic. We also do not keep logs on VPN nodes. General connection logs are stored on a secure server for 7 days to solve network issues if there are any. These logs are deleted after seven days if there are no network problems. 2. Taiwan. We are not aware of any legislation requiring us to share client information and we are not aware of any precedents in Taiwan where client information was disclosed. We do not hold much information anyway. On the other hand, we do not welcome illegal activities which potentially harm other people. 3. We use simple firewall rules to block peer-to-peer file sharing on servers where the DMCA applies. Still, users can use torrents in Russia and Ukraine. 4. Currently we utilize Google Apps. We do not store any sensitive information there, only support issues. 5. In case of abuse we null route the IP to keep ourselves in compliance with the DMCA. Currently we use simple firewall rules to block torrents in countries where the DMCA applies. 6. We will act in accordance with the laws of the jurisdiction, only if a court order comes from a jurisdiction where the affected server is located. Fortunately, as I said before, we do not keep any logs on VPN nodes, on the other hand – we do not encourage illegal activity. This has never happened. 7. No. 8. Yes, torrents are allowed in Russia and Ukraine. 9. We accept Bitcoin, PayPal, Visa, MasterCard, Webmoney, Yandex.Money, Bank transfer and In-App purchases in our iOS App. We do not store sensitive payment information on our servers, in most cases payment system simply sends us a notification about successful payment with the amount of payment. We validate this data and top up the VPN account. 10. L2TP (2048 bit) for Desktop and 2048 bit IPSec in our App will be a good choose. Our App (https://bitly.com/seed4me) has Automatic protection option that guarantees for example that all outgoing connections on open Wi-Fi will be encrypted and passed through secure VPN channel. We don’t provide a kill switch for Desktop. We are still compatible with free software that prevents unsecured connections after VPN connection goes down. 11. We use Google and users can override these settings with their own. 12. We have VPN clusters in the US, UK, Hong Kong, Singapore, Russia, Netherlands and Ukraine. All servers are remotely administered by our team only, no outsourcing. No data is stored on VPN nodes (if the node is confiscated, there will not be any data). We prefer to deal with trustworthy Tier-3 (PCI-DSS) data centers and providers to ensure reliable service with high security. Seed4.me website BLACKLOGIC 1. We keep logs only for payment fraud prevention reasons. We do not monitor what our clients do online. We keep port mapping logs for 72 hours. 2. Canada 3. SMTP/S ports are closed. All ports which could be used for P2P are closed on the US servers. Port mapping logs can trace back to the specific user account. 4. We have our own email system, and don’t outsource email hosting. For online chat we use Zopim. 5. The port in question is closed for 48 hours. 6. We know our clients and don’t accept any suspicious clients. No court orders were ever received 7. As mentioned above, we haven’t received any court orders since 2007. 8. We don’t allow P2P on American servers. Other servers are still fine. 9. Credit Cards, PayPal, WebMoney and Western Union. 10. OpenVPN (256 symmetric AES encryption, and 2048 bit certificates). VPNWatcher app is one of the recommended tools for “kill switches.†11. Yes, we have our own DNS servers 12. All Canadian VPN servers are owned and controlled by our company. Other servers are dedicated servers rented from multiple datacenters. Blacklogic website IBVPN 1. We do not spy on our users and we don’t monitor their Internet usage. We do not keep logs with our users’ activity. However, in order to avoid abuses that may occur during the 6-hour trial we record and keep for 7 days the time, date and location VPN connection was made, connection duration and bandwidth used during the connection. 2. We are located in Romania, which means we are under EU jurisdiction. 3. Due to security concerns and in order to avoid servers’ attacks, we cannot disclose these tools. 4. We do not use external e-mail providers. To provide quick support and a user friendly service experience, our users can contact us via live chat but activity logs are deleted on a daily basis. There is no way to associate any information provided via live chat with the users’ account. 5. So far we have not received any DMCA notice or other European equivalent for any P2P server from our server list. For the rest of the servers, we have filtering systems that prevent P2P and file sharing activities in order to protect us and our users from DMCA notices. In case such a notice is received we simply reply that measures have been taken in order to prevent future abuses. 6. As stated in our TOS, we do not support criminal activities, and in case of a valid court order we must comply with EU law under which we operate and provide the limited information we may have. It would be illegal not to. So far, however, we have not received any valid court order. 7. As we are located in the EU we do not have a warrant canary or a similar solution to alert customers to gag orders. 8. We allow BitTorrent and other file-sharing traffic on specific servers located in the Netherlands, Luxembourg, Sweden, Russia, Hong Kong and Lithuania. Based on our legal research, we consider that it is NOT safe for our users to allow such activities on servers located, for example, in the United States or United Kindgom. 9. We accept various payment methods like Credit cards, PayPal, prepaid credit cards, Payza, SMS, iDeal, Ukash, OOOPay and many more. Payments are performed exclusively by third party processors, thus no credit card info, PayPal ids or other identification info are stored in our database. For those who would like to keep a low profile we accept BitCoin, LiteCoin, WebMoney, Perfect Money, PaySafeCard, CashU, Ukash. 10. The most secure VPN connection is Open VPN, which provides 256 bit Blowfish algorithm encryption. Yes, Kill Switch has been implemented with our VPN Clients. When enabled, the Kill Switch closes all applications (that are running and have been added to the Kill Switch app list) in case of an unwanted VPN disconnection. 11. At this time we use a combination of public and private servers. To improve our service, we have started the process of switching to our own DNS servers (few months ago) and our goal is to complete this process by the beginning of March. 12. We do not have physical control over our VPN servers, but we have full control to them and all servers are entirely managed personally by our technical staff. Admin access to servers is not provided for any third party. ibVPN website VPN BARON 1. Our users share the server IPs making it impossible to link any user to a particular action. On the server, no traffic logs are recorded. We monitor only the number of simultaneous user connections on our network as whole, and do not link the user to a particular server. This helps us avoid infinite simultaneous connections from a single user. 2. We’re under Romanian jurisdiction, inside of the European Union. EU takes privacy issues more seriously than the US, as many already know. 3. We’ve implemented strict firewall/traffics shaping rules or our Linux servers in order to avoid abuses. If any abuses go through, we just add a new rule that deals with the new issue. This security does not affect the regular VPN usage in any bad way. 4. Our VPN network is separated from the administrative part. As any service that deals with customers, we use emailing software that uses our local server (not a 3rd party server). The information that can be provided by/to users has no incriminating value, being mostly standard OpenVPN troubleshooting, install help and various enquires. 5. None of our users have ever been issued a DMCA notice, being unable to detect which user has caused it due to our no traffic logging policy. On our end, if the issue is persistent and our server provider insists that we deal with it, we wipe that particular server and replace it with a new one from a different provider. Rinse and repeat. 6. This didn’t happen so far. Court orders usually imply something serious and we’re requested by law to assist. We don’t have much to offer. We can answer if a particular email address \ name (could not be a real name, we don’t check) has an active account on our administrative part. 7. We do not. As we haven’t received any warrants or court orders there was no need. However, we’ll certainly do our best to protect our users. 8. Yes. All P2P traffic is allowed. 9. We use Bitcoins, PayPal and Credit Cards (processed by PayPal). Again, the administrative part is very separated from our VPN service. With each paid invoice the administrative part updates the subscription’s expiration date on the VPN service. We recommend using Bitcoins for the most anonymity a payment method could offer. Bitcoin payments cannot be traced to a particular individual. 10. OpenVPN protocol offers by default excellent security on any type of encryption, and after a certain point, adding more encryption has diminishing returns while making a huge impact on user’s internet speed. It makes little difference if a package is cracked in 10,000 years or 20,000 years. We currently use by default BF-CBC 128 bit key, TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA. In the future update, we’re allowing users to select their preferred type of encryption. We regularly check for DNS leaks. If the VPN connection drops, all traffic will be halted. 11. We’re using Google DNS. It’s fast, secure and google does a great job keeping it safe against any type of attacks. There is a huge list of Security Benefits on their page that might be of interest to anyone who’d like to find out more. 12. We’re big fans of cloud servers. They can be created or destroyed in seconds. We feel that the ease of replacing a server is essential to any privacy service, adding an extra bump to anyone trying to track the activity of our users. Our servers located US and Europe and our main providers at this time are Digital Ocean and Vultr. VPN Baron website ACEVPN 1. We do not log established accounts nor log traffic. We respect their privacy. We do not store any personal information on VPN servers. IPs are shared among users and our configuration makes it extremely difficult to single out any user. To mitigate abuse and fraud, we log time of connect and disconnect for new signups from certain IP ranges. This information is purged after two weeks. 2. We are registered in the US. 3. We use a proprietary pattern and rules based risk management system to screen for fraud and to mitigate abuse. 4. We use Google apps for email. Emails are deleted regularly. 5. If we receive DMCA takedown, we block the port mentioned in the complaint. IP’s are shared by other users and our configuration makes it extremely difficult to single out any user. We do not share any information with 3rd parties. 6. To date we have not received court order. We only store billing information which the payment processor or bank or credit card issuer has. 7. We publish transparency report quarterly. 8. We have special servers for P2P that are in datacenters that allow such traffic. These servers also have additional security to protect privacy when P2P programs are running. There are several legal uses of P2P. 9. We use Paypal, Google, Stripe and Square for processing payments. We store billing information on a secure server separate from VPN servers and do not store any financial information. 10. For high security needs we suggest using our IPSEC IKEv2 VPN. Our IPSEC IKEv2 VPN servers use Suite B cryptographic algorithms. Yes, we do provide kill switches if a connection drops. Our servers are tested for DNS leak. Encryption varies depending on VPN protocol. We support the following protocols and encryption. IPSEC IKEv2 – 384 bits ECC (Equivalent to RSA 7680 bits) and AES 256 bit encryption. OpenVPN – We have servers running on port 53, 80, 443, 1194, 8292. RSA 4096 bit and AES 256 bit encryption supported. L2TP VPN – AES 256 bit encryption. Stealth VPN – RSA 2048 bit and AES 256bit encryption. Makes VPN traffic look like https traffic. PPTP VPN – Avoid if you can! 11. We operate our own DNS servers (Smart DNS) for streaming videos. For VPN, we use Google and Level3 DNS. 12. We control our servers and network. We have servers in 18 countries and over 36+ locations / datacenters. USA, Canada, UK, France, Germany, Italy, Netherlands, Spain, Sweden, Switzerland, Latvia, Luxembourg, Romania, Denmark, Ireland, Hong Kong, South Korea and Australia. Acevpn website NOLIMITVPN 1. At NolimitVPN, we have developed a custom activity tracker. We only log the user authentication on the network, the P2P activity and the SMTP activity (to avoid any kind of abuse). The activity tracker is based on “magic IDs†(temporary and rolling IDs) so we are able to match a server IP to a customer account during 48 hours. We do not log the traffic content of our VPN users. 2. We are currently based in Singapore and we plan to move the company to Hong Kong in a near future for more convenience. 3. We have developed custom tools (mainly parsers) based on tcpdump. 4. We use Zopim for the live chat on the website and we use Mandrill to send automatic emails to our VPN users. Every other emails are processed through our mail server. 5. At NolimitVPN, we do everything we can to protect the anonymity and the privacy of our customers, in case of complaint we do not transmit any information. But we warn the user about the complaint and we suggest him to use a private tracker to download torrent files. If too many DMCA complaints are received and if the user has been warn many times (more than 3 times), we can suspend his account (this never occurred). 6. This has never happened. Anyway, if a legal court order is received, we would be forced to give them the logs of our activity tracker. But as mentioned above our activity tracker does not log any legal information (IP address and timestamp) that could be valid for authorities. 7. No. 8. We allow torrents as long as we do not receive a DMCA complaint. If too many DMCA complaints are received and if the user has been warned many times (more than 3 times), we can suspend his account (this has never occurred). 9. We use Stripe but we do not record the billing address on our servers, every information linked to the payment is stored on Stripe servers. We do the maximum to store the minimum information about our customers. 10. Currently we support two protocols, PPTP (with 128bits encryption over MPPE) and L2TP (with 256bits encryption over IPsec). Thus, we recommend to use the L2TP protocol (which provides the same encryption level than OpenVPN). We provide to our users a Windows script that automatically connect and reconnect you if your connection drops. We plan to integrate OpenVPN protocol before the end of the year. 11. We do not have our own DNS for now, instead we use OpenDNS. We plan to integrate our custom DNS before the end of the year. 12. As our company is young (only 1 year old), we currently have two servers provider: DigitalOcean and Vultr. We have the following servers locations: Netherlands, France, United Kingdom, Germany, Singapore, Japan, United States and Australia. Torrentfreak
  18. — 1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long? 2. Under what jurisdiction(s) does your company operate? 3. What tools are used to monitor and mitigate abuse of your service? 4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users? 5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled? 6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened? 7. Does your company have a warrant canary or a similar solution to alert customers to gag orders? 8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why? 9. Which payment systems do you use and how are these linked to individual user accounts? 10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches†if a connection drops and DNS leak protection? 11. Do you use your own DNS servers? (if not, which servers do you use?) 12. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located? — LIQUIDVPN 1. The VPN servers do not store user authentication logs. Once a user logs off of our VPN network we have no way of knowing which IP they were assigned or which server they were using let alone the time of day they logged in at. 2. USA 3. The main tools in place at the network level are SNMP and Mikrotik Layer 7 firewall rules. At the host level its Zabbix and OSSEC. 4. LiquidVPN hosts everything on servers we control. 5. As much as I would love to toss these in the trash it would be impossible to keep the servers online if I did so. Most USA data centers require action to be taken within 24 hours or they automatically null route the IP until corrective action has been taken. In the UK and Europe many data centers that require any action at all give us 48 hours before an automatic null route of the IP address. When we are required to take action we will rate limit the port in question down to 5Kb/s for 24 to 48 hours. Here is our exact process. 1. Post the DMCA notice to the Transparency Reports section along with the intended course of action if there is one. 2. Post a link on Twitter. 3. If we are required to take action and update the data center we will rate limit transfers on the offending port to 5Kbs 6. This has never happened. In the event that it does happen our attorney will post the court order and our intended action in the transparency reports section I linked above. If there is a gag order of some sort our Warrant Canary will stop being updated. We do abide by the law so in the end we would have to send over the information requested on a user. 7. Yes we do. 8. Yes it is. 9. PayPal, Credit Card, Bitcoin and Cash are accepted. Our payment data and VPN user data are completely separate. We only require a first name, country and email address to sign up unless you are paying by credit card. Due to the obscene number of charge backs we were getting on credit card transactions we had to begin collecting addresses and phone numbers for credit card transactions. When an order is placed the webserver logs the IP and time of order. Other actions on the website will also trigger the same logging event. These logs are purged after 6 months. 10. We have a very easy to use kill switch and also provide directions on setting up a full-fledged firewall to protect against leaks, drops and much more if the user is so inclined. Our client enables DNS leak protection by default. We provide private DNS servers, reverse proxies aka SMARTDNS (in beta) and of course IP Modulation. IP modulation shares a pool of IP addresses with dozens or even hundreds of other users and each connection has a random chance to modulate the IP. An average webpage makes 30+ connections for it to load completely. In theory on a modulating IP address your traffic could appear to be coming from 30 different IP addresses. Currently the best encryption OpenVPN supports without being modified is AES-256-CBC. So this is what I would recommend for most people. I would recommend 2048 to 4096 bit RSA keys. I would tell users to make sure a TLS key is used and some form of server certificate verification is enabled in the configuration file. I would tell them to MAKE SURE there is an auth SHA256/SHA512 line in their configuration file and that tls-cipher is defined. 11. Of course and we are 90% finished converting them all to communicate on private subnets only. 12. We do not own the equipment it is on short term leases and collocated around the world. We do not like to be married to a data center in case a privacy issue comes up and we have to pull out quickly. We choose our data centers very carefully but things change very quickly politically in a lot of these regions. We currently have servers in Canada, UK, USA, Netherlands, Switzerland, Germany and Romania. LiquidVPN website AIRVPN 1. No, we don’t keep such logs. 2. Italy. 3. We use internally written tools to mitigate attacks against our VPN servers as well as DDoS attacks originating from clients behind our servers. 4. No, we don’t. 5. They are ignored, except when they refer to web sites running behind our VPN servers. Due to our service features, it is perfectly possible to run web sites from behind our servers: we also provide DDNS for free to our customers. For these specific cases, we can act similarly to a hosting provider and we verify that the web site is compliant to our Terms of Service. We have had web sites spreading viruses and other malware (verified without any doubt) and we intervened to quickly stop them when we were warned about the issue. 6. Since we can’t provide information that we don’t have, an “ex-post†investigation is the only solution, if and when applicable. So far we have had no court orders of this kind. 7. No, we don’t. While a warrant canary’s effectiveness is questionable, we recommend to use technical means to solve the problem at its roots. When a customer can’t afford to trust us for the sensitivity of his/her activities, he/she can simply use Tor over OpenVPN, or OpenVPN over Tor, to get an immediate protection which a warrant canary, not even if updated every day, will never be able to provide. 8. Yes, it’s allowed on every and each server. We do not discriminate against any protocol or application and we do not monitor traffic or traffic type. 9. We accept Bitcoin, a wide range of cryptocoins, PayPal and major credit cards. About PayPal and credit cards, the usual information pertaining to the transaction and account/credit card holder are retained by the financial institutions, and it is possible to correlate a payment to a user (which is good for refund purposes when required). When this is unacceptable for security reasons, then Bitcoin or some other cryptocoin should be used. Bitcoin can also be provided with a strong anonymity layer simply by running the Bitcoin client behind Tor. 10. Our service setup, based on OpenVPN, is the following: 4096 bit RSA keys size, AES-256-CBC Data Channel, 4096 bit Diffie-Hellman keys size, HMAC SHA1 Control Channel, TLS additional authorization layer key: 2048 bit. Perfect Forward Secrecy through Diffie-Hellman key exchange DHE. After the initial key negotiation, re-keying is performed every 60 minutes (this value can be lowered unilaterally by the client). Due to the serious doubts about NIST standard Elliptic Curves parameters being manipulated by NSA, we feel to share Bruce Schneier’s considerations to not use ECC. Our free and open source client Eddie (under GPLv3) for Linux, Windows, OS X Mavericks and Yosemite, implements features which prevent the typical DNS leaks in Windows and any other leak (for example in case of unexpected VPN disconnection). Leaks prevention, called “Network Lockâ€, is not a trivial kill-switch, but it prevents various leaks that a classical kill switch can’t block: leaks caused by WebRTC, by programs binding to all interfaces on a misconfigured system and by malevolent software which tries to determine the “real†IP address. In the future, probably before the end of 2015, our client will be available, as usual free and open source according to our mission, for other VPN services too. We provide guides, based on firewalls and not, to prevent leaks on various systems for all those persons who can’t or don’t wish to use our client Eddie. 11. Yes, we use our own DNS servers. 12. Our servers are housed in datacenters which we have physical access to, provided that the access is arranged in advance for security reasons. Datacenters must comply to some technical and privacy requirements. With rare exceptions, a datacenter must have a PoP to at least one tier1 provider. Without exceptions, datacenter must be network neutral, must provide bandwidth redundancy, minimum uptime of 99.8% and our servers must have a dedicated port and a guaranteed bandwidth. We have servers located in Canada, France, Germany, Hong Kong, Latvia, Netherlands, Portugal, Romania, Singapore, Spain, Sweden, Switzerland, Ukraine, USA. We work or have been working with big and small providers, such as Amanah, IBM, Leaseweb, Voxility, HugeServers, Serveria, YesUp, Teknikbyran, just to name a few. AirVPN website VPN.S 1. We do not keep logs that could match time stamp of a user. 2. Australia 3. If there is a *serious* abuse that we have been alerted to, we may use string matching in the firewall to DROP packets containing the particular abuse, or block outbound traffic to a particular IP. We do not monitor for abuse, abuse alerts come from third parties such as fail2ban services. 4. We host our own Mail server along with a support system on our own Colocated equipment. Live chat system is Zopim, unfortunately we have not been able to find adequate self hosted software solutions that meet our requirements for live chat however we do review this option once to twice a year incase something becomes available 5. We do not track our users, therefore the notices cannot be acted upon, due to the fact the DMCA notices cannot be verified we respond to the notices in this manner. 6. We have yet to encounter this. Our policy is to adhere to the court order, however due to our no logging policy it would be impossible to provide in-the-past information on any user. If the user is active and the court order contains specific end point IPs it is possible by firewall matching the user could be identified. 7. yes. 8. Yes. 9. Bitcoin, Perfect Money, PayPal, Visa/MC, 10. We provide OpenVPN which can be used across multiple devices with our 2048bit keys, our Windows, OSX, Linux application provides DNS Leak and protection if VPN is dropped within the application settings, we can also provide tutorials to users to set these safe-guards up manually 11. Yes, each server pushes DNS settings which are within our own network, these servers are recursors so the source IP of all queries are that of our own servers. 12. We have physical control over our infrastructure that contains any user data such as email address and passwords – these do not reside on end point VPN servers. Our VPN endpoints are configured so they do not contain any sensitive user information, the only information is the username which is required for our key based authentication for OpenVPN. We currently have servers in 41 countries. VPN.S website PERFECT PRIVACY 1. We do not log or store any traffic, IP addresses or any other kind of data that would allow identification of our users or their activities. The anonymity and privacy of our users is our highest priority and the Perfect Privacy infrastructure was built with this in mind. 2. Perfect Privacy is a community of interests with a postal address in New Zealand. However, our servers are operated in accordance with the law of the respective countries they are located in. 3. Since it is impossible for us to determine which user causes specific traffic, we cannot identify individual customers responsible for abuse. If we receive abuse complaints we usually offer to block the destination IPs from our ranges so that no further abuse can take place. The only data we record is the total amount of traffic per server so we can check and publish our traffic capacities. 4. No user input or data is processed by any third party tools (no Google Mail, no ZenDesk, no ticket system, etc.). Users can contact us by email and a https contact form, both running with our own mail server. We also encourage users to use PGP when communicating with us. We also offer TeamViewer support for customers but this is completely optional and up to the user. 5. Because we do not host any data, DMCA notices do not directly affect us. However, we do receive copyright violation notices for filesharing in which case we reply that we have no data that would allow us to identify the party responsible. 6. The only step on our side is to inform the contacting party that we do not have any data that would allow the identification of a user. There had been incidents in the past where Perfect Privacy servers have been seized but never was any user information compromised that way. Since no logs are stored in the first place and additionally all our services are running within ramdisks, a server seizure will never compromise our customers. 7. Since we are not bound by U.S. law, gag orders like National Security Letters do not apply to us. We would outright disclose any information of a possible problem to our users. As a last resort we would shut down our service before allowing our users to be compromised (e.g. like LavaBit). 8. Yes, Bittorrent and other file sharing is generally allowed. However, at certain locations that are known to treat copyright violations rather harshly (very quick termination of servers) we block the most popular torrent trackers to reduce the impact of this problem. Currently this is the case for servers located in the United States and France. 9. We offer a variety of payment options ranging from anonymous methods such as sending cash, Bitcoin or PaySafeCard. However, we also offer payment with PayPal for users who prefer that option. We keep no data about the payment except for when the payment was received which is linked only to an anonymous account number. 10. While we offer a range of connection possibilities we would recommend using OpenVPN with 256 bit AES encryption. Additional security can be established by using a cascaded connection: The Perfect Privacy VPN Manager allows to cascade your OpenVPN connection over up to four freely choosable servers. The client software also comes with an integrated firewall and DNS leak protection which are enabled by default: This prevents any traffic bypassing the VPN connection and the exposure of the user’s IP address by a DNS leak. This protects against attacks like the WebRTC IP leak vulnerability. 11. Yes. All Perfect Privacy servers run a Domain Name Server for the exclusive use of our customers. Users can choose to either use a randomly assigned DNS from our pool or choose a specific one. We are currently evaluating additional security features like DNSSec. 12. All management tools and internal systems are running in-house and are completely under our own control. Our VPN servers (and other user-reachable services like Proxies, DNS, etc.) run on servers hosted in different datacenters all around the world (currently in 25 countries). These servers do not log any kind of user data and are all running within ramdisks on dedicated servers. Perfect Privacy website UNSPYABLE 1. We keep no logs whatsoever. 2. USA and UK VPN services are provided via our USA offices which also includes our billing system. Our offshore VPN network (Cyprus, Czech Republic, Denmark, Egypt, Hong Kong, Iceland, Netherlands, Panama, Russia, Sweden and Switzerland) is physically isolated from our USA operations and shares no connection to it. 3. We don’t monitor anything. If we receive notice of criminal activities we will use non invasive techniques (without logging) to try and determine who the user is and terminate their access. None of the previous paragraph applies to P2P activities which are allowed on all servers except in the USA and UK where packet filtering is used. 4. No. 5. Our offshore servers where P2P is allowed are in countries and data centers that do not forward such notices. If we were to receive such a notice we would reply to it appropriately. Since we don’t log anything our reply would not include any information on the user. 6. If we were to receive a request from an authority having jurisdiction we would cooperate with them. However since we keep no logs of anything we have very little to provide them. Anything we have to provide them such as customer names can be gotten from the customers credit card company or the payment processor much more efficiently and without us even knowing about it. Bitcoin is one of our payment options and can help minimize access to such information. This has never happened. 7. We believe announcing such a thing in advance would cause the effectiveness of such a plan to go to zero should the need arise. 8. It is allowed on what we define as our offshore servers (see question 2). It is not allowed on USA and UK servers due to the issues involved. There is no benefit to the user to use USA or UK servers over the offshore servers for P2P. Therefore we do not believe this to be any limitation to our users. 9. Bitcoin, Amazon Payments and PayPal. Our online VPN authentication servers contain no customer personal information. We keep customer email addresses offline in case we need to contact the customer for some reason. We do not keep any other personal information regarding the transactions. Obviously the payment providers have a record of the transaction as well that is beyond our control. 10. We use OpenVPN with 256 AES encryption, SHA512, 4096 bit RSA and TLS 256 AES which provides perfect forward secrecy. For maximum privacy we recommend our multi hop servers. However, due to the multiple hops they will not be the fastest for P2P or streaming applications. We don’t recommend software kill switches as they are subject to failure. We recommend that users block all ports on their router except for 1194 OpenVPN and then use the VPN to provide access to the Internet. This creates the perfect “kill switchâ€. ISP DNS leaks are most easily eliminated by changing all DNS servers on the users devices to ones not associated with their ISP. 11. We pass DNS traffic through intermediate servers to Google DNS. We believe using our own DNS servers is less private than farming out the DNS requests via intermediate servers to Google and mixing them with the billions of other DNS requests Google handles daily. All requests to Google DNS appear to originate form one of our offshore servers and don’t correlate to the user. 12. No, we use trusted ISP’s in all the countries we prove service in. (Cyprus, Czech Republic, Denmark, Egypt, Hong Kong, Iceland, Netherlands, Panama, Russia, Sweden and Switzerland) Plus US and UK. In addition, server hard drives are encrypted to prevent tampering or any data recovery should the physical server be accessed. Unspyable website HIDE.ME 1. No, we don’t keep any logs. We have developed our system with an eye on our customer’s privacy, so we created a distributed VPN cluster with independent public nodes that do not store any customer data or logs at all. 2. We are a Company based in Malaysia with no legal obligation to store any user logs at all. 3. We believe that it is not our responsibility to monitor user activities, consequently, we don’t throttle or block any kind of traffic. 4. Yes we use Zendesk and LivechatInc in which we do not store any customer data that could be mapped to our customer database. Furthermore this information cannot be linked to your VPN usage and online activities. 5. Since we don’t store any logs and/or host copyright infringing material on our services, we’ll reply to these notices accordingly. 6. Although it has never happened,in such a scenario we won’t be able to entertain the court orders because our infrastructure is built in a way that it does not store any logs and there is no way we could link any particular cyber activities to any particular user. In case we are forced to do so, we would prefer to close down rather than putting our users at stake who have put their trust in us. 7. Since we are not operating under US law, in Malaysia there is no such thing as the Patriot Act. So far we haven’t been served with a court order or any governmental request and if it was the case we would be transparent with our customers that might have been affected by such court order. 8. There is no effective way of blocking file-sharing traffic without monitoring our customers which is against our principles and would even be illegal. Usually we only recommend our customers to avoid the US & UK locations for filesharing but it is on a self-regulatory basis since these countries have strong anti-copyright laws in place. 9. We support over 200+ international payment methods, including Bitcoin, Paypal, Credit Cards, Bank transfer and UKash. All payments are handled by external payment providers and are linked to a temporary payment ID. This temporary payment ID can not be connected to the users VPN account/activity. After the payment is completed, the temporary payment ID will be permanently removed from the database. 10. Our users’ privacy is of utmost concern to us. Our windows client has the features such as kill switch, Auto Connect, Auto Reconnect etc which makes sure that the user is always encrypted and anonymous. Even though if one of our customer decides not to use the client, in our community there is a big variety of tutorials to help our customers to protect themselves against any sort of leaks. After all, modern VPN protocols that we all support – like IKEv2, OpenVPN and SSTP, are considered secure even after the NSA leaks. We follow cryptographic standards and configured our VPN servers accordingly in order to support a secure key exchange with 4096-bit keys and a strong symmetric encryption (AES-256) for the data transfer. 11. We do not operate own DNS servers since all outgoing connections are already encrypted and free DNS servers like OpenDNS or Google Public DNS are not censored in any way, so we can ensure that our customers are still anonymous using these services and enjoy a censorship free browsing. Operating own DNS servers would put our infrastructure at risk since an attack could affect all our customers that are currently connected to our VPN servers. 12. We operate 27 server locations in 19 different countries. However we do not own physical hardware, there is an intrusion detection and other various security measures in place to ensure the integrity and security of all our single servers. Furthermore we choose all third party hosting providers very carefully, so we can assure that there are certain security standards in place (ISO 27001) and no authorized person could access our servers. Among our reputable partners are Leaseweb, NFOrce, Equinix and Softlayer. Hide.me website SHADEYOU VPN 1. ShadeYou VPN does not keep any logs. The highest level of privacy is a main mission of ShadeYou VPN. Everybody can read our Privacy Policy. To use our service only a username and e-mail are required. No personal or real data is required. 2. ShadeYou VPN company operates under the jurisdiction of the Netherlands. 3. We absolutely do not monitor any traffic or user activity. Even if we receive a serious abuse notification we can’t start monitoring our users because it will violate the main mission of ShadeYou VPN. 4. Yes, we are using Google Apps as our email service provider. But we do not send or request any private or personal information via mail. Also the option of Live Support is available and works based on SiteHeart service where personal information isn’t required. 5. The abuse team of ShadeYou VPN answers as follows: a) we do not store any illegal content on our servers; b) all of our users agrees with our privacy policy while registering, so we warned that illegal actions are prohibited and at this time we are not responsible. c) we have no any personal data of our users or any logs of their activities that can be shared with third-parties because we simple do not store it. 6. Sharing any personal data of our users is absolutely impossible since we do not store it and do not keep any logs. Yes such kind of situation has happened but there is not even one existing case when we have shared any information about our users with any 3rd parties. 7. Warrant canaries are new to us. We have not used one before since we are sure that all our users are safe. But we can start using it as an additional option to make our users sure that they are totally secure while using our service. 8. BitTorrent and any other file-sharing traffic is allowed on all our servers. There’s only one exception, and that’s for users who use a trial version. 9. ShadeYou VPN uses payment systems including PayPal, Perfect Money, Webmoney, Qiwi, Yandex Money, Easy Pay, Ligpay, UnionPay, AliPay, MINT, CashU, Ukash also accept payments via Visa, Master Card, Maestro and Discover. Ofcourse Bitcoin is available. 10. We strongly recommend to use OpenVPN since it is the most safe and uses the strongest encryption (TLS Protocol with 1024-bit key length and AES-256-CBC crypto-algorithm). We do not support “Kill switch†at the moment but we will propose alternative solution when our new DNS servers will be launched. 11. At the moment we use Public DNS 8.8.8.8 and 8.8.4.4 and currently we are working hard on implementing our own DNS servers with a secured channel. 12. All our servers are collocated around the world in DC’s of different leading hosting companies. Our VPN network covers: USA, United Kingdom, Sweden, Ukraine, Netherlands, Russia, Spain, Hong Kong, Germany, France and Canada. Romania will be added soon. ShadeYou VPN website SECUREVPN.TO 1. We don’t log any individually identifying information. 2. Each server is handled with the jurisdiction at the servers’ locations. 3. There are no tools which monitor our customers. We have techniques which don’t require any logging to prevent the abuse our service. 4. Our website has been completely developed by ourselves and we don’t use any external services. 5. We will reply to DMCA takedowns but we cannot be forced to hand out information, because we don’t log anything. 6. This hasn’t happened yet but if we were forced to identify one of our customers at a specific server location, we would drop this location immediately. Under no circumstances are we are going to log, montior or share any information about our customers. 7. No, we don’t offer something like that. 8. Yes, it is allowed on all servers. 9. We offer a wide range of anonymous payment methods like Paysafecard, Bitcoin, Litecoin, Dogecoin, Worldcoin, EgoPay and Perfect Money. All payments are processed by our own payment interface and therefore no third party payment processor receives any information. 10. We would recommend OpenVPN, available in UDP and TCP mode. We are using AES-256-CBC for traffic encryption, 4096 bit RSA keys for the key exchange and SHA-512 as HMAC. These settings offer you the highest grade of security available. We offer a tool called “VPN Helper†which provides security features like a DNS Leak Protection, IP Leak Protection and IPv6 Leak Protection. Some weeks ago the development of our own VPN client, which will also include those security features, started. 11. At the moment we are using the nameservers of OpenDNS. We will offer our own DNS servers soon. 12. We rent 24 servers in 19 different countries and are continuously expanding our server park. The server locations are France, Netherlands, Switzerland, United Kingdom, Canada, USA, Bulgaria, Costa Rica, Germany, Kosovo, Latvia, Lithuania, Moldova, Romania, Russia, Spain, Sweden, Taiwan and Ukraine. For us it is impossible to have physical control over all widespread servers. SecureVPN.to website HOTSPOT SHIELD 1. AnchorFree and Hotspot Shield’s top priority is to provide privacy to our customers. We do not store any logs that can be used to associate a connection to a user. 2. Anchorfree operates in the US under US jurisdiction and outside the US under Swiss. 3. We have a security team dedicated to monitoring abuse, specific details are confidential, but we can assure our users that we do not use logs to monitor and mitigate abuse. 4. Yes, we do work with an external email service and support tool however, none of the user’s information can be tied back to their activities while using Hotspot Shield. 5. We do not host content and are unable to remove any of said content. Additionally, our top priority is the privacy of our users and therefore we do not log or monitor our users and are unable to identify any users of our service. 6. It is not technically possible to effectively identity or single out one active user from a single IP address. We have received a valid court order. 7. Since we don’t have the information to provide to the agencies we do not require to have it. 8. We believe in an open and uncensored internet, we do not discriminate against any kind of traffic. 10. We’re biased here, but for a good reason, we think the most secure VPN connection is Hotspot Shield VPN which uses proprietary VPN protocols. Our encryption algorithm favors AES-128 more than other standards for its cryptography properties, performance and hardware support which is available for consumer devices and server platforms. We have a patent pending solution for kill switches for Android clients and we are working to improve it and include into all of our applications. Our users never risks of DNS leak because all traffic (including DNS requests) are protected by the VPN tunnel. 9. In the US we accept Credit Cards and PayPal. Internationally we accept the most popular local payment methods like Mobile Payments, Prepaid cards, eWallets, Bank Transfers etc. Our users’ payment information cannot be linked to their individual user accounts. 11. Yes, we have hundreds of dedicated servers around the world. 12. We own all of our infrastructure. We do not outsource anything. We have virtual locations in the US, UK, Canada, Australia, Japan, Germany, India, Hong Kong and China. Hotspot Shield website RAMVPN 1. We log absolutely nothing. Even without logs there can be small amounts of meta-data leftover in RAM memory of the TCP/IP stack on the server’s operating system. After seeing the rising trend of server seizures in 2014, it can no longer be assumed that simply not logging can protect the users. To mitigate this, we run the VPN service itself on a virtual machine within an encrypted RAM container, and combine this with physical tamper resistance just to be sure. 2. The business itself is under USA jurisdiction and as such we are not subject to any mandatory data retention laws whatsoever. 3. None. We have no way of monitoring traffic. If abuse is reported to our abuse department through the proper channels and is discovered to be a valid complaint, we may temporarily block outbound network traffic to the target being abused (usually the source of the abuse complaint) using basic firewall configurations. We would be completely unable to find the origin of such abuse in relation to one of our users. We can’t even revoke a user account if we want to. 4. We do not engage any third parties for email or support-related hosting at this time. 5. We do not host content there would be nothing for us to remove, plain and simple. 6. We are unable to identify an active user of our service to begin with. The service was inherently built from the ground up to make identification of a user impossible from a technical perspective, even for us. Due to consumer protection laws, we must abide by our advertised inability to track users. A request such as this has not ever happened. 7. We currently have no warrant canary. 8. We don’t block any traffic at all other than attack traffic (related to abuse complaints), and even those blocks are temporary. 9. PayPal, credit card, or Bitcoin. These are barely linked to an “accountâ€, because the only thing we keep on file is an email address. The payment information itself is NEVER linked directly to any VPN authentication credentials. Users even have the option to use a non-billing email address to have their keys signed with and credentials delivered to. For those who are extra paranoid, we recommend using an anonymous email service and anonymous payment method (such as bitcoin) to ensure we have absolutely no details about you. 10. RSA2048 and blowfish encryption. No, we do not currently provide kill switches or DNS leak protection. 11 Our DNS servers run on the local VPN network and proxy to our host node. Our host node will then respond from its cache, or if it does not have the record, look the information up using Level3, OpenDNS, or OVH Canada. 12. We have firmware control over our physical servers, however we outsource our data-center usage through OVH hosting. While we currently only have servers based in Canada and US, our expansion plans include Germany, China, France, Italy, and more. We are adding new nodes frequently. RAMVPN website FROOTVPN 1. FrootVPN takes the privacy of all of its users serioulsy and therefore we do not store any logs and we do not monitor any traffic in our network. 2. We operate in Sweden. 3. As we do not monitor any traffic and our system is built to protect the identity of our users. However if we do receive any legit abuse if it’s necessary we can block IP and port. 4. We have setup our own mail servers which we manage our self. Only our staff has remote and physical access to these servers. We use opensource helpdesk OTRS which is hosted on our own servers. 5. We do not host any content on our servers, therefore sending DMCA notices to us is kind of pointless as we cannot identify any customers. If we do receive such a request we just send back our privacy policy. 6. As we do not keep any logs or monitor any traffic, we are unable to identify any customer. 7. No. 8. We only block SMTP as we do not like spam and our providers do not like it either. All other traffic is allowed such as file sharing. 9. We use multiple payment system, such as PayPal, paysafecard, ukash and more. Each invidual payment system may require you to enter personal information to be able make a purchase from them. However we do not store any personal information or transaction number in our database. 10. We offer both PPTP, L2TP and OpenVPN. We recommend to use OpenVPN as it offer the highest encryption and is by today the most secure VPN. With OpenVPN you can use AES256 cipher and 2048 bit DH key. 11. We use our data center DNS servers, which is 80.67.0.2. We however do plan migrate to use our own DNS servers during this year. 12. We own all our hardware ourselves and they have all be installed and configured by our staff. We only lease rack unit and bandwidth from our Internet provider. Only our staff has physical access to our servers. All our servers are located in Sweden. FrootVPN website LOKUN 1. We keep as little information as possible, both legally and technically. We do not store information that can map you to one of our IP addresses. In our database, we keep: usernames, hashed passwords and the corresponding salt, account status and email (if given). We keep a record of when a user connects and total number of connected users. 2. Icelandic jurisdiction. 3. No special tools have been needed to handle abuse so far, these issues will be dealt with on a case-by-case basis. We use email to handle abuse notifications. 4. Third parties storing plaintext emails isn’t a problem we can solve by picking email hosting providers. Instead, we prefer that users use encrypted emails to communicate with us. We use Zendesk and Google Apps because of technical merit. 5. We have never received such a notice. 6. We do not store the information required to do this and would be unable to comply. We would simply cease operations if placed under gag order or similar. 7. Yes. 8. Yes. 9. We currently accept: Credit cards, Icelandic bank transfers and Bitcoin. Other methods of payment can be requested. A payment is not linked to a user account. Payment processors do not know the username being paid for. We are legally required to store all sales receipts, in the case of a random tax audit. Sales receipts contain the date of purchase and the amount. We do not store what username the payment was made on behalf of. 10. We only use OpenVPN and we do not have our own client. 11. Yes. 12. All our servers are hosted in Iceland and we host with trusted parties; DataCell and GreenQloud. We have a mix of own hardware and virtual servers. Data is never saved to disk. Lokun website ASTRILL 1. Our mission is to protect users privacy online, therefore we don’t keep logs. 2. Our company is registered in Seychelles so it’s virtually impossible or very complicated to get any data about our customers through legal system. 3. … 4. All the tools we use are proprietary. We use our own email servers and helpdesk software for communication with customers. 5. P2P applications are allowed on our network, on designated servers, where DMCA complaints from copyright trolls are trashed. 6. We have not received any properly filed legal request to date about disclosing information about our customers. The exact procedure is determined by our attorneys. 7. … 8. We provide servers with P2P applications support and on these servers P2P complaints are, as legally invalid, trashed. 9. We accept many payment methods, all credit cards, paypal, alipay, perfect money and bitcoin are just some of popular methods we support. 10. For best security we recommend OpenVPN protocol with AES-256 bit, Camellia 256-bit, Cast 512-bit and BlowFish 512-bit. We also offer StealthVPN as additional layer of security on top of Open VPN which makes it virtually impossible for ISPs to recognize OpenVPN protocol, throttle it or block. StealthVPN allows connections to any port of user choice (1-65535), both UDP and TCP. We support DNS leak protection and kill switches. 11. … 12. We run our own network of VPN servers in 54 countries which we have full control over. Astrill website NEXTGENVPN 1. No such logs are ever kept. 2. Rep. of Seychelles 3. In house custom tools that we will not disclose for obvious reasons. 4. None. 5. They are ignored. 6. Never happened. 7. Irrelevant in our case. 8. Yes. On selected destinations only. 9. Payments are handled by a different company without any direct links to users accounts. 10. OpenVPN – AES256. DNS leak protection and automatic reconnect are provided. 11. Yes, we maintain our own DNS services. 12. We have direct control of all infrastructure servers and most of VPN remote gateways. Some VPN gateways are third party hosted. Gateways : US,NL,UK,BE,FR,ES,PT,UA,CH NexTGenVPN website STEGANOS 1. We do not store any user data, neither regarding IP-addresses nor time stamps. 2. We operate under German jurisdiction, where no data retention law is in force. Therefore, currently there is no legal basis in Germany that forces Steganos to store user data. This means that we do not have any information to share with third parties or court. 3. In order to protect our users from abuse we keep our servers safeguarded against malware and abuse-software, for example by constantly providing security updates and blocking unnecessary ports. We do not monitor any activities of our users, but retain the possibility to block ports which are reported to be used exceptionally often for abuse (e.g. spamming). 4. We use Google Apps within our company. Our support service additionally uses Zendesk, which logs some user information. As these are stored on different servers, they cannot be used for user identification though. 5. After receiving such a notification, Steganos takes seizure according to its own measures that we consider appropriate. In general, this would be the restriction of access to the copyright protected work, but not the blocking of a user. 6. Steganos has taken a strong stance for data security and protection for years and defended customer information against any disclosure. This means that we try to prevent the identification of our users and even go to court, if necessary, like in 2009. Back then the data retention law imposed by EU was in force in Germany. Nevertheless, Steganos refused to release the IP-address of a user to the lower regional court of Bamberg and successfully proceeded against this court order. 7. As our company is not based in the US, we do not need any warrant canary. 8. BitTorrent is not actively blocked as of now. 9. Our customers can pay easily and securely via Paypal, Credit Card (Mastercard, Visa), bank transfer, check or Giropay. All billing information is stored on different servers and cannot be linked to users by any means. 10. We recommend OpenVPN with 256-bit AES encryption and therefore work with it in our product “Steganos Online Shield VPN“. As we believe it to be the most secure option, we are also currently planning on implementing it in our VPN tool “OkayFreedom†(which uses 128-bit blowfish as encryption algorithm so far). We neither offer tools regarding kill switches nor DNS leak protection as of now. 11. We use Google Public DNS server, which we consider unproblematic. It is not only the biggest public server with over 130 billion requests per day and works fast, but also does not store personally identifiable information nor IP-addresses permanently and all temporary logs are deleted after 48 hours at the latest. 12. We offer servers located in 12 different countries, which are: Egypt, France, Germany, Great Britain, Japan, Mexico, Romania, Singapore, Spain, Switzerland, Turkey and the USA. Therefore we collaborate with several third party providers that reside in these countries, for example 1&1 Internet AG in Germany, hosttech GmbH in Switzerland and SAKURA Internet Inc. in Japan. Despite we do not have physical control over the VPN servers there, we always take security measures like installing our operating system directly on these servers. It is to mention, that all login servers are placed in Germany where we have full control over them. STEGANOS VikingVPN website 1. No. Logging of that kind would be foolish for us. It would be a betrayal of our customer’s trust, and it would ultimately give us more legal liability than we want to have. 2. We currently have servers operating in the United States, Netherlands, and Romania. We chose these locations as sites that would honor our zero data retention policies for VPN services. The company was incorporated in the United States. 3. We don’t use tools to monitor and mitigate abuse. However, if credit card fraud is reported, we will immediately terminate the offending account. 4. We use Google Apps for email. We do not consider any email service to be secure at this time, and we advise privacy minded users to use PGP encryption with us, as that is currently considered the best method of email communication by the privacy community. Our PGP key is available on request. 5. We haven’t received a VALID DMCA notice yet. Anyone sending us a notice gets a fully copy-paste of our DMCA policy, reminding them of the conditions for a VALID DMCA notice. 6. It hasn’t happened. If it were to happen, we would be unable to comply because our infrastructure doesn’t allow us to collect that kind of information. If a court ordered us to modify our infrastructure in order to allow it to collect that kind of information, our warrant canary would activate. 7. Yes. We have a dead man’s switch warrant canary that is managed by two admins. If the canary is tripped, the front page of the site changes dramatically to warn users of a possible compromise. 8. Yes. We don’t block any ports. 9. Our payment gateway is TSYS for all credit card transactions. We also accept Bitcoin and Darkcoin. For the Credit Card transactions, we only retain the necessary data for the transaction. For Bitcoin and Darkcoin transactions, we only use an email address, which is for support purposes only. 10. We recommend only using Open Source VPN clients, as any closed source client could have backdoors or unknown security vulnerabilities. For our users, the maximum security encryption is the default encryption, and users can’t change it. Most people can’t be expected to know which encryption schemes are going to keep them safe 30 years into the future, nor should they be expected to know that. At VikingVPN we use RSA4096 for the handshake, AES-256-CBC for symmetric encryption, SHA1 for data integrity checks, and a 2048-bit HMAC cipher for hardening against man-in-the-middle attacks. For the session/control channel, we use 4096-bit DHE which renegotiates hourly with new keys, creating perfect forward secrecy. 11. We use OpenDNS in the US and FreeDNS in the EU. Utilizing a local DNS would not assist with privacy as all DNS requests are tunneled through our VPN and out to the public DNS servers, additionally, using a local DNS gives us a single point of failure for a DDOS attack, and would make the network vulnerable. 12. Our servers are leased by thoroughly vetted partners. We have tight control over the hardware, and we only allow our servers to be hosted in high quality datacenters with multiple layers of physical security such as 24 hour security staff, biometric scanners, and cabinet-level security. Most importantly, we do not use virtual servers or cloud services for hosting our VPN network. We operate with bare-metal servers only using our custom configuration. Torrentfreak
  19. Russia blocks websites on a very large-scale but citizens often circumvent those blocks using VPNs, TOR and other anonymizing tools. The country is now looking at ways of bringing this to an end, with Russia's main web-blocking body supporting a worrying proposal by a Russian MP to ban use of these tools Since 2012, Russia has had legislation allowing the country’s main telecommunications watchdog Roskomnadzor to maintain a list of domains to be blocked by ISPs in the country. While the usual serious crime suspects such as child abuse and terrorist sites are included, more controversial resources are also filtered, including sites that feature content about drugs and suicide. Also present are sites that fail to remove copyright content in a timely manner and in the past couple of years plenty of torrent, storage and links forums have been blocked. Of course, where there’s a block or filter there are people ready to circumvent them and it now appears that Russia is growing tired with the ease that citizens do so. Proposals from the Duma (lower house of parliament) now indicate that the country is considering how to further limit access to “banned†content. Speaking at Infoforum-2015, Russian MP Leonid Levin, who is deputy head of the Duma Committee on information politics, indicated that access to anonymization and circumvention tools such as TOR, VPNs and even web proxies, needs to be restricted. “One of the factors in the formation of the Internet environment in our country has become the authority for the pre-trial blocking of websites. It allows us to block sites banned in Russia quickly enough. At the same time the pre-trial blocking of anonymizing services deserves attention, such as access to the anonymous network Tor,†Levin said. By introducing restrictions on these systems, Levin added, it would restrict citizens’ access to blocked content, stop people transferring content anonymously, and also help to reduce the commercial distribution of malware. Levin also called for greater powers for the Roskomnadzor watchdog, an organization that also supports the idea of locking down anonymous networks. According to Vadim Ampelonskogo, Roskomnadzor’s chief press officer, the task won’t be easy but is technically possible. Describing the Tor network as a “den of criminals†and “ghouls, all gathered in one placeâ€, Ampelonskogo said Roskomnadzor would find a solution to block anonymous networks if it was supported by a relevant regulatory framework. Levin’s proposals to block anonymizing tools and networks is not new. In 2012 the topic was raised but came to nothing and in 2013 an initiative was launched by the FSB and received support from the State Duma. However, there is a growing feeling that Russia will eventually do something. According to figures cited by Russia’s RBC, 150,000 citizens use the TOR network with up to 25% of Internet users now using some kind of VPN. While Russia’s attack on encryption won’t be a surprise to many, other supposedly more free societies are also looking to crack down on the anonymous. In the wake of the recent attacks in Paris, Prime Minister David Cameron indicated that users of private services such as WhatsApp could be blocked or monitored if his government wins the next election. http://torrentfreak.com/vpn-and-tor-ban-looming-on-the-horizon-for-russia-150212/
  20. One of the most-used Popcorn Time forks plans to implement support for the anonymous I2P network to protect its users from snooping anti-piracy organizations. In addition the application wants to shield its operation from takedown attempts by pushing software updates though a P2P technology. Branded a “Netflix for Pirates,†the Popcorn Time app quickly gathered a user base of millions of people over the past year. There are several successful forks of the application available online who all work on their own feature sets. Popcorn-time.se, has been one of the most active projects. The fork added numerous features and made privacy one of its key selling points. Last year it was the first fork to roll out a built-in VPN that could be used free of charge. However, with millions of users the associated VPN provider Kebrum had trouble keeping up with the massive demand. “Our user base grew so quickly and is still growing at a tremendous pace that we’re having difficulties keeping up with the volume. Only a small percentage of the huge number of our users we have can use the VPN simultaneously at the moment,†the Popcorn Time team tells TF. This motivated the developers to look for various alternatives to keep its users secure. In this quest the Invisible Internet Project (I2P) caught their eye. “We’re now making the first steps in examining integration of Popcorn Time with the I2P network,†the team explains. The I2P network has been around for more than a decade but never really caught on with the mainstream public. It operates as an anonymous overlay network, similar to Tor, but is optimized for file-sharing. One of the major downsides of this type of anonymity is that it may slow down transfer speeds, and that’s also the main concern for the Popcorn Time developers. “Our biggest question in regards to using the I2P network, and we’re examining this question thoroughly to see if it’s the best solution for anonymity for Popcorn Time, is whether the download speed will be good enough for Popcorn Time to work well and for users to be able to still get the awesome viewing experience they have become accustomed to.†“We are trying to find ways in which we can use the huge user base Popcorn Time has in order to enhance the speed of I2P to our users,†the Popcorn Time team adds. In addition to safeguarding the privacy of its users, Popcorn Time is also concerned about attacks on its own infrastructure. Android Planet reports that Popcorn Time also plans to distribute its software through P2P technology, so users can get the latest updates even when the server’s offline. This is not just a hypothetical situation. A few months ago this fork of Popcorn Time lost its .eu domain name after they were put “under investigation†by the EURid registry, and pressure from copyright holders hasn’t stopped since according to the developers. http://torrentfreak.com/popcorn-time-explores-i2p-anonymity-as-vpn-overloads-150206/
  21. VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC. The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only. Luckily the security hole is relatively easy to fix. The Snowden revelations have made it clear that online privacy is certainly not a given. Just a few days ago we learned that the Canadian Government tracked visitors of dozens of popular file-sharing sites. As these stories make headlines around the world interest in anonymity services such as VPNs has increased, as even regular Internet users don’t like the idea of being spied on. Unfortunately, even the best VPN services can’t guarantee to be 100% secure. This week a very concerning security flaw revealed that it’s easy to see the real IP-addresses of many VPN users through a WebRTC feature. With a few lines of code websites can make requests to STUN servers and log users’ VPN IP-address and the “hidden†home IP-address, as well as local network addresses. The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and appears to be limited to Windows machines. A demo published on GitHub by developer Daniel Roesler allows people to check if they are affected by the security flaw. IP-address leak The demo claims that browser plugins can’t block the vulnerability, but luckily this isn’t entirely true. There are several easy fixes available to patch the security hole. Chrome users can install the WebRTC block extension or ScriptSafe, which both reportedly block the vulnerability. Firefox users should be able to block the request with the NoScript addon. Alternatively, they can type “about:config†in the address bar and set the “media.peerconnection.enabled†setting to false. TF asked various VPN providers to share their thoughts and tips on the vulnerability. Private Internet Access told us that the are currently investigating the issue to see what they can do on their end to address it. TorGuard informed us that they issued a warning in a blog post along with instructions on how to stop the browser leak. Ben Van Der Pelt, TorGuard’s CEO, further informed us that tunneling the VPN through a router is another fix. “Perhaps the best way to be protected from WebRTC and similar vulnerabilities is to run the VPN tunnel directly on the router. This allows the user to be connected to a VPN directly via Wi-Fi, leaving no possibility of a rogue script bypassing a software VPN tunnel and finding one’s real IP,†Van der Pelt says. “During our testing Windows users who were connected by way of a VPN router were not vulnerable to WebRTC IP leaks even without any browser fixes,†he adds. While the fixes above are all reported to work, the leak is a reminder that anonymity should never be taken for granted. As is often the case with these type of vulnerabilities, VPN and proxy users should regularly check if their connection is secure. This also includes testing against DNS leaks and proxy vulnerabilities. http://torrentfreak.com/huge-security-flaw-leaks-vpn-users-real-ip-addresses-150130/
  22. Recently released Snowden’s NSA documents published by the German magazine Spiegel reveal the NSA has a dedicated team to crack VPN traffic and feed it to their data mining software. The documents list over 200 commercial VPN providers, like Astrill, CyberGhostVPN, iPredator and PrivateInternetAccess (PIA), they include companies that no longer exist like Xerobank and also name small VPN providers. One of the leaked NSA slides says that copyright violators, pedophiles and Internet scam artists all use Internet anonymity, highlighting that terrorists using anonymity are the NSA main concern, however, this is a three year old document and contemporary news indicate that the NSA and GCHQ now also have orders of using their skills to hunt down pedophiles on the Internet. The 51 pages long slide titled “Internet Anonymity 2011†starts explaining the differences in between encryption and Internet anonymity, contrasting how encryption hides content and VPNs hide metadata, which is important for the NSA. There are commentaries in favour and against Internet anonymity and it briefly introduces the different proxies and VPN protocols available (PPTP; SSH; OpenVPN; L2TP; SSTP). A short analysis spells out how commercial VPN providers work and exposes that the NSA is listing all servers VPN providers have, with a noted complaint about a free VPN provider called HotSpotShield because their list of servers is not readily available for the NSA and the staff has to reverse engineer them. After VPN traffic has been decrypted, everything is stored in XKEYSCORE, a Google like supercomputer used by the NSA to quickly search for specific words or computer IPs. NSA VPN exploit To crack OpenVPN the NSA advises to use XKEYSCORE with X.509 digital certificates, it then shows some real examples of how they fingerprint HostSpotShield, Easy hide IP, Comodo VPN Trust Connect and SecurityKiss, enumerating the ports each service is using with references to their RSA key. Other documents mention that the NSA is aiming at processing 100,000 requests per hour by 2011, this means that they should be able to decrypt and reinject data of 100,000 VPN users, a capability that I am guessing will have considerably increased since then. There are comparisons in between single hop proxies, picking as example Psiphon, multihop proxies that pick JonDo as example and Tor, the comparison lists the advantages and disadvantages of each one of the methods and ends with the conclusion that Tor remains the safest anonymous proxy available. According to the NSA, “sophisticated targets†use Tor to access terrorist forums, it specifically names the terrorist forums al-Faloja, CEMF, al-Hisbah, shumukh, using this as the main reason why the NSA needs to identify Tor traffic, which apparently is hard to do. The only breakthrough the NSA mentions is the capability they have of identifying a few Tor servers, due to their unique characteristics of random digital certificate issuers and the certificates being always only valid for 2 hours. NSA VPN providers The secret documents call the Torbutton a “thorn in the side of SIGINT†(intelligence gathering) because it disables all active content and they have no work around. To crack Tor the presentation recommends “implanting a web server with poisoned content intended for target“, which in plain language means getting the target to download a file infected with a trojan horse. A different 43 pages long NSA presentation gives more technical details about VPN traffic cracking and they mention that all branches have a specialist VPN representative to spy on a target. The same presentation says that the VPN team provides vulnerability analysis and suggests alternative approaches if exploitation is unrealistic. In one particular slide, the NSA stresses in capital letters that VPN exploits are POTENTIAL, depending on many different factors. The second presentation illustrates the NSA success cracking PPTP traffic and goes onto name Iran Air, the Afghan government, Turkish diplomats and Kabul bank as some of those using PPTP to secure their communications. The NSA justification for spying on bank communications is that by following the money they find who is at the other end. And one very important reminder adds on the last page that “If it’s not exploitable now, that doesn’t mean it won’t be later“. GCHQ Tor exploit PPTP has been considered insecure for a long time, these documents not only confirm it, they also illustrate that it is being exploited on a daily basis. If you use a VPN make sure to only connect with the most secure protocol, OpenVPN. A second security measure should be to only sign up with a VPN company that has competent security staff, the NSA VPN exploitation for OpenVPN appears to rely on finding the pre-shared key. Other jewels found on the leaked documents are that the NSA admits to not being able to crack PGP encryption and OTR (Off-the-Record Messaging), two of the documents show metadata without any transcription for the conversation, marked by NSA staff with the sentence “no decrypt available for PGP encrypted message“. As for remailers, the “Internet Anonymity†NSA slides disclose that the agency considers Mixmaster and Mixminion the most secure remailers due to their high latency, adding that they are hardly used by anybody. Without a doubt, the leaks show that the NSA has lots of interests in wiretapping VPN traffic. People worried about illegal spying could stick to Tor since the NSA admits that they can’t crack it, but a different GCHQ (UK secret service) presentation leaked in the same article and titled “potential technique to deanonymise Tor users“, mentions that the UK secret services is considering using Tor exit nodes they own to help them deanonymise Tor users, the presentation is highly technical and appears to be a future project, that, if it has been implemented, means that the GCHQ has deployed their own honeypot Tor exit nodes to log all traffic and with it any passwords you enter. I can only see two solutions for the paranoid, one of them, is using double authentication to login to the VPN, you could use a key based SSH login with PuTTY, this places the encryption keys in your power and not in the server, this way only a trojan horse could steal your keys. The second solution, is to combine a VPN with Tor, which will slow down your Internet browsing. More information: http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html By HACKER10
  23. Last week Canada enacted an amendment to its copyright law which requires Internet services to retain access logs of customers in order to process piracy notices. This mandatory data retention puts the privacy of VPN users at risk, and as a result Canadian providers are considering pulling out of the country. A few days ago it became a legal requirement for Canadian ISPs to forward copyright infringement notices to their subscribers. As a result of the new copyright law amendments, which also apply to VPN services, providers now have to keep logs of their subscribers’ IP-addresses or face high penalties. Specifically, the law requires a broad range of Internet services to “retain records that will allow the identity of the person to whom the electronic location belongs to be determined, and do so for six months….†Failing to log traffic and forward these notices may result in “statutory damages in an amount that the court considers just, but not less than $5,000 and not more than 10,000…†The new rules also apply to BTGuard, a well-known Canadian VPN and proxy service that claims to keep no logs. Concerned that the new data retention requirements would force a change in this policy, several customers asked the provider for clarification. Responding to these requests BTGuard assured its customers that its logging policy remains unchanged. However, BTGuard may discontinue its Canadian servers in the near future. “Rest assured that we are committed to our customers’ privacy. As stated in our privacy policy, we do not log our customers’ usage or IPs and never will,†one customer was told by BTGuard. “It’s possible that this legislation will require us to discontinue our servers in Canada, but we will find a solution and our services will continue where it’s legal to be anonymous without causing you any inconvenience,†the company added. In a separate request we asked BTGuard for a comment on how the new law will affect its business. In a short comment we were informed that they are still exploring their options and that no final decision has been made yet. “We still guarantee privacy. Our servers in Canada might be closed, but we are still exploring our options,†BTGuard’s Jared told TF. Other providers are prepared to take similar measures. While the text of the law suggests that VPN providers are covered (something that’s also confirmed by one of Canada’s top copyright scholars), many are still uncertain about the exact impact it will have. TunnelBear informed us that they are still investigating if they are indeed covered by the new legislation. If they are, the company will take its business elsewhere. “Despite our investigation and legal consultations, it remains unclear whether or not VPN companies are included in the bill. We have brought on legal counsel to continue to investigate,†TunnelBear says. “If it is determined that TunnelBear is required to comply with C11 if we retain operations in Canada, we will swiftly move our operations to a more privacy friendly region. At no point, under any circumstances will TunnelBear log the activity of our users,†TunnelBear adds. For TunnelBear the issue is less urgent than for others though, as the company doesn’t allow torrent traffic on its servers. While the changes may reduce piracy somewhat, it also negatively affects people’s privacy. And with the new data retention requirements Canada has certainly become an unattractive location for VPNs and other privacy services. — TF is interested in hearing how other Canadian providers intend to respond to the new law. We sent out more inquiries and will add to this article when responses are received. http://torrentfreak.com/vpn-services-consider-leaving-canada-to-protect-customer-privacy-150107/
  24. Netflix is starting to block subscribers who access its service using VPN services and other tools that bypass geolocation restrictions. The changes, which may also affect legitimate users, have been requested by the movie studios who want full control over what people can see in their respective countries. netflix-logoDue to complicated licensing agreements Netflix is only available in a few dozen countries, all of which have a different content library. Some people bypass these content and access restrictions by using VPNs or other circumvention tools that change their geographical location. This makes it easy for people all around the world to pay for access to the U.S. version of Netflix, for example. The movie studios are not happy with these deviant subscribers as it hurts their licensing agreements. Previously entertainment industry sources in Australia complained bitterly that tens of thousands of Netflix “VPN-pirates†were hurting their business. Over the past weeks Netflix has started to take action against people who use certain circumvention tools. The Android application started to force Google DNS which now makes it harder to use DNS based location unblockers, and several VPN IP-ranges were targeted as well. Thus far the actions are limited in scope, so not all VPN users may experience problems just yet. However, TorGuard is one of the VPN providers which noticed a surge in access problems by its users, starting mid-December. “This is a brand new development. Just two weeks ago we received the first report from a handful of clients that Netflix blocked access due to VPN or proxy usage. This is the very first time I’ve ever heard Netflix displaying this type of error message to a VPN user,†TorGuard’s Ben Van der Pelt tells us. In TorGuard’s case the users were able to quickly gain access again by logging into another U.S. location. It further appears that some of the blocking efforts were temporary, probably as a test for a full-scale rollout at a later date. “I have a sneaking suspicion that Netflix may be testing these new IP blocking methods temporarily in certain markets. At this time the blocks do not seem aggressive and may only be targeted at IP ranges that exceed too many simultaneous logins.†Netflix is reportedly testing a variety of blocking methods. From querying the user’s time zone through the web browser or mobile device GPS and comparing it to the timezone of their IP-address, to forcing Google’s DNS services in the Android app. TorGuard told us that if Netflix continues with a strict ban policy, they will provide an easy solution to bypass the blocks. Other services, such as Unblock-us are also suggesting workarounds to their customers. Netflix’ efforts to block geoblocking circumvention tools doesn’t come as a surprise. TF has seen a draft of the content protection agreement Sony Pictures prepared for Netflix earlier this year. This agreement specifically requires Netflix to verify that registered users are indeed residing in the proper locations. Among other things Netflix must “use such geolocation bypass detection technology to detect known web proxies, DNS based proxies, anonymizing services and VPNs which have been created for the primary intent of bypassing geo-restrictions.†geofiltering Blocking VPN and proxy “pirates†has become a priority for the movie studios as streaming services have failed to introduce proper countermeasures. Early 2014 the movie studio looked into the accessibility of various services through popular circumvention tools, including TorGuard, to find out that most are not blocked. In a follow-up during the summer of 2014 Sony Pictures conducted research to identify the IP-ranges of various VPNs and proxies. These results were shared with Netflix and other streaming services so they could take action and expand their blocklists where needed. geolocationresults Based on the above it’s safe to conclude that Netflix will continue to roll out more aggressive blocking tools during the months to come. As with all blocks, this may also affect some people who use VPNs for privacy and security reasons. Whether Netflix will factor this in has yet to be seen. TF contacted Netflix for a comment on the findings and its future plans, but a few days have passed and we have yet to receive a response. Netflix is not the only streaming service that’s targeting VPN and proxy users. A few months ago Hulu implemented similar restrictions. This made the site unusable for location “pirates,†but also U.S. based paying customers who used a VPN for privacy reasons.
  25. VPN Gate Academic Experiment Project is an online service as an academic research at Graduate School of University of Tsukuba, Japan. The purpose of this research is to expand the knowledge of "Global Distributed Public VPN Relay Servers" . You can take these advantages by using VPN Gate: You can get through the government's firewall to browse restricted web sites (e.g. YouTube). You can disguise your IP address to hide your identity while surfing the Internet. You can protect yourself by utilizing its strong encryption while using public Wi-Fi. Unlike traditional VPN services, VPN Gate can get through most firewalls. VPN Gate is free of charge. Not a single registration is required. There is a list of Public VPN Relay Servers on the VPN Gate Academic Project Web Site. Anyone online can hook up to any VPN servers on the listthe list. No user registrations are required. How does VPN Gate work? VPN Gate network consists of many VPN servers, which are provided by volunteers around the world. You can provide your own computer as a VPN server to join this experiment. Windows, Mac, iPhone, iPad and Android are supported. Supports SSL-VPN (SoftEther VPN) protocol, L2TP/IPsec protocol, OpenVPN protocol and Microsoft SSTP protocol. Anonymous connections are accepted. No user registrations are required. Each VPN server has a dynamic IP address. Therefore it may change at random period. VPN servers appear and disappear at any time. Therefore, an IP address may not always connect to a VPN server. All VPN servers are capable of routing your traffic to the Internet, so you can disguise your real IP address. Using a server located somewhere other than your region may provide you some more accessible websites, because the comminucation would look as if it is originated from the country the VPN server resides. http://www.vpngate.net/