|
Having the other endpoint of the VPN under your own control makes the whole thing quite useless for obfuscation. If you are the known owner of the VPNs exit point, then you are identifiable again.
Using a VPN for obfuscation only makes sense if you are NOT the exit point yourself an - if possible - share the same exit point with hundreds of other "unknown" people.
The downside is of course, that you have to trust the VPN provider that he does his job as expected and really makes it impossible to track the traffic back to you.
|
|
|
|
|
|
Thank you very much for the link. I always like a (somewhat?) neutral source to compare products.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
Enjoy!
|
|
|
|
|
I have used PIA over a year and recommend it. But you also asked about TOR.
PIA provides privacy so that your internet provider can't spy on you. It also provides
encryption so you are safe on public Wifi. However, your browser also collects data on your browsing habits, so something like TOR is extremely valuable, in addition to a VPN. I don't use TOR, but I configured my browsers (both Chrome and Firefox) to clear my browsing history when I exit.
|
|
|
|
|
My only experience is with PIA (Private Internet Access) as well. It does well enough for what I need. Speeds were not that great in the beginning (2 maybe 3 years ago) but are now up to par. I notice only a marginal drop in bandwidth while connected, which is to be expected due to VPN overhead.
They also have a large number of regions you can connect to for circumventing geo-tracking/fencing, et cetera, as well as offering port forwarding on a handful of those if that's something you need. They also include a few concurrent connections without using their client, so you can connect a mobile device as well without needing additional software (this has come in handy while traveling abroad; never know who is recording what off of those hotel wifi points...)
For me, the price is more than reasonable for what I'm getting ($25 USD a year, iirc.) Your mileage may vary (obviously) based on your needs.
|
|
|
|
|
I can vouch for PIA as well. Reasonably quick and it cost something like $40 for a whole year. That said, don't expect 100Mbps through it, so if you are downloading large files you want quickly you will probably want to disconnect, but it's the best VPN I've used in that price range by far and I've tried a several of the top recommended options on review sites.
|
|
|
|
|
|
Thanks for the warning. It's always hard to decide on something when you're not aware of the pitfalls.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
Stefan_Lang wrote: that for VPN I need to choose a provider. Which means you're issue of caring about who has what data is still there. Now, it will be a VPN provider who sees your data.
There are two kinds of people in the world: those who can extrapolate from incomplete data.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
True. But supposedly many of them don't actually store these data. My greatest fear isn't so much who sees it now, but who may be gaining access to it for darker reasons in the future. With most internet companies located in the US, any of them might hand over data about me to any three letter 'intelligence' organization on a whim. Also, hackers have the nasty habit of breaking into even the most secured databases, and they may have even worse ideas about what they could do with it.
Data that isn't stored, can't be handed over, or stolen.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
Stefan_Lang wrote: But supposedly many of them don't actually store these data. Supposedly is the keyword there.
Stefan_Lang wrote: gaining access to it for darker reasons in the future. I guess I have no imagination on this subject. What possible darker reasons are there? What are you actually concerned might happen? (Not looking to fight, I genuinely don't know.)
There are two kinds of people in the world: those who can extrapolate from incomplete data.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
RyanDev wrote: What possible darker reasons are there?
To be honest, I have trouble coming up with a concrete example. But in real life I learned that just because you can't think of a way how someone could take advantage of you, that there isn't one.
As a programmer, I try to watch out for unexpected errors. I don't know what bugs the programs I write will expose in the future. It's not that I built them into the program on purpose, but I simply didn't forsee the specific circumstances causing an issue. Therefore I take precautions to restrict the likelyhood of bugs, and the effect that they can have.
As a private person, I watch out for unexpected ways others can take advantage of me. Unfortunately I don't have a sufficiently dark mind to think of all such possibilities. Therefore, as a precaution, I try to keep as much of my personal information close to me as possible. That way I am offering a smaller attack surface, and I limit the potential damage others could cause me.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
Stefan_Lang wrote: But in real life I learned that just because you can't think of a way how someone could take advantage of you, that there isn't one. Of course.
I feel like this is similar to if someone wanted to come by my house and take a picture of my grass or my tree.
What specific data are you concerned about? What sites you are seeing? I'm not even sure what else they could get.
There are two kinds of people in the world: those who can extrapolate from incomplete data.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Ah, you're thinking of browsing. I'm more concerned about stuff like Microsofts CompatTelRunner that does scan your entire hard disks even if you don't participate in CEIP. MS states that (1) it should only be running if you participate, which is a blatant lie, (2) that you can uninstall and hide the related KB update(s), which doesn't help since they wrapped up all KB updates in the cumulative updates, and hidden updates will keep getting unhidden on a regular basis, (3) that it doesn't report any data that I should be concerned about, which I don't believe because of (1) and (2).
Any confidential data stored on my disks, including e.g. stuff related to my work, is effectively compromised by MS, no less.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
Stefan_Lang wrote: Any confidential data stored on my disks, including e.g. stuff related to my work, is effectively compromised by MS, no less. So, you're concerned they might send your Microsoft Money file to their servers? Technically, any program you install on your PC has the capability to do that.
But that's fair.
A couple of times I've had charges show up on my credit card that I did not do. First time I called and disputed. Gone. Second time, I did it online. No big deal. Not that it couldn't be worse but I guess I don't see it as enough of a threat to worry too much about it.
There are two kinds of people in the world: those who can extrapolate from incomplete data.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
RyanDev wrote: So, you're concerned they might send your Microsoft Money file to their servers?
Erm, no. I'm not so much concerned over data they send to their servers, but third parties hacking their servers and doing real bad stuff with it.
MS might be using my data to take advantage of me, but I trust they won't do it in such a big way that it hurts me real bad - after all they've still got some reputation (and money) left to lose. But others may have less scruples.
But all of this is missing the point. I was looking for advice on VPN, not to discuss privacy. I am concerned, for various reasons. VPN seems a good way to reduce the risks. I am well aware that it may not solve the issue entirely, but I rather do something than nothing at all.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
I disabled the CompatTelRunner service only to find it had been re-enabled a few days later. Seems as if the only sure way is to pull the RJ45 out.
We're philosophical about power outages here. A.C. come, A.C. go.
|
|
|
|
|
If you don't uninstall the related Windows kb updates, it will be re-enabled automatically.
If you don't hide them after uninstallation, they will be reinstalled with the next Windows update.
Even if you hide them, they will be unhidden with the next Windows update rollup.
Personally, I switched to manual updates, and when I do an update I will remove the pests that I don't want afterwards:
Quote: KB971033 Description of the update for Windows Activation Technologies
KB2952664 Compatibility update for upgrading Windows 7
KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
KB3021917 Update for Windows Customer Experience Improvement Program
KB3022345 Update for customer experience and diagnostic telemetry
KB3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
KB3044374 Update that enables you to upgrade from Windows 8.1 to a later version of Windows
KB3068708 Update for customer experience and diagnostic telemetry
KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
KB3080149 (update for CEIP and telemetry)
(taken from Meine Methode die Telemetrydatenerfassung au… | Forum - heise online[^] ; also see Windows update KB2952664 (Compattelrunner.exe) cannot be uninstalled from Windows 7 - Super User[^] )
I expect this method will keep working for Windows 7 until MS stops rolling out updates.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
In this case, you should not use a VPN to provide protection since VPN are not visible to applications, anything "your" application can do can also be done by third party applications ...
I have not think this way before, but I belief there should be a solution to this problem using security gateways (black list them is one of potential the solution). But it's not build in yet, I will think about it
|
|
|
|
|
I always thought "what faster way to 'innovate' than to steal the ideas of programmers everywhere?" Better yet, their working code.
|
|
|
|
|
Stefan_Lang wrote: many of them don't actually store these data
You just don't know it.
Stefan_Lang wrote: Data that isn't stored, can't be handed over, or stolen.
What about hand over on the fly
|
|
|
|
|
Shuqian Ying wrote: Stefan_Lang wrote: many of them don't actually store these data
You just don't know it.
Its' all about trust. If it turns out a VPN provider was lying about some relevant aspect of his business, that would ruin his business. I don't trust in VPN providers as much as the fact that they can't afford to compromise that trust.
Shuqian Ying wrote: What about hand over on the fly
I would consider that less of a problem, since I'm much more concerned about data sitting around in a database somewhere, waiting to be hacked by malicious third parties.
Also, what would be the point? If someone wanted to spy on traffic to and from me, he'd need to know my identity anyway, breaking the main layer of protection that a VPN provides. At that point, rather than spying on 193 VPN servers all over the world they could just ask my ISP to hand over the streams.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
Multi years user of PIA, no issues - they allow 5 devices to be set up, and they can be used in parallel (sometimes I also use it on my android phone for gelocation specific apps - like streaming sports - I watch a brand of footy that's free to stream if you're "in Europe." - UK, Germany, Netherlands ... PIA lots of locations to choose from.)
But, even before that: a lot of the data ms collects can already be blocked
- disabling some task scheduler jobs
- and using the windows firewall (firewall with advanced security - free, already built-in)
1. set it to filter outbound as well as in-bound connections
2. but then you will need to add rules, for say your browser
- see next paragraph to make that easier
3. then disable some of the default outbound firewall rules (need to experiment which matter or not).
On top of firewall with advanced security I use WFN (free, source code available) which shows a nice popup whenever any program without a rule tries to open a outbound connection, options to allow/block permanent/temporary (it writes the firewall rules for you)
- for instance your browser needs to be able to connect outbound
start the browser, click allow on the popup - done.
- microsoft office apps absolutely do not (o2016 - no problems killing it's outbound)!
start word, click deny on the popup, done! (need to do separartelt for excel etc)
- some installers may need an outbound connection: use a temporary rule, WFN cleans it up by clicking the notification icon. Antivirus wants to update definitions - temporary rule....
As a final step, don't use your ISP's DNS servers (they also usually use/report what you've been looking for - and if done a deal with ms they share the data with them), set the DNS server to some other reputable public servers (i.e. open DNS: 208.67.222.222, google 8.8.8.8) - network adapter settings - IPv4 - properties
Sin tack
the any key okay
|
|
|
|
|
Thank you for writing up all that advice. I'll see if I can make something of that - as I mentioned above, I'm not very familiar with all these networking options.
WFN sounds nice: we already had to adjust the router firewall settings because it blocked a program. Sounds like WFN is just the right program to deal with these kind of things.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|