VPN Comparison Chart & How to choose the best VPN

Antivirus, forensics, intrusion detection, cryptography, etc.
Message
Author
labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Pritunl client

#141 Post by labbe5 »

Free and open source alternative to Viscosity. No registration or credit card necessary.

Easily add OpenVPN profiles by importing the configuration or by using the URI available with Pritunl servers.

If you are using Bionicdog, here is how to install Pritunl client :

sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb http://repo.pritunl.com/stable/apt bionic main
EOF

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get install pritunl-client-electron

Install instructions also available for Debian 9 and Ubuntu 16.04 & 17.10.

Source : https://client.pritunl.com/

What that means is you install open source Pritunl client for free and use it with your configuration file .ovpn
AirVPN client Eddie is also open source, and beta version is available for use with other VPNs.
Both are targeting users in search for open source VPN clients.

Further reading :
https://jeffgrundy.com/one-month-review ... pn-server/
10 Best VPNs to Use for Linux
https://topvpnsoftware.com/10-best-vpn- ... 1=dwndwl01
Last edited by labbe5 on Mon 05 Nov 2018, 19:17, edited 1 time in total.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Creating A Secure Multi-User VPN

#142 Post by labbe5 »

Oct 5, 2018 @ 1:23 AM
Update – Amazon Prime, Netflix and Hulu are now blocking Digital Ocean IP addresses. Therefore, this type of self-hosted, private VPN server will not work if streaming from those services is your goal.


The way streaming sites are able to block VPN usage is not any sort of amazing technological feat. No, not at all. In fact, all they’re really doing is creating a list of blacklisted IPs known to be associated with VPN services. Once an IP list gets hit, then you’re done – no more access. This means VPN services have to always rotate their IP pools, which can get very expensive for them after a while.

The workaround, of course, is to simply access the streaming sites with a dedicated IP address that no one else uses. Some VPN services provide this type of service, but it’s expensive; too expensive to suit me. So, I decided to create my own VPN service. I’ve been meaning to get around to doing it for a while now; but, I never did because I thought it would take a lot of time. Surprisingly, though, I was able to complete the whole thing — from start to finish — in less than an hour. Actually, maybe it was closer to half an hour; I wasn’t really keeping track.

While there are a few different options for creating your own free, or very low-cost, VPN service available, there is not a lot of good documentation on how to actually get one up and running. Therefore, I thought I would create a post detailing what I did to not only create my VPN service, but also include the steps I took to ensure it was safe and secure. So, without further ado, here’s how to create your own multi-user VPN service.
Source : https://jeffgrundy.com/how-to-build-you ... 5-a-month/

Part 1 – Creating the Hosting Account and Installing Pritunl
https://jeffgrundy.com/how-to-build-you ... a-month/2/

Part 2 – Configure the Pritunl VPN Server
https://jeffgrundy.com/how-to-build-you ... a-month/3/

Part 3 – Configuring the Service and Connections
https://jeffgrundy.com/how-to-build-you ... a-month/4/

Again, though, if you want a rock-solid VPN for streaming videos, this method works like a charm – and, you will always have your own private IP address that’s not shared with other VPN users. Therefore, sites that are banning VPN services will never know who you are or from where you’re connecting.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Online Scam Almanac 2018

#143 Post by labbe5 »

https://buffered.com/scam-almanac/

In order to educate yourself about scams, Buffered VPN has a comprehensive list.

Technology has been improving, but so have scams. In 2017, Canadians lost $95+ million to scams, Australians lost around $90 million, and the FTC registered 2+ million fraud complaints. It's the same everywhere, but with different numbers.

Some scams changed completely, while others stayed the same - but with a more "modern" approach. We scoured the web to outline them all right here to help you keep your money, loved ones, and yourself safe from online fraud.


Further reading :
https://hotforsecurity.bitdefender.com/ ... 20541.html
7 VPN Scams You Need to Avoid
https://restoreprivacy.com/vpn-scams/
Last edited by labbe5 on Fri 30 Nov 2018, 20:49, edited 2 times in total.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Is Windscribe VPN a trap?

#144 Post by labbe5 »

Final Verdict: Not a Trap

Free VPN remains a controversial subject. They have been exposed many times for logging customer data and selling it to third parties for profit.

But this VPN is different. In fact, it has a squeaky-clean record of keeping absolutely no logs and prioritizing user privacy.

There are some concerns about the jurisdiction and customer service. But they are ignorable in the grander scheme of things.

I conclude this review on Windscribe VPN by vouching for this and recommending it to privacy seekers.

Source : https://www.vpnranks.com/windscribe-vpn-review/

Further reading :
https://www.privateinternetaccess.com/b ... artphones/
Why surveillance is even worse for your privacy than you thought
https://www.privateinternetaccess.com/b ... ary-tales/

s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

Re: Chinese police can go to any Chinese ISP to copy your data

#145 Post by s243a »

labbe5 wrote:https://www.privateinternetaccess.com/b ... your-data/

Earlier in October 2018, the Chinese government passed a law that grants local and central law enforcement the ability to enter the premises of any internet service providers (ISPs) or internet service companies (read: VPN companies) to inspect and copy anything. SCMP reports that this new law tightens China’s control of its cyberspace, which already features a Great Firewall. It goes on top of a law passed in 2016 that mandates ISPs store 6 months of IP address connection data and makes it very clear that your internet traffic is available to be monitored. To be clear, these Chinese datacenters are logging way more than just metadata – and this data is now available without a warrant or any semblance of rule of law.

Try using i2p for its built-in privacy and security. VPN optional.
Can you connect to this VPN via i2p?

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

#146 Post by labbe5 »

To answer your question about i2p :

i2p is not a VPN.

With i2p, you do not need a VPN, because of privacy and security mechanisms that are built-in.

You ISP can not see what your are doing while on i2p, even if you use i2psnark, which is the built-in app to download stuff, such as movies, music, books.

It is good to know, because in some countries the use of a VPN is illegal, such as Russia, China. With Deep Packet Inspection, they know you use a VPN.

You can have i2p up and running in not time if using Ubuntu Bionic, i2p being in Bionic repositories, so use Bionicdog or a Puppy based on Ubuntu 18.04.

Look here for more information on i2p, there are plenty of links to learn more about it : http://murga-linux.com/puppy/viewtopic.php?t=112976

If you look for a proxy switcher, it is the one i use : Proxy SwitchyOmega.

If you want to have a preview of what i2p is, Kodachi Linux is the way to go, latest version 5.2 is based on Debian 9.5 and Xubuntu 18.04, with other privacy goodies. Actually Kodachi is the best privacy-oriented OS as of now, and frequently updated as it should be.

Do not forget to switch proxy to 127.0.0.1 port 4444 or you will not be able to go to i2p sites.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

how to switch to your eddie-ui VPN using openvpn and systemd

#147 Post by labbe5 »

If your are using Debiandog, you can use systemd to easily switch from no VPN to eddie-ui VPN.

Install openvpn.
It takes a few seconds.
Then open the openvpn folder in etc/
Create a file named openvpn.conf
Copy your ovpn file from AirVPN and paste its content in openvpn.conf.
Save it.
Now you have to restart openvpn for eddie-ui to start and browse safely with your VPN.
Open your terminal.
service openvpn restart

Your ip address will be changed to a new one. Check with ipleak.net.

This will not work with other VPNs. You would have to provide your username and password, whereas AirVPN ovpn files have username and password built-in.

If you want, create a module openvpn.squashfs and a file openvpn.conf both saved for your next browsing session.

It cannot be easier to set up your VPN and it works whatever OS you use with systemd.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Noisy

#148 Post by labbe5 »

Have a look at this post : http://murga-linux.com/puppy/viewtopic.php?t=114685

If you have used your hosts file to block all links to Google, you may go a step further and use Noisy : Simple random DNS, HTTP/S internet traffic noise generator.

How-to :

The script uses pip and git.

To install pip with Debiandog : apt install python-pip
To install git : apt install git

Puppy should have pip and git available in repositories as well.

Then installation starts :

pip install requests
git clone https://github.com/1tayH/noisy.git
cd noisy
python noisy.py --config config.json

Using Debiandog, you can create a module noisy.squashfs and use it when online even on a fresh install. Copy python noisy.py --config config.json on a saved file next to your module to remind you the command line.

Fast and easy.

If you have made it this far, maybe you are ready to change your mac address as well. This is often neglected but your device mac address can lead to you, as well as an IP address when not cloaked by a VPN.

Install macchanger. If lucky, you have macchanger-gtk in your repositories, this is the GUI for macchanger. The GUI is easy enough to use. The cli tool less so.

Use ifconfig in terminal to see what name your interface has : as a rule eth0 or wlan0, but it can be something else, a series of letters and numbers.
In terminal change your mac address :
macchanger eth0 -r (-r for random)

Finally, did you know you can change your IP address easily? : power off your modem and router. You get a fresh IP after 10 minutes or so. If you do this on a regular basis, you make it more difficult to link you to the sites you visit.

User avatar
Colonel Panic
Posts: 2171
Joined: Sat 16 Sep 2006, 11:09

Re: How to access blocked websites: 13 useful methods

#149 Post by Colonel Panic »

labbe5 wrote:https://fossbytes.com/how-to-access-blo ... easy-ways/

1. Use VPN for unblocking

Apart from just web blocker bypass, if you are into exploring ways to enhance your computer security, you can also go for the deadly combination of TOR and VPN.
...

13. Use Firefox from USB drive

If your school or office is known to take steps to restrict site access, I won’t be surprised you’re not allowed to install extensions on web browser to open the websites for your personal use. In that case, you can install a web browser like Firefox portable on a USB drive. Couple it with some good unblock proxy service and you’ve got it covered.

Take advantage of these tricks, they are good to know in case you face some kind of censorship.

Further reading :
Hooktube
https://hooktube.com/
Hooktube is a YouTube proxy, which allows you to unblock YouTube videos, download videos, and get around YouTube censorship restrictions. Watching videos via HookTube keeps your data from Google.
Simply replace the domain in any YT link with hooktube.com. https://youtube.com/watch?v=S6bOkFLrsAc becomes https://hooktube.com/watch?v=S6bOkFLrsAc, etc.
How to configure Tor to use country specific exit nodes
https://is.gd/B8kDu6
Thanks for this one. I'm using hooktube now.
Gigabyte M68MT-52P motherboard, AMD Athlon II X4 630, 5.8 GB of DDR3 RAM and a 250 GB Hitachi hard drive running Ubuntu 16.04.6, MX-19.2, Peppermint 10, PCLinuxOS 20.02, LXLE 18.04.3, Pardus 19.2, exGENT 200119, Bionic Pup 8.0 and Xenial CE 7.5 XL.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Free VPN Apps

#150 Post by labbe5 »

https://www.top10vpn.com/free-vpn-app-investigation/

We investigated the top free VPN (Virtual Private Network) apps in Apple's App Store and Google Play and found that over half are run by highly secretive companies with Chinese ownership. Very few of these hugely popular apps, which have hundreds of millions of installs worldwide, do anywhere enough to deserve the trust of consumers looking to protect their privacy.

Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders. Furthermore, we found the majority of free VPN apps had little-to-no formal privacy protections and non-existent user support.

Apple and Google have let down consumers by failing to properly vet these app publishers, many of whom lack any sort of credible web presence and whose app store listings are riddled with misinformation.

A list of crappy VPNs is provided. If you installed one, you are most certainly providing personal data to be sold to third-parties.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Social Credit System

#151 Post by labbe5 »

Blocking VPN services will also enable Beijing to pursue its ambitious and creepy Social Credit System (SCS) program.

Slated to roll out in 2020, the SCS, which is being developed in cooperation with the country’s largest tech firms, will rate each citizen based on all their online activities, including the websites they visit, their interactions on social media platforms, their shopping habits, their private conversations and correspondences and more.

Ratings will determine things such as whether a citizen is eligible for loan, government jobs and traveling abroad. The program will hinge on Chinese authorities having full visibility into the online activities of the country’s citizens, especially those they try to hide from the government.

This makes the VPN ban a crucial element of the SCS.


Without the protection of VPN and with the shadow of government surveillance and the citizen rating program looming, Chinese users will be pushed toward self-censorship, fearing that anything they do will negatively affect their access to social and government services.

Analysts are afraid that China’s battle on VPN service will set a dangerous precedent across the world.

For instance, the U.S. and UK governments both have comprehensive surveillance programs, but the constitution prevents them from adopting measures like those of the Chinese government.

However, Beijing’s war of attrition on VPN and technologies that cloak internet traffic might give these and other states ideas for their own surveillance and censorship programs.


Further reading :
Best VPNs for China
http://bit.ly/2PMgxug
China’s chilling dictatorship moves to introduce scorecards to control everyone
https://is.gd/WSdPyH
https://www.top10vpn.com/privacy-centra ... on-stupid/

China's social experiment is a cause for concern. US and UK are not there yet, but...

http://ipleak.com/full-report/#interactive
https://whoer.net/
Last edited by labbe5 on Thu 22 Nov 2018, 00:18, edited 5 times in total.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Preventing Evil Twin Wifi Access Point Attacks

#152 Post by labbe5 »

For Wi-Fi users, an evil twin AP is nearly impossible to detect because the SSID appears legitimate and the attackers typically provide Internet service. In most cases, the best way to stay safe on unfamiliar Wi-Fi networks is to always use a VPN to encapsulate the Wi-Fi session in another layer of security.

What is an Evil Twin AP Attack?

Most Wi-Fi clients and their human operators choose to "auto join" previously saved Wi-Fi networks. If the attacker can't successfully trick the victim into connecting to the evil twin, he can simply break the connection between the victim and any legitimate AP he or she is using by flooding a client and/or associated AP with spoofed de-authentication frames in what's called a de-authentication attack. This means that the target device and AP are informed that their connection has been dropped.

Once a client is connected to the evil twin AP, the attack is over. This entire process is used to allow attackers to establish MitM positions from which they can siphon packets and inject malware or backdoors onto victim devices for remote access. Once in a MitM position, the attacker has complete control over the Wi-Fi session. These cybercriminals can leverage well-known tools to duplicate popular login forms for social sites or email hosting platforms, intercept the credentials in plain text, forward them to the real websites, and log in the user. As the target, you might believe you've simply logged in to your email account as always — but in reality, you have handed your credentials over to an attacker.

Source : https://www.darkreading.com/attacks-bre ... id/1333240

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Seedbox

#153 Post by labbe5 »

Top 10 Seedbox.

A seedbox is a remote computer with a torrent web application running on it (generally ruTorrent).

Most seedbox providers provide also VPN which helps you to browse anonymously online.

All listed seedboxes are super simple to use with a minimal learning curve.

https://cheapseedboxes.com/top-10-seedb ... ers-cheap/

Tutorials :
https://cheapseedboxes.com/tutorials/

Further reading :
https://www.reddit.com/r/seedboxes/

ISPs like Comcast are known to throttle your BitTorrent traffic, and they will soon introduce a monthly bandwidth limit of 100GB. With a seedbox you can bypass these limitations. Your seedbox traffic is not counted towards your ISP account stats and won’t be throttled. The only time it becomes ‘your’ traffic is when you choose to download the files from a finished torrent to your home PC, and uploading torrent traffic will not eat into your cap.
https://torrentfreak.com/10-reasons-why ... ox-080715/

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Stealth VPNs

#154 Post by labbe5 »

https://www.how-to-hide-ip.net/stealth-vpn-protocol/

Stealth VPN is a term used to describe a VPN protocol or server that makes VPN traffic look like regular web traffic through obfuscation, even when deep packet inspection (DPI) is performed on the traffic by a firewall or network administrator. Learn about StealthVPN, the way it bypasses VPN blocking, the available implementations, and the best Stealth VPN providers.

Can be useful in China, Iran, Russia, etc. Also for Netflix enthusiasts blocked from streaming US content.

Further reading :
Countries Where VPNs Are Illegal
https://www.how-to-hide-ip.net/are-vpns ... s-illegal/
Bell Urged Canadian Government To Ban Some VPN Services in NAFTA Submission
http://www.michaelgeist.ca/2019/01/bell ... ubmission/
Last edited by labbe5 on Tue 29 Jan 2019, 11:44, edited 1 time in total.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Eddie Android edition 2.0 released

#155 Post by labbe5 »

https://airvpn.org/topic/30774-eddie-an ... -released/

As of now, there is a Black Friday special offer up to 67% off regular price.
It is a one time offer for one of the best VPN.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

VPN extensions

#156 Post by labbe5 »

VPN extensions are great for bypassing geoblocking, but a big no-no for anonymity and privacy.

I don't know since when VPN extensions have become popular, but VPN extensions should actually be called proxy extensions. The underlying involves no VPN but proxy, yet they claim they are as secure and private as a regular VPN.

Almost all VPN extensions are vulnerable to different levels of IP leaks and DNS leaks. Ironically, although most of them are results of extensions' misconfigurations, browsers are also responsible as there are a lot of pitfalls and misleading documentations on proxy configurations.

If you are tech-savvy and want to know more : https://blog.innerht.ml/vpn-extensions- ... r-privacy/

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

VPN Chaining

#157 Post by labbe5 »

VPN Chaining improves privacy by connecting to multiple VPN servers operated by different companies who -- preferably -- operate in different jurisdictions.

The advantage is that it becomes increasingly difficult to track users when they chain VPN servers.

Connecting to multiple VPNs simultaneously on the same device does not work as well which that leaves virtual machines as the best solution to get the ball rolling.

Basically, you connect to one VPN on the device you are using, and to others that you want as part of the chain in virtual machines.

Now download Virtualbox or VMWare-player : http://www.murga-linux.com/puppy/viewtopic.php?t=114621
and make it hard to track you with VPN chaining.
Source : https://www.ghacks.net/2016/05/19/how-t ... pn-servers

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Best VPNs for Linux

#158 Post by labbe5 »

https://www.tomsguide.com/us/best-linux ... -5991.html

Linux-based operating systems are still a very small part of the desktop market, but that hasn't stopped VPN services from providing client applications. The best we’ve found are from ExpressVPN, NordVPN and VPN Unlimited.

We tried Linux client software from ExpressVPN, Mullvad, NordVPN, Private Internet Access, PureVPN, VPN Unlimited and Windscribe. We had active accounts with all except PureVPN.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

China, Russia, Iran... and now Australia

#159 Post by labbe5 »

https://www.purevpn.com/blog/australia- ... tion-bill/

The Australian government has been working on the anti-encryption bill for more than a year now, and it’s evident they have made effort to ensure that the laws don’t create a systematic vulnerability or weakness for services providing end-to-end encryption.

The legislation would still allow backdoors though, and this will negatively impact the online privacy and security of Australians. Here’s a few ways the bill is going to affect tech companies, and ultimately, Internet users:


When the anti-encryption laws are put into effect, the government will have the authority to both compel companies to reveal details about their systems as well as make modifications to them whenever needed.

As mentioned, the bill would make it compulsory for companies to give details about their systems and how they work. Plus, it would not only allow more people to physically access the networks, but also require companies to use new functionality developed by the government.

All these different aspects, once combined, are very likely to create new attack vectors for companies to safeguard against, which means private user data would also be at the risk of being exposed to cybercriminals.


The anti-encryption laws are a world-first, and therefore it doesn’t come as a surprise that it’s garnering a lot of attention from tech companies, security experts, as well as human rights groups from around the world.

Will you buy VPN services from Australia-based companies? I would not buy VPN services from the U.S., but they did not pass anti-encryption bill.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Proxy servers vs VPNs

#160 Post by labbe5 »

http://www.linuxandubuntu.com/home/conn ... ver-part-2

Proxy and VPN are not the same. A proxy server does hide your IP but does not eliminate more identifying data.

Anonymous Proxy : This type of proxy is already recommended. If we want to use a proxy just to navigate is more than enough for us. This type of proxy no longer reveals our real ip since it is masking the variable http_x_forwarded_for. Therefore with the use of this proxy, we can already affirm that we are anonymous. This type of proxy has the disadvantage that the web server will have the ability to know that we are connecting through a proxy server but can never know our ip.

Proxy Elite or highly anonymous : This type of proxy as well as the anonymous proxy is masking the variable http_x_forwarded_for, but also other variables such as http_via and http_proxy_connection, etc. Therefore we will be falsifying the totality of information that we deliver to the web server and also they will not be able to detect that we are connecting through a proxy server. The proxy server will also not keep a record of the IPs connected to the proxy server.

Post Reply