1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows VPN Advice/Worth it?

Discussion in 'Software' started by Shoscarm, 18 Oct 2015.

  1. Shoscarm

    Shoscarm What's a Dremel?

    Joined:
    13 Oct 2015
    Posts:
    7
    Likes Received:
    0
    Hi, I will apologise if this thread is in the wrong section. Thought it would come under Windows.

    But I've been looking at a VPN lately "PIA" but always wondered if it's actually worth it for the general user. For me when people say VPN I assume extreme downloaders, but more and more I see more comments, articles etc. on how we should all be using VPN's

    For me a VPN would be good to get websites to work in my country such as AMC. Hulu etc. :idea:

    Just wanting some advice really and if any of you guys use one.
     
  2. ThirtyQuidKid

    ThirtyQuidKid Minimodder

    Joined:
    11 Jun 2010
    Posts:
    603
    Likes Received:
    18
    This is something I have been looking at as well but going down a slightly different route of getting a remote dedicated server in another country or a cloud server and installing something like openVPN as a service that I have exclusive use of and control over. However I have no experience of doing something like this or knowing how stable it would be.

    In short is a paid for service better or do I get another layer of protection by running my own VPN on a remote server ???
     
  3. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,284
    Likes Received:
    183
    It is what is I suppose. You pay your money, all of your traffic is encrypted to their proxy and it is obfuscated out the other end because there will be multiple people on the proxy. The speed will be reduced over your native speeds because traffic is going through a roundabout route to its destination. Some are probably better than others with regards speed.

    Whilst the provider may make certain claims about logs there's no guarantee that those claims are true.

    Running your own in the cloud would hide your traffic from your isp only. Anyone else would just look at the traffic coming out of your server.

    Must should have a trial so you can try them out for a while.
     
  4. ThirtyQuidKid

    ThirtyQuidKid Minimodder

    Joined:
    11 Jun 2010
    Posts:
    603
    Likes Received:
    18

    Hmmm. Makes sense but would this not be true for any provider??? Or is it the fact there are multiple streams of traffic out the the paid for servers and it is difficult to track????

    This is what I'm not sure of with VPN's for general internet usage. I get the usage for secure access from my home to a secure company intranet that I work for, but otherwise I'm not seeing the extra security for browsing/downloading???
     
  5. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,284
    Likes Received:
    183
    It works because there's multiple people sharing the same server. There may also beĺ multiple hops where you connect to an authentication server before being routed to the proxy. None of which you have running your own server.

    It doesn't increase security. It hides your traffic. Do your own research into who and what tracks your Internet traffic then determine if you care or not.
     
    ThirtyQuidKid likes this.
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,084
    Likes Received:
    6,635
    A decent VPN provider should operate on a zero-knowledge basis. (Not all do, so make sure you do your research before picking one.)

    When you connect to the VPN, you traffic appears to be coming from a server owned by the VPN provider. So is the traffic of every other VPN user. You're 'hidden' among the masses, but the important part comes when LEO comes a-knockin'. LEO - or, more commonly, a private company working for lawyers working for copyright holders - calls up your ISP and says "who was using this IP at this time," and your ISP says "it was ThirtyQuidKid, and here's his home address." LEO calls up your VPN provider and asks the same question, your VPN provider says "sorry, no idea - we don't keep any logs."

    That's the primary benefit from using a VPN. Secondary benefits include bypassing any blocks or filters at an ISP level, bypassing any traffic tampering your ISP does, bypassing any blocks or filters at a country level, and bypassing geographic restrictions on sites or content.

    It does not, however, protect you from identification unless you seriously modify your behaviour. Let's say you're using a zero-knowledge VPN to do something naughty, and while said naughty is happening you hop on over to this 'ere forum to post a message. Boom: anyone capturing traffic from the VPN now knows who you are: you're ThirtyQuidKid of the bit-tech forum. Even if you're clever and don't use the same VPN for your naughty stuff as you do for your regular browsing, you're likely not as anonymous as you think: Panopticlick is a great project which demonstrates how easy it is to uniquely identify a user simply based on information his or her browser readily hands out to any server that asks. I just ran it on my daily-driver Chrome browser: "Your browser fingerprint appears to be unique among the 5,979,231 tested so far." They might not know that I'm Gareth Halfacree at that point, but they know I'm the same user that visited yesterday - even if I'm using a different VPN today.

    If you want proper privacy, be prepared for a very limited experience. Use a VPN, and potentially even use TOR or similar on top of that; disable JavaScript and any plugins in your browser, or use an amnesiac system like Tails; don't log in to anything ever.

    Or, y'know, just use t'internet and don't worry about it. Or something inbetween. Your choice, really!
     
    ThirtyQuidKid likes this.
  7. Bungletron

    Bungletron Minimodder

    Joined:
    25 May 2010
    Posts:
    1,171
    Likes Received:
    62
    I use PIA, some people say do not use it because the parent company is in the States so Net Obama is watching you. As far as I am concerned net privacy is a matter of degrees, like Gareth and Ed Snowden says.

    I use the windows app and there is an app for my Android phone. Watch out, there is a DNS leak in Windows 8 and 10 that needs to be plugged for reliable use.

    I use it to watch US Netflix a lot, it is worth the subscription for that benefit alone. I have also accessed iplayer and uk services while I was abroad. The connection speeds are more than sufficient to do this.

    Also I have used it to con public wi-fi, mostly in hotels, that has the routers set up to throttle video streaming sites or other random sites artificially in order to 'benefit' all guests equally. Often download speeds usually jump up and streaming actually works or stops stuttering plus you get to LOL massively at all the other suckers who are getting shafted (I am not a nice person).

    I think PIA is great value for the reasons above and will likely renew my subscription.
     
    ThirtyQuidKid likes this.
  8. ThirtyQuidKid

    ThirtyQuidKid Minimodder

    Joined:
    11 Jun 2010
    Posts:
    603
    Likes Received:
    18
    Very comprehensive answers which give me much reading to do........

    So basically a private cloud VPN is not much good.

    A paid VPN offers a buffer and a layer of protection by mixing traffic with other users and encryption.

    Well thanks for the answers so far. More reading required but for my uses I might just stick with the proxy for unblocking sites as needed at the moment.............
     
  9. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,284
    Likes Received:
    183
    I set my resolution to 1080p, went there with a stock internet explorer on windows 8.1 and got a similar result. I would question the validity of the methods used by the site. Although I would agree, finger printing is definitely a thing.
     
  10. Shoscarm

    Shoscarm What's a Dremel?

    Joined:
    13 Oct 2015
    Posts:
    7
    Likes Received:
    0
    I like how the person who started this thread hasn't commented until now, I inderstand that PIA doesn't keep logs " this is technically untrue" they do in a sense that they log which ip logged onto their servers, they don't log what you did.

    Would switching to Linux be a safer bet as there is a DNS leak in 8 and 10?

    As for the "doing something naughty" on a VPN. How could they track you to bit-tech for example to get your information.

    From what I understand they could get the IP check and find its a VPN and ask the VPN provider this then of course proves whether or not they have logs. Essentially if they don't have a log nothing can be said.

    But then if they have a log saying you connected and used this ip then yes they have a claim.

    If they have a log but it doesn't show you connecting to a ip just the network then this is different.

    I just thought I'd add my two cents as it was my thread.


    Sent from my iPhone using Tapatalk
     
  11. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,084
    Likes Received:
    6,635
    Look at the metrics it's pulling in, though: did you have Flash installed? Java? Was it able to enumerate your system fonts, and if so do you have any non-stock fonts installed? Do you have third-party cookies enabled? First-party cookies? Was Panopticlick able to set a supercookie? 'Cos if it was able to set a supercookie, then if your system wasn't unique before you loaded the page it certainly is now.
    I use AirVPN, which is as close to absolutely-no-logging as you can get. Other VPN services are available; ask your doctor for details.
    Nah.
    Easy: by capturing all the traffic that comes out of the VPN's exit node. Fingerprint the traffic, and you can tell users apart; analyse the traffic for them doing something stupid, like logging in to a website over a non-encrypted connection (or even an encrypted connection where personally identifiable information, such as a unique user ID, appears in the URI) and you've identified the user.
     
    Last edited: 20 Oct 2015
Tags:

Share This Page