Surveillance of the internet for UK

[Felon]

VPNs basically sit in the security through obscurity category, which coincidentally is not a good method of security. I'd rather my traffic be coexisting with the millions of others than have an endpoint provided by a smaller (in comparison to a Telco/fixed line internet provider) VPN provider. I reckon VPN provider is much more at risk of opening a backdoor for multiple reasons, too.

Edit: happy to be educated on the technicalities of what I said but I guess it is more of a philosophical point. 256bit encrypted Usenet has been around for donkeys, not felt the need to VPN it too.

I mean, it is technically possible, that a VPN company could be doing absolutely anything, really. They could be harvesting data, storing it, selling - doing whatever with it. I honestly think it's quite unlikely though.

The main reason is cost and risk vs reward. Storing all of that data, sifting through it to find things worth selling to other companies, is not a trivial or cheap thing to do - that's withstanding the fact that the vast majority of internet traffic is encrypted anyway, because a huge amount of it is SSL, especially stuff with anything personal inside it. Even if they did store it, or provided backdoors to others - the vast majority of it would be unreadable. It would also most likely come out if they did it / tried to do it, somebody would find out - or leak it, then the VPN company would be finished.

I also find it highly unlikely that an established VPN company would talk to the government and/or create any backdoors. Very few people (including governments) have any idea what they're really doing when it comes to dealing with raw data like that, outside of big tech companies like Facebook/Google, etc.

I do think the protection VPNs offer is somewhat overblown, ISPs don't generally log actual customer traffic (nobody does that because it's practically impossible to do) they simply keep a record of your account number, source/destination IP address of the data flow, and that's about it. A VPN will obfuscate all of that, but unless you were surfing on sites which had actual illegal content on (like child porn), there wouldn't be much else in the record that could be used. If a judge granted the police a warrant to instruct the ISP to perform "lawful intercept" on your traffic - chances are, you're up to something very bad anyway, you don't get that by accident

 

[Rainmaker]

Troublesome users? Neckbeards running pornography websites with terabytes of illegal material through your network, being in a country that can legally compel you to gather information on uses (UK and US are notable here). The lists go on, not to mention the technical reasons.

Pure FUD. Several companies have been proven to not keep logs, including OVPN in Sweden. They host TPB of all things, and their servers were seized without warning in relation to a suit against TPB recently.

The judge's ruling on the matter? The service (OVPN) had no legal obligation to keep logs. The seized servers were as advertised on the website - running diskless, booting to encrypted RAM over PXE and with all the physical ports glued shut. In other words, useless to the plaintiff.The plaintiff's own expert argued that there 'must' be some giveaways or daemon logs somewhere, so the judge allowed him to access and comb the servers. He came back to court and said sorry, I was wrong - I can't find a thing.

AzireVPN run on the same principles and invite anyone to pop along to their datacentres and verify their claims. They go a step further and had Jason Donenfeld write a 'rootkit' to make it so that even the AzireVPN staff couldn't see traffic crossing the servers, or look at the WireGuard service at all outside of restarting it. When there's no legal compunction to maintain logs, you'd be stupid to start doing it. It would open you to prosecution, and lands you with further legal obligations (no longer being classed as a common carrier, for example).

 

[d_brennen]

Pure FUD.

Not really. FUD is how VPN companies sell their wares though

 

[Rainmaker]

Not really. FUD is how VPN companies sell their wares though

An excellent, sound and reasoned counter argument to the points I raised. Colour me convinced by your masterful oratory. Rebuttal of the century.

 

[ttaskmaster]

I'm intrigued to know what you were googling.

Well, there's the discussions concerning the growing problems of kiddie-fiddlers, mass shootings in various countries, terrorists, military activity, firearms, explosives, lockpicking, various crimes, and other topics of similar ilk. When you Google up reports and statistics on such things, systems flag them up as questionable and if you get enough then it seemingly raises red flags.

Weirdly, they were asking if I had any connections to countries like Poland, and it was only when they mentioned Slovenia that I realised they were asking about my browser history entries for certain manufacturers of camping equipment. Some of them are also military contractors, so I'm obviously a terrorist looking to stock up...

I'm glad you asked, I am worried at the mere fact he has quoted me

I wouldn't worry about it - ISTR you don't read posts properly, go off on one with assumed premises and end up putting peopel on Ignore when you get your presumptive knickers twisted... so that at least gives you plausible deniability when The Man comes knocking at your door with a black hood and some cable ties.

 

[Deleted User 298457]

[...]
I wouldn't worry about it - ISTR you don't read posts properly, go off on one with assumed premises and end up putting peopel on Ignore when you get your presumptive knickers twisted... so that at least gives you plausible deniability when The Man comes knocking at your door with a black hood and some cable ties.

Think you have mistaken me for someone pal Last I remember you were upset I bought a meal kit and said I should go to ASDA or something. Good to know you are on the watch list though I'll be careful next time

 

[ttaskmaster]

Think you have mistaken me for someone pal Last I remember you were upset I bought a meal kit and said I should go to ASDA or something. Good to know you are on the watch list though I'll be careful next time

I probably have. There was some thread or other a couple weeks back where I even twice stated I was playing Devil's Advocate but a bunch of people went nuts, taking it seriously, waving their ignore buttons around and stuff.

But yes, you'd better watch yourself - I'm a wanted man. I have the death sentence in twelve systems!

 

[Chuk_Chuk]

I've changed my DNS to 1.1.1.1, hopefully that will help.

Could someone please explain the joke?

 

[Deleted member 77746]

Could someone please explain the joke?

Do you know what 1.1.1.1 is?

 

[Chuk_Chuk]

Do you know what 1.1.1.1 is?

If I did I would have understood the joke.

 

[Deleted member 77746]

If I did I would have understood the joke.

You sure about that? it's cloudflare. Now do you understand the joke?

 

[Chuk_Chuk]

You sure about that? it's cloudflare. Now do you understand the joke?

If you are not interested in taking the time to explain the joke then you are not compelled to respond.

 

[Deleted member 77746]

If you are not interested in taking the time to explain the joke then you are not compelled to respond.

Says who? Batman?

 

[Deleted User 298457]

If you are not interested in taking the time to explain the joke then you are not compelled to respond.

1.1.1.1 is a DNS service provided by Cloudflare. Google offer 8.8.4.4*/8.8.8.8, OpenDNS was another famous one at 208.67.222.222 · 208.67.220.220

They all offer a level of protection in that any dodgy domain names get 'de listed' so if you try and access PHISINGwebsite1.com they will have already removed that from their register to point to nowhere.

Typically you get DNS 'free' from your internet service provider. YMMV if you've ever noticed an issue, but for example, if you go to an incorrect link with Virgin, it directs you to a Virgin Media 'cannot be found' page with adverts on there.

The benefit of 1.1.1.1 over others is that it specifically states it keeps no logs. So no one will know what domain name you tried to navigate to, beyond what IP originated the request and what the response was (the IP of the website). Virgin for example, if you use their default DNS, will likely keep a lot more data and use it to inform advertising - Joe Bloggs keeps going to blah website name of similar category...

Some DNS services are also very slow. The 1.1.1.1 address claims it is super quick. You are talking saving a fraction of a second the first time you access a new URL before it gets cached though, so it is not a massive improvement.

Edit: I imagine Boulton thought 1.1.1.1 went to nowhere. The 'security LOL' could have been that by virtue of not being able to resolve any URL, you are inherently safe. 1.1.1.1 is a legit service though.

*fixed

 

[Deleted member 77746]

If you are not interested in taking the time to explain the joke then you are not compelled to respond.

Not really a joke.

 

[Chuk_Chuk]

Thank you @dLockers for the detailed write up

 

[Deleted member 77746]

Thank you @dLockers for the detailed write up

Did you laugh?

 

[Chuk_Chuk]

Did you laugh?

No but I now know a little bit more about DNS.

 

[jokerguv]

I'd imagine most ISPs would have implemented a transparent DNS proxy so changing your DNS resolver for privacy concerns is pointless. This can be checked via dnsleaktest.com.

But really for privacy concerns, a proper anonymous VPN service should only be considered (whilst hoping that they actually are as anonymous as advertised ).

 

[platinum87]

I'd imagine most ISPs would have implemented a transparent DNS proxy so changing your DNS resolver for privacy concerns is pointless. This can be checked via dnsleaktest.com.

But really for privacy concerns, a proper anonymous VPN service should only be considered (whilst hoping that they actually are as anonymous as advertised ).

Using that test for plusnet it shows only google servers as i am using 4.4.4.4

Are you saying they plusnet don't know i am going to overclockers, as i would have only accessed it through this computer?