Go Back  FlyerTalk Forums > Travel&Dining > Travel Technology
Reload this Page >

[Consolidated] VPN Provider Recommendations

[Consolidated] VPN Provider Recommendations

Old Sep 11, 19, 9:04 am
  #361  
 
Join Date: Dec 2003
Location: NYC
Posts: 5,274
Originally Posted by lewinr View Post
I have no doubt that many (maybe even most) of the biggest VPN services are run by the security services of various interested governments, and the US is no exception.
Is there any technology that will effective to prevent the security service of a major government from monitoring what you're doing on the internet if they have a high level of interest?
richarddd is offline  
Old Sep 13, 19, 12:31 am
  #362  
 
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,110
Originally Posted by richarddd View Post
Is there any technology that will effective to prevent the security service of a major government from monitoring what you're doing on the internet if they have a high level of interest?
There are. BUT at that level you have to take a more holistic approach. Even using the best technology available, many people (including the spooks themselves) have been caught due to human factors.

In general:
1) Watch the privacy & security folks online. They're constantly poking & prodding software and hardware, looking for exploits. There's a reason there are feds at DefCon and BlackHat conferences.
2) See what human rights groups are using. When you've got people embedded in places like China and are putting their lives at risk for their actions, you better believe they're using some decent stuff.
3) Encryption. Use it. Preferably open source. The details of encryption are a whole field in and of itself.
4) Don't trust anyone but yourself. No one will care about your data as much as you do. Your data in someone else's data center = easy subpoena material. Your data in your possession = getting into self-incrimination laws/rules. Even your company / agency isn't to be trusted fully. Spooks have been hung out to dry by their own agencies.
5) You're dumber than you think you are. Learn how not to be dumb.
6) The enemy is smarter than you think they are. Learn how they work and think.
7) 5 & 6 may not be true, BUT keeping your thought pattern like that keeps you out of trouble.
8) Greed and Pride are not compatible with privacy and will get you caught and possibly sent to places you don't want to be.
8a) Complacency also can get you sent to places you don't want to be.
9) Don't mix business with personal stuff.
10) Study failures of others in this area. Don't be THAT guy. For a great example of how even the big boys get it horribly wrong, take a look at the botched CIA Abu Omar operation:
.

If you're truly hiding from the big boys (CIA/MI5(6)/Mossad/FSB):
11) Don't run anything mainstream -- they likely have a drawer full of zero-days at their disposal. Windows is a no-no. Same for common infrastructure equipment like Cisco.
12) Study con men. If you're up against the big boys, you're going to have contact with them sooner or later.
13) Don't forget physical security. The big boys still physically follow people, still wiretap phones, enter buildings, and engage their mark.
14) Hollywood isn't reality.
kennycrudup likes this.
KRSW is offline  
Old Oct 21, 19, 7:15 pm
  #363  
Suspended
 
Join Date: Oct 2004
Location: Bay Area
Programs: DL SM, UA MP.
Posts: 12,730
So Nord was hacked. It was done last year and they've been quiet about it until recently.

That means your traffic could be intercepted.

But does that imply that while you're on Nord, your computer could be hacked?

And presumably anything sensitive you'd use HTTPS anyways.
wco81 is offline  
Old Oct 21, 19, 7:18 pm
  #364  
 
Join Date: Apr 2014
Posts: 408
This is their response.

“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” said the spokesperson. “On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”

Originally Posted by wco81 View Post
So Nord was hacked. It was done last year and they've been quiet about it until recently.

That means your traffic could be intercepted.

But does that imply that while you're on Nord, your computer could be hacked?

And presumably anything sensitive you'd use HTTPS anyways.
PackingIt is offline  
Old Oct 21, 19, 7:34 pm
  #365  
Suspended
 
Join Date: Oct 2004
Location: Bay Area
Programs: DL SM, UA MP.
Posts: 12,730
I thought they didn't keep logs?

In any event, fact that they kept quiet about it for over a year does not make them look good.

Unfortunately I bought 3 years of subscription so I'm stuck with them.
wco81 is offline  
Old Oct 21, 19, 7:35 pm
  #366  
 
Join Date: Apr 2014
Posts: 408
I think they're saying that there are no logs to steal. But they could have theoretically worked in a MtM attack to track your traffic real time and collect it.

Originally Posted by wco81 View Post
I thought they didn't keep logs?

In any event, fact that they kept quiet about it for over a year does not make them look good.

Unfortunately I bought 3 years of subscription so I'm stuck with them.
PackingIt is offline  
Old Oct 21, 19, 8:45 pm
  #367  
FlyerTalk Evangelist
 
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Gold
Posts: 14,455
I mainly bought NordVPN to get around the TfL website blocking US visitors, not really for any extra security (I go through my home VPN server for that). While the hack is unfortunate, I'm not sure it's going to cause me to stop using them--assuming they actually fix the hole and take steps to help prevent others moving forward.
tmiw is offline  
Old Oct 21, 19, 8:48 pm
  #368  
 
Join Date: Apr 2014
Posts: 408
I'd be more concerned about the fact that they didn't say anything about this sooner.
PackingIt is offline  
Old Oct 27, 19, 6:00 pm
  #369  
 
Join Date: Dec 2006
Location: SNA
Programs: Bonvoy Tit Forever, AmEx Plat, National EE, WN CP, CLEAR
Posts: 4,166
Originally Posted by KRSW View Post
Does anyone use a VPN service with Wireguard?
Mullvad does; I use them. I also run WG at home, and at a friends' place who has symmetrical upload/download fiber.
KRSW likes this.
kennycrudup is offline  
Old Nov 25, 19, 12:52 am
  #370  
 
Join Date: Oct 2003
Posts: 1,846
PIA is in process of selling to Kape Technologies, the owner of Cyberghost.
https://www.techradar.com/news/cyber...eate-vpn-giant
https://www.reddit.com/r/PrivateInte..._your/f87fn6q/

h/t https://slickdeals.net/f/13608757-ps...chnologies?v=1

I was just billed for another year on recurring payment and had meant to cancel as I don't plan to use it for a several months. Cancelled and submitted a support request for a refund which can only be done within 7 days of the last payment. We'll see if a recurring payment counts or if it is only new accounts.
"Note: Refund requests are only available within the first 7 days of the last payment per our terms of service. Further information pertaining to our refund policy can be found in our Terms of Service."
https://www.privateinternetaccess.co...quest-a-refund

Last edited by freecia; Nov 25, 19 at 1:17 am
freecia is offline  

Thread Tools
Search this Thread
Search Engine: