Securing my Internet communications

Hello all you Tech Syndicate fellows:

I have a few questions which I would like your input on and am unsure if this is the right forum topic area so please feel free to move it if it is not correct.

I want to secure my Internet communication and want to know what would be the best solution.

Based on what I have read using a VPN should or would be the best solution however using or setting up a Proxy server might be an option as well.

Regarding VPN's there are so many of them with different degrees of secuity, server locations, speed, cost etc.

I am just a normal type of user (I think) who has an aversion to being spied on.

I would appreciate any comments or suggestions that might work for me.

VPN is prolly your best bet.

Free VPN's Worth useing.

SpotFlux - http://www.spotflux.com   (AES-128bit Encryption) US Based Servers.

http://schoolofprivacy.eu/post/50106080217/interview-with-spotflux

CyberGhost- https://cyberghostvpn.com  Free users can access 18 servers (AES-128bit encryption)  And they now do not limit bandwidth for free users, And if you use their cyberghost 5 beta client you will not have the 6hr Disconnect.  They do not log Ip address's or Keep logs. They also offer 2 paid plans. (Check their forum for news on releases of the cyberghost 5 clients. As it is still being developed. But each release will be stable with added features until its in its final stage)

http://cyberghostvpn.com/download/cg5_Beta.exe

Paid VPN's

PrivateInternetAccess- https://www.privateinternetaccess.com  35USD for 1 year. Keeps NO LOGS. And accepts many forms of payments. Prolly the cheapest and most highly rated.

http://schoolofprivacy.eu/post/40879834584/interview-with-private-internet-access

Theirs other good paid vpns, Such as BtGaurd, AirVPN, Torgaurd, EarthVPN, PrivatVPN. (Which all keep no logs) But PrivateInternetAccess is cheaper then all of them, And has Almost 500 servers ( 9 countries ) So its pretty much the best value.

I see people recomending  HideMyAss VPn, They keep logs for upto 2 years. Do yourself a favor And stay AWAY from them. They will roll over on your in a second.

http://schoolofprivacy.eu/post/41190513699/short-interview-with-hide-my-ass

 

Also if you would like to look at a list of interviews with other VPN's to get an idea of which ones you can trust or not trust, Check this page.

http://schoolofprivacy.eu/vpninterviews

 

Personally i use CyberGhost, I ended up getting a  1 year subscription to their Premium plus plan for free.(60usd) 212 servers and growing. AES-128/256bit encryption. Plus L2TP/IPSec protocols.

Also stay away from PPTP, That protocol is no longer secure. It was cracked ages ago. http://vpnreviewz.com/pptp-gets-cracked/

 

Thank you for ther reply!

I will try out PrivateInternetAccess, based on what I have read they are a good option!

 

Thank you

Ipredator from near enough the same crew who run TPB

By simply using the HTTPS protocol from a website, you are secured. Of course, the NSA can break some, but Google amped up their encryption and a lot of others are/will be doing the same in the near future.

As for proxies, generally and proxy does not mask your traffic, it merely serves as a hop point which says to servers that a particular request is originating from the proxy, rather than you.

The most used option, and probably cheapest is by using an SSH Tunnel link to a particular daemon as a Proxy. The traffic between you and the daemon will be encrypted, which is basically the same as the VPN does. you can find tutorials for this on YouTube, this is how I've been getting around the web for years.

Of course, there is the option of you using a VPN: https://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/

Make sure you purchase a VPN service which is closest to your location and most suitable to your needs.

Hello d3vill0ck;

Thank you for the detailed reply!

However based on your comment (Google amped up their encryption and a lot of others are/will be doing the same in the near future.) I want to share this link with you dated August 15, 2013.

http://www.tomsguide.com/us/google-gmail-nsa-privacy-lawsuit,news-17357.html

 

I signed up with PrivateInternetAccess and installed the software, however speed was cut in half versus normal activity. I tried all of ther VNP servers and some where much worse with the best comming in about half of my normal speed.

Is there other setting I could use, i.e. DNS setting etc. to try and bet things closer to what I have been used to?

The Encrytion used for VPN's ( AES-128/256bit-cbc) causes overhead so you will always see a drop in speed. And the speeds you get while connected to a VPN depend on more than one thing, The server location verses your physical location, How they have the server configured, And how many users are on that particualur server. Did you try testing your speeds with only  speedtest website? Those aren't always entirely accurate while connected to a VPN.

I would try downloading a large file( 200mb or more) First without being connected to the vpn, Then while being connected and see what the difference is. Same for uploading. Also PIA offers you the ability to change the connection type, TCP/UDP. You can try changeing that as well and see the difference. It also offers the ability to change the Port. Has the option for remote port, so im assumeing it automatically selects the port for you with that option, So you can manually put in a port for example, UDP53, UDP 25000, TCP 80, TCP 443.

The Encrytion used for VPN's ( AES-128/256bit-cbc) causes overhead so you will always see a drop in speed

Actually, no. AFAIK you can encrypt up to 1GB/s with a modern CPU so that shouldn't impact bandwith.

The server location verses your physical location

Partially correct. The location defines what the connection with the lowest bandwith is but normally the VPN provider uses a good connections so that the bandwith limit will be on your site (except when they throttle it). The latency might change however.

@ wickedwig Your response "Actually, no. AFAIK you can encrypt up to 1GB/s with a modern CPU so that shouldn't impact bandwith." 

Interesting comment, However i'm not wrong. When your traffic is encrypted, That encryption increases the packet size. which is also know as "overhead" And can drop your speeds. Its been known for along time and is splattered all over the internet. try looking it up perhaps?

And its well known latency increases depending on your server location and your physical location.(Among other things) Hardly worth mentioning.

And i was not partially correct. For example. Im in the United states. And with the current Premium Plus subscription i have through a paid vpn(212servers/20countries) that has no bandwith limits, When i connect to a server from Germany, Uk, Romania, Netherlands etc.. my speeds take a hit. When i connect to a US server i get damn near my full speeds. 27up/7down.

Here's an example of some  of the things i mentioned. i'm to lazy to put alot of effort into proveing i'm right when i already know i am.

http://www.cactusvpn.com/vpn/vpn-slow-internet-connection/

When your traffic is encrypted, That encryption increases the packet size

For AES, the cipher size is (len(cleartext)/16+1)*16 which means that in the worst case you have 15 bytes overhead for a message. The packets remain at the same size, only the data size might increase by 15 bytes.

And its well known latency increases depending on your server location and your physical location.(Among other things) Hardly worth mentioning.

Agreed.

When i connect to a server from Germany, Uk, Romania, Netherlands etc.. my speeds take a hit

Useless data because you don't know why your bandwith takes a hit.

As long as there is no bottleneck between you, your isp and the destination server you will get the full bandwith. No matter what. The latency on the other hand can increase because you add another server which has to process your data, because the way is longer and because of the initial crypto handshake.

FYI, a VPN is not secure.

1. You have to trust the VPN provider. Trusting a company is generally a bad idea. They know which connection is from a specific user and can sell the data, they can give it to a government and the data might be stolen.

2. Even if the VPN doesn't give the data to a government they can still figure out which packets between the VPN server and a destination server belong to which user because of the packets characteristics and timing IF they can monitor the connection between you and the VPN and between the VPN and the destination). With this information they know everything they would knew if you didn't use a VPN.

It's more work for the attacker though so it's better than nothing.

+1 Wickedwig: encryption, even when the random number generators of the CPU are disabled, cause no noticeable performance penalty, and the bandwidth overhead is really small. This was never an issue, even when bandwidth rules were very strict a long time ago when the internet was first opened up, encryption was never an issue. Also, VPNs are an emergency solution for people that are in a country that doesn't alloy certain communications, but mostly, VPNs will be blocked then. A private VPN is a very good enterprise solution, but to consumers or non-enterprise users, there is little benefit in a commercial VPN provider, and enterprises will set up their own VPN instead of using a VPN provider.

My opinion is that the focus of the entire security discussion now is wrong: governmental espionage services will spy anyway, so let them do it via the internet, at least at that point they don't have to physically spy on everybody, which saves a lot of taxpayer's money that isn't spent on surveillance drones and spy manhours. It's corporations that spy and filter and push brainwash material that should be stopped, because that's where the real evil lies, because it makes people stupid, and they need to stay smart to counteract the hollowing out of the constitutional rights by overzealous civil servants.