BolehVPN: Freedom Through Security

Is Internet Privacy dead?

Bruce Schneier, a renowned security expert thinks so in his article.

But does that mean that we shouldn’t take steps to protect ourselves? Instead of giving up and saying “Oh, internet privacy is dead,” there are concrete steps that can be taken to restore a level of privacy.

The first step is to create user awareness on internet privacy, which is already happening and to create demand for products with internet privacy features built-in. For instance, features such as privacy modes in browsers, which was previously unheard of is now a standard feature in most major browsers.

It’s not all doom and gloom. The current internet privacy situation was created by the rapid proliferation of social media and search engines but internet privacy is making a comeback. SOPA was defeated due to a large public outcry.  Instagram was forced to clarify its privacy policies, Facebook introducing more fine-tuned privacy controls and Google being subject to EU data regulators just to name a few instances.

There’s also a difference in privacy for example, I don’t mind people knowing my name or my occupation. I don’t mind people knowing that I like KFC or Android phones. This information when combined together may build a profile of who I am, but they aren’t things that I would personally mind people knowing (of course there are some people who would). But I do mind people reading my e-mails, knowing my surfing habits or intercepting or censoring my communications. For the latter sort of privacy, there are VPNs, anonymous e-mails, PGP encryption and a whole bunch of tools that you can use and for the average Joe, these tools are good enough to protect the most private parts of your life.

In reality, there’s no such thing as absolute privacy. In Malaysia, we have our identity card numbers and voter registrations which can tell a lot of things about us. We pay taxes, take loans, we use credit cards all which require an immense amount of disclosure of information. The same goes for the internet except that unlike taxes and identity cards, you have the CHOICE on the internet whether to take the effort to maintain privacy. Don’t want the public knowing about your kids? Well don’t post go and post pictures of your kids or restrict it to a closed group! Don’t want your ISP to track your internet usage? Well use a VPN or TOR! It is in most cases a CHOICE to disclose information whether realized or not and that’s where user education comes in.

Also see 4 Internet Privacy laws you should know about.

0 0 0 0

We noticed the load on the FullyRouted-Canada servers was getting pretty high recently. Just brought up a new one, you’ll need to update your configs through the Settings tab in the app before you can connect to it though.

We’ve also switched to a new support system which should result in even faster support times!

0 0 0 0

At approximately 4PM Tuesday, March 12, 2013 (CET) our data center partner Equinix Switzerland reported a partial power failure in the datacenter ZH04. The cause of this power failure is not yet know and is still being investigated by the datacenter staff.

We expect this to be resolved shortly.

0 0 0 0

We have released our new BolehVPN-GUI Clients!

ChangeLog:

• Added Server Status ping test function
• Changed Cloak method and removed Cloaked configurations from regular client
• New independent Cloak Client 2.1.4b which has modifications.
• Fixed TAP Adapter installation issues
• Updated non-cloak OpenVPN version to 2.3.0

Remember to uninstall your previous version first!

Download links

Windows V2.1.4

Windows Cloak V2.1.4b (for China/Iran etc)

Mac 1.0.8

0 0 0 0

A lot of people have been asking us our response to these questions so I thought I’ll set them out here.

1. Do you keep ANY logs which would allow you or a 3rd party to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold?

No we do not keep logs. However as per our policy, if we do notice any unusual activity on our servers (high bandwidth loading, high number of connections or cpu usage) we may turn on logs temporarily to identify abuse of our services (such as DoS or spamming through our servers).

Once the user is identified, we will terminate the offending user, issue him an e-mail for the reason of termination and wipe the logs from our system.

Turning on logs for troubleshooting is a very last resort and is necessary to ensure the integrity of our services. It has happened very rarely (only a handful of times in our 6 years of operation) and such information was not disclosed to third parties but merely used to terminate the offending user. In any case logs were usually enabled for not more than few hours and only for the particular server that was experiencing abuse.

2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?

We’re a Malaysian incorporated company which is not subject to any mandatory data retention laws. As we don’t keep logs, there is not much information to share even when requested.

3. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

Servers hosted in US or categorized as “surfing/streaming’ have P2P disabled on them. As for other servers, they are not subject to DMCA and we have a good working relationship with our server providers.

In the event DMCA notices or similar are given to us, we normally respond that we don’t have such content hosted on our networks and if the provider is adamant, we will terminate our relationship with the server provider and find a new one. We will not reveal the user that generated that DMCA notice (nor can we with no logs taken). Over the years, we have identified server providers that we can work with and understand the nature of our business.

4. Which payment systems do you operate and how are these linked to individual user accounts

We accept BitCoin, Liberty Reserve, Paypal and MolPay (Malaysian online bank-ins) and also direct bank-ins for Malaysian users.

For each order, there is an Order ID that is tied to a user name which is marked as paid or not and the method of payment. BitCoins would be the most anonymous form of payment since all other payment processors would require some identifying information. However to sign up to our service, all is needed is a working e-mail and you are free to use placeholder names etc etc. Only in the event of dispute or chargeback cases (especially with credit cards), additional info is requested which is to be expected when using a credit card (unless a prepaid visa is used).

Our order/portal system is not linked to your authentication to our VPN servers and exists completely independent of it since we use a certificate based authentication system.

0 0 0 0