PrivateTracker/PublicTracker SecurityAs many of our users use BolehVPN for bulk non-sensitive transfers, we have disabled encryption for the p2p/download based servers meaning those in PublicTracker and PrivateTracker. This increases speed in general at the cost of some security.
You still are protected against the following:
- Your real IP is still hidden from the end point. Therefore the peer/server at the other end cannot tell who is downloading from them.
- Data you are receiving cannot be altered/manipulated by man-in-the-middle attacks. For more information on man-in-the-middle attacks read here.
However for those who still wish for full privacy especially when there is the worry that your ISP or governmental bodies may wish to eavesdrop, these configurations are NOT recommended and the BolehRoute and US-SurfingStreaming options should be used then.
Basically it still requires quite a bit of skill and effort to get such data and for the most part in regular downloading, it's in our opinion simply not worth the cost, effort and time for ISPs to do such analysis especially since they won't be receiving any complaints originating from the end point due to your IP being hidden. Furthermore, to log such data on their subscribers will require an immense amount of storage/computing capability so they would have to intentionally single you out.
BolehRoute/US-SurfingStreaming SecurityIf you intend to be fully protected, it is recommended that you use an option that would encrypt your data as well. This will also slow down your downloads a little due to the increased overhead caused by encryption.
Our servers in BolehRoute and US-SurfingStreaming implement a 128-bit
Blowfish cipher on top of the SSL authentication.
Blowfish balances fast encryption and good security and there is no effective cryptanalysis on the full-round version of Blowfish known publicly as of 2009.
More Information on using no cipher (as in the PublicTracker/PrivateTracker configurations)
******* WARNING *******: null cipher specified, no encryption will be used
is the warning you'll get when you connect to these two configurations.
Q: What is the NONE Cipher Switch?A: The NONE cipher switch disables data encryption AFTER you have been authenticated or logged into the remote host. This can significantly reduce the load on the CPUs of both machines and may improve performance even more. Its important to remember that the initial authentication process is still fully encrypted. Additionally, while the data is no longer encrypted each packet is still digitally signed and protected against in transit manipulation of the information. Anytime the NONE cipher is used a warning will be printed to screen saying "WARNING: NONE CIPHER ENABLED". If you do not see that warning then the None cipher is not in use.
Q: Is it dangerous to use the NONE Cipher Switch?A: That depends entirelly on what you are trying to do. First off, you can't use the NONE Cipher Switch in an interactive session and is designed to be only used in the transfer of bulk data - like with scp. Second, you should be aware of what kind of data you are transferring. If you are copying financial or medical data then you would not want to use the NONE cipher. However, if you are copying non-sensitive data like MP3s, archives, images, and so forth it may make sense to use the NONE Cipher Switch. You will have to make that determination yourself. Lastly, since the authentication process is still encrypted hackers and eavesdroppers will not be able to steal your password.
Credits to:
Pittsburgh SuperComputer CentreQ: How does bolehVPN protection/encryption work?A: BolehVPN as stated above only encrypts and protects the VPN channel from your computer to our servers. Therefore your ISP cannot analyze your data.
Once your traffic leaves our servers, all protection will be based on your destination server's security protocols. Therefore if without VPN, your data would have been unencrypted to begin with, it would remain unencrypted once it leaves our servers to its intended point. If those servers are being monitored, all they would know that the source is coming from our server's IPs, not your real IP. This provides you anonymity.
Computer <===SECURED VPN LINK via your ISP===> BolehVPN Servers <----Traffic as normal----> Destination
If you are sending sensitive information, please make sure that you know that the destination servers are secured (either using SSL or TLS) from prying eyes.
