BolehVPN

Archive for the ‘Announcements’ Category

Wednesday, January 6th, 2016

Italy & Japan Servers Temporarily Offline

Dear Bolehians,

Our Italy and Japan servers will be offline for the next 24 hours or so as we are currently undergoing maintenance and reconfigurations. Thanks for your patience, guys!

patience yoda

Tuesday, January 5th, 2016

Brief Rolling Maintenance on All Servers

We’ll be initiating a series of reboots at 6.00 PM GMT +8 today to apply security patches and update to the latest version of OpenVPN.

Each reboot will take only about 2-3 minutes and the entire exercise should be completed by 8.00 PM GMT +8. You may notice a short disconnection during this maintenance window.

Thank you for your patience!

Monday, December 14th, 2015

What is Dash and why is BolehVPN accepting it?

dash_logo_m

Most people have heard of Bitcoin, the most popular digital currency, but many have asked what is this Dash thing that BolehVPN is accepting as payment?

Think of Dash as digital cash, which hopes to address and improve on Bitcoin. It currently is one of the largest cryptocurrencies (ranked 5th overall in market capitalization) and boasts many features which Bitcoin lacks.

Dash is Anonymous

Bitcoin is often seen by casual observers as an anonymous currency. However it isn’t really anonymous as all transactions are publicly viewable on its ledger system for eternity. The only thing making it seem anonymous is that from the ledger alone, you cannot tell who owns a particular address. However once a real life identity can be tied to a Bitcoin address, this anonymity is broken and funds can begin to be tracked. Researchers at the University of Luxembourg have highlighted methods to de-anonymize Bitcoin transactions. Bitcoin’s pseudonymity can be broken in a number of ways, from tracking payments to monitoring IP address nodes and the researchers estimated a success rate of deanonymization of 11% to 60%.

Dash makes this much more difficult by utilizing a feature called DarkSend which mixes your funds with other people’s funds hence making it much harder to trace your payment history. This mixing can be repeated as much as you want with each subsequent round of mixing further increasing anonymity.

Anonymity is often seen as something to do illegal transactions but this is not necessarily so as fungibility is a very important element of a successful currency in that one unit of currency should not be distinguishable from another and retain the same value. With Bitcoin’s public ledger system, if funds are tainted by illegal transactions and somehow ends up in your hands (even if you are an innocent party), this can have legal ramifications and may even mean that people may not accept your Bitcoins. By anonymizing your funds, your Dash becomes fungible meaning it is indistinguishable from any other Dash, much like physical cash.

Dash is Fast

instantx_logo_normal

Like its namesake, Dash is fast, and transactions can be confirmed almost instantaneously with its InstantX transfer function. Bitcoin transaction takes about 10 minutes to confirm which is not suitable for over the counter trades.

Dash has Big Plans

Dash has many other interesting features including a self funding system that is voted on by its stakeholders (Masternodes) so that it is not subject to the interests of corporations or investor funding. This very important as it ensures Dash has a democratic and sustainable way to fund further development unlike other cryptocurrencies that rely on external sources which may have ulterior motives that are not in the best interests of the cryptocurrency.

Even more exciting is Dash Evolution, a decentralized API that’s in the works that would allow easy integration for merchants with very low merchant fees (no more Paypal!) and allow a user friendly experience by allowing users to send money by way of usernames and maintain contact lists.

To read more, head on to Dash Evolution.

Why Dash and Not other Privacy Cryptocurrencies?

There are other promising privacy oriented currencies like Monero and Zerocash but we have decided to focus on the higher market capitalized and more recognized Dash for the moment. Dash is also much further along in development and provides a much more user friendly experience. The usage of Dash among our customers is steadily picking up.

Monero (No.13 in market capitalization) is promising and has better anonymity but it still lacks an official GUI client though there are third party GUI options available. [SEE UPDATE BELOW] More importantly, I have personally witnessed many of Monero’s representatives employing questionable marketing tactics that often involve trolling and bullying and as such we have decided not to accept it at this point in time as a matter of principle. We even received a strongly worded anonymous warning to threaten to boycott and spread negative publicity about us if we continued to accept Dash. We strongly believe in healthy competition and hope that Monero’s official team takes a stronger stance in regulating its spokespersons (even if they may be on paper unofficial). We look forward to accepting Monero once these problems are rectified.

Zerocash has yet to be launched and potentially offers the best anonymity but has been plagued by delays. We look forward to evaluating it when it is released in hopefully the not too distant future.

Even with these other projects developing further, we feel that Dash will remain in our list of accepted cryptocurrencies for some time to come as it too is rapidly developing solutions to not just anonymity but being a truly scalable and usable digital currency for the masses. If you’re a Dash supporter, you can also rest assured that unlike other Dash merchants, we do not immediately convert our Dash to fiat currency or Bitcoin but instead maintain it in Dash as a long term show of support for the currency.

Update on Monero 16 December 2015:
I had a pleasant chat with some of the Monero community in their IRC channel and hopefully it’s the action of a few individuals rather than a big proportion of the community and it is unfair of us to make generalizations of the entire community from a handful of bad experiences (be it personal). We however hope that Monero could issue out a public notice that such marketing/messages are frowned upon to distance themselves from such unhealthy behaviour that is affecting their brand. We will look into accepting Monero once we can figure out a way to charge Monero in USD terms automatically.

Monday, November 30th, 2015

BolehVPN not affected by “Port Fail” IP Leak vulnerability

portfailThere has been a vulnerability dubbed “Port Fail” revealed by Perfect Privacy that allows an attacker to reveal a person’s true IP address where the VPN provider has port forwarding enabled. This affected some of the largest VPN providers in the world including Ovpn.to, nVPN, and Private Internet Access (PIA). We would like to assure our customers that this is not a problem with our particular setup.

First of all, for the vast majority of the servers that we have, we utilize a shared IP system with port forwarding disabled. Although this had raised some complaints from users who wanted ‘open port’ status, we decided to in the interests of security, keep it locked down for most of our configurations. With this latest vulnerability, it appears that our ‘paranoia’ was justified.

To cater to those who required open port status, we maintained our Fully Routed Luxembourg Dedicated IP configurations which would allow port forwarding, however the method we used in implementing is not subject to the Port Fail vulnerability. In our configuration, each user is assigned a dedicated IP automatically via DHCP that is only used by him during the session (but is recyclable). A range of ports are open for each IP and therefore can be forwarded directly to the user but because each user is using his own dedicated IP, the vulnerability doesn’t work as the Port Fail vulnerability requires the attacker to be on the same IP as the target. Furthermore, communications between clients is locked down in our firewall and we are performing additional checks to ensure this.

However, there are drawbacks to our Fully Routed Luxembourg Dedicated IP approach in that for any particular session, only one user is using a particular exit IP which makes it easier for a 3rd party to attribute an outgoing connection to an incoming one. Although we maintain a no log policy, this combined with the fact that open ports in general means less security, we recommend using our other server configurations for those who who require more privacy or if you really need the open port, to regularly reconnect to our VPN to get new IPs assigned. All other servers employ interface/IP crowding which increases the total number of users sharing the same IP,  and combined with encryption significantly increases your privacy.

Too Long Didn’t Read Version

BolehVPN isn’t vulnerable to the Port Fail vulnerability. However if privacy is of paramount importance, we do not recommend users to use the Fully Routed Luxembourg Dedicated IP servers unless you require open port status.

Further Reading:

 

 

Wednesday, September 23rd, 2015

RevolutionTT Tracker Backdoor Invites for our BolehVPN users (EDIT: Offer closed.)

IPTorrents is awesome but it never hurts to have alternate private trackers. RevolutionTT is one of the best trackers out there as well and is normally invite only.

For the next 10 hours only, we are offering free RevolutionTT tracker invites to our BolehVPN users who subscribe to 30 days and above! Just send us an e-mail to [email protected] with your username and your e-mail address and we will send it over. Note that this offer is only valid for the next 10 hours.

Also unfortunately, this offer is not valid for users from the following countries due to RevoTT rules: “Brazil, Egypt, India, Iran, Israel, Pakistan, Portugal, Romania, Saudi Arabia, Turkey.”

rtt-logo-new

EDIT: This offer is now closed.

Join us at :

©  2012 BolehVPN. All rights reserved. Sales: [email protected] | Support: [email protected]
-->