Author Topic: Some thoughts and questions?  (Read 5194 times)

mayibay

  • Guest
Some thoughts and questions?
« on: October 17, 2011, 03:45:13 AM »
Hi.

I will sign up for a trial to test your service.One thing that sets you apart from most vpn's is a support forum.Thats a good start :) Only good vpns have forums to support and communicate with there customers.

I signed up with your service 8 months ago for a 3 day trail when I was looking for a vpn provider.Long story short,I switched my internet provider,so I'm looking into your service again.I live in Northeast Ohio in the United States.My current provider is Hide My Ass,which is located in the UK.This Company is rated one of the top vpn service providers with 176 VPN servers in 32 countries with  19'500+ IP addresses to hide under,but they willingly sell out there customers. I cant believe they will kiss the USA asses to save there own ass.This is my current provider .Sounds great ,Ya right :-\ The US thinks it can bully any country,and now is trying to control the internet.That Bill will not pass.The average American is so sick of are government.Things will change in the next election.....Sorry! need to get off this rant..... it makes my blood boil >:(

I was sued for downloading a movie 1 year ago.I think it was from a file off the Pirate Bay.It cost 3500 USD to settle out of court.I cant afford for this to happen again, or up shit creek without a paddle!! No site in my opinion is safe these days,so depending a vpn provider with your privacy,is the only thing that will save your ass!

Back on topic.As I mentioned,I live in the Northeast Ohio,but I connect to a Server in Serbia.The private site I use is in Russia,so you can see the measures I am trying to take.My line speed through my cable company is 100Mbps.My average speeds without a vpn service is 950 KB/s(down) and 50 KB/s(up).When I use the vpn service and connect to Serbia my connection speeds are 300KB/s (down) and 25-40 KBs (up)

I use my connection for p2p.I will need to definitely use the BolehRoute

Being asked about your service on Torrent Freak is a plus for your business.They weed out all the bs providers,so that says alot about your service 8).There were many providers that were not even considered.

My questions.

1.It seems the best choice for  connecting to your service is United Kingdom,Luxembourg,or Germany.Hide My Ass is located in the Uk,and they sold out there customers,so now I'm worried.Am I really safe with my privacy with BolehVPN.

2.What laws in your country will affect my situation.I live in the US,but would connect through United Kingdom,Luxembourg,or Germany.Bottom line,is my butt protected.

3.If I use a credit card to sign up can it be tracked to my activities online.?What safe guards do you have in place to protect personal information(ie) credit card info ect...What logs to you keep,and can they be traced to an individual?I will use your service for p2p,so that's a primary concern.

4.Do you have any problems with your members using Demonoid or BT Junkie.These are both good public trackers,but they are definitely being watched by anti-p2p groups.I mostly use a torrent site called Torrent Day.They are a private site in Russia.They have the best content of all the trackers I ever used.I cant think of anything they dont have.

5.You service promotes p2p.but what measures do you have to protect your customers?

6.Has your company ever been in the position when a anti-p2p group requested information of one of your customers for copyright infringement?  What about a Court Order? Thats all it took for HMA to sell out there customers.I guess I have alot of questions,but then again,there is alot at stake.
« Last Edit: October 17, 2011, 06:56:39 AM by mayibay »

Offline Reuben

  • Chief Doraemon
  • Administrator
  • Admiral
  • *****
  • Posts: 6878
Re: Some thoughts and questions?
« Reply #1 on: October 17, 2011, 11:02:47 AM »
Thank you for your questions!

I'll do my best to answer your queries:

I am aware of HMA. They explicitly state that they log so they can always give out those logs to those that require it. We don't keep logs so there's nothing for us to give out. As I understand UK law (don't hold me out on this), there is no explicit requirement to log though there's a voluntary opt-in scheme which we are not subject to (afaik). In Malaysia there is no requirement to log. Whether servers would be subject to the provider's legal jurisdiction or the home country's jurisdiction is something I would have to check with.  HMA claims that it's only the country in which they are home based in...I believe this might be a legal grey area but as I am no expert in these legal areas and this is a highly specialized field, i am unable to confirm this.

Strictly speaking, Malaysia's legal framework is very bare in such cases and the rule is that if it's not prohibited, then it's allowed. There is no requirement to log, hence we don't log.

Interesting info:
http://en.wikipedia.org/wiki/Telecommunications_data_retention

In any case, there will be 2 steps for anybody to try and identify someone:

First of all, a court order would have to compel us to turn on logging. This will of course be informed to all our customers should it happen (though we will resist especially since it's our opinion that there are no requirement to keep logs).
Secondly, the user would still have to use the service while those logs are on and despite our warning. Previous accesses would not have been recorded.

We also don't keep logs on the US server though that has been blocked out from P2P purposes and only allows surfing/streaming on it so we don't see any issues with this.

As for credit card details, sure of course our payment gateway provider will keep a record that you paid for our service but this alone isn't enough to link you to a particular activity. We know you're subscribed to us and paid us but honestly speaking we don't know which servers you're accessing or what you're doing with it. We only look into the matter when we detect some sort of abusive behaviour that is in effect causing a detriment to our service or unusual activity (such as DDoS attacks). An alternative is to use prepaid Visa cards so that we ourselves don't even know the person who paid but this is only an issue if an authority has singled you out already and is going to the extent of examining your credit card records and then using those credit card records to show that you subscribed to us and then only can they approach us for 'more info' which we are unable to provide.

Now remember that in countries which seem 'friendly' also tend to have limited 'rule of law'. So you may host in some weird obscure country, but that doesn't prevent providers from being subject to indirect pressure to reveal those logs especially if they are politically sensitive. So Serbia, Russia etc etc, I'm personally not too comfortable with.

The measures are segregating our servers according to use and not keeping logs. It also relates to our particular focus on speed and having sufficient bandwidth requirements.

We have received takedown notices before in which we just terminate the servers and find a new provider. Even in the event they analyze the server's contents, no personally identifiable information will be found in it as no customer data is stored nor connection logs. , 
*If you like my service/support, please consider posting a positive feedback here*<3



Co-Founder/Administrator

mayibay

  • Guest
Re: Some thoughts and questions?
« Reply #2 on: October 19, 2011, 03:00:05 AM »
Thanks for the informative response.I spent some time reading in your forums, so I have a better understanding of your service.

In Malaysia there is no requirement to log. Whether servers would be subject to the provider's legal jurisdiction or the home country's jurisdiction is something I would have to check with.

Well, if no logs are kept on your end.How is my privacy compromised?

One more question.What are my options to pay anonymous.Pay pal is not my pal :) I have been busy searching for answers to my questions.Any input you have Reuben will help me in my decision.I noticed you had some input on Wilders Security Forums.If you except prepaid Visa cards this could be a payment option.Finding Anonymity is not easy.

Here is some food for thought in my search...I found this information,and I'm not claiming these are my words,but I could not express myself better!

1. Location is one of the most important factors, because server locations will be governed by those laws, of course some offshore company, offshore in a particular country might be able to get around this.

2. It seems like the biggest concentration of VPN servers are in the USA and Europe. If anyone can share any other big locations I'd like to read this...

3. For my personal viewpoint on 1 & 2, at the moment I favor Sweden, because of all the piracy movements in the past and it seems for now Swedish law is fairly relaxed even though they are a part of the European Union, I have not read anything where the EU internet laws are affecting them. Plus I have not seen any other country showing such a big Piracy movement as Sweden has shown the world in the past, which tends to be a positive thing for people wanting their online freedoms...

4. This might be considered by some off topic but I do not believe it at all to be the case. Terrorism is nothing new, but because of it's past and present, countries like Europe and the USA are stripping away the rights of their citizens so I strongly encourage those looking at a VPN in either country to never forget this fact and realize how it can play against you. Honeypot, some governmental agency, or a black market of it's own, as a possible front for the VPN, or just some hack kids running this...


 I don't think it matters how much you do, the more info. you see the more conflicting info there is = the more confused you get. The bottom line is you have to put your trust somewhere, and you don't know exactly who to trust. You don't really know what info. they're storing about you, or how quick they'll dime you out if pressured. It's their word. I guess it's nice to see some of them say they don't store logs, but then part of me thinks that at least the ones that say they will hand over your info. are being honest anyway. So perhaps that makes them more trustworthy in the end? There's so many variables to consider. It's no wonder nobody has really come up with an answer to that question we all really want to know in the end... "who's the best"? Many are even reluctant to voice their opinions on it, or who they use personally.

Everybody of course wants the service to be stable and reliable, and a negligible impact on speed. The rest of my criteria is:

- Ability to use P2P/Torrent programs
- Unlimited switching
- Good privacy (ideally, no logging)., we just have to take their word on this.
« Last Edit: October 19, 2011, 10:42:26 AM by mayibay »

mayibay

  • Guest
Re: Some thoughts and questions?
« Reply #3 on: October 20, 2011, 02:28:49 AM »
Its been 2 days with no reply ???

Offline Reuben

  • Chief Doraemon
  • Administrator
  • Admiral
  • *****
  • Posts: 6878
Re: Some thoughts and questions?
« Reply #4 on: October 20, 2011, 11:36:11 AM »
First of all it's only been one day :D Here it says you posted on the 19th and now I'm replying on the 20th (I've been on sick leave and none of my staff can confirm this by themselves hence they've been waiting for me).

1. Your privacy is not compromised as long no logs are kept. We would have to inform our customers in the event logging is made mandatory by laws. To date, we are not aware of any mandatory logging.  In the US, there's a disturbing trend however because of this act that appears that it may be passed:
http://www.theatlantic.com/politics/archive/2011/08/the-legislation-that-could-kill-internet-privacy-for-good/242853/
2. We accept Visa prepaid cards.
3. Same comments as previously on location. Offshore has its own share of problems with slow connectivity and a lack of respect of rule of law. For e.g. do you really trust Russia or Serbia? If the government wanted to get you, what then? For P2Pers they may be safe however since it's too small fry for governments to bother but if you're talking about privacy, then that's a separate issue.
4. No other big locations since they have the best connectivity. Korea and Japan's prices are prohibitive for some reason. Singapore as well. For the price of a 1-2 mbit i can get a gigabit server elsewhere.
5. Sweden is no exception. Currently there are no laws but there are subject to a EU directive which they are supposed to be implemented in local law and they have reprimanded for not implementing into local law yet. We are unsure when these laws will come to effect. This will allow ISPs to retain logs for 6 months or 1 year. It is unclear whether VPNs are 'communication providers' that would be covered under this directive but we are not logging anything currently.

In any case, even IF logs were made mandatory (where currently we are not logging), it will only be used for the following purposes:

Quote
Public authorities may interfere with the exercise of that right only in accordance with the law and where necessary in a democratic society, inter alia, in the interests of national security or public safety, for the prevention of disorder or crime, or for the protection of the rights and freedoms of others.

Not being an expert in these highly technical fields, these are my opinions only and I disclaim liability from relying on this information since a legal expert in these areas would be required to do this.

We meet all those requirements. With one exception that we do turn on logs is that in the event we notice suspicious activity that is affecting our service such as DDoS attacks or spam activities. We turn on to identify the user, and send a message to stop the activity or we'll terminate their account. This is a clear breach of our ToS. After user is identified, logs are then wiped off our servers again so the whole process takes less than a day or in certain cases just a few minutes.

My own personal opinion is that if you're just concerned about P2P privacy, then I don't think there's a problem. Terrorist activities, child related crimes and more serious crimes are a bit more tricky. In our current situation, as we keep no logs, so even if authorities wish to investigate our servers they'll find nothing.

There's two kinds of privacy, one which is simple p2p privacy for the average user and surfing and posting privacy or accessing censored material. This is something we are confident that we can maintain. Serious crime privacy, for people to post child related stuff etc etc or plot attacks, is not something I personally would like my service to be used for and although I would endeavour for ALL users to be protected, in the event that the law compels me under the proper laws, I'm not going to want to go to jail or face a hefty fine to protect these sorts of people. This is similar to HMA's policy which I believe you're using atm except that they log so can more easily comply.

The real question is what happens if the law requires us to keep logs? As of yet, we have not been imposed with a requirement to log. Certain countries also have certain circumstances where tapping can be implemented which can happen without our knowledge but usually for those instances, it has to be for serious matters of national security. Hence the more reason to host in countries where there is rule of law rather than the whole hullabaloo about 'offshore' countries where national security is a term that can be used for anything including hunting down dissidents.

This is my honest and frank opinion of what is happening at the moment. Try to get them from any other VPN provider. I'll be very surprised if anyone can reassure you. Just from HMA's response in that they're only subject to UK law...I too don't think they're properly advised. For instance, let's say they host a server in the US. US knows that server is HMA's through some method. Gov believes that the server is being used by terrorists. Don't tell me that those servers would be subject to UK law? Also other providers seem to be giving stupid responses.

Quote of one VPN provider

Quote
Response to Q1: “It’s technically unfeasible for us to maintain log files with the amount of connections we route,” VPN PROVIDER X explains. “We estimate the capacity needed to store log files would be 4TB per day.”

So you don't log cause it's not possible. Rubbish. There are ways to filter out the logs and there are also different levels of detail. If you're logging every connection fine. But what about those on dedicated IP servers? Can you not log the access time of a particular user to a particular IP? This wouldn't take much space at all. And after all if there's a requirement to log, there's a requirement to log. You can't say oh I'm not complying with the law cause it's too expensive for me to implement. We had at one time successfully implemented logging early in our business (when p2p was actually the only concern) and if it's done on a server by server basis, it's definitely doable.

What I can say is that I could easily just give misleading information as the research being undertaken by Wilders Security is more of 'ask a VPN provider and see how they respond' with some small checks. No check on the actual laws in the country (which would require a lot of work an professional legal advice). Same goes with Torrentfreak. At the end of the day, the research method seems to be the easiest to game I just have to say:

1. Laws don't apply to my servers
2. I don't keep logs
3. I will not give out any info no matter what circumstances.
4. I make proclamations about being in an offshore country and that I respect privacy.

I can easily say all of those. Now tell me, how verifiable are those? I can answer questions all day but it really boils down to, do you trust us from our responses? What is Wilders Security 'ideal' vpn service? I see Xerobank being mentioned a lot but I also see this:

http://bestvpnreviews.com/vpn-reviews/xerobank-xb-vpn-review

They mention they're multi-hop, has anyone actually verified this?

« Last Edit: October 20, 2011, 11:54:14 AM by Reuben »
*If you like my service/support, please consider posting a positive feedback here*<3



Co-Founder/Administrator

Offline Reuben

  • Chief Doraemon
  • Administrator
  • Admiral
  • *****
  • Posts: 6878
Re: Some thoughts and questions?
« Reply #5 on: October 20, 2011, 12:19:19 PM »
Btw for some reason when i type child p******* it will block it from being able to be posted on this forum...although words such as fuck are ok.

How interesting.
*If you like my service/support, please consider posting a positive feedback here*<3



Co-Founder/Administrator

mayibay

  • Guest
Re: Some thoughts and questions?
« Reply #6 on: October 20, 2011, 12:46:35 PM »
Sorry to be so impatient.You have answered all my questions thoroughly,and then some! You seem more up to date on US law than I am.I had no idea :-X  Right to privacy and freedoms in the US are Simply
put in corporate interest :-\ It gets worse everyday.

Wilder Security is a good read,but do I value  there opinions? Yes and No.You can weed out some of the BS providers,and people.Ultimately you have to take it with a grain of salt.It's a point of reference.I am going to sign up with your service.I will get a trial just to make sure I can get average speeds. 

Do you really trust Russia or Serbia?

No,but given the choice of servers they seemed to be a better option than most.I use Serbia ,Russia,Sweden,and Panama.I'm sure there were better choices with there list of servers,but thats negated by there logging policy and business location.I should have known better.Its my fault.Its in there TOS.

As for credit card details, sure of course our payment gateway provider will keep a record that you paid for our service but this alone isn't enough to link you to a particular activity. We know you're subscribed to us and paid

I signed up for pay pal.....It seems hard to find true anonymous prepaid visa card. I'm still looking into this.

Again,I apologize for being so impatient waiting for a response.Thanks for all your help and information! 

« Last Edit: October 20, 2011, 02:00:17 PM by mayibay »

Offline Reuben

  • Chief Doraemon
  • Administrator
  • Admiral
  • *****
  • Posts: 6878
Re: Some thoughts and questions?
« Reply #7 on: October 20, 2011, 01:59:17 PM »
You are welcome and please do not hesitate to contact us should you have any issues with our service.
*If you like my service/support, please consider posting a positive feedback here*<3



Co-Founder/Administrator