VPN Questions inc. Nord VPN

DocQuincy

Would i trust a VPN provider not to have logs? Probably not.

That was my concern but it turns out Nord, who I am looking at, have been audited by PWC and have been found to be true to their privacy policy. I have since found out they are based in Panama too.

DocQuincy

Search with DuckDuckGo, rather than Google. See:
https://duckduckgo.com/privacy

Thanks. I have been using DuckDuckGo. It's not as comprehensive as Google but I do generally like it and you can always add !g for a Google search (the other hashbangs are good too).



However, it does nothing to hide your activity from your ISP. I'm not sure your ISP would know your specific searches though, surely they just know that you connected to DuckDuckGo, Google, etc since they'd just know the host and IP if the connection is using TLS.

DocQuincy

Epic browser may also be useful.

I downloaded this last week and it looks very interesting. I can't work out by default if they use a VPN, I don't think they do since my IP address doesn't change. By default, do they just block tracking scripts? It also hasn't been updated for a year.

DocQuincy

If its just searches your trying to hide whats wrong with something like Opera with its built in VPN?

I didn't know Opera had a VPN. Like with Epic though, if they haven't been audited you don't know what logs they keep. I'm wondering if the 2.99 USD per month is worth it for Nord since they have been audited — plus if you're paying for it it stands to reason the hardware is faster.

that

although you vpn will obfuscate your isp traffic, big brother given time and suspicion most likely can crack it, and I would suspect they may already have a back door too, but fairly sure their sights are not fixed on Netflix dodgers.

google and facebook etc use their own tracking method, partly via cookies, and via other fingerprinting methods. Many browsers have a unique serial number hidden away.

Set your browser to incognito or privacy mode. The most privacy you will probably get is via the bootable Tails CD, and in second place TOR

Many years ago I used cyberGhost and they were good for over a year, then became carp continual loss of service and restricted throughput issues on large downloads. For services that keep dropping OpenVPN is not good and IKEv2 is much better and more seamless.

RumRat

that wrote: »

although you vpn will obfuscate your isp traffic, big brother given time and suspicion most likely can crack it, and I would suspect they may already have a back door too, but fairly sure their sights are not fixed on Netflix dodgers.

google and facebook etc use their own tracking method, partly via cookies, and via other fingerprinting methods. Many browsers have a unique serial number hidden away.

Set your browser to incognito or privacy mode. The most privacy you will probably get is via the bootable Tails CD, and in second place TOR

Many years ago I used cyberGhost and they were good for over a year, then became carp continual loss of service and restricted throughput issues on large downloads. For services that keep dropping OpenVPN is not good and IKEv2 is much better and more seamless.

Yes, in the early days they were a bit carp, but, have now improved beyond all recognition. I've never had it drop out when using and the speed has been good and constant. I think I've tried servers in most of the countries they use (60 at present), obviously one or two will have the odd slow down depending on time distance etc, but, nothing that has interupted anything.

DocQuincy

although you vpn will obfuscate your isp traffic, big brother given time and suspicion most likely can crack it, and I would suspect they may already have a back door too, but fairly sure their sights are not fixed on Netflix dodgers.

I only really want to protect myself against my searches being hacked and made public. I am not doing anything illegal. I think it's unlikely Google or an ISP will ever have this kind of data stolen but you never know (imagine something like this but with Google: https://en.wikipedia.org/wiki/AOL_search_data_leak). I'm not trying to hide nefarious activities, just trying to protect my own privacy. So, there is no incentive for a government to spend any resources in doing that.

google and facebook etc use their own tracking method, partly via cookies, and via other fingerprinting methods. Many browsers have a unique serial number hidden away.

My reason for the VPN is to search in a browser that is not signed in to a Google account. My reasoning is so log as the VPN service is private then this makes my search data safe from Google and my ISP. Even though Google would be able to group my searches together to a single entity that would have no way to tie it to me as an individual (so long as I'm not signed in). I've never heard of being able to access a browser's serial number from a web page (and I'm a web developer).

Set your browser to incognito or privacy mode. The most privacy you will probably get is via the bootable Tails CD, and in second place TOR

Incognito only prevents your local history being saved, no? It's largely irrelevant as far as your ISP is concerned. As an aside, if you like this kind of thing try out Firefox Focus for iOS and Android, it's excellent.


I've found Tor to be quite slow. TAILS I have used before but I think that's difficult to incorporate into day-to-day workflow.

DocQuincy

I signed up for the (heavily!) discounted 3 year plan with NordVPN. There doesn't seem to be a free trial but there is a 30 day money back guarantee so I'll use that if it's no good but I like it so far.



I was sold on NordVPN on the fact the no logs thing was audited and found to be true, they're based in Panama, and they seem to come top of the list for many independent reviews. It's cost me $2.99 per month for three years, which seems reasonable.


The Android app works flawlessly, no problems there.



I am typing this off Fedora Linux using the Firefox extension using their VPN. This works well other than I have to have Cybersec turned off (add ad, malware, phishing tool) as pages were timing out but seemed to work fine with this off. No big deal. I tried downloading their app but it is .deb only. I used Alien to convert it to .rpm but it would not run (no surprise there).


When I'm back in the office I'll try the desktop app on my Mac but I suspect due to the FTP requirements mentioned I'll need to use the browser extension (I don't think I need the extra features anyway). The extensions are only available for Chrome and Firefox so I'll switch to the latter since I use Safari on my Mac.


I looked in Opera VPN but it has been discontinued for mobile; they claim to have a no log policy but I cn't find an audit of this. I tried to find out if Epic Browser logs and has been audited but couldn't. With Epic I don't like the way you can't use extensions or choose your search engine for the search bar (shame as the script blocking is good). So this is why I've gone with a paid version, which likely will be faster anyway.


I hope that helps anyone else in the same position anyway — and thanks to everyone for their input.

that

DocQuincy wrote: »

I think it's unlikely Google or an ISP will ever have this kind of data stolen but you never know

You are possibly correct as there is more money in getting payment details, rather than blackmail, but if these lot below cant even get the basics right.... :whistle:
https://www.ispreview.co.uk/index.php/2018/09/big-plusnet-uk-billing-upgrade-suffers-bugs-and-personal-data-leak.html
https://www.thesun.co.uk/tech/7951958/google-plus-data-leak-exposes-52-million-users/
https://techcrunch.com/2017/09/07/what-happened-to-equifax-today/
https://www.theregister.co.uk/2017/12/04/paypal_tio_data_breach/
https://www.theguardian.com/business/2015/nov/06/nearly-157000-had-data-breached-in-talktalk-cyber-attack
https://www.pcr-online.biz/retail/bt-will-not-be-fined-for-personal-data-leak

Pre-European intervention of the proposed UK directive was for 7 or so years https://www.bbc.com/news/uk-politics-34715872

My reason for the VPN is to search in a browser that is not signed in to a Google account. My reasoning is so log as the VPN service is private then this makes my search data safe from Google and my ISP. Even though Google would be able to group my searches together to a single entity that would have no way to tie it to me as an individual (so long as I'm not signed in).

Not strictly true, you can do weird stuff with java like https://panopticlick.eff.org/, and once I know you are here, I can follow you (sometimes)

I've never heard of being able to access a browser's serial number from a web page (and I'm a web developer).

You are probably right and I should have said ID instead - sorry
https://andywalpole.me/blog/140739/using-javascript-create-guid-from-users-browser-information
https://stackoverflow.com/questions/4935964/javascript-unique-browser-id
https://www.mparticle.com/blog/how-to-find-your-mobile-device-identifiers

I've found Tor to be quite slow. TAILS I have used before but I think that's difficult to incorporate into day-to-day workflow.

Admittedly not the best for video, but find it fine for web stuff. Tails is great from booting from cd and usb on someone elses machine.

DocQuincy

You are possibly correct as there is more money in getting payment details, rather than blackmail, but if these lot below cant even get the basics right....

Exactly. If Google ever leaked a load of search data and it was connected to people's names and addresses can you imagine what the fallout would be like? Loads of people have their searches and YouTube sctivity saved and probably don't even realise. Like I say, most people aren't doing anything illegal but it's like having your WhatApp log or SMSs published for all to see.

Pre-European intervention of the proposed UK directive was for 7 or so years https://www.bbc.com/news/uk-politics-34715872

I think this would only be the IP address and host of sites accessed that they could see, not individual Google searches since they're protected by the HTTPS/TLS process. So, for me I would be more worried about a Google breach than an ISP breach, though I'd obviously prefer neither.

Not strictly true, you can do weird stuff with java like https://panopticlick.eff.org/, and once I know you are here, I can follow you (sometimes)

I've never seen that before but I assume they hash every bit of data they have about you (user agent, resolution, etc) and use that as an ID. My point is though that can be used to track me as an entity but is useless unless they have something personal, like an email address, to tie it to. If I don't sign into my Google account or give Google anything to link it to me I can't see a problem.


Unless I'm missing something, it's true a site could track me within their own site after I, for example, filled a form out, but I'm not too concerned with that.