Timestamping On The Blockchain » Brave New Coin

That One Privacy Guy's - Guide to Choosing the Best VPN (for you)

That One Privacy Guy's - Guide to Choosing the Best VPN (for you)
Disclaimer: The below guide is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. I reference my VPN Comparison Chart throughout much of this post, not so much for shameless self promotion, but because I believe it to be a solid resource to determine if a VPN meets your criteria and to assist you in deciding which is best for you. If you just want an ELI5, read the bolded segments throughout the guide for the highlights. If you want to go down the rabbit hole on this topic, read on, and buckle up - this is going to be long.
TABLE OF CONTENTS
I. INTRODUCTION
II. A WORD ABOUT TRUST
III. A WORD ABOUT VPN AFFILIATES
IV. IF YOU'RE CONCERNED WITH PRIVACY
V. IF YOUR CONCERNED WITH SECURITY
VI. IF YOU'RE CONCERNED WITH UN-GEOBLOCKING
VII IF YOU'RE CONCERNED WITH BYPASSING RESTRICTIVE NETWORKS
VIII. CLEARING UP MISCONCEPTIONS
I. INTRODUCTION:
The following is intended to be a detailed guide to answer the question, "How do I choose the best VPN (for me)?" The reason this is a hard thing to help people with, is that their needs and level of technical knowledge vary greatly - there is no one perfect VPN, they all have at least some flaws and some will just flat out be better for different people.
I very well might have forgotten to add a section I intended to, said something that needs clarification, or was just sleepy when I wrote parts of this guide, so I intend to update and expand it as needed.
I'm assuming that if you're reading this far, you have at least SOME knowledge as to the basics of what a VPN is, so I won't cover that here. This will be heavily emphasizing the need of a VPN for privacy, but I will echo and expand on other use cases as well towards the end.
II. A WORD ABOUT TRUST
No matter what reason you want a VPN, you want to know that the service you choose is trustworthy and is not compromising your data. Even if you're only concerned with geo-unblocking or other non-privacy uses, keep reading. I'll get more into this in the "Privacy" section, but it's important for everyone to be exposed to it at least a little.
A preface regarding privacy and trust, from another thread I made a while back. This applies to every company, but I would suggest especially so for VPNs.
We live in a society where privacy is undervalued and under assault daily. Some people eventually notice this and discover that they do value their own. They set out on a pilgrimage of sorts to educate themselves and learn about tools to help them protect it (as I did when I started my project). Because we depend on each other for direction and others to write software and run services to help keep us secure - TRUST AND TRANSPARENCY - are paramount.
However, transparency comes before trust.
III. A WORD ABOUT VPN AFFILIATES
You may have started your search for a VPN by looking for "VPN Reviews" in your search engine of choice. if you had, you would have gotten page upon page of what seem to be harmless review sites, top 10 or blog style reviews of different VPN services. You may even be coming here for confirmation of what you were told on those sites. The sites making these recommendations are, in almost every case, paid by the services they review and recommend. They are beginning their business relationship with you, with what essentially amounts to a lie. The technical term for this kind of marketing is "native advertising" and it's abuse is a huge problem in the VPN industry.
I purposefully made a point to capture this kind of data on my VPN Comparison Chart. There you can find information on services that have affiliate programs, the specific policies they have for them and whether or not the affiliates act ethically, essentially what the services tolerate from those representing them, when it comes to persuading YOU to buy into the information they put out.
Note that not all affiliates have to be bad actors and simply having an affiliate program is not necessarily grounds for mistrust of a VPN, but rather when those services allow their resellers to generate referrals by hook or by crook. If you see a service appear over and over again on the kinds of sites mentioned above, there is a good chance they are making money from, and are perfectly okay with these kinds of deceptive practices as a part of their business model. They often will claim that it's just the affiliate doing this, and that they can't control what others do. This is false. Affiliates, like anyone entering into a business relationship with someone, agree to certain terms put forth by the service hiring them. If a company doesn't expect and enforce certain standards from their affiliates (not spamming, not breaking copyright, disclosing who they are, etc), they are approving these methods, and are not worthy of your trust. If they are willing to lie to you before you even buy into their service, the stage is set for them to be dishonest with you when you interact with them on a normal basis as a customer.
IV. IF YOU'RE CONCERNED WITH PRIVACY
  • a. More on Trust
As a lawyer represents your legal interests, a VPN service (among others) represents your privacy interests. If a lawyer does something to violate your trust or is not honest about some aspect of their representation that could affect you, you would discard them and you'd be right to do so. Likewise with a VPN service. There are many out there that are not worth your time or money. Unlike a lawyer, a VPN can be put together and promoted by anyone with access to a computer, the key difference being that you would never even see their face.
If you are looking for a VPN for privacy purposes, you already believe you cannot trust certain parties. Those parties might be companies whose websites you visit or maybe even an oppressive government whose mass surveillance is encroaching on your rights. You are being put in a position where you must rely on someone other than yourself for protection and the last thing you need is one more party that you can't trust.
This decision is an important one, and not just any VPN service is worthy of that trust. You're trusting them to know what they're doing - to be able to operate a competent service that will protect your privacy. You are trusting them to be responsive to new technical and geopolitical threats to their operation. You're trusting them to be honest with you in the way they do business so that when you are shopping and comparing, you are getting accurate information.
  • b. More on Affiliates
In the main section at the beginning of this guide, I talked about affiliate practices, so I will only briefly mention it here. If you choose a company with an affiliate program, choose one that expects and enforces good behavior from their reselling partners. You can usually read their affiliate terms on their site. If they are not publicly visible, they should respond with this information when asked. If not, or if they play games with you, look elsewhere. More information on affiliate policies and behavior can be found on my VPN Comparison Chart.
  • c. Jurisdiction
In the last few years, certain revelations have been made manifest regarding the mass surveillance programs of various countries around the globe. These countries are known as the five, nine, and fourteen eyes. These countries not only spy on their own citizens where they can get away with it, but they spy on each others, and swap notes to bypass governmental restrictions on power. If a service, or the people who run a service is based in one of these countries, it's not unreasonable to expect that they may be susceptible to unlawful searches and compromises made in the name of national security. That said, if your threat model includes protection from such actions, choosing a company incorporated outside of these jurisdictions probably would not be adequate to protect you - as such actors have vast resources, and if singled out, you would need to worry about more than your VPN (by relying on other tools such as Tor, Tails, paying very close attention to your opsec, etc). Where the servers you're connecting to and the people who operate / have control of them are located are more important than where a company is incorporated, to protect yourself from government overreach
Other countries are not part of the spy collaboration mentioned above, but still have issues with government limitations on internet freedom and free speech. Avoid countries with limited internet freedom. The degree of internet freedom a country has can also be found under "jurisdiction" on my sheet.
  • d. Logging
When you connect to a VPN service, you are essentially just adding one more stop along your route to the open internet. The VPN is a "man in the middle" who you are trusting with the traffic and connection data that is being generated in the background as you use the internet. Some VPN companies choose to log this data. There are many reasons for doing so, some more legitimate than others. Some services record this to protect themselves legally in the case they are approached by authorities. Some companies keep minimal connection logs to aid them in maintaining servers. Some will even sell your data to third parties as part of their business model. If your concern is privacy, you most likely do not want your browsing habits and connection data being recorded. Choose a service that specifically states that they do not keep logs, AND which types they do not keep. Make sure they do not keep ANY kind of activity or connection log Many services claim to not keep logs, but are vague, and upon closer inspection actually do keep certain types, so be wary of such promises until you've confirmed it for yourself in their respective terms and privacy policies.
  • e. Payments and Communication
Assuming privacy is your priority, when you go to pay for your VPN service, there are many methods available, but only a few worth consideration. Services that offer the ability to pay by Bitcoin, cash, or misc gift cards are the best way to ensure that you are kept as anonymous as possible. if these services require more personal information than an email address, look the other direction - this is information they're recording about you that may be used at best to sell to third parties, at worst to later identify you.
Some services offer a PGP key for additional privacy. This is a nice thing to have if you want to be able to communicate with them using encryption.
  • f. Protocols
There are many different kinds of VPN protocols that allow you to establish a tunnel with your service provider - some more secure than others. Certain protocols are documented to have been compromised. Others are free and open source, and as such are freely available for security experts to audit and improve. The free availability of the source code helps to ensure that vulnerabilities are patched quickly and that individuals so inclined can see exactly how their software is working. Choose a VPN that supports OpenVPN and use it to connect to your VPN server. Avoid using other protocols, specifically PPTP as its not suited for privacy.
  • g. DNS and IPv6 Leaks
Throughout the course of using the internet, your computer sends and receives a lot of data that isn't visible to you, the user. When you type in a web address, a request is sent to a server that is usually operated by your ISP. When you connect to the internet using a VPN, this responsibility is now on them. If they don't take certain actions, this request containing info for the site your want to visit is being sent to THEIR ISP instead. This may not be as bad as it going through yours, but as I mentioned logging above - if the company in question even keeps certain logs, there is a chance that the sites you try to visit can be correlated with the timestamps of when such a request is sent. As an alternative, some use public DNS servers, such as google's, which is not ideal for privacy. Choose a VPN service that maintains their own first party DNS server that won't leak - then TEST IT TO MAKE SURE.
When using the internet, you connect to IP addresses. Traditionally, IPv4 is used to accomplish this (you may have seen numbers in the past like 8.8.8.8 or 216.58.217.206, etc). There is another standard that will some day be more prevalent, called IPv6, but that is being used now during the time it transitions into normal configurations (vastly more IPv6 numbers exist than IPv4). When you connect and use the internet (unless you have specifically taken steps to disable it), you are sending and receiving IPv6 data. Again, normally, this data is sent and resolved through your ISP and their DNS servers, but unless properly configured, this information might not be securely passing through the VPN tunnel and could be leaking to the open internet. Given such routed global IPv6 addresses, it's easy for remote sites to identify user ISPs. And with requisite authority, account information could be obtained from those ISPs. Choose a VPN service that either blocks or provides new VPN-specific IPv6 address and provides an IPv6 DNS server that's reachable only through the VPN tunnel - then TEST IT TO MAKE SURE.
  • h. Encryption and other Features
Around 1440 AD, the Printing Press was invented. It created a method for the common person to quickly disperse information, technologically reinforcing the natural right to freely speak and share information. More recently the internet allows billions to freely and openly share ideas and advance humanity. This reaffirmed the common person's rights in such a way that was difficult for governments or organizations to stifle. Similarly, until the invention of firearms, only those physically capable could defend themselves from those that wished to encroach on their rights, thus this technological advancement reinforced the individual's right to self defense. This brings us to Computerized Encryption. As with the other technological advancements mentioned above, Encryption provides a simple-to-use method that the average user can take advantage of to reinforce their right to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.
Choose a VPN service that has strong data and handshake encryption. Make sure the protocol you choose has the level of advertised encryption available to it, as services typically provide more than one protocol with varying levels of encryption strength. The VPN Comparison Chart can help you determine what is considered strong by the color coding on these fields. Be sure that even if the service has the type of encryption you want available BY DEFAULT - some services will technically offer strong encryption, but it has to be manually configured (not user friendly).
Optionally, depending on your use case and threat model, you may be interested in making sure Authenticated SMTP (to send email) and P2P (to file share, download, use Bitcoin, etc) are not blocked on your VPN's servers
  • i. Websites and your Privacy
When you start to search for services and are browsing on their websites, there are some additional items you may want to consider. Speaking of trust and privacy - some companies will use tracking cookies to determine how to best serve you ads, which other sites you've been to, and some will even phone home with specific personal information. Best case, this is an abuse of power by companies stretching the limits of their ideas on how to gather this info, worst case, it can be used to intentionally violate your privacy and tie your device back to the site and activity performed on it. Choose a company that respects your privacy enough to use few if any persistent or external tracking cookies. If they are already violating your privacy the moment you visit their site, you have no assurance that they will take your privacy seriously after hiring them to represent your interests. Available for years, https allows websites to entirely encrypt all data sent and received with the user, effectively blocking out those that might try spying on such web traffic. Choose a service that encrypts their website with an SSL Certificate. Additionally, CloudFlare, Incapsula, and similar services have recently become popular with websites for their DDoS protection and dynamic bandwidth scaling. However, these services act as an additional man in the middle between your VPN's website and you. In the wrong hands, the information they collect and have access to about your VPN's website, and your interaction with it, could be compromised. Avoid VPNs that use CloudFlare, Incapsula, and other such services.
V. IF YOU'RE CONCERNED WITH SECURITY
Many of the points made above are relevant to security as well as privacy, and I will point some out below.
Jurisdiction, specifically Freedom Status is important to ensure an environment where laws are enforced and physical security that we take for granted in some parts of the world are applicable to the servers we communicate with. This also helps indicate that our service and the servers we connect to are located in places that respect internet freedom. This information can be found on the Comparison Chart and confirmed on Freedom House's website.
IPv6 should be specifically tunnelled or blocked outright the same as with the privacy scenario above.
First party DNS servers, as mentioned above, are ideal for preventing leaks of your data.
Both data and handshake encryption should be strong and available for the protocol you choose (which again, should not be PPTP). Other protocols are probably secure enough for daily use. Note that no protocol is bulletproof and exploits probably exist and are discoverable for each and every one of them. Such exploits are even more discoverable by governments with vast amounts of resources.
VI. IF YOU'RE CONCERNED WITH UN-GEOBLOCKING
If your only concern is escaping geoblocks, your needs are far less numerous. Being able to connect to an exit node in the country of your choice is really the only requirement. This doesn't mean necessarily however that you want to neglect the proper security measures discussed above, only that for things like Netflix, Hulu, certain TV online channels and sporting events, they are less important if un-geoblocking is ALL you're trying to do, almost anything will work, HOWEVER - if Privacy and Security are of any concern whatsoever, heed the advice above and know that un-geoblocking will virtually always come naturally when shopping for those needs (as long as required server availability is a feature of your chosen VPN)
VII. IF YOU'RE CONCERNED WITH BYPASSING RESTRICTIVE NETWORKS
Some parts of the world are resisting the ever-growing ability for their citizens to freely share information and as such have implemented roadblocks in their networking infrastructure to cripple such communication. For example, the "Great Firewall of China" has several layers of VPN detection and blocking built into it. Other networks belonging to large corporations or maybe even your Internet Service Provider may restrict you from using certain ports, limiting what you can use the internet for. However, there are ways to get around these restrictions by using the right VPN.
Features such as multihop, TCP port 443, Obfsproxy, SOCKS, SSL tunnels, SSH tunnels, and some other proprietary solutions (which may be built specifically by a given VPN company) can be useful in avoiding these restrictions. As for which are most effective, it's a matter of which restriction is being inflicted upon the user. Speak with your VPN service's support team to determine which might be effective in your case. The VPN Comparison Chart shows which services support which of these protocols and features in their configuration. Using TCP port 443 is usually a relatively common and user-friendly measure to bypass a restrictive/oppressive network.
VIII. CLEARING UP MISCONCEPTIONS
Kill switches - Many VPN services offer in their client a feature called a "Kill switch". The idea with a Kill Switch is that when the VPN loses its connection, it completely prevents the device from using internet, thus preventing accidental leaks of local connection data. Kill Switches are implemented very differently and will never be secure due to their design. The only 100% effective and secure configuration to accomplish prevention of leaks is a properly configured firewall. There are two main types of kill switches, those that shut down preconfigured apps in response to detecting the VPN connection has dropped and those that disable the network connection (or delete routes etc) if they detect a disconnection. In both of these cases the Kill Switch component is having to react to an event and very often leads to leaks - just a single packet is all it takes to compromise your privacy. The only way to be absolutely certain that packets cannot leak is for there to be an independent component (the Firewall) that blocks all packets unless destined for the VPN interface.
Warrant Canaries - Some VPN services maintain a document called a "Warrant Canary". This is a document put out and updated by them certifying that they have not been contacted by government agencies or coerced to compromise their user's data. In theory, if such an event occurred forcing them to compromise their principles, they would stop updating the canary, which in turn would indicate to users that their data is no longer private. Note that not all companies use effective warrant canaries. There is some debate as to the effectiveness of a warrant canary between experts to begin with - as force can be used by governments to coerce companies into maintaining them, thus nullifying their effectiveness. They are usually nothing more than marketing theater. If a company WAS operating a good canary, it would be almost impossible to tell. A warrant canary is almost a better feature to care about once you've found a trustworthy, capable service, rather than looking for a company that has one when shopping around.
I hope that this guide has been useful. I've been meaning to write one for some time, but as you can tell, it's pretty involved. Feel free to ask me if you have any questions - as usual you can contact me on reddit or using the contact info on my sheet.
Written by That One Privacy Guy
submitted by ThatOnePrivacyGuy to VPN [link] [comments]

That One Privacy Guy's - Guide to Choosing the Best VPN (for you)

Update: This can now be found on my website here.
That One Privacy Guy's - Guide to Choosing the Best VPN (for you)
Disclaimer: The below guide is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. I reference my VPN Comparison Chart throughout much of this post, not so much for shameless self promotion, but because I believe it to be a solid resource to determine if a VPN meets your criteria and to assist you in deciding which is best for you. If you just want an ELI5, read the bolded segments throughout the guide for the highlights. If you want to go down the rabbit hole on this topic, read on, and buckle up - this is going to be long.
TABLE OF CONTENTS
I. INTRODUCTION
II. A WORD ABOUT TRUST
III. A WORD ABOUT VPN AFFILIATES
IV. IF YOU'RE CONCERNED WITH PRIVACY
V. IF YOUR CONCERNED WITH SECURITY
VI. IF YOU'RE CONCERNED WITH UN-GEOBLOCKING
VII IF YOU'RE CONCERNED WITH BYPASSING RESTRICTIVE NETWORKS
VIII. CLEARING UP MISCONCEPTIONS
I. INTRODUCTION:
The following is intended to be a detailed guide to answer the question, "How do I choose the best VPN (for me)?" The reason this is a hard thing to help people with, is that their needs and level of technical knowledge vary greatly - there is no one perfect VPN, they all have at least some flaws and some will just flat out be better for different people.
I very well might have forgotten to add a section I intended to, said something that needs clarification, or was just sleepy when I wrote parts of this guide, so I intend to update and expand it as needed.
I'm assuming that if you're reading this far, you have at least SOME knowledge as to the basics of what a VPN is, so I won't cover that here. This will be heavily emphasizing the need of a VPN for privacy, but I will echo and expand on other use cases as well towards the end.
II. A WORD ABOUT TRUST
No matter what reason you want a VPN, you want to know that the service you choose is trustworthy and is not compromising your data. Even if you're only concerned with geo-unblocking or other non-privacy uses, keep reading. I'll get more into this in the "Privacy" section, but it's important for everyone to be exposed to it at least a little.
A preface regarding privacy and trust, from another thread I made a while back. This applies to every company, but I would suggest especially so for VPNs.
We live in a society where privacy is undervalued and under assault daily. Some people eventually notice this and discover that they do value their own. They set out on a pilgrimage of sorts to educate themselves and learn about tools to help them protect it (as I did when I started my project). Because we depend on each other for direction and others to write software and run services to help keep us secure - TRUST AND TRANSPARENCY - are paramount.
However, transparency comes before trust.
III. A WORD ABOUT VPN AFFILIATES
You may have started your search for a VPN by looking for "VPN Reviews" in your search engine of choice. if you had, you would have gotten page upon page of what seem to be harmless review sites, top 10 or blog style reviews of different VPN services. You may even be coming here for confirmation of what you were told on those sites. The sites making these recommendations are, in almost every case, paid by the services they review and recommend. They are beginning their business relationship with you, with what essentially amounts to a lie. The technical term for this kind of marketing is "native advertising" and it's abuse is a huge problem in the VPN industry.
I purposefully made a point to capture this kind of data on my VPN Comparison Chart. There you can find information on services that have affiliate programs, the specific policies they have for them and whether or not the affiliates act ethically, essentially what the services tolerate from those representing them, when it comes to persuading YOU to buy into the information they put out.
Note that not all affiliates have to be bad actors and simply having an affiliate program is not necessarily grounds for mistrust of a VPN, but rather when those services allow their resellers to generate referrals by hook or by crook. If you see a service appear over and over again on the kinds of sites mentioned above, there is a good chance they are making money from, and are perfectly okay with these kinds of deceptive practices as a part of their business model. They often will claim that it's just the affiliate doing this, and that they can't control what others do. This is false. Affiliates, like anyone entering into a business relationship with someone, agree to certain terms put forth by the service hiring them. If a company doesn't expect and enforce certain standards from their affiliates (not spamming, not breaking copyright, disclosing who they are, etc), they are approving these methods, and are not worthy of your trust. If they are willing to lie to you before you even buy into their service, the stage is set for them to be dishonest with you when you interact with them on a normal basis as a customer.
IV. IF YOU'RE CONCERNED WITH PRIVACY
  • a. More on Trust
As a lawyer represents your legal interests, a VPN service (among others) represents your privacy interests. If a lawyer does something to violate your trust or is not honest about some aspect of their representation that could affect you, you would discard them and you'd be right to do so. Likewise with a VPN service. There are many out there that are not worth your time or money. Unlike a lawyer, a VPN can be put together and promoted by anyone with access to a computer, the key difference being that you would never even see their face.
If you are looking for a VPN for privacy purposes, you already believe you cannot trust certain parties. Those parties might be companies whose websites you visit or maybe even an oppressive government whose mass surveillance is encroaching on your rights. You are being put in a position where you must rely on someone other than yourself for protection and the last thing you need is one more party that you can't trust.
This decision is an important one, and not just any VPN service is worthy of that trust. You're trusting them to know what they're doing - to be able to operate a competent service that will protect your privacy. You are trusting them to be responsive to new technical and geopolitical threats to their operation. You're trusting them to be honest with you in the way they do business so that when you are shopping and comparing, you are getting accurate information.
  • b. More on Affiliates
In the main section at the beginning of this guide, I talked about affiliate practices, so I will only briefly mention it here. If you choose a company with an affiliate program, choose one that expects and enforces good behavior from their reselling partners. You can usually read their affiliate terms on their site. If they are not publicly visible, they should respond with this information when asked. If not, or if they play games with you, look elsewhere. More information on affiliate policies and behavior can be found on my VPN Comparison Chart.
  • c. Jurisdiction
In the last few years, certain revelations have been made manifest regarding the mass surveillance programs of various countries around the globe. These countries are known as the five, nine, and fourteen eyes. These countries not only spy on their own citizens where they can get away with it, but they spy on each others, and swap notes to bypass governmental restrictions on power. If a service, or the people who run a service is based in one of these countries, it's not unreasonable to expect that they may be susceptible to unlawful searches and compromises made in the name of national security. That said, if your threat model includes protection from such actions, choosing a company incorporated outside of these jurisdictions probably would not be adequate to protect you - as such actors have vast resources, and if singled out, you would need to worry about more than your VPN (by relying on other tools such as Tor, Tails, paying very close attention to your opsec, etc). Where the servers you're connecting to and the people who operate / have control of them are located are more important than where a company is incorporated, to protect yourself from government overreach
Other countries are not part of the spy collaboration mentioned above, but still have issues with government limitations on internet freedom and free speech. Avoid countries with limited internet freedom. The degree of internet freedom a country has can also be found under "jurisdiction" on my sheet.
  • d. Logging
When you connect to a VPN service, you are essentially just adding one more stop along your route to the open internet. The VPN is a "man in the middle" who you are trusting with the traffic and connection data that is being generated in the background as you use the internet. Some VPN companies choose to log this data. There are many reasons for doing so, some more legitimate than others. Some services record this to protect themselves legally in the case they are approached by authorities. Some companies keep minimal connection logs to aid them in maintaining servers. Some will even sell your data to third parties as part of their business model. If your concern is privacy, you most likely do not want your browsing habits and connection data being recorded. Choose a service that specifically states that they do not keep logs, AND which types they do not keep. Make sure they do not keep ANY kind of activity or connection log Many services claim to not keep logs, but are vague, and upon closer inspection actually do keep certain types, so be wary of such promises until you've confirmed it for yourself in their respective terms and privacy policies.
  • e. Payments and Communication
Assuming privacy is your priority, when you go to pay for your VPN service, there are many methods available, but only a few worth consideration. Services that offer the ability to pay by Bitcoin, cash, or misc gift cards are the best way to ensure that you are kept as anonymous as possible. if these services require more personal information than an email address, look the other direction - this is information they're recording about you that may be used at best to sell to third parties, at worst to later identify you.
Some services offer a PGP key for additional privacy. This is a nice thing to have if you want to be able to communicate with them using encryption.
  • f. Protocols
There are many different kinds of VPN protocols that allow you to establish a tunnel with your service provider - some more secure than others. Certain protocols are documented to have been compromised. Others are free and open source, and as such are freely available for security experts to audit and improve. The free availability of the source code helps to ensure that vulnerabilities are patched quickly and that individuals so inclined can see exactly how their software is working. Choose a VPN that supports OpenVPN and use it to connect to your VPN server. Avoid using other protocols, specifically PPTP as its not suited for privacy.
  • g. DNS and IPv6 Leaks
Throughout the course of using the internet, your computer sends and receives a lot of data that isn't visible to you, the user. When you type in a web address, a request is sent to a server that is usually operated by your ISP. When you connect to the internet using a VPN, this responsibility is now on them. If they don't take certain actions, this request containing info for the site your want to visit is being sent to THEIR ISP instead. This may not be as bad as it going through yours, but as I mentioned logging above - if the company in question even keeps certain logs, there is a chance that the sites you try to visit can be correlated with the timestamps of when such a request is sent. As an alternative, some use public DNS servers, such as google's, which is not ideal for privacy. Choose a VPN service that maintains their own first party DNS server that won't leak - then TEST IT TO MAKE SURE.
When using the internet, you connect to IP addresses. Traditionally, IPv4 is used to accomplish this (you may have seen numbers in the past like 8.8.8.8 or 216.58.217.206, etc). There is another standard that will some day be more prevalent, called IPv6, but that is being used now during the time it transitions into normal configurations (vastly more IPv6 numbers exist than IPv4). When you connect and use the internet (unless you have specifically taken steps to disable it), you are sending and receiving IPv6 data. Again, normally, this data is sent and resolved through your ISP and their DNS servers, but unless properly configured, this information might not be securely passing through the VPN tunnel and could be leaking to the open internet. Given such routed global IPv6 addresses, it's easy for remote sites to identify user ISPs. And with requisite authority, account information could be obtained from those ISPs. Choose a VPN service that either blocks or provides new VPN-specific IPv6 address and provides an IPv6 DNS server that's reachable only through the VPN tunnel - then TEST IT TO MAKE SURE.
  • h. Encryption and other Features
Around 1440 AD, the Printing Press was invented. It created a method for the common person to quickly disperse information, technologically reinforcing the natural right to freely speak and share information. More recently the internet allows billions to freely and openly share ideas and advance humanity. This reaffirmed the common person's rights in such a way that was difficult for governments or organizations to stifle. Similarly, until the invention of firearms, only those physically capable could defend themselves from those that wished to encroach on their rights, thus this technological advancement reinforced the individual's right to self defense. This brings us to Computerized Encryption. As with the other technological advancements mentioned above, Encryption provides a simple-to-use method that the average user can take advantage of to reinforce their right to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.
Choose a VPN service that has strong data and handshake encryption. Make sure the protocol you choose has the level of advertised encryption available to it, as services typically provide more than one protocol with varying levels of encryption strength. The VPN Comparison Chart can help you determine what is considered strong by the color coding on these fields. Be sure that even if the service has the type of encryption you want available BY DEFAULT - some services will technically offer strong encryption, but it has to be manually configured (not user friendly).
Optionally, depending on your use case and threat model, you may be interested in making sure Authenticated SMTP (to send email) and P2P (to file share, download, use Bitcoin, etc) are not blocked on your VPN's servers
  • i. Websites and your Privacy
When you start to search for services and are browsing on their websites, there are some additional items you may want to consider. Speaking of trust and privacy - some companies will use tracking cookies to determine how to best serve you ads, which other sites you've been to, and some will even phone home with specific personal information. Best case, this is an abuse of power by companies stretching the limits of their ideas on how to gather this info, worst case, it can be used to intentionally violate your privacy and tie your device back to the site and activity performed on it. Choose a company that respects your privacy enough to use few if any persistent or external tracking cookies. If they are already violating your privacy the moment you visit their site, you have no assurance that they will take your privacy seriously after hiring them to represent your interests. Available for years, https allows websites to entirely encrypt all data sent and received with the user, effectively blocking out those that might try spying on such web traffic. Choose a service that encrypts their website with an SSL Certificate. Additionally, CloudFlare, Incapsula, and similar services have recently become popular with websites for their DDoS protection and dynamic bandwidth scaling. However, these services act as an additional man in the middle between your VPN's website and you. In the wrong hands, the information they collect and have access to about your VPN's website, and your interaction with it, could be compromised. Avoid VPNs that use CloudFlare, Incapsula, and other such services.
V. IF YOU'RE CONCERNED WITH SECURITY
Many of the points made above are relevant to security as well as privacy, and I will point some out below.
Jurisdiction, specifically Freedom Status is important to ensure an environment where laws are enforced and physical security that we take for granted in some parts of the world are applicable to the servers we communicate with. This also helps indicate that our service and the servers we connect to are located in places that respect internet freedom. This information can be found on the Comparison Chart and confirmed on Freedom House's website.
IPv6 should be specifically tunnelled or blocked outright the same as with the privacy scenario above.
First party DNS servers, as mentioned above, are ideal for preventing leaks of your data.
Both data and handshake encryption should be strong and available for the protocol you choose (which again, should not be PPTP). Other protocols are probably secure enough for daily use. Note that no protocol is bulletproof and exploits probably exist and are discoverable for each and every one of them. Such exploits are even more discoverable by governments with vast amounts of resources.
VI. IF YOU'RE CONCERNED WITH UN-GEOBLOCKING
If your only concern is escaping geoblocks, your needs are far less numerous. Being able to connect to an exit node in the country of your choice is really the only requirement. This doesn't mean necessarily however that you want to neglect the proper security measures discussed above, only that for things like Netflix, Hulu, certain TV online channels and sporting events, they are less important if un-geoblocking is ALL you're trying to do, almost anything will work, HOWEVER - if Privacy and Security are of any concern whatsoever, heed the advice above and know that un-geoblocking will virtually always come naturally when shopping for those needs (as long as required server availability is a feature of your chosen VPN)
VII. IF YOU'RE CONCERNED WITH BYPASSING RESTRICTIVE NETWORKS
Some parts of the world are resisting the ever-growing ability for their citizens to freely share information and as such have implemented roadblocks in their networking infrastructure to cripple such communication. For example, the "Great Firewall of China" has several layers of VPN detection and blocking built into it. Other networks belonging to large corporations or maybe even your Internet Service Provider may restrict you from using certain ports, limiting what you can use the internet for. However, there are ways to get around these restrictions by using the right VPN.
Features such as multihop, TCP port 443, Obfsproxy, SOCKS, SSL tunnels, SSH tunnels, and some other proprietary solutions (which may be built specifically by a given VPN company) can be useful in avoiding these restrictions. As for which are most effective, it's a matter of which restriction is being inflicted upon the user. Speak with your VPN service's support team to determine which might be effective in your case. The VPN Comparison Chart shows which services support which of these protocols and features in their configuration. Using TCP port 443 is usually a relatively common and user-friendly measure to bypass a restrictive/oppressive network.
VIII. CLEARING UP MISCONCEPTIONS
Kill switches - Many VPN services offer in their client a feature called a "Kill switch". The idea with a Kill Switch is that when the VPN loses its connection, it completely prevents the device from using internet, thus preventing accidental leaks of local connection data. Kill Switches are implemented very differently and will never be secure due to their design. The only 100% effective and secure configuration to accomplish prevention of leaks is a properly configured firewall. There are two main types of kill switches, those that shut down preconfigured apps in response to detecting the VPN connection has dropped and those that disable the network connection (or delete routes etc) if they detect a disconnection. In both of these cases the Kill Switch component is having to react to an event and very often leads to leaks - just a single packet is all it takes to compromise your privacy. The only way to be absolutely certain that packets cannot leak is for there to be an independent component (the Firewall) that blocks all packets unless destined for the VPN interface.
Warrant Canaries - Some VPN services maintain a document called a "Warrant Canary". This is a document put out and updated by them certifying that they have not been contacted by government agencies or coerced to compromise their user's data. In theory, if such an event occurred forcing them to compromise their principles, they would stop updating the canary, which in turn would indicate to users that their data is no longer private. Note that not all companies use effective warrant canaries. There is some debate as to the effectiveness of a warrant canary between experts to begin with - as force can be used by governments to coerce companies into maintaining them, thus nullifying their effectiveness. They are usually nothing more than marketing theater. If a company WAS operating a good canary, it would be almost impossible to tell. A warrant canary is almost a better feature to care about once you've found a trustworthy, capable service, rather than looking for a company that has one when shopping around.
I hope that this guide has been useful. I've been meaning to write one for some time, but as you can tell, it's pretty involved. Feel free to ask me if you have any questions - as usual you can contact me on reddit or using the contact info on my sheet.
Written by That One Privacy Guy
submitted by ThatOnePrivacyGuy to privacytoolsIO [link] [comments]

BE AWARE! AN AVALANCHE OF STOCKBROKERS IS ABOUT TO HAPPEN! A NEW COMMISSION-FREE CRYPTO FUTURES MARKET IS ABOUT TO BE LAUNCHED, LET'S MEET DIGITEX





Crypto has been struggling to get accepted into formal financial markets recently, Bitcoin ETF proposals have been rejected by the SEC one after the other. The SEC argues that its main concerns are market price manipulation, security issues on the crypto exchanges, low liquidity and mall relative size of the crypto market.

While it might get some more time to develop more reliable tools on the crypto ecosystem and have SEC approves bitcoin ETF. It is well known that strong future markets help to stabilize volatile prices of many assets such as commodities. Futures markets have to be incentivized to grow further and bring more overall reliability to the crypto ecosystem.

Foreseeing this opportunity, a experimented pit-trader from the London International Financial & Options Exchange (LIFFE) has inspired a crafty team to create the perfect opportunity for crypto futures markets ultimate expansion an growth. They create a concept that will change the current paradigm of crypto futures market. They have created Digitex, the first commission-free futures exchange.


Why futures markets are such a big deal?


Futures markets are one of the most important tools for stabilizing volatile markets. Its relevance for the crypto ecosystem lies in three factors:


But despite its great benefits and low costs, futures market's fees are still too much of a burden for high volume, low profit, margin futures trading strategies. This situation hinders futures market liquidity and turns possible profitable strategies into losing ones after commissions are charged.

Digitex gamechanger commission-free scheme



Digitex will create an Ethereum based token, it will be called DGTX. It will be used to denominate all profits, losses, margin requirements and account balances. Therefore, any trader that wants to participate in the commission-free trading environment of Digitex should own DGTX, thus a great demand is expected from the traders willing to join this unique opportunity.

Having read this much a question yet remain unanswered, how is it possible for an exchange to operate without charging fees? How does it sustain itself?



At this point is when the genie came out of the lamp. Instead of charging fees on traders that bring liquidity to the futures market, Digitex revenue model imposes a small inflationary cost on all token holders that will be widely outweighed with the high demand that the DGTX token will have. Even better, Digitex Futures Exchange will leverage onto the trustless security system of the Ethereum Blockchain to guard account balances. An Ethereum smart contract will hold all account balances, Digitex will inform the Smart Contract about each trader outstanding margin liabilities and profit/losses balance.

In a nutshell, Digitex Futures Exchange will not hold any physical data about traders balance nor it will hold any private key from users. Thus, malicious actors have little to no incentives to attack the Digitex.

The icing on the cake. DGTX holders will be the ones who decide DGTX minting rates


DGTX token issuance will be democratically decided by the DGTX holders through a mechanism leveraged on the Blockchain, this will readily enforce a healthy DGTX token inflation rate, aligning the interest of the DGTX holders with the interest of the Digitex Futures Exchange.


Futures traders' commission-free Utopia, a dream that became true


By creating an ERC-223 token on the Ethereum Blockchain, and by using it as the native currency of the Digitex Futures Exchange, traders will be to enjoy more freedom than ever with a operating scheme that allows them to implement whatever trading strategy they desire without fees-related limitations.


This new high liquid market will attract many traders that must buy DGTX token to cover the margin requirements to open trades. Thus, the inflationary pressure will be more than matched with the high demand for DGTX tokens. Besides, the first two years there will be no issuance of DGTX tokens since all operative cost will be covered through the DGTX ICO. Skeptical traders will have more than plenty time to watch the performance of the Digitex Futures Exchange, but traders will have to keep in mind that the early bird gets the worm.

According to Digitex Futures Exchange projections, in early 2021 the first issuance of DGTX tokens will occur. Traders will vote to decide how many tokens will be minted to cover for software development, servers, staff, premises, marketing, support, and other related costs to keep the platform fully operational. They will do so through a Blockchain-based, Decentralized, Governance Mechanism that will allow DGTX holders to vote with a 1-DGTX/1-vote ratio.

If you have had enough and don't want to waste more time to join this project, go here and get early access. If not keep reading that it just gets better



DGTX token details


Since all profits and losses are denominated in DGTX tokens, each trader have to own enough DGTX to cover his potential losses because the tick value of each Digitex futures contract is one DGTX token.

The owner of DGTX tokens can engage in the buying and selling of liquid futures on the price of the Bitcoin against the USD, Ethereum against the USD, and Litecoin against the USD. Due to the commission-free framework of Digitex, the more active the trader is, the higher the intrinsic value of each DGTX token he has because he is saving the commissions than any other platform would have charged on him for doing the exact same trade.

Let's summarize the key aspects of the DGTX token



DGTX will be the native currency of Digitex The tick value of each Digitex futures is one DGTX
Traders' margin requirements will be covered with their DGTX Account balances are denominated in DGTX tokens
DGTX minting will cover for Digitex operational costs The initial supply will be 1 billion of DGTX tokens. The funds risen in the ICO will cover the costs of Digitex for the first 2 years of operation.
Integration with swap.tech ,0xproject, and bancor.com enables free tradeability of DGTX with BTC, ETH, and other major Cryptocurrencies Traders can eliminate DGTX price risk thanks to DGTX peg system.


Price risk is no longer a burden for traders thanks to DGTX peg system


Hedging is a basic strategy in stock markets to protect portfolios and reduce the negative effects that negative market movements may have on traders investments. Traders that hedge risk on their physical holdings of the underlying instrument (Bitcoin, Ethereum, or any other cryptocurrency) cannot tolerate DGTX token's price affecting their positions.


To protect traders from DGTX price volatility, Digitex Futures Exchange has futures contracts on the price of DGTX that allows traders to lock in their tokens and sell them at current market prices. This great tool allows traders to keep possession of their DGTX tokens to cover their margins and keep trading on the Digitex futures market. The downside of this strategy is that traders will not earn the profit if the DGTX rises because of the tokens being locked at a lower price.

As with any other future contract, the trader has to deposit a margin payment in the currency to which he is pegging the value of DGTX to cover his potential loses on the trade. Because the trader is protecting himself against DGTX price risk, another currency has to be employed to cover margin payments. ETH deposits are handled into an independent account balance smart contract and BTC deposits are converted into RSK and deposited into a separated Account Balance Smart Contract (RSK is a Turing complete sidechain of the bitcoin network).

DGTX token availability


If DGTX token will be the fuel of a high volume and very liquid futures market, it has to be readily available and as frictionless as possible. Some traders may be happy to hold DGTX for the long term, but most traders will buy DGTX tokens only when needed and convert them back to other cryptocurrencies as soon as their positions are closed.


To properly address this situation, Digitex Futures Exchange will integrate 0xproject into its platform. Besides, 20% of the proceeds from token sales will be used to create a liquid market of DGTX tokens to ensure that a enough offers can sustain the expected high bid levels.

Traders on the Digitex Futures Exchange are expected to buy DGTX at the start of each trading session, use the DGTX peg-system to lock in their sale price and convert them into the original cryptocurrency a few hours later when the trading session ends. This workflow will ensure a massive volume of DGTX traffic that will benefit greatly in the long term.

DGTX token supply and distribution



DGTX token issuance model and price projections


DGTX token creation events will occur via a fully auditable Smart Contract, a transparent review of DGTX token supply and event creations will be always available. Digitex team build price projections over these basic assumptions:
  • 2% of traders are whales who buy a total of $150,000 USD worth of DGTX tokens over a 2 year period.
  • 10% of traders are medium-sized traders who buy a total of $15,000 uSD worth od DGTX tokens over a 2 year period
  • 88% of traders are small traders who buy a total of $1,500 USD worth od DGTX tokens over a 2 year period
Quotation source: Digitex white paper page 7-8



Source: Digitex white paper page 8
This is an oversimplified model that doesn't take into account the overall trend in the crypto market. If the market turns bullish the rise in DGTX prices will be more than expected, but if the market is too bearish, the expectations may not be fulfilled even if the right number of traders is reached. Despite all that, the general trend can be depicted in this chart. Moreover, taking into account that BTC has lost more than 60% of his value in 2018, DGTX stands as the 3rd bigger gainer according to coinmarketcap. You can tell from the graph below that investors are excited about the approaching kickstart date.


Source: Coinmarketcap

DGTX token inflation projections


After January 2021, the next 12 months of the operational cost will be covered through the minting of new DGTX tokens. Here we can see a table with the expected effect of the inflation on the value of each DGTX token:


Source: Digitex white paper page 9
The worst case scenario guarantees that if only 1,000 new trader registers during the first 2 years and DGTX price remain stagnant, only 5% of inflation is required to maintain the operational costs for the next 12 months. The effect of 5% inflation over the 0.02% price is negligible. Also, if the best case scenario is met, only 2.3% of inflation will be required to sustain the platform and its effect on the project price will be only of 1 cent per DGTX token. If the project reaches this stage, securing 12 months of development and more marketing will attract thousands more of traders that will increase the demand for DGTX outweighing the inflationary cost of creating that demand. You can tell that their projections might have been too conservative, in September 2018 we got an announcement about their waitlist reaching 100K signups...no wonder why their CEO seems so happy.



Digitex hybrid trustless futures trade platform


Digitex have adopted a smart combination of the best features obtained with centralized matching engines and trustless, decentralized Smart Contracts to held account balances. In the wild future trading pits, each second matters, thus its mandatory to have a system with the smallest latency levels. Also, privacy is required to prevent frontrunners to exploit big orders. Many other desirable characteristics aren't yet available onto on-chain platforms and are only reached on centralized dedicated servers such as margin trading tools, scalability, and high privacy. Therefore, a hybrid model that covers current on-chain shortcomings and have none of the centralized ill-practicing is the smartest approach to leverage this new business model.

Digitex. The oracle for the account balance smart contract



Digitex acts as an Oracle that updates the decentralized Smart Contract that holds traders' account balances. When a trader requests a withdrawal of DGTX tokens, the Smart Contract requests an update to Digitex about the trader's profit and losses, as well as his current margin liabilities on his current matched and unmatched orders. Thus, the Smart Contract can update its available withdraw balance for that trader.

The potential attack vector from the communication of the exchange with the Smart Contract will be prevented by calculating from scratch traders' profit and loss from their matched trades whenever the smart contract asks for an update to a trader's account balance. Thus, a hacker who has somehow gained access to the exchange, will not be able to create the fake matched trades (which needs a counter-party and timestamps) and alter the account's balance of any trader.

How is this hybrid model more beneficial for traders activity


Digitex is unable to freeze or to seize any trader's fund for whatever reason. Pressure from outside authorities, KYC/AML regulators cannot enforce any legal action against the exchange since it actually can't reach trader's funds. Also, Digitex doesn't have access to the private keys of any trader, thus trader's funds cannot be accessed or mismanaged for the exchange.


Final Thoughts


Digitex benefits are of great significance for everyday traders, a commission-free platform will be a substantial improvement on the profit earned in many portfolios. Also, decentralized account balances and the centralized matching engine provides the best of the decentralized blockchain security and the centralized services reliability. The expected latency time for order matching is within the millisecond's scale, also, full privacy and no front-running is expected.

From the traders business perspective, Digitex single tick trading strategies are available for the first time within the crypto ecosystem, this parallel with the market makers will greatly boost market liquidity.

A Steemit blogger use case


From the starting date of the Steemit platform, some bloggers have earned $100K worth of crypto. They have been really excited about crypto for two years, and they think it is time to jump in the futures market. They search for traditional options like BitMEX, GDAX, CryptoFacilities, and some others, but they discourage themselves when they discover that the high volume low margin strategy they have been carefully studied for the last two years is unpracticable on the traditional platforms.

They are frustrated and return to read some posts on Steemit while scrolling the trending page they read about a new futures market platform on a post of the well-known @originalworks account, they read some of the best entries of the weekly contest and they can't stop the big smile that is printed on their faces. Right from the very same source of their first crypto assets, also they get the tool that will provide them the opportunity for testing all the knowledge gathered for the last 2 years. With Digitex they will enter the world of derivatives and start their venture as crypto traders.

Additional Information about the project


Here is Digitex Roadmap



Meet Digitex team



Watch the Digitex exchange on action with their CEO Adam Todd


https://youtu.be/qxqyspMiPGg

Are you excited with the project and want even more information? Visit their social media channels



Digitex Website
  • Digitex WhitePaper
  • Digitex Telegram
  • Digitex Reddit
  • Digitex Twitter
  • Digitex Blog
  • Digitex Youtube
  • Digitex Facebook




  • Hope you have enjoyed the reading. Keep in touch for more information about great crypto projects.
    Ethereum address: 0x0ebcB37223F07B1Bd0765E70f940046D504743a5 Steemit account: https://steemit.com/@joelsegovia

    submitted by joelsegovia to u/joelsegovia [link] [comments]

    That One Privacy Guy's - Guide to Choosing the Best VPN (for you)

    That One Privacy Guy's - Guide to Choosing the Best VPN (for you)
    Disclaimer: The below guide is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. I reference my VPN Comparison Chart throughout much of this post, not so much for shameless self promotion, but because I believe it to be a solid resource to determine if a VPN meets your criteria and to assist you in deciding which is best for you. If you just want an ELI5, read the bolded segments throughout the guide for the highlights. If you want to go down the rabbit hole on this topic, read on, and buckle up - this is going to be long.
    TABLE OF CONTENTS
    I. INTRODUCTION
    II. A WORD ABOUT TRUST
    III. A WORD ABOUT VPN AFFILIATES
    IV. IF YOU'RE CONCERNED WITH PRIVACY
    • A. MORE ON TRUST
    • B. MORE ON AFFILIATES
    • C. JURISDICTION
    • D. LOGGING
    • E. PAYMENTS AND COMMUNICATION
    • H. ENCRYPTION AND OTHER FEATURES
    • I. WEBSITES AND YOUR PRIVACY
    V. IF YOUR CONCERNED WITH SECURITY
    VI. IF YOU'RE CONCERNED WITH UN-GEOBLOCKING
    VII IF YOU'RE CONCERNED WITH BYPASSING RESTRICTIVE NETWORKS
    VIII. CLEARING UP MISCONCEPTIONS
    I. INTRODUCTION:
    The following is intended to be a detailed guide to answer the question, "How do I choose the best VPN (for me)?" The reason this is a hard thing to help people with, is that their needs and level of technical knowledge vary greatly - there is no one perfect VPN, they all have at least some flaws and some will just flat out be better for different people.
    I very well might have forgotten to add a section I intended to, said something that needs clarification, or was just sleepy when I wrote parts of this guide, so I intend to update and expand it as needed.
    I'm assuming that if you're reading this far, you have at least SOME knowledge as to the basics of what a VPN is, so I won't cover that here. This will be heavily emphasizing the need of a VPN for privacy, but I will echo and expand on other use cases as well towards the end.
    II. A WORD ABOUT TRUST
    No matter what reason you want a VPN, you want to know that the service you choose is trustworthy and is not compromising your data. Even if you're only concerned with geo-unblocking or other non-privacy uses, keep reading. I'll get more into this in the "Privacy" section, but it's important for everyone to be exposed to it at least a little.
    A preface regarding privacy and trust, from another thread I made a while back. This applies to every company, but I would suggest especially so for VPNs.
    We live in a society where privacy is undervalued and under assault daily. Some people eventually notice this and discover that they do value their own. They set out on a pilgrimage of sorts to educate themselves and learn about tools to help them protect it (as I did when I started my project). Because we depend on each other for direction and others to write software and run services to help keep us secure - TRUST AND TRANSPARENCY - are paramount.
    However, transparency comes before trust.
    III. A WORD ABOUT VPN AFFILIATES
    You may have started your search for a VPN by looking for "VPN Reviews" in your search engine of choice. if you had, you would have gotten page upon page of what seem to be harmless review sites, top 10 or blog style reviews of different VPN services. You may even be coming here for confirmation of what you were told on those sites. The sites making these recommendations are, in almost every case, paid by the services they review and recommend. They are beginning their business relationship with you, with what essentially amounts to a lie. The technical term for this kind of marketing is "native advertising" and it's abuse is a huge problem in the VPN industry.
    I purposefully made a point to capture this kind of data on my VPN Comparison Chart. There you can find information on services that have affiliate programs, the specific policies they have for them and whether or not the affiliates act ethically, essentially what the services tolerate from those representing them, when it comes to persuading YOU to buy into the information they put out.
    Note that not all affiliates have to be bad actors and simply having an affiliate program is not necessarily grounds for mistrust of a VPN, but rather when those services allow their resellers to generate referrals by hook or by crook. If you see a service appear over and over again on the kinds of sites mentioned above, there is a good chance they are making money from, and are perfectly okay with these kinds of deceptive practices as a part of their business model. They often will claim that it's just the affiliate doing this, and that they can't control what others do. This is false. Affiliates, like anyone entering into a business relationship with someone, agree to certain terms put forth by the service hiring them. If a company doesn't expect and enforce certain standards from their affiliates (not spamming, not breaking copyright, disclosing who they are, etc), they are approving these methods, and are not worthy of your trust. If they are willing to lie to you before you even buy into their service, the stage is set for them to be dishonest with you when you interact with them on a normal basis as a customer.
    IV. IF YOU'RE CONCERNED WITH PRIVACY
    • a. More on Trust
    As a lawyer represents your legal interests, a VPN service (among others) represents your privacy interests. If a lawyer does something to violate your trust or is not honest about some aspect of their representation that could affect you, you would discard them and you'd be right to do so. Likewise with a VPN service. There are many out there that are not worth your time or money. Unlike a lawyer, a VPN can be put together and promoted by anyone with access to a computer, the key difference being that you would never even see their face.
    If you are looking for a VPN for privacy purposes, you already believe you cannot trust certain parties. Those parties might be companies whose websites you visit or maybe even an oppressive government whose mass surveillance is encroaching on your rights. You are being put in a position where you must rely on someone other than yourself for protection and the last thing you need is one more party that you can't trust.
    This decision is an important one, and not just any VPN service is worthy of that trust. You're trusting them to know what they're doing - to be able to operate a competent service that will protect your privacy. You are trusting them to be responsive to new technical and geopolitical threats to their operation. You're trusting them to be honest with you in the way they do business so that when you are shopping and comparing, you are getting accurate information.
    • b. More on Affiliates
    In the main section at the beginning of this guide, I talked about affiliate practices, so I will only briefly mention it here. If you choose a company with an affiliate program, choose one that expects and enforces good behavior from their reselling partners. You can usually read their affiliate terms on their site. If they are not publicly visible, they should respond with this information when asked. If not, or if they play games with you, look elsewhere. More information on affiliate policies and behavior can be found on my VPN Comparison Chart.
    • c. Jurisdiction
    In the last few years, certain revelations have been made manifest regarding the mass surveillance programs of various countries around the globe. These countries are known as the five, nine, and fourteen eyes. These countries not only spy on their own citizens where they can get away with it, but they spy on each others, and swap notes to bypass governmental restrictions on power. If a service, or the people who run a service is based in one of these countries, it's not unreasonable to expect that they may be susceptible to unlawful searches and compromises made in the name of national security. That said, if your threat model includes protection from such actions, choosing a company incorporated outside of these jurisdictions probably would not be adequate to protect you - as such actors have vast resources, and if singled out, you would need to worry about more than your VPN (by relying on other tools such as Tor, Tails, paying very close attention to your opsec, etc). Where the servers you're connecting to and the people who operate / have control of them are located are more important than where a company is incorporated, to protect yourself from government overreach
    Other countries are not part of the spy collaboration mentioned above, but still have issues with government limitations on internet freedom and free speech. Avoid countries with limited internet freedom. The degree of internet freedom a country has can also be found under "jurisdiction" on my sheet.
    • d. Logging
    When you connect to a VPN service, you are essentially just adding one more stop along your route to the open internet. The VPN is a "man in the middle" who you are trusting with the traffic and connection data that is being generated in the background as you use the internet. Some VPN companies choose to log this data. There are many reasons for doing so, some more legitimate than others. Some services record this to protect themselves legally in the case they are approached by authorities. Some companies keep minimal connection logs to aid them in maintaining servers. Some will even sell your data to third parties as part of their business model. If your concern is privacy, you most likely do not want your browsing habits and connection data being recorded. Choose a service that specifically states that they do not keep logs, AND which types they do not keep. Make sure they do not keep ANY kind of activity or connection log Many services claim to not keep logs, but are vague, and upon closer inspection actually do keep certain types, so be wary of such promises until you've confirmed it for yourself in their respective terms and privacy policies.
    • e. Payments and Communication
    Assuming privacy is your priority, when you go to pay for your VPN service, there are many methods available, but only a few worth consideration. Services that offer the ability to pay by Bitcoin, cash, or misc gift cards are the best way to ensure that you are kept as anonymous as possible. if these services require more personal information than an email address, look the other direction - this is information they're recording about you that may be used at best to sell to third parties, at worst to later identify you.
    Some services offer a PGP key for additional privacy. This is a nice thing to have if you want to be able to communicate with them using encryption.
    • f. Protocols
    There are many different kinds of VPN protocols that allow you to establish a tunnel with your service provider - some more secure than others. Certain protocols are documented to have been compromised. Others are free and open source, and as such are freely available for security experts to audit and improve. The free availability of the source code helps to ensure that vulnerabilities are patched quickly and that individuals so inclined can see exactly how their software is working. Choose a VPN that supports OpenVPN and use it to connect to your VPN server. Avoid using other protocols, specifically PPTP as its not suited for privacy.
    • g. DNS and IPv6 Leaks
    Throughout the course of using the internet, your computer sends and receives a lot of data that isn't visible to you, the user. When you type in a web address, a request is sent to a server that is usually operated by your ISP. When you connect to the internet using a VPN, this responsibility is now on them. If they don't take certain actions, this request containing info for the site your want to visit is being sent to THEIR ISP instead. This may not be as bad as it going through yours, but as I mentioned logging above - if the company in question even keeps certain logs, there is a chance that the sites you try to visit can be correlated with the timestamps of when such a request is sent. As an alternative, some use public DNS servers, such as google's, which is not ideal for privacy. Choose a VPN service that maintains their own first party DNS server that won't leak - then TEST IT TO MAKE SURE.
    When using the internet, you connect to IP addresses. Traditionally, IPv4 is used to accomplish this (you may have seen numbers in the past like 8.8.8.8 or 216.58.217.206, etc). There is another standard that will some day be more prevalent, called IPv6, but that is being used now during the time it transitions into normal configurations (vastly more IPv6 numbers exist than IPv4). When you connect and use the internet (unless you have specifically taken steps to disable it), you are sending and receiving IPv6 data. Again, normally, this data is sent and resolved through your ISP and their DNS servers, but unless properly configured, this information might not be securely passing through the VPN tunnel and could be leaking to the open internet. Given such routed global IPv6 addresses, it's easy for remote sites to identify user ISPs. And with requisite authority, account information could be obtained from those ISPs. Choose a VPN service that either blocks or provides new VPN-specific IPv6 address and provides an IPv6 DNS server that's reachable only through the VPN tunnel - then TEST IT TO MAKE SURE.
    • h. Encryption and other Features
    Around 1440 AD, the Printing Press was invented. It created a method for the common person to quickly disperse information, technologically reinforcing the natural right to freely speak and share information. More recently the internet allows billions to freely and openly share ideas and advance humanity. This reaffirmed the common person's rights in such a way that was difficult for governments or organizations to stifle. Similarly, until the invention of firearms, only those physically capable could defend themselves from those that wished to encroach on their rights, thus this technological advancement reinforced the individual's right to self defense. This brings us to Computerized Encryption. As with the other technological advancements mentioned above, Encryption provides a simple-to-use method that the average user can take advantage of to reinforce their right to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.
    Choose a VPN service that has strong data and handshake encryption. Make sure the protocol you choose has the level of advertised encryption available to it, as services typically provide more than one protocol with varying levels of encryption strength. The VPN Comparison Chart can help you determine what is considered strong by the color coding on these fields. Be sure that even if the service has the type of encryption you want available BY DEFAULT - some services will technically offer strong encryption, but it has to be manually configured (not user friendly).
    Optionally, depending on your use case and threat model, you may be interested in making sure Authenticated SMTP (to send email) and P2P (to file share, download, use Bitcoin, etc) are not blocked on your VPN's servers
    • i. Websites and your Privacy
    When you start to search for services and are browsing on their websites, there are some additional items you may want to consider. Speaking of trust and privacy - some companies will use tracking cookies to determine how to best serve you ads, which other sites you've been to, and some will even phone home with specific personal information. Best case, this is an abuse of power by companies stretching the limits of their ideas on how to gather this info, worst case, it can be used to intentionally violate your privacy and tie your device back to the site and activity performed on it. Choose a company that respects your privacy enough to use few if any persistent or external tracking cookies. If they are already violating your privacy the moment you visit their site, you have no assurance that they will take your privacy seriously after hiring them to represent your interests. Available for years, https allows websites to entirely encrypt all data sent and received with the user, effectively blocking out those that might try spying on such web traffic. Choose a service that encrypts their website with an SSL Certificate. Additionally, CloudFlare, Incapsula, and similar services have recently become popular with websites for their DDoS protection and dynamic bandwidth scaling. However, these services act as an additional man in the middle between your VPN's website and you. In the wrong hands, the information they collect and have access to about your VPN's website, and your interaction with it, could be compromised. Avoid VPNs that use CloudFlare, Incapsula, and other such services.
    V. IF YOU'RE CONCERNED WITH SECURITY
    Many of the points made above are relevant to security as well as privacy, and I will point some out below.
    Jurisdiction, specifically Freedom Status is important to ensure an environment where laws are enforced and physical security that we take for granted in some parts of the world are applicable to the servers we communicate with. This also helps indicate that our service and the servers we connect to are located in places that respect internet freedom. This information can be found on the Comparison Chart and confirmed on Freedom House's website.
    IPv6 should be specifically tunnelled or blocked outright the same as with the privacy scenario above.
    First party DNS servers, as mentioned above, are ideal for preventing leaks of your data.
    Both data and handshake encryption should be strong and available for the protocol you choose (which again, should not be PPTP). Other protocols are probably secure enough for daily use. Note that no protocol is bulletproof and exploits probably exist and are discoverable for each and every one of them. Such exploits are even more discoverable by governments with vast amounts of resources.
    VI. IF YOU'RE CONCERNED WITH UN-GEOBLOCKING
    If your only concern is escaping geoblocks, your needs are far less numerous. Being able to connect to an exit node in the country of your choice is really the only requirement. This doesn't mean necessarily however that you want to neglect the proper security measures discussed above, only that for things like Netflix, Hulu, certain TV online channels and sporting events, they are less important if un-geoblocking is ALL you're trying to do, almost anything will work, HOWEVER - if Privacy and Security are of any concern whatsoever, heed the advice above and know that un-geoblocking will virtually always come naturally when shopping for those needs (as long as required server availability is a feature of your chosen VPN)
    VII. IF YOU'RE CONCERNED WITH BYPASSING RESTRICTIVE NETWORKS
    Some parts of the world are resisting the ever-growing ability for their citizens to freely share information and as such have implemented roadblocks in their networking infrastructure to cripple such communication. For example, the "Great Firewall of China" has several layers of VPN detection and blocking built into it. Other networks belonging to large corporations or maybe even your Internet Service Provider may restrict you from using certain ports, limiting what you can use the internet for. However, there are ways to get around these restrictions by using the right VPN.
    Features such as multihop, TCP port 443, Obfsproxy, SOCKS, SSL tunnels, SSH tunnels, and some other proprietary solutions (which may be built specifically by a given VPN company) can be useful in avoiding these restrictions. As for which are most effective, it's a matter of which restriction is being inflicted upon the user. Speak with your VPN service's support team to determine which might be effective in your case. The VPN Comparison Chart shows which services support which of these protocols and features in their configuration. Using TCP port 443 is usually a relatively common and user-friendly measure to bypass a restrictive/oppressive network.
    VIII. CLEARING UP MISCONCEPTIONS
    Kill switches - Many VPN services offer in their client a feature called a "Kill switch". The idea with a Kill Switch is that when the VPN loses its connection, it completely prevents the device from using internet, thus preventing accidental leaks of local connection data. Kill Switches are implemented very differently and will never be secure due to their design. The only 100% effective and secure configuration to accomplish prevention of leaks is a properly configured firewall. There are two main types of kill switches, those that shut down preconfigured apps in response to detecting the VPN connection has dropped and those that disable the network connection (or delete routes etc) if they detect a disconnection. In both of these cases the Kill Switch component is having to react to an event and very often leads to leaks - just a single packet is all it takes to compromise your privacy. The only way to be absolutely certain that packets cannot leak is for there to be an independent component (the Firewall) that blocks all packets unless destined for the VPN interface.
    Warrant Canaries - Some VPN services maintain a document called a "Warrant Canary". This is a document put out and updated by them certifying that they have not been contacted by government agencies or coerced to compromise their user's data. In theory, if such an event occurred forcing them to compromise their principles, they would stop updating the canary, which in turn would indicate to users that their data is no longer private. Note that not all companies use effective warrant canaries. There is some debate as to the effectiveness of a warrant canary between experts to begin with - as force can be used by governments to coerce companies into maintaining them, thus nullifying their effectiveness. They are usually nothing more than marketing theater. If a company WAS operating a good canary, it would be almost impossible to tell. A warrant canary is almost a better feature to care about once you've found a trustworthy, capable service, rather than looking for a company that has one when shopping around.
    I hope that this guide has been useful. I've been meaning to write one for some time, but as you can tell, it's pretty involved. Feel free to ask me if you have any questions - as usual you can contact me on reddit or using the contact info on my sheet.
    Written by That One Privacy Guy
    submitted by ThatOnePrivacyGuy to vpnreviews [link] [comments]

    Bitcoin Protocol Explained - Timestamp Server / Global Ledger IS BITCOIN DUE FOR A BOUNCE?? (BTC CHARTS) Crypto Stamp, Secure Timestamping Using Bitcoin WARNING!! ALL BITCOIN HOLDERS (BTC CHARTS) SILVER CHART ANALYSIS .. 09/07/2020 TIME 8PM

    Bitcoincharts is the world's leading provider for financial and technical data related to the Bitcoin network. It provides news, markets, price charts and more. Bitcoin achieves this by requiring all transactions to be publicly broadcasted, and then implementing a system that ensures that network participants agree on a single history of order in which those transactions have been received. Timestamp Server. Network participants are induced to agree on a single history through the use of a timestamp The third part will be the bitcoin blockchain, which can be viewed on different sites, or you can download it to your system. How You Can Utilize ChainStamp Blockchain Digital File Timestamp If you have any digital file whether documents, photos, recordings, or any file stored on your computer, you can create a timestamp with Chainstamp Proof. “To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back’s Hashcash, rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. Successful results show timestamp, query, data, access range, and start and end timestamp. Bitcoin: 06.02.2020: Kaiko Market Data Curl Sample Code: The Kaiko Reference Data Python Sample Code demonstrates how to access trade data, order book data, and aggregates. Clients must include an API key in the header of every request they make. Bitcoin

    [index] [8350] [7284] [6910] [17808] [28645] [28985] [29177] [20282] [21619] [25398]

    Bitcoin Protocol Explained - Timestamp Server / Global Ledger

    Bitcoin Protocol Explained - Timestamp Server / Global Ledger - Duration: 2:57. sentdex 8,972 views. 2:57. This is what happens when you reply to spam email ... Simply put, the timestamp proves when and what has happened on the blockchain, and it’s tamper-proof. Timestamp plays to role of a notary, and it’s more credible than a traditional one. SILVER CHART ANALYSIS ON HOURLY LIVE CHART FOR EDUCATIONAL PURPOSE .. HOPE U ALL BENEFITED FROM MY VIDEO AND IF SO PLZ SHARE WITH YOUR FRIENDS N SUBSCRIBED . THANKS . In this short video, the Bitcoin timestamp server / global ledger is discussed. As usual, however, we present ourselves with an ending challenge which is to be covered in the, you guessed it, next ... Let's talk about btc. Join me using these links. My website for the trade calls, indicators, and lessons. https://sharkcharts.live/ My Discord server https://discord.gg/Re4VXDt Here's my ...

    Flag Counter