future engineers
Several publications have correctly pointed out that Tor doesn't make you anonymous. Even Tor admits that it can't solve all anonymity problems and cautions users to proceed accordingly. Bitcoin is not anonymous either.
A VPN doesn't make you anonymous, but does greatly increase your privacy and security online. A VPN is similar to the curtains for the windows of your house. The curtains provide privacy for activities happening inside your house - even though your house address is public.
Privacy is a more realistic goal, not anonymity. Privacy is inherently personal and has different definitions for different people, but privacy generally means the ability to exclude information about yourself. Privacy can also mean the right to express yourself:
Internet users can use private web browsers, proxies, Tor, encrypted messaging clients, VPNs and other great tools to increase their privacy online. These privacy tools help defend against mass surveillance by governments or by private corporations "deputized" to collect information at the direction of the government (in the United States companies such as AT&T, Verizon, Time Warner, Comcast). But, none of these tools, alone or in any combination, make you anonymous. Online privacy through secure communications is a realistic goal, but anonymity is a false promise.
Edward Snowden recently encouraged Internet users to focus on increasing privacy to defeat "mass surveillance":
A VPN Provider in the UK that advertised an "anonymous service" on its website was outed for turning over customer information about a LulzSec Hacker to the authorities. As you will read below, limited VPN logging is not necessarily bad, as it helps the VPN provider troubleshoot customer issues, prevent abuse of its IP space and network, and offer different VPN plans, such as multi-device or GB limited plans, etc. But, advertising one service and delivering another service is wrong.
Below are some examples of VPN providers' marketing messages that appear to contradict the fine print on the Privacy Policy page:
Just last year, a Dutch customer of a "no log" VPN Provider was tracked down by authorities by using VPN connection logs after using the "no log" VPN service to make a bomb threat. The VPN Provider's data center provider ("landlord") apparently seized the VPN server at the direction of the authorities. The data center provider was also keeping network transfer logs of the VPN provider.
The VPN Provider says they cancelled the contract with the data center but strangely didn't address the other 100+ locations where they presumably rent VPN servers. Did they cancel contracts with those data centers too? Predictably, this same VPN Provider still prominently advertises an "anonymous VPN service" and claims it keeps "absolutely no logs."
In the forum of a different VPN Provider, a discussion thread conveniently disappeared when a user questioned whether users can trust data centers to not log.
Some questions to ask about VPN Providers who "rent" servers include:
We have the experience to run our own infrastructure on a worldwide basis and the financial stability to make the investments to engineer privacy into our infrastructure. It is impossible to engineer privacy into your service if you don't own and operate your own infrastructure.
For example, if you listen to two people talk in a restaurant you can learn enough from the conversation to identify who is talking - even if you don't know their identity when you start listening. If a VPN provider does not run its own routers, then it can't control who is listening to its users. Even worse, a "no-logging" VPN provider recently admitted that it used "packet sniffing" software to monitor traffic to prevent abuse.
Edward Snowden recently said at SXSW 2014:
"One of the things I would say to a large company is not that you can't collect any data it is that you should only collect the data and hold it for as long as necessary for the operation of the business."
Minimal logging provides VPN users the following benefits:
We log the following information and only retain it for 30 days:
So, we do NOT log:
OUR SOURCE
Introduction
We have noticed a disturbing trend in the VPN industry over the past year. More and more VPN Providers are promising an "anonymous" or "no logging" VPN service while providing minimal, or zero transparency, about how they actually handle your data. These so called "anonymous" VPN providers fall into two categories:
- They advertise an "anonymous service" on their website, but the fine print in their privacy policy suggests they log a significant amount of customer data.
- They advertise an "anonymous service" on their website, but their privacy policy simply says "we don't log" without further explanation or detail.
- SpiderOak, VPN, privacy and anonymity[i]f someone tells you 'you will be completely anonymous, [because] you’ll have VPN running all the time', that’s a lie.
- Wipe Your Data, "No logs" EarthVPN user arrested after police finds logs...you have absolutely no way to know for sure how safe a "No logs" claim really is. Trusting your life to a no logs VPN service it is like gambling with your life in the Russian roulette
The "anonymous" or "no logging" VPN Providers have diverted privacy conscious VPN users to focus on the false promise of anonymity instead of focusing on what really matters when choosing a VPN provider: transparency, trust, ease of use, performance and reliability. We hope dispelling some of these common myths will lead to a more transparent and frank discussion about privacy in the VPN industry and on the Internet in general.- Spotflux, Debunking the Myths of VPN Service Providers[a]nyone who runs a large enough IT infrastructure knows that running that infrastructure with ZERO logs is impossible.
Myth #1
I can be anonymous on the Internet.
Reality
Anonymity is defined as not being named or identified. You are not anonymous when you are online, even when using privacy tools like Tor, Bitcoin, or a VPN. Every service has at least one piece of information that can be used to distinguish different users, whether it's a set of IP addresses (VPN and Tor) or a wallet (Bitcoin). This information alone may not reveal any private details about the user, but it can be associated with other similar information to eventually identify an individual.Several publications have correctly pointed out that Tor doesn't make you anonymous. Even Tor admits that it can't solve all anonymity problems and cautions users to proceed accordingly. Bitcoin is not anonymous either.
A VPN doesn't make you anonymous, but does greatly increase your privacy and security online. A VPN is similar to the curtains for the windows of your house. The curtains provide privacy for activities happening inside your house - even though your house address is public.
Privacy is a more realistic goal, not anonymity. Privacy is inherently personal and has different definitions for different people, but privacy generally means the ability to exclude information about yourself. Privacy can also mean the right to express yourself:
- Evan Greer, Fight for the Future, Panelist at Golden Frog's "Take Back Your Internet Privacy Panel" at SXSW 2014[p]rivacy is your right and ability to be yourself and express yourself without the fear that someone is looking over your shoulder and that you might be punished for being yourself, whatever that may be.
What Golden Frog does:
Golden Frog doesn't advertise or promise that VyprVPN
makes you anonymous on the Internet. But, Golden Frog does advertise
that VyprVPN will greatly improve your privacy and security online.
Myth #2
Anonymity and Privacy are the same.
Reality
Services that claim to make you anonymous attempt to eliminate any identifying data (which is not a realistic goal as discussed in Myth #1). However, services designed to protect privacy instead allow users to control access to their personal data, but do not eliminate all identifying data.Internet users can use private web browsers, proxies, Tor, encrypted messaging clients, VPNs and other great tools to increase their privacy online. These privacy tools help defend against mass surveillance by governments or by private corporations "deputized" to collect information at the direction of the government (in the United States companies such as AT&T, Verizon, Time Warner, Comcast). But, none of these tools, alone or in any combination, make you anonymous. Online privacy through secure communications is a realistic goal, but anonymity is a false promise.
Edward Snowden recently encouraged Internet users to focus on increasing privacy to defeat "mass surveillance":
As one of Golden Frog's founders has posted to the Usenet, "You are not anonymous on the Net. You can run, but you can't hide."…basic steps will encrypt your hardware and … your network communications [making] you…far, far more hardened than the average user - it becomes very difficult for any sort of a mass surveillance. You will still be vulnerable to targeted surveillance. If there is a warrant against you, if the NSA is after you, they are still going to get you. (emphasis added) But mass surveillance that is untargeted and collect-it-all approach you will be much safer
Myth #3
When my VPN Provider advertises an "anonymous" service, that means they don't log any identifying information about me.
Reality
Several VPN providers advertise an "anonymous service" on the marketing pages of their website, but have terms in the fine print of their privacy policy indicating they do log.A VPN Provider in the UK that advertised an "anonymous service" on its website was outed for turning over customer information about a LulzSec Hacker to the authorities. As you will read below, limited VPN logging is not necessarily bad, as it helps the VPN provider troubleshoot customer issues, prevent abuse of its IP space and network, and offer different VPN plans, such as multi-device or GB limited plans, etc. But, advertising one service and delivering another service is wrong.
Below are some examples of VPN providers' marketing messages that appear to contradict the fine print on the Privacy Policy page:
-
Cyberghost:
Website: "surf anonymously"; "top notch security and anonymity" Privacy Policy: "may process and use personal data collected in the setup and delivery of service (connection data). This includes Customer identification and data regarding time and volume of use." -
Express VPN:
Website: "surf anonymously" Privacy Policy: "In addition to the information you provide through our order-form, we may store the following pieces of data: IP address, times when connected to our service, and the total amount of data transferred per day. We store this to be able to deliver the best possible network experience to you. We keep this information secure and private. If we receive complaints regarding copyrighted materials such as music and movies being shared over our network, we may filter traffic to see which account is sending it, and then cancel that account." -
Pure VPN:
Website: "PureVPN anonymous VPN service", "makes you anonymous", "anonymous web surfing" Privacy Policy: "...we will never release any information about you or your account to anyone except law enforcement personnel with the proper documentation and paperwork."
"Furthermore, in the course of using PureVPN services, you or someone else on your behalf may give out information about yourself or give access to your system. This information may include, but not limited to:- Names and IP addresses
- Operating systems
- Operational logs"
-
Zenmate:
Website: "surf anonymously" "browse anonymously" Privacy Policy: "In order to prevent attacks against ZenGuard your IP address will be saved temporarily on the server without being stored permanently or used for any other purposes."
"When choosing an access point please note that only this server will process your IP address and request for the webpage you would like to access (the "Targeted Website")."
"...on the server you selected, your site request and your IP address are received via an encrypted connection."
What Golden Frog does
Golden Frog doesn't advertise or promise that its
VyprVPN service will make you anonymous on the Internet and we clearly
outline what we log in our privacy policy.
Myth #4
When my VPN Provider's privacy policy says they "don't log," that means I am anonymous.
Reality
When a VPN provider simply says they perform "no logging" it does not guarantee online anonymity or privacy. Any systems or network engineer will confirm that some minimal logging is required to properly maintain and optimize systems or the network. In fact, any provider claiming "no logging" should cause you to immediately question what is happening with your private data. So, if a VPN provider keeps absolutely no logs, how do they:- Offer plans with limits on GB usage or per user basis?
- Limit VPN connections to 1, 3 or 5 on a per user basis?
- Troubleshoot your connection or offer support for server side problems?
- Handle your DNS requests when using the VPN service? Do they rely on a 3rd Party DNS provider that logs DNS requests?
- Prevent abuse, such as spammers, port scanners, DDOS to protect their VPN service and their users?
What Golden Frog does
Golden Frog is transparent about what data we retain.
Golden Frog logs the following information and we only retain it for 30 DAYS:- Customer's source IP address (generally the IP address assigned by the customer's ISP)
- VyprVPN IP address used by the users
- Connection start and stop time
- Total number of bytes used
Myth #5
Even if my VPN Provider uses Hosted or Cloud based VPN servers I can still be anonymous.
Reality
Anyone that runs server infrastructure knows running infrastructure with ZERO logs is extremely difficult, if not impossible. Now imagine how hard it would be to eliminate logging if you DIDN'T run your own infrastructure and instead rented VPN servers and network from 3rd parties! Aside from Golden Frog, virtually every VPN provider in the world does not run their own infrastructure. Instead, VPN providers "rent" their servers and network from a "landlord," such as a hosting company or data center. When the VPN provider "rents" instead of "owns," how can it guarantee that its "landlord" will respect the privacy of its VPN users?Just last year, a Dutch customer of a "no log" VPN Provider was tracked down by authorities by using VPN connection logs after using the "no log" VPN service to make a bomb threat. The VPN Provider's data center provider ("landlord") apparently seized the VPN server at the direction of the authorities. The data center provider was also keeping network transfer logs of the VPN provider.
The VPN Provider says they cancelled the contract with the data center but strangely didn't address the other 100+ locations where they presumably rent VPN servers. Did they cancel contracts with those data centers too? Predictably, this same VPN Provider still prominently advertises an "anonymous VPN service" and claims it keeps "absolutely no logs."
In the forum of a different VPN Provider, a discussion thread conveniently disappeared when a user questioned whether users can trust data centers to not log.
Some questions to ask about VPN Providers who "rent" servers include:
- How can the "Server Renters/Cloud" protect their users from their hosting companies taking snapshots of their machines for backup purposes, DDOS purposes, or at the direction of law enforcement?
- How can "server renters" prevent a live migration of the hosted VPN server in which an entire image is taken of the computer, including operating system memory and hard drive, especially when live migrations can be invisible to the VPN Provider?
- What happens to the data when the hosted machine is no longer used by the VPN provider?
- If you don't own the server, how can you be sure your landlord doesn't have a key or backdoor into the hosted server?
What Golden Frog does
Golden Frog doesn't "rent" servers but instead own and operate 100% of our VPN servers, secured physically using keys, biometrics and software. Together with our sister companies, Data Foundry - a global data center provider and Giganews - the world's leading Usenet Provider, we have been in the Internet business since the dawn of the Internet over 20 years ago.We have the experience to run our own infrastructure on a worldwide basis and the financial stability to make the investments to engineer privacy into our infrastructure. It is impossible to engineer privacy into your service if you don't own and operate your own infrastructure.
Myth #6
Even if my VPN Provider doesn't own and operate the network I can still be anonymous.
Reality
Virtually every VPN Provider (except Golden Frog of course!) doesn't run its own network and instead lets its hosting provider run the network for them. "Running your own network" means you own and operate the router and switches. If your VPN Provider does not run its own network, you are susceptible to their hosting company listening for traffic on both inbound and outbound connections. Listening to Internet traffic allows for a tremendous amount of correlation and identification of user activity.For example, if you listen to two people talk in a restaurant you can learn enough from the conversation to identify who is talking - even if you don't know their identity when you start listening. If a VPN provider does not run its own routers, then it can't control who is listening to its users. Even worse, a "no-logging" VPN provider recently admitted that it used "packet sniffing" software to monitor traffic to prevent abuse.
What Golden Frog does
We own and operate our worldwide network. Besides faster speeds and increased reliability, running our own network offers VyprVPN members more privacy. Imagine if you connected at home directly to the backbone Internet providers allowing you to bypass your snooping ISP. That is effectively what happens when you connect to VyprVPN.
Not only do we encrypt the connection from your house
to our servers, we connect to multi-backbone Internet providers. This
makes it impossible for someone to listen to inbound connections and
exceedingly difficult for anyone to listen to outbound connections
because we typically have three different paths to the Internet backbone
from our servers. This is a large part of what it means to run your
own network.
Myth #7
Any VPN logging is bad.
Reality
By logging a minimal amount of data, VPN providers can vastly improve your experience when using a VPN. VPN providers should only retain the minimum amount of data to operate their business and then delete the data as soon as they don't need it.Edward Snowden recently said at SXSW 2014:
"One of the things I would say to a large company is not that you can't collect any data it is that you should only collect the data and hold it for as long as necessary for the operation of the business."
Minimal logging provides VPN users the following benefits:
- Improved speed and performance by allowing VPN providers to optimize network connections
- Improved reliability by allowing VPN providers to identify and fix low level service issues to prevent outages
- Troubleshooting of specific customer issues, including speed, connection and application issues
- Different levels of accounts to meet customer needs, such as connection limited accounts, byte limited accounts, etc
- Protection against abuse from spammers, port scanners, DDOS, etc, so VPN providers can terminate customers who are abusing other Internet users
- Termination of malicious users so VPNs remain a respected Internet tool for preserving users' right to privacy and VPN users are not blocked from websites and services
What Golden Frog does
We only retain the minimum amount of data to operate our business and then delete it as soon as we don't need it.We log the following information and only retain it for 30 days:
- Customer's source IP address (generally the IP address assigned by the customer's ISP)
- VyprVPN IP address used by the users
- Connection start and stop time
- Total number of bytes used
So, we do NOT log:
- The content of your communications
- The websites that you visit
- The services that you use
- Your physical location
- Any other personal information
OUR SOURCE
GOLDEN FLOG |
No comments:
Post a Comment
thanks much for interest...