I have mixed feelings about protonmail. On the one hand, they tend to be on the right side of political / legal issues, and this transparency report is nice:
On the other hand, they recently reduced the level of detail in the transparency report.
There is also the fact that they are Swiss, and their privacy laws were severely weakened by a recent referendum. In particular, the Swiss government can now monitor all cross border traffic without a warrant.
ProtonMail fought the referendum, but hasn't updated this "Why Switzerland?" page:
Agreed, and that referendum was back in September of 2016. That's almost 9 months ago. This seems really disingenuous.
And the referendum didn't just eek by but it passed by 65%.
So if the Swiss domicile doesn't offer the protections it once did, why would I choose this provider over any of the half a dozen others well-known companies in the space.
Switzerland was one place people use the name of as the hallmark of their service being free from surveillance while still residing in a developed country.
So which will be that new country now, since apparently Swizterland isn't that option anymore? And what if that new country does something similar? Then next? And then? I don't think there will be many countries left to go to in that case. Or any, after some time?
So, aren't user privacy and fight against surveillance running towards a wall which is the deadend?
ProtonMail has pretty much stagnated and flat out refuses to cooperate with the community to implement new features of the OpenPGP email standards. Their Reddit guy is also pretty terrible, he pretty much insulted me in a comment after I criticized them.
I would be interested in hearing what the security pros think about this..tptacek, grugq, dguido, idlewords. At this point, these are the guys I trust with security advice.
Worth mentioning their VPN recommendations: algo by trailofbits and freedome. There is another paid service they recommend but I can't recall the name.
First of all, there does not appear to be a whitepaper available that describes the security architecture in any detail. This is an immediate red flag.
Second, they do have a "Security Features" page which is rather light on the details; it mentions that ProtonVPN uses AES-256 (encryption), RSA 2048 (key exchange) and HMAC-SHA256 (auth).
I'll start with RSA: the fact that they use RSA at all for a new cryptosystem in 2017 is a red flag for me. I also can't see any details of how they use RSA, so I don't know if they have implemented padding. If they haven't implemented padding (and done so correctly!), the VPN is insecure and we can stop right here. Honestly, they should be using ECC. I'm assuming they're not using something like ECDSA because RSA is faster (but not so much so to justify the potential security tradeoff, even in a VPN client).
On to AES: they commit the common marketing-mandated-security-page sin of focusing on the key size instead of the block cipher mode. They don't explain which block cipher mode they're using for AES at all - another red flag. For all I know they're using ECB (in which case, the VPN is insecure and we can stop right here). This is putting aside the question of whether or not they correctly implemented AES in whatever mode they're using.
With regards to HMAC-SHA256: in theory this is fine, but again we have no details. I'm going to go ahead and dock another point here because they're choosing to use separate primitives for encryption and authentication, when the best practice would be to use authenticated encryption like AES-GCM or AES-CCM. I admit this is bikeshedding a bit: respectable cryptographers (like cperciva) have a preference for separate construction. However, this is a VPN we're talking about, and an authenticated encryption mode would be faster than separate encryption and authentication.
A few caveats to my points: I'm quarterbacking their cryptosystem design based on one paragraph of the security page, because that's all I can find that describes their crypto. It doesn't describe it in detail, so it might still be secure. I have no knowledge of their implementation, so I can't critique that. That said, if I had to weigh the red flags I've observed here against their "developed by scientists from MIT and CERN" marketing and nothing else, the red flags win out.
Using public commercial VPN providers for serious security/privacy is a very bad idea. Get someone to set up Trail of Bits "Algo" for you (or do it yourself, if you're comfortable with Ansible).
Looking at Algo (https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-th...), it seems like it provides an easy way to setup a (secure) VPN on a piece of hardware you own or one of the supported public clouds. In that respect, I'm not sure if it gives a lot of privacy. As you're the only one using that VPN, the traffic may not be too hard to trace back to you.
What would people think of a VPN service that builds it for you, then hands over control when done? E.g., it walks you through setting up a DO droplet, uses keys to install a VPN, then prompts you to change the keys so it can't access the server? Think there's a market for that?
- TunnelBear is a bit more expensive (4.99$/mo, paid annually vs 4$/mo).
- TunnelBear supports up to 5 connections per account vs 2.
I use TunnelBear regularly for my browser and phone. Both works great.
My subscription is going to expire soon and I'll be open to try other VPN providers, not that there is anything wrong with TunnelBear. Any recommendations?
This site [2] has feature comparisons but experience using VPN services is another story.
HN gets regular "what VPN should I use?" questions and my answer is always the same: Algo [1]. It is designed to be simple to set up, simple to tear down, and usable with numerous cloud providers or your own Linux server.
Unless they've changed their policy in the last few months, TunnelBear won't let you use SSH over any port other than 22, so if you need to SSH into a server with a non-standard port you're out of luck.
The free tier is in a waiting list right now. I thought I shouldn't try the paid one without getting a feel for how good and fast the service is (had bad experiences with another highly popular VPN provider in the past and canceled within a few days).
I also wondered why ProtonVPN doesn't list any trial period in the paid plans. So I went to the support page and found that it has nothing about payment, trials and cancellations. I then went to the Terms of Service page [1] and found that one can cancel within 14 days and get a full refund. If anyone from ProtonVPN is reading this, please move this information to the signup page and also list it on your support pages. Those are the places for this important piece of information. Almost nobody reads the terms of use on any website.
Quote from the Terms of Service page (typo "Guaranty" ought to be "Guarantee"):
> Money Back Guaranty
> You may cancel your account with a full refund within 14 days of the initial purchase. Refunds or credits beyond the 14 day window will be considered, but at the sole discretion of ProtonVPN. The Company is only obligated to refund in the original currency of payment and refunds will be processed within 14 days of the request. To request a refund under our Money Back Guarantee, send an email with your request to support@protonvpn.com.
Great that there's more options out there. Will there be an option to signup over TOR, and pay with ETH or BTC?
I run free privacy/security classes for journalists, and some of them have said that their sources can't use paid VPNs because they're afraid of the purchase showing up on their credit card statement.
TOR is great, but doesn't yet work for things like video chat (yes i tell them not to use Skype...)
There's a good comparison chart/spreadsheet of VPN providers at [1] - among other things, it can filter on anonymous sign up and payment.
There are certainly VPNs available that you can sign up for over Tor, and pay for with Bitcoin. However, some bitcoin payment services block Tor IP addresses; tools for VPN-over-Tor can be clumsy; and some sites that accept Bitcoin process the payments manually so it can take a day or two.
Private Internet Access allows payment with popular brand gift cards (Starbucks, etc.) purchased at brick-and-mortar locations for cash. Then you use a disposable e-mail account to receive your password.
TL;DR: The Identity to BTC link has to be broken, no matter how you do it, and not in a way that is human-indecipherable but truly distanced.
If your target uses BTC to avoid CC payments, then they had better know how to prevent tracking the payment on the blockchain as well. If I were targeted by a bad actor with state level resources, I would assume any bitcoin transactions to ProtonVPN would be spotted easily and I would assume any wallets I've used are hot. There were lots of ways to do this explored by users of onion sites who purchased illegal items. One of the most popular was to 'launder' the coins using a mixing service which shuffles around the BTC (for a fee) and sends it to a wallet of your choice, typically a one time use wallet which sends the balance to your account on the onion site for purchases from other users. The onion site operators may also mix up their coins, making it a little harder still. The coins from origin are received, split into a bunch of tiny transactions all over in various wallets, like shuffling cards, then many wallets send small amounts whose sum is the amount laundered minus fees, to the final destination one way or another. I encourage you to browse forums on such sites for the scoop on what the users think they know, as well as what security researchers have published on the subject.
Example: User Alice wants to pay for services from Bob. Bob's services are a little questionable in Alice's jurisdiction and she is concerned about someone finding out about her payment. If Alice is being surveilled directly, and the attacker knows about the wallets Alice uses because they got records from the company she buys coins from (or somewhere else like sniffing her traffic), and the service is priced at $X on Y date given the bitcoin value at the time, the attacker can look for any transactions for that amount on dates which Alice visited the site and compare the transactions.
In our example, lets say Alice wants to upgrade to paid ProtonVPN service but doesn't want Throckmorton's Sign Company [1] to find out about it. TSC suspects Alice may be trying to smuggle information through a VPN. Alice is smart and uses all the best practices. She's got a locked down mobile device with no cellular antenna connected to a long range directional antenna. She leaves her phone at home, drives the most secure route available by avoiding main streets with traffic cameras and license plate scanners. She parks in a cheap apartment complex parking lot (no guards/cams) at the base of the mountain. She pulls a mountain bike from the trunk and places her handgun in a waist pack, and rides to a higher elevation scenic point with no security/safety cameras and infrequent civilian or police traffic, aims her high gain antenna at the hotels below, and gets a WiFi signal. She connects with a spoofed MAC address, from a Tails ISO on optical media, to somewhere she cannot be physically linked to, using a device modified for safety. She has a script which changes her apparent desktop resolution, browser size on every page load, user agent strings, window dimensions, all kinds of fingerprinting avoidance. Alice uses a virtual keyboard which randomizes the delay between keystrokes before forwarding her input. Alice checks her configuration for holes, checks TOR, checks DNS, etc. and everything is solid. Feeling secure now, Alice logs into a brand new Proton account not associated with her, checks the price, and pays via Bitcoin. She bought bitcoin from a reputable exchange and had it deposited to a new wallet. She then transfers these coins to another wallet which is brand new and uses this to pay Proton.
An unknown actor at a TSC subsidiary agency has absconded with classified intelligence reports. Agent A is being watched, his stuff searched, no reports found, and Agent A won't talk. TSC thinks Agent A leaked it. Surely he sent it to some damn media hippie who loves communism and Vegemite, and now the whole world will know. They must stop the leak. TSC knows Agent A is a Vegemite sympathizer and is known to talk with people from the media sometimes, which is why they were watching him. They know he eats at Joe's Restaurant. A TSC agent dresses in a shabby suit he rented and puts on a local law enforcement badge and ID. He goes to Joe's and interviews the manager under the auspices of a criminal investigation. The manager at Joe's was all too happy to point out that he comes in every Wednesday, sits at a table near the rear fire exit facing the door with his back to a wall in a part of the dining room with no clear window views. He always orders Vegemite sandwiches and dresses nice. But he noticed that once a month or so, Agent A has someone with him, a real pretty lady friend. He assumes they are having an affair, and he's curious about it, so he pays a little more attention to Agent A and thought there was something funny about him, and he's eager to tell the "policeman" all about it. Agent A always looks sharp but on those days he dresses down a little, wears sunglasses, and removes his wedding ring. The manager calls over Agent A's usual waiter and asks him to tell the nice officer all about this suspicious character. Agent A's waiter says he saw a media ID sticking out of her wallet when she paid one night, so he knows she works for XYZ media. Our friendly TSC agent thanks them for their time and leaves, giving them a business card with a "detective" to contact with any new details.
TSC has only to look at all bitcoin transactions received by Proton since the leak, and I imagine this is a small set, and look at where those coins came from. TSC can and does keep banking and financial records for companies who sell Bitcoin. They run a search against the transactions looking for any wallets associated with those used to pay Proton during the period since the leak. They find 666 wallets. 420 are from Alice's country. Of these payers, only 42 paid with BTC from a wallet which had no other appreciable history. They check these 42 and the wallets connected to them by BTC transactions and find exactly one which was separated by 2 degrees and funded by BTC from Alice's reputable exchange. They quickly search the exchange's records and find that the wallet in question was funded by an account with a CC# belonging to one Alice Suspect who lives right there in Big Brotherville, and her name is on the list of XYZ media employees. TSC now knows Alice bought a VPN account, and to some courts that might be enough to escalate this. In some jurisdictions that shit will get you killed. Alice lives in a civilized democratic nation however, so instead she becomes the target of a massive and focused TSC investigation. They raid her home or intercept her vehicle, maybe they throw her in a van with a burlap sack over her head. Regardless of how they get her, TSC agents find encrypted disks, and order her to unlock them or go to prison (or face a $5 hammer). Alice sure did a lot to cover her ass, for nothing. One leaker, one media contact locally with a BTC wallet which paid Proton. Even assuming they don't target Proton, but check against all records of all VPNs on a list, doesn't change much but computing requirements to find out who is buying VPN service with BTC on their list. Assuming they don't ever go to Joe's restaurant, or even know about the pretty lady, they know local media only has so many journalists, fewer who travel these circles, and fewer still who would touch something that hot. Even assume they check ALL journalists in the entire country, how freakin hard would you have to look? How many suspects would there be who have bitcoin exchange accounts? Monitoring their search entries or IP traffic would reveal a lot and narrow the list down. Assume this is all happening in a state with a highly developed legal system and TSC has to request warrants and subpoena records to get them, and show to the satisfaction of a court that she is guilty, they still have the authority needed to grab the rest of the info they need once they have a short list of targets and they can acquire the rest through this investigation. Assume TSC never found the actual documents on Alice or in her property, the original problem of Alice being known to use a VPN is still not solved. Another approach would be to check all persons of interest for bitcoin exchange accounts by CCs, emails, names, etc., and then check those accounts for direct or indirect payments to VPN receiving wallets. Let's even assume that Alice purchased a prepaid credit card and for some reason was able to buy bitcoins with it, now they just ask FailMart to give them the register record and the video from that time. Even assume Alice isn't a journalist but a source as the OP says, and this source doesn't want people knowing they got a VPN. Follow the same breadcrumbs and you still have a bloody short list, the rest is old school tradecraft and detective work. In a not so developed legal system, only a shred of suspicion can end your life without needing anything solid at all. You see where I'm going I hope. The moral of the story is, BTC come from money, money is watched, BTC are watchable, so without a mixnet or something between purchase of coins and purchase with said coins, or a way to acquire them with complete anonymity, you're holding up a sign with your name on it which is just obfuscated enough to seem anonymous to average people. Money and identity are linked thanks to our current global financial system and all of the people who have exploited it. Selling BTC is regulated to "prevent drug lords and child sex traffickers" and other evil persons of the week from using BTC to launder money, but it's watched anyhow and every technique to link identities of individuals to bitcoin purchases can be assumed to be in use.
Come on, that was a stress situation, their data center was shared and many other companies were feeling the pain. Yes I would also tell them "don't do it", but they made a decision under very high pressure from many sides at once. They since started protecting themselves and I'm sure they won't pay anymore now. I don't see why people keep bringing this up with all the positive things they also do.
By the way, the party that initiated the ddos did stop the attack but a much bigger one took over. Probably state sponsored.
Looks the time has come for a small country to create a data haven like the fictional Sultanate of Kinakuta. I believe that the idea will attract foreign investment quickly.
It doesn't need to be a country. Just get some container ships, sail to international waters dragging a fiber cable with you and bam, data haven. You could also operate as a secure key storage. No worries about governments requesting keys as there is no government.
Does anyone know why they require existing ProtonMail users to enter their account's password AND the decryption password? Fair enough, they're linking my account, they require the account password. But the key that encrypts the email data too?
Your access token to the service is encrypted with your primary public key as an extra security measure, thus your client needs to decrypt it to use it.
Too bad they're focused on new and shiny at the expense of real (paying) email users. After a year of Visionary, I finally went back to Google. PM just isn't designed for large mailboxes, real search, or navigation. Plus they still have not provided any way for you to export your emails out. They're locked up forever, unless you want to forward each one, one at a time.
Search has been dramatically improved. Difficulties with large mailboxes are often a complex function of many variables with things like client side javascript decryption speeds often playing a large role. While testing is done with large mailboxes as part of the development process, the ultimate solution for people with extremely large boxes will likely be the use of the Bridge program with an IMAP mail client such as Microsoft Outlook. There are unofficial export programs available that call pull all mail out through Proton's API. An official, supported, export (and import) program is planned for the future.
With the small number of nodes they can offer (compared to the tor network exit nodes), traffic analysis seems relatively easy, especially with standard VPN software that may have no fake traffic generator capability.
I've been using the beta now for many months. For my use case--hiding from ISPs / other malicious non-government actors who want my IP--it's been pretty good and plenty fast. Not really sure what they plan to do with our beta plans, but I'd pay a couple of bucks a month for their speed / reliability (haven't been knocked off once). Or maybe this is just normal service and all the other VPNs I've tried in the past have been shit. Hard to tell really.
For anyone wondering, their speed claims aren't inaccurate. I ran a quick iperf test on a server in Hurricane Electric Fremont 2 with a gigabit port and it did ~500Mbit/s. DSLReports backs it up: http://www.dslreports.com/speedtest/17167172
What are security features of their VPN or email that are not in other VPNs or emails, that I can measure? I.e. I don't care how military grade is their server side encryption or I don't care that they decrypt in my JS, as long as threat model remains the same.
I'd pay for a VPN with integrated tracker / ad blocking. I currently have a low cost VPS with a VPN where I set the hosts with a couple of block lists, but I think it could be good to have a proper VPN service with that option.
The reason is using it on mobile unlocked devices, rather than desktop.
Anyone knows how to use Protonmail to send/receive attachments encrypted by a different PGP key than Protonmail uses for one's account? It never allows to download such an attachment and I surely won't upload my private key there...
Please report your difficulties to the Support Team: https://protonmail.com/support-form You don't need to be a paid user to do this. They will respond to your ticket. I have done this before - some time ago. But, perhaps a bug was introduced somewhere in the code or there is some other issue that you are running into (perhaps some configuration with the local platform). It should be possible and work correctly.
I'm currently using hide.me under Linux and even though the speed is great, I have issues all the time.
Will try this during this month to see how it compares.
I saw that they use OpenVPN protocol[1], then I stopped reading other things. Although the encrypted connections can not be decrypted, the OpenVPN protocol is easy to be detected and banned in some highly censored network.
I recommends the shadowsocks protocol[2] which I used in the censored network, which is hard to be detected and decrypted.
At a glance shadowsocks doesn't look like a secure protocol to me, so even if you use shadowsocks to obfuscate the protocol, you still need to tunnel a secure encrypted protocol inside of shadowsocks.
I don't expect most VPN users to need protocol obfuscation, especially since the IPs of the VPN operator are probably well known. If you're serious about that, you either need your own server or take great effort to hide the entry points (like Tor bridges attempt to).
> the OpenVPN protocol is easy to be detected and banned in some highly censored network.
Tunnelbear are one of the few VPN providers that use a thing called obfsproxy to circumvent this kind of censorship. They call it 'Ghostbear'[0] but really it's just an obfsproxy bundling which uses the domain fronting technique.
You can use a ssl tunnel to avoid DPI detection by your censored network or ISP. It will obfuscate your openvpn tunnel with another ssl layer, although you'll take a performance hit.
Packages like STunnel/stunnel might help(available for both windows/linux).
Mozilla's made a couple of bet-the-company decisions in the last couple years, including Firefox OS and the phone. Given the results of those, it's a miracle of luck and effective management that they're still in business.
But that would be another bet-the-company prospect, and I don't see them likely to try that for a couple years.
"ProtonVPN is a no logs VPN service. We do not track or record your internet activity, and therefore, we are unable to disclose this information to third parties."
hedora|8 years ago
https://protonmail.com/blog/transparency-report/
On the other hand, they recently reduced the level of detail in the transparency report.
There is also the fact that they are Swiss, and their privacy laws were severely weakened by a recent referendum. In particular, the Swiss government can now monitor all cross border traffic without a warrant.
ProtonMail fought the referendum, but hasn't updated this "Why Switzerland?" page:
https://protonmail.com/blog/switzerland/
They also haven't moved to a more appropriate legal jurisdiction.
[edit: clarify links]
bogomipz|8 years ago
Agreed, and that referendum was back in September of 2016. That's almost 9 months ago. This seems really disingenuous.
And the referendum didn't just eek by but it passed by 65%.
So if the Swiss domicile doesn't offer the protections it once did, why would I choose this provider over any of the half a dozen others well-known companies in the space.
Forbo|8 years ago
https://www.reddit.com/r/ProtonMail/comments/6id4lw/protonvp...
balladeer|8 years ago
So which will be that new country now, since apparently Swizterland isn't that option anymore? And what if that new country does something similar? Then next? And then? I don't think there will be many countries left to go to in that case. Or any, after some time?
So, aren't user privacy and fight against surveillance running towards a wall which is the deadend?
marcopol|8 years ago
gtirloni|8 years ago
9erdelta|8 years ago
pzduniak|8 years ago
vgfgtffcf|8 years ago
Worth mentioning their VPN recommendations: algo by trailofbits and freedome. There is another paid service they recommend but I can't recall the name.
dsacco|8 years ago
First of all, there does not appear to be a whitepaper available that describes the security architecture in any detail. This is an immediate red flag.
Second, they do have a "Security Features" page which is rather light on the details; it mentions that ProtonVPN uses AES-256 (encryption), RSA 2048 (key exchange) and HMAC-SHA256 (auth).
I'll start with RSA: the fact that they use RSA at all for a new cryptosystem in 2017 is a red flag for me. I also can't see any details of how they use RSA, so I don't know if they have implemented padding. If they haven't implemented padding (and done so correctly!), the VPN is insecure and we can stop right here. Honestly, they should be using ECC. I'm assuming they're not using something like ECDSA because RSA is faster (but not so much so to justify the potential security tradeoff, even in a VPN client).
On to AES: they commit the common marketing-mandated-security-page sin of focusing on the key size instead of the block cipher mode. They don't explain which block cipher mode they're using for AES at all - another red flag. For all I know they're using ECB (in which case, the VPN is insecure and we can stop right here). This is putting aside the question of whether or not they correctly implemented AES in whatever mode they're using.
With regards to HMAC-SHA256: in theory this is fine, but again we have no details. I'm going to go ahead and dock another point here because they're choosing to use separate primitives for encryption and authentication, when the best practice would be to use authenticated encryption like AES-GCM or AES-CCM. I admit this is bikeshedding a bit: respectable cryptographers (like cperciva) have a preference for separate construction. However, this is a VPN we're talking about, and an authenticated encryption mode would be faster than separate encryption and authentication.
A few caveats to my points: I'm quarterbacking their cryptosystem design based on one paragraph of the security page, because that's all I can find that describes their crypto. It doesn't describe it in detail, so it might still be secure. I have no knowledge of their implementation, so I can't critique that. That said, if I had to weigh the red flags I've observed here against their "developed by scientists from MIT and CERN" marketing and nothing else, the red flags win out.
sr2|8 years ago
https://www.mullvad.net
https://prq.se/?intl=1
mantra2|8 years ago
tptacek|8 years ago
aktau|8 years ago
andai|8 years ago
KingMob|8 years ago
KingMob|8 years ago
gmac|8 years ago
homakov|8 years ago
saintfiends|8 years ago
- TunnelBear is a bit more expensive (4.99$/mo, paid annually vs 4$/mo).
- TunnelBear supports up to 5 connections per account vs 2.
I use TunnelBear regularly for my browser and phone. Both works great.
My subscription is going to expire soon and I'll be open to try other VPN providers, not that there is anything wrong with TunnelBear. Any recommendations?
This site [2] has feature comparisons but experience using VPN services is another story.
[1] https://www.tunnelbear.com/ [2] https://thatoneprivacysite.net/vpn-section/
tyoma|8 years ago
[1] https://github.com/trailofbits/algo
kakarot|8 years ago
You can generate unlimited free trials until you're confident you want to spend the paltry $5 a month on them.
https://mullvad.net
gtf21|8 years ago
[1]: https://www.goldenfrog.com/vyprvpn
kennethologist|8 years ago
jbeales|8 years ago
clairity|8 years ago
edit: with that said, i really appreciate the compilation of information here, so it's no knock on the site owner.
fao_|8 years ago
newscracker|8 years ago
I also wondered why ProtonVPN doesn't list any trial period in the paid plans. So I went to the support page and found that it has nothing about payment, trials and cancellations. I then went to the Terms of Service page [1] and found that one can cancel within 14 days and get a full refund. If anyone from ProtonVPN is reading this, please move this information to the signup page and also list it on your support pages. Those are the places for this important piece of information. Almost nobody reads the terms of use on any website.
Quote from the Terms of Service page (typo "Guaranty" ought to be "Guarantee"):
> Money Back Guaranty
> You may cancel your account with a full refund within 14 days of the initial purchase. Refunds or credits beyond the 14 day window will be considered, but at the sole discretion of ProtonVPN. The Company is only obligated to refund in the original currency of payment and refunds will be processed within 14 days of the request. To request a refund under our Money Back Guarantee, send an email with your request to support@protonvpn.com.
[1]: https://protonvpn.com/terms-and-conditions
marcopol|8 years ago
simonvc|8 years ago
I run free privacy/security classes for journalists, and some of them have said that their sources can't use paid VPNs because they're afraid of the purchase showing up on their credit card statement.
TOR is great, but doesn't yet work for things like video chat (yes i tell them not to use Skype...)
michaelt|8 years ago
There are certainly VPNs available that you can sign up for over Tor, and pay for with Bitcoin. However, some bitcoin payment services block Tor IP addresses; tools for VPN-over-Tor can be clumsy; and some sites that accept Bitcoin process the payments manually so it can take a day or two.
[1] https://thatoneprivacysite.net/vpn-comparison-chart/
jazzyk|8 years ago
jagermo|8 years ago
https://protonvpn.com/pricing
Also, it should be able to pay them in BTC, I remember sending a donation when I signed up for protonmail.
Kroniker|8 years ago
wishinghand|8 years ago
axonic|8 years ago
If your target uses BTC to avoid CC payments, then they had better know how to prevent tracking the payment on the blockchain as well. If I were targeted by a bad actor with state level resources, I would assume any bitcoin transactions to ProtonVPN would be spotted easily and I would assume any wallets I've used are hot. There were lots of ways to do this explored by users of onion sites who purchased illegal items. One of the most popular was to 'launder' the coins using a mixing service which shuffles around the BTC (for a fee) and sends it to a wallet of your choice, typically a one time use wallet which sends the balance to your account on the onion site for purchases from other users. The onion site operators may also mix up their coins, making it a little harder still. The coins from origin are received, split into a bunch of tiny transactions all over in various wallets, like shuffling cards, then many wallets send small amounts whose sum is the amount laundered minus fees, to the final destination one way or another. I encourage you to browse forums on such sites for the scoop on what the users think they know, as well as what security researchers have published on the subject.
Example: User Alice wants to pay for services from Bob. Bob's services are a little questionable in Alice's jurisdiction and she is concerned about someone finding out about her payment. If Alice is being surveilled directly, and the attacker knows about the wallets Alice uses because they got records from the company she buys coins from (or somewhere else like sniffing her traffic), and the service is priced at $X on Y date given the bitcoin value at the time, the attacker can look for any transactions for that amount on dates which Alice visited the site and compare the transactions.
In our example, lets say Alice wants to upgrade to paid ProtonVPN service but doesn't want Throckmorton's Sign Company [1] to find out about it. TSC suspects Alice may be trying to smuggle information through a VPN. Alice is smart and uses all the best practices. She's got a locked down mobile device with no cellular antenna connected to a long range directional antenna. She leaves her phone at home, drives the most secure route available by avoiding main streets with traffic cameras and license plate scanners. She parks in a cheap apartment complex parking lot (no guards/cams) at the base of the mountain. She pulls a mountain bike from the trunk and places her handgun in a waist pack, and rides to a higher elevation scenic point with no security/safety cameras and infrequent civilian or police traffic, aims her high gain antenna at the hotels below, and gets a WiFi signal. She connects with a spoofed MAC address, from a Tails ISO on optical media, to somewhere she cannot be physically linked to, using a device modified for safety. She has a script which changes her apparent desktop resolution, browser size on every page load, user agent strings, window dimensions, all kinds of fingerprinting avoidance. Alice uses a virtual keyboard which randomizes the delay between keystrokes before forwarding her input. Alice checks her configuration for holes, checks TOR, checks DNS, etc. and everything is solid. Feeling secure now, Alice logs into a brand new Proton account not associated with her, checks the price, and pays via Bitcoin. She bought bitcoin from a reputable exchange and had it deposited to a new wallet. She then transfers these coins to another wallet which is brand new and uses this to pay Proton.
An unknown actor at a TSC subsidiary agency has absconded with classified intelligence reports. Agent A is being watched, his stuff searched, no reports found, and Agent A won't talk. TSC thinks Agent A leaked it. Surely he sent it to some damn media hippie who loves communism and Vegemite, and now the whole world will know. They must stop the leak. TSC knows Agent A is a Vegemite sympathizer and is known to talk with people from the media sometimes, which is why they were watching him. They know he eats at Joe's Restaurant. A TSC agent dresses in a shabby suit he rented and puts on a local law enforcement badge and ID. He goes to Joe's and interviews the manager under the auspices of a criminal investigation. The manager at Joe's was all too happy to point out that he comes in every Wednesday, sits at a table near the rear fire exit facing the door with his back to a wall in a part of the dining room with no clear window views. He always orders Vegemite sandwiches and dresses nice. But he noticed that once a month or so, Agent A has someone with him, a real pretty lady friend. He assumes they are having an affair, and he's curious about it, so he pays a little more attention to Agent A and thought there was something funny about him, and he's eager to tell the "policeman" all about it. Agent A always looks sharp but on those days he dresses down a little, wears sunglasses, and removes his wedding ring. The manager calls over Agent A's usual waiter and asks him to tell the nice officer all about this suspicious character. Agent A's waiter says he saw a media ID sticking out of her wallet when she paid one night, so he knows she works for XYZ media. Our friendly TSC agent thanks them for their time and leaves, giving them a business card with a "detective" to contact with any new details.
TSC has only to look at all bitcoin transactions received by Proton since the leak, and I imagine this is a small set, and look at where those coins came from. TSC can and does keep banking and financial records for companies who sell Bitcoin. They run a search against the transactions looking for any wallets associated with those used to pay Proton during the period since the leak. They find 666 wallets. 420 are from Alice's country. Of these payers, only 42 paid with BTC from a wallet which had no other appreciable history. They check these 42 and the wallets connected to them by BTC transactions and find exactly one which was separated by 2 degrees and funded by BTC from Alice's reputable exchange. They quickly search the exchange's records and find that the wallet in question was funded by an account with a CC# belonging to one Alice Suspect who lives right there in Big Brotherville, and her name is on the list of XYZ media employees. TSC now knows Alice bought a VPN account, and to some courts that might be enough to escalate this. In some jurisdictions that shit will get you killed. Alice lives in a civilized democratic nation however, so instead she becomes the target of a massive and focused TSC investigation. They raid her home or intercept her vehicle, maybe they throw her in a van with a burlap sack over her head. Regardless of how they get her, TSC agents find encrypted disks, and order her to unlock them or go to prison (or face a $5 hammer). Alice sure did a lot to cover her ass, for nothing. One leaker, one media contact locally with a BTC wallet which paid Proton. Even assuming they don't target Proton, but check against all records of all VPNs on a list, doesn't change much but computing requirements to find out who is buying VPN service with BTC on their list. Assuming they don't ever go to Joe's restaurant, or even know about the pretty lady, they know local media only has so many journalists, fewer who travel these circles, and fewer still who would touch something that hot. Even assume they check ALL journalists in the entire country, how freakin hard would you have to look? How many suspects would there be who have bitcoin exchange accounts? Monitoring their search entries or IP traffic would reveal a lot and narrow the list down. Assume this is all happening in a state with a highly developed legal system and TSC has to request warrants and subpoena records to get them, and show to the satisfaction of a court that she is guilty, they still have the authority needed to grab the rest of the info they need once they have a short list of targets and they can acquire the rest through this investigation. Assume TSC never found the actual documents on Alice or in her property, the original problem of Alice being known to use a VPN is still not solved. Another approach would be to check all persons of interest for bitcoin exchange accounts by CCs, emails, names, etc., and then check those accounts for direct or indirect payments to VPN receiving wallets. Let's even assume that Alice purchased a prepaid credit card and for some reason was able to buy bitcoins with it, now they just ask FailMart to give them the register record and the video from that time. Even assume Alice isn't a journalist but a source as the OP says, and this source doesn't want people knowing they got a VPN. Follow the same breadcrumbs and you still have a bloody short list, the rest is old school tradecraft and detective work. In a not so developed legal system, only a shred of suspicion can end your life without needing anything solid at all. You see where I'm going I hope. The moral of the story is, BTC come from money, money is watched, BTC are watchable, so without a mixnet or something between purchase of coins and purchase with said coins, or a way to acquire them with complete anonymity, you're holding up a sign with your name on it which is just obfuscated enough to seem anonymous to average people. Money and identity are linked thanks to our current global financial system and all of the people who have exploited it. Selling BTC is regulated to "prevent drug lords and child sex traffickers" and other evil persons of the week from using BTC to launder money, but it's watched anyhow and every technique to link identities of individuals to bitcoin purchases can be assumed to be in use.
[1] This is actually funny, a medical joke. https://radiopaedia.org/articles/throckmorton-sign-pelvis
shaggyfrog|8 years ago
https://arstechnica.com/security/2015/11/crypto-e-mail-servi...
teekert|8 years ago
By the way, the party that initiated the ddos did stop the attack but a much bigger one took over. Probably state sponsored.
bartbutler|8 years ago
atmosx|8 years ago
ryaneager|8 years ago
teknologist|8 years ago
bartbutler|8 years ago
blunte|8 years ago
vabmit|8 years ago
Tepix|8 years ago
zx2c4|8 years ago
OpenVPN and IKE both have terrible track records in terms of implementation security.
mnm1|8 years ago
Veratyr|8 years ago
This was to their us-07 server in SF.
homakov|8 years ago
What they changed in the model? Is it trustless?
chippy|8 years ago
The reason is using it on mobile unlocked devices, rather than desktop.
bitL|8 years ago
vabmit|8 years ago
sjclemmy|8 years ago
pacuna|8 years ago
vr46|8 years ago
zsj|8 years ago
I recommends the shadowsocks protocol[2] which I used in the censored network, which is hard to be detected and decrypted.
[1] https://protonvpn.com/secure-vpn
[2] https://github.com/shadowsocks
Tepix|8 years ago
CodesInChaos|8 years ago
I don't expect most VPN users to need protocol obfuscation, especially since the IPs of the VPN operator are probably well known. If you're serious about that, you either need your own server or take great effort to hide the entry points (like Tor bridges attempt to).
sr2|8 years ago
Tunnelbear are one of the few VPN providers that use a thing called obfsproxy to circumvent this kind of censorship. They call it 'Ghostbear'[0] but really it's just an obfsproxy bundling which uses the domain fronting technique.
[0] https://help.tunnelbear.com/customer/en/portal/articles/2435...
[1] https://en.wikipedia.org/wiki/Domain_fronting
pdcerb|8 years ago
Packages like STunnel/stunnel might help(available for both windows/linux).
akerro|8 years ago
brians|8 years ago
But that would be another bet-the-company prospect, and I don't see them likely to try that for a couple years.
sandGorgon|8 years ago
unknown|8 years ago
[deleted]
tjbiddle|8 years ago
sbouafif|8 years ago
"ProtonVPN is a no logs VPN service. We do not track or record your internet activity, and therefore, we are unable to disclose this information to third parties."
https://protonvpn.com/pricing
rebelidealist|8 years ago
nthcolumn|8 years ago
bdcravens|8 years ago