After the sole developer of Incognito, arguably, the best Linux live CD for anonymous internet browsing, announced that he could not carry on with his work in the project, another anonymous live CD, Amnesia, decided to merge with Incognito Linux live CD, and hence, the (Amnesic) Incognito Live System was born.
Version 0.5 of The Amnesic Incognito Live CD is now out and includes lots of goodies for anonymous internet surfing, encryption and erasing your online tracks, such as:
Claws Mail 3.7.5 with OpenPGP support.
Pidgin automatically connects to irc.oftc.net with a randomized nickname.
At shutdown time, only prompt to remove CD; just halt when booted from a USB stick.
Forbid any IPv6 communication with the outside.
Added some wifi drivers: Ralink rt2570, rt2860 and Broadcom STA.
My hats off to this great live CD for anonymous internet surfing!
For those who fear that the Chinese or British secret services will seize their computers one day, a live CD is the sure way to avoid leaving any tracks on your computer.
I came accross this offer at Softpedia today and I thought about sharing it with all of you. Valid until 31st January 2010, you can download a free full licensed version of East-Tec Eraser 2009.
I just downloaded and registered it and so far so good, it works fine with Windows Vista 64 bit. East-Tec Eraser is last year’s version of this software but still has lots of great features. It can clean your Windows registry, email software, Windows OS unwanted backups and page file, cookies, history, and a long etc.
East-Tec Eraser 2009 is highly configurable and it has a wide range of wiping methods.
Note: Do not fool yourself! East-Tec Eraser does a great job making life difficult for anyone trying to recover data from your computer. But if your life is at stake, use full disk encryption (Truecrypt)! Sometimes only a single picture or a single document is necessary to ruin your life for ever.
Free East-Tec Eraser 2009 (link valid until 31st January 2010): http://www.east-tec.com/offers/softpedia/2009/eraser/register.htm (Offer gone!)
It is only now that the subpoena has been fought off successfully in court that it can be know how the FBI attempted to get all the IP addresses of people visiting Indymedia.us, an independent news website. The subpoena also imposed a gag order and demanded the recipient’s silence under threat of being prosecuted for obstruction to justice.
Unfortunately for the FBI Indymedia has a no logs policy so besides being defeated in Court by the Electronic Frountiers Foundation, its request could not be fulfilled anyway.
I wonder what kind of people the US has protecting them from terrorism, unpaid fines and rape, when the FBI intelligence team is not aware that Indymedia does not keep logs?
This is actually public information that Indymedia has all over its website.
You can read all of the saucy details on how the Electronic Frontier Foundation won the case against this bogus FBI subpoena at the EFF webpage: Anatomy of a Bogus Subpoena
Indymedia UK security set up
Just for all the fucktard officers reading this who do not know how to use Google, let me tell you some of UK Indymedia security set up. (I will assume the security of their Worldwide Indymedia counterparts resembles it).
There are two physical servers that are owned by Indymedia UK, both servers are fully encrypted, the passphrases required for the disk encryption software are in the region of 30-40 characters minimum, they are only stored in an encrypted format by trusted administrators.
If any of the servers are turned off for any reason the passphrases needs to be manually re-entered before the machine can become functional again. People who have physical access to the servers do not normally hold the passphrases, and in some instances, the passphrases are kept in a different country to where the machine is located.
The UK Indymedia website uses software designed around a central publish server from which static HTML content is then copied to mirrors.
UK Indymedia has employed up to 10 mirrors at any one time, the mirrors may be located anywhere around the world, when you post an article you will be redirected to one of these mirrors at random. Mirrors, like the publish server, are set up to not log IP addresses.
FBI top secret tip to always get it right
-"This is the best marksmanship I have ever seen" - said the
-"How in the World do you do it?"
-"Nothing to it" - says the Fucktard Bureau of Investigation
I have been using AceVPN for three months now and this review is based on this length of time. Before getting into a Virtual Private Network for anonymous internet surfing purposes, you should understand that a VPN will make it more difficult for TLA agencies such as the CiA and Mi5 to spy on you, but a VPN is a single hop proxy, if they want you bad they will most likely have you.
For serious anonymous internet surfing you should use Tor, which unfortunately it is slow for most activities other than posting at bulletin boards.
At the moment there is a 50GB monthly bandwith cap on AceVPN, I think this is a very reasonable amount of bandwith, the average surfer will probably download half that and since P2P programs are not allowed on AceVPN I can hardly see anyone going over the limit.
The Good Stuff
Every time I have emailed AceVPN, around five times, I always got a useful reply in under 24 hours. AceVPN at the time of writing this, has servers in the US, UK and France and claims to be planning new servers at other countries.
One of the USA VPN I was using got blocked by Hulu, a US only TV website, apparently they do not like people from abroad being able to watch their films through a proxy. AceVPN has a secret list of VPNs to access US only sites such as Hulu TV, Pandora radio and Crackle TV, if you email AceVPN support and tell them you want to watch Hulu and they are blocking your proxy, they will send you a new non public configuration file with new servers for the VPN.
AceVPN uses OpenVPN to tunnel the data as opposed to the more unsecure PPTP, and besides Windows, AceVPN also works in Mac, Linux/BSD and the iPhone, any device where you can install OpenVPN should work.
You can choose the UDP or TCP protocol for tunneling. Normally you should choose the UDP protocol, this is que fastest method to download data through the VPN, the TCP protocol is provided because some ISPs and private networks block all UDP traffic to stop certain applications from accessing the internet.
The Bad Stuff
When you sign up for AceVPN they will send you a very hard to remember cryptic password that you can not change, you will need to enter this every time you want to access the VPN, better write it down somewhere, I personally have it saved on a .txt file on my Desktop.
AceVPN has servers in several countries but in order to choose what server you want to connect to you will have to manually edit the OpenVPN config file in Notepad and comment out the servers you want to avoid, there is no control panel to do this.
Torrents and P2P programs are not allowed at AceVPN, even if some users use it, as per terms and conditions this is forbidden.
AceVPN is great value for money and it stops your ISP from logging your internet activities making the life of those who spy on others much more difficult, AceVPN is also one of the cheapest VPN available and the wide choice of servers located in different countries guarantees that if one goes down you can still connect somewhere else.
Be aware that during my time with AceVPN one of their USA servers was seized by the FBI, this was due to a DMCA request according to AceVPN management.
While AceVPN claims not to keep logs, the FBI is known to have great computer forensic facilities and only God knows what kind of personal private data from innocent people they managed to retrieve from that server.
I will be greatly surprised if these professional meddlesome informers resisted the temptation of not looking at other users accounts, I will say it again because people’s lives may be at stake, never forget to use full disk encryption as a security back up. A VPN will make the spooks job more difficult but not impossible, privacy advocates are a high target for TLA, people who have a private life scare the shit out of them, they are not used to that, be ready for an early morning raid from people wanting to know what you do in your spare time, whether you use VPN or you don’t, the Obama deception is here, this is not a joke, the CiA means business, your little VPN will not be enough to stop them, think bigger.
UPDATE: As of 01 December 2009, I am having serious problems to watch USA TV with AceVPN (it’s very slow), after various speed tests at http://www.speedtest.net I have detected that their USA servers are very slow at times, in the order of 500Kb/download.
This may change in the future but as for now be warned of this problem. Their French and UK server speed was acceptable.
In order to carry out mass surveillance of personal computers a huge amount of UK police officers will have to be given computing skills, this is highly unlikely to happen. It would not make any sense for the Government to spend millions of pounds training police officers in computers for the occassional use with the antiwar or animal rights protester.
Malicious computer hacker
Suspects of terrorism and other serious offences will be likely to have a highly skilled and experienced computer forensics officer on their case, the others will have Robbie the bobby.
In my oppinion your local copper will be trained in 15 minutes on how to use a trojan horse like eBlaster or Win-Spy. The police will send it to you by email, or you can be made to inadvertently download it through your internet browser visiting a campaign site or forum. Then Robbie the bobby can use his point and click mouse to spy on you like a cheap 007 James Bond agent, with no knowledge at all about networking, computer antiforensics tools, encryption, cracking or anything else that requires a brain.
You will need a good internet browser to protect your family privacy and stop Robbie the bobby from spying on you and your children. Besides the obvious advice of saving all your holiday snaps inside an encrypted container, you should also use a secure an updated internet browser that will not be exploited to plant a trojan horse in your computer.
Innocent computer user
Multiplatform Internet Browsers (Unix,Windows and MAC):
These are not really proper internet browsers but more like skins that embed in Internet Explorer. They are an improvement over Internet Explorer an add some extra features, but as they use the same base code and rendering engine as IE the security vulnerabilites will be corresponding and you get no major extra security gains.
Internet Explorer is probably the worst browser out there in functionality, security and privacy, but this is or should be a free World, if you want to risk unknow people knowing everything about you while you know nothing about them, then feel free to do so.
Internet browsers that run from a USB key or encrypted container:
This is the best way to avoid leaving any tracks on your computer, and a must have for those using the Library or an internet cafe for internet surfing.
If you do all your internet browsing from inside an encrypted hardrive or encrypted USB key then all the cache and history will be stored there too. But do not get too excited yet as huge amount of private data can still be recovered from the operating system.
The files you download and view may be stored on a temporaty folder by Windows Media Player, Microsoft Word, etc… The names of the files you view can also be stored in unsuspected places inside the OS, and all USB thumbdrives have a unique ID number that will be stored in the Windows registry as soon as you plug it in.
Thanks to this unique number it is possible to proof that the owner of that thumbdrive used it on that computer and it is also possible to find out the maker/brand of your thumbdrive without even having it.
The Safari browser has a privacy mode that will do all your internet surfing in RAM and will not store anything on your hard disk provided you have enough amount of RAM available.
Konqueror internet browser support for Windows and MAC is in beta, which means it may work or may not. Konqueror origins are in Unix and KDE.
SeaMonkey, Flock and Opera internet browsers are an all in one internet application suite, they include embedded features like an IRC chat client, newsreader and notepad.
You should avoid embedded Internet Explorer internet browsers as they do not offer any major security advantadge over IE.
What internet browser is the best?
As individuals we all have different needs and wants, it is not possible to advise an absolute browser for everyone without knowing what they want from it and how they will use it.
With so many choices available I would simply avoid Internet Explorer like the plague due to its tracked record of security problems. On my next post I will tell you the internet browser I use myself and what features I like and do not like from it.
It has been quite a while since I last used VforVPN and I am glad they are still online as I was quite happy with their services and customer support.
With a VPN you will avoid your ISP logging your internet activities and will make it next to impossible for outsiders to eavesdrop on your internet activities. I would recommend you to always get a VPN located outside the country where you live, aka offshore, this will make it even harder for your local Stasi, aka Cia, aka Mi5, et al, to read your emails and look at your online habits.
I still do not understand why VforVPN is so little know as it is one of the few services that will support Unix systems, my guess is that many people will be put off when they read in their about page that the person behind the company is a high school student.
The Good Stuff
Once you can install OpenVPN in your Unix system you are ready to go, VforVPN will work in Linux, Solaris or any BSD, I used it with FreeBSD so I can tell you for sure it will work with it.
If you plan on using VforVPN with Unix you will need to ask support to send you a digital certificate which in my case they did in less than 24 hours. For some unknown reason I only managed to make it work when I was logged in as root, otherwise the openvpn command would give me some error, even though the other user in the box had full rights.
One of the big frustrations I have with VPN proxies is that they will only support Windows, it is refreshing to find a provider that will not force you to use Microsoft. Some of those providers don’t even work with Windows 64 bit, when incidentally a Windows 64 bit OS is more secure than a 32 bit operating system.
You have two plans available with VforVPN, one using PPTP and another using OpenVPN. PPTP is an outdated Microsoft technology that does not provide confidentiality nor encryption; It relies on the protocol being tunnelled to provide privacy, for high security you would be advised to keep well away from the Point-to-Point Tunneling Protocol (PPTP), the OpenVPN plan is slightly more expensive but considerably safer.
During the time I used VforVPN I never experienced any downtime or speed issue, however I could not connect to the Undernet network in IRC as they have VforVPN IP blacklisted, likely to be due to somebody misusing anonymity to carry out abuse.
Connecting to other IRC networks other than Undernet worked fine. You are very likely to find many proxies blacklisted in IRC servers, including tor proxies, so I can not hold this against VforVPN.
The Bad Stuff
A high school student managing your privacy is not what you would ideally expect from a privacy service, you would probably want an individual with many years of IT experience and a proven record in the privacy business.
I can not vouch for the no logs claim of any VPN provider, there is no way anyone but them can know the truth about this. They could claim 30 days logs and keep them for 30 years or 30 seconds, that is why for truly anonymity, anything other than tor is only pseudoanonymous, but tor proxies are slow and you can’t stream video or do bittorrent or anything that demands high bandwidth and speed, at times you will need to consider a VPN provider for internet surfing.
VforVPN has some of the cheapest prices I have found, their speed and uptime was 100% during the time I used them, they replied quickly and efficiently to my emails, and their service works with Windows, Linux and even the iPhone (or other smartphones)!
You will have to trust a high school student to manage your privacy, but at least they are letting you know, if VforVPN stay in business for a few years this will not apply anymore.
At other companies you usually do not have a clue of who is managing your privacy, it could be the same or worse.
This is my independent review based on my personal experience, you are more than welcome to comment below any negative or positive experience you had with them, I never censor anyone other than spammers.
UPDATE: As of 01 September 2009, VforVPN has gone offline!
I am deleting the link I had to them as their domain name is now parked.
UPDATE 2: As of 01 December 2009, VforVPN came back online! I would avoid paying one year in advance to this VPN just in case it goes offline again.
UPDATE January 2011: Website is down, stay out of this VPN provider, not stable, assuming they still exist.