Tag Archives: SSH tunnel

Review: Virtual Pritate Network for private internet surfing AceVPN

I have been using AceVPN for three months now and this review is based on this length of time. Before getting into a Virtual Private Network for anonymous internet surfing purposes, you should understand that a VPN will make it more difficult for TLA agencies such as the CiA and Mi5 to spy on you, but a VPN is a single hop proxy, if they want you bad they will most likely have you.

For serious anonymous internet surfing you should use Tor, which unfortunately it is slow for most activities other than posting at bulletin boards.

At the moment there is a 50GB monthly bandwith cap on AceVPN, I think this is a very reasonable amount of bandwith, the average surfer will probably download half that and since P2P programs are not allowed on AceVPN I can hardly see anyone going over the limit.

The Good Stuff

Every time I have emailed AceVPN, around five times, I always got a useful reply in under 24 hours. AceVPN at the time of writing this, has servers in the US, UK and France and claims to be planning new servers at other countries.

One of the USA VPN I was using got blocked by Hulu, a US only TV website, apparently they do not like people from abroad being able to watch their films through a proxy. AceVPN has a secret list of VPNs to access US only sites such as Hulu TV, Pandora radio and Crackle TV, if you email AceVPN support and tell them you want to watch Hulu and they are blocking your proxy, they will send you a new non public configuration file with new servers for the VPN.

AceVPN uses OpenVPN to tunnel the data as opposed to the more unsecure PPTP, and besides Windows, AceVPN also works in Mac, Linux/BSD and the iPhone, any device where you can install OpenVPN should work.

You can choose the UDP or TCP protocol for tunneling. Normally you should choose the UDP protocol, this is que fastest method to download data through the VPN, the TCP protocol is provided because some ISPs and private networks block all UDP traffic to stop certain applications from accessing the internet.

World Internet Plugged In

The Bad Stuff

When you sign up for AceVPN they will send you a very hard to remember cryptic password that you can not change, you will need to enter this every time you want to access the VPN, better write it down somewhere, I personally have it saved on a .txt file on my Desktop.

AceVPN has servers in several countries but  in order to choose what server you want to connect to you will have to manually edit the OpenVPN config file in Notepad and comment out the servers you want to avoid, there is no control panel to do this.

Torrents and P2P programs are not allowed at AceVPN, even if some users use it, as  per terms and conditions this is forbidden.

Conclusion

AceVPN is great value for money and it stops your ISP from logging your internet activities making the life of those who spy on others much more difficult, AceVPN is also one of the cheapest VPN available and the wide choice of servers located in different countries guarantees that if one goes down you can still connect somewhere else.

Be aware that during my time with AceVPN one of their USA servers was seized by the FBI, this was due to a DMCA request according to AceVPN management.

While AceVPN claims not to keep logs, the FBI is known to have great computer forensic facilities and only God knows what kind of personal private data from innocent people they managed to retrieve from that server.

I will be greatly surprised if these professional meddlesome informers resisted the temptation of not looking at other users accounts, I will say it again because people’s lives may be at stake, never forget to use full disk encryption as a security back up. A VPN will make the spooks job more difficult but not impossible, privacy advocates are a high target for TLA, people who have a private life scare the shit out of them, they are not used to that, be ready for an early morning raid from people wanting to know what you do in your spare time, whether you use VPN or you don’t, the Obama deception is here, this is not a joke, the CiA means business, your little VPN will not be enough to stop them, think bigger.

http://www.acevpn.com

UPDATE: As of 01 December 2009, I am having serious problems to watch USA TV with AceVPN (it’s very slow), after various speed tests at http://www.speedtest.net I have detected that their USA servers are very slow at times, in the order of 500Kb/download.

This may change in the future but as for now be warned of this problem. Their French and UK server speed was acceptable.

Review: Private internet surfing SSH tunneling Cotse

I have been using Cotse for private internet surfing for over a year and I think this is an accurate review of Cotse based on that. This privacy provider also gives you access to private email, IRC Chat via web interface, web based remailer, SSH tunneling and webhosting.

The first thing to understand is that Cotse SSH tunneling is not for anonymity, but privacy. You will be able to hide from your ISP what websites you are visiting and what you are downloading from the internet, and it will not matter if your ISP keeps logs for one year or twenty years, all they will see when you surf the internet is that you are connected to an SSH tunnel, and anything after that can only be seen and logged by Cotse, your ISP will be powerless to stop this.

In order to use the SSH tunnel in Windows you will need to download an SSH client, my favourite client being KiTTY but there are others around. In Unix,  you simply open the shell and type (example assumes you are using tunnel1):

ssh -L 5000:127.0.0.1:9999 username@tunnel1.cotse.net

With 5000 being the local port being forwarded to port 9999 on the server, using this port will pass on your OS and browser ID to the visited sites, if you forward the traffic to port 8888 Cotse will fake your operating system and browser ID as Windows Vista and Firefox regardless of what OS you use.

You can also forward to port 8080 which uses privoxy, this protects your privacy even further by stopping aggressive advertisements displaying on the screen, but privoxy will slow down  your internet browsing a little.

Cotse SSH tunnel logged out
Cotse SSH tunnel

You can pay for the service with a money order, check, Paypal or credit card, however paying by credit card requires you to reveal your real ISP email address or they will decline payment, according to Cotse this is due to fraud prevention reasons. For anonymous payments you will be better off using a money order or using a virtual credit card and pay through Paypal. Read my post on opening a Paypal account using a fake name to learn how to do this.

Logging Policy

Cotse claims they keep logs of your activities for five days, I think this is reasonable. In an ideal World logs would not exist,but unfortunately some people will abuse privacy services and those users will have to be weeded out one way or another.

Most proxy services will tell you that they do not keep any kind of logs, but technically speaking this is impossible since from the moment you connect to their proxy logs are being created, what happens is that they claim that those logs do not get stored more time than necessary, until you disconnect, and then get overwritten, hence they call it a “no logs” proxy service.

When reading about the logging policy of a privacy service you should consider that it is very easy for them to lie to you and hide their real logging policy. Cotse could easily claim they keep no logs and you would have no way of knowing if these claims are truth or not. By making clear your activities are being stored for five days and then overwritten, Cotse gives me the impression of being an honest provider in regards to their privacy claims of what they can do for you and what not.

There are far too many privacy snakeoil out there advertising the impossible, although I believe it is possible to run a “no logs” privacy service, the problem will always be finding out who is lying and who is not.

Internet IP logs
Internet IP logs

The Good Stuff

You can use Cotse SSH tunnel with Unix systems as well as Windows, their tunneling service is ideal to be used together with a live Linux CD leaving no computer tracks.

You not only get an SSH secure tunnel but also a private email service (Squirrelmal interface) with POP and IMAP, you also get a fairly decent hosting account with no speech limitations other than illegal content in the US where Cotse and its servers are based.

You have no bandwidth limitations when using SSH tunnelling and Cotse provides alternative ports like 443 in case your ISP blocks the default SSH port 22.

Unlike a VPN, if the SSH tunnel goes down for some reason, your real computer IP will not be exposed and your internet will stop working, this is a good thing. In a VPN, when the service goes down, your internet connection simply borrows your real IP instead with the risk of exposing your identity.

The Cotse email address that comes with the SSH tunnel has automatically expiring aliases, SSL connexion and a highly configurable spam filter, as well as hiding the sender IP on the headers.

Cotse helpdesk is excellent and they always reply under 24 hours, downtime of the SSH tunnel is also minimal, in one year I must have experienced thirty minutes downtime altogether, speed through the tunnel is unnoticeable from the direct connection.

The Bad Stuff

You are not allowed to use torrents through the SSH tunnel as p2p incoming connexions cause issues to the other customers, and the tunnel will disconnect automatically after 600 minutes of continous use (ten hours), you will have to reconnect after that.

Using a credit card for payment will require you to reveal your ISP  assigned email address, payments with a virtual credit card under assumed name will only be possible using Paypal. Your other alternative is a money order or check.

Webspace monthly bandwidth is poor at 1000MB, it will be enough for a text only personal website but no more than that. Their IRC web based chat is blocked by some Undernet servers (due to abuse), other than that it works fine at other networks.

Setting up Cotse SSH tunnel can be a bit overwhelming for someone who is new to the internet, it may take them a while to figure out how to configure everything.

Conclusion

Cotse makes excellent value for money, and you not only get an SSH tunnel but also a private email address and webhosting. If you want a cheap private proxy with no bandwith limitations that works accross Unix as well as Windows, then Cotse is probably for you.

Their five days logs policy is worse than other sites promising not to keep any kind of logs, but you can not be sure those sites are telling you the truth, in fact you can not even be sure Cotse is not logging your activities for longer than the five stated days, you have no way around this other than running your own proxy server.

http://www.cotse.net

Notice: Review based on the basic SSH Internet Shield Cotse service, you can upgrade this for extra features.

SSH tunneling between two computers
SSH tunneling between two computers/em

Review: Anonymous internet surfing VforVPN

It has been quite a while since I last used VforVPN and I am glad they are still online as I was quite happy with their services and customer support.

With a VPN you will avoid your ISP logging your internet activities and will make it next to impossible for outsiders to eavesdrop on your internet activities. I would recommend you to always get a VPN located outside the country where you live, aka offshore, this will make it even harder for your local Stasi, aka Cia, aka Mi5, et al, to read your emails and look at your online habits.

I still do not understand why VforVPN is so little know as it is one of the few services that will support Unix systems, my guess is that many people will be put off when they read in their about page that the person behind the company is a high school student.

The Good Stuff

Once you can install OpenVPN in your Unix system you are ready to go, VforVPN will work in Linux, Solaris or any BSD,  I used it with FreeBSD so I can tell you for sure it will work with it.

If you plan on using VforVPN with Unix you will need to ask support to send you a digital certificate which in my case they did in less than 24 hours. For some unknown reason I only managed to make it work when I was logged in as root, otherwise the openvpn command would give me some error, even though the other user in the box had full rights.

One of the big frustrations I have with VPN proxies is that they will only support Windows, it is refreshing to find a provider that will not force you to use Microsoft. Some of those providers don’t even work with Windows 64 bit,  when incidentally a Windows 64 bit OS is more secure than a 32 bit operating system.

You have two plans available with VforVPN, one using PPTP and another using OpenVPN. PPTP is an outdated Microsoft technology that does not provide confidentiality nor encryption; It relies on the protocol being tunnelled to provide privacy, for high security you would be advised to keep well away from the Point-to-Point Tunneling Protocol (PPTP), the OpenVPN plan is slightly more expensive but considerably safer.

During the time I used VforVPN I never experienced any downtime or speed issue, however I could not connect to the Undernet network in IRC as they have VforVPN IP blacklisted, likely to be due to somebody misusing anonymity to carry out abuse.

Connecting to other IRC networks other than Undernet worked fine. You are very likely to find many proxies blacklisted in IRC servers, including tor proxies, so I can not hold this against VforVPN.

The Bad Stuff

A high school student managing your privacy is not what you would ideally expect from a privacy service, you would probably want an individual with many years of IT experience and a proven record in the privacy business.

Their servers are located in the US, and their privacy policy claims that they do not log anything, this is not possible as any internet connexion to any server will produce logs of some kind, what they probably mean like most other services claiming no logs, is that they only retain them for a few hours and then they get overwritten, but logs must be created in some way or shape even if for a few hours or less, without this it would be impossible for them to troubleshoot any technical problem.

I can not vouch for the no logs claim of any VPN provider, there is no way anyone but them can know the truth about this. They could claim 30 days logs and keep them for 30 years or 30 seconds, that is why for truly anonymity, anything other than tor is only pseudoanonymous, but tor proxies are slow and you can’t stream video or do bittorrent or anything that demands high bandwidth and speed, at times you will need to consider a VPN provider for internet surfing.

Conclusion

VforVPN has some of the cheapest prices I have found, their speed and uptime was 100% during the time I used them, they replied quickly and efficiently to my emails, and their service works with Windows, Linux and even the iPhone (or other smartphones)!

You will have to trust a high school student to manage your privacy, but at least they are letting you know, if VforVPN stay in business for a few years this will not apply anymore.

At other companies you usually do not have a clue of who is managing your privacy, it could be the same or worse.

This is my independent review based on my personal experience, you are more than welcome to comment below any negative or positive experience you had with them, I never censor anyone other than spammers.

VPN Tunnel
VPN Tunnel

UPDATE: As of 01 September 2009, VforVPN has gone offline!

I am deleting the link I had to them as their domain name is now parked.

UPDATE 2: As of 01 December 2009, VforVPN came back online! I would avoid paying one year in advance to this VPN just in case it goes offline again.

UPDATE  January 2011: Website is down, stay out of this VPN provider, not stable, assuming they still exist.