Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 22 Oct 2017, 09:55
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
VPN Comparison Chart & How to choose the best VPN
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [9 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 974
Location: Canada

PostPosted: Tue 11 Apr 2017, 09:52    Post subject:  VPN Comparison Chart & How to choose the best VPN
Subject description: a chart to help users find best VPN service providers & features to look out for
 

https://thatoneprivacysite.net/simple-vpn-comparison-chart/

You will find a chart for email service providers as well.

You can download both charts as odt files, which you can view with LibreOffice Calc.

VPN service providers are a few providing best-in-class services.

One that is reviewed by author is BolehVPN, the chart showing mostly green sections, which is very good. Bad is being showed as red sections. Linux is supported. Free trial.

Note :
I looked for VPNbook, a free VPN client, but the service provider is not in the chart. By default, encryption is not as strong as other VPN service providers, but for browsing the web and accessing banking sites, it is better than no encryption at all (banking sites are already protected with HTTPS). Add to VPNbook Firejail and a hardened Linux distribution (AppArmor, SELinux), and you can feel secured browsing the Web.

Last edited by labbe5 on Thu 28 Sep 2017, 13:56; edited 1 time in total
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 974
Location: Canada

PostPosted: Thu 01 Jun 2017, 15:40    Post subject: Private Internet Access
Subject description: run installer for Linux
 

https://fra.privateinternetaccess.com/installer/download_installer_linux

If you feel more comfortable using a paid-for VPN, Private Internet Access is available for Linux platform for as low as $3.33/month

Download tar file, extract, and run installer :

./pia-v70-installer-linux.sh

Once the installation process completes you'll be asked to enter your login credentials. which you received in your e-mail.


To manage your VPN, PIA takes for granted you are using NetworkManager. You may have to make some adjustments, depending on which network manager you use (some don't have VPN support).
Or you may switch to NetworkManager. If so, you need to install basic package : network-manager. Add to the set network-manager-openvpn for VPN support.
More here : https://help.ubuntu.com/community/NetworkManager

An installing method is provided by PIA :
https://fra.privateinternetaccess.com/pages/client-support/ubuntu-openvpn


This is not an endorsement for PIA, but installation is made easy with installer for Linux, and it is a reputable company, not an unknown start-up.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 974
Location: Canada

PostPosted: Thu 28 Sep 2017, 13:52    Post subject: How to pick the best VPN service
Subject description: an analysis from ProtonMail
 

https://protonmail.com/blog/best-vpn-service/

Why use a VPN:

Prevent your internet browsing from being monitored
Bypass censorship – VPNs allow you to access content that might be blocked in your country by the government or the content provider
Provide higher connection security when connecting to the internet from insecure locations (public wifi hotspot for example)


VPN Security Problems

Using pre-shared keysA number of mainstream commercial VPNs have their preshared keys (PSKs) posted online; these include PureVPN and IPVPN . If an attacker knows the PSKs for a VPN service and has access to the network a user is using, the attacker can stage a man in the middle attack and decrypt all of the user’s traffic.

Insecure protocols and encryptionMany VPN services use PPTP protocol as a basic way to tunnel and encapsulate data packets. However, PPTP is fundamentally insecure due to using short length encryption keys and password hashes that can be easily cracked by a well resourced state actor. L2TP/IPSec is another popular VPN protocol. However, the NSA has already succeeded in tampering with it. Furthermore, many VPN services which use more secure protocols such as OpenVPN remain vulnerable because of the use of insecure ciphers.

No Forward SecrecyMost VPN services do not require use of Perfect Forward Secrecy ciphers, so VPN network traffic can be saved, and decrypted later if the encryption keys or algorithms are compromised.

DNS LeakageWhenever a web connection is made, a computer will first translate a domain name into an IP address. This lookup is done via DNS servers. Thus, DNS lookup records also contain a log of all websites visited. While VPN services usually will protect web traffic, many do not protect DNS lookups, meaning that user’s browsing history can still be reconstructed from DNS lookups.

Other ways VPN can be compromised :

JurisdictionVPN providers are subject to the laws of the country that they operate in, and these laws (like the Investigatory Powers Act in the UK and the Foreign Intelligence Surveillance Act in the US) can force VPN providers to compromise their users. This means VPN providers with significant US and UK presence are compromised by default. These include HideMyAss (UK), VyperVPN (operated from the US), Strong VPN (US), HotSpot Shield (US), IP Vanish (US) and many others.

Compromised serversVPN providers cannot maintain physical control and supervision over all servers, especially servers in countries that are not privacy friendly. This creates opportunities for state actors to compromise VPN exit servers, sometimes with the collusion (forced or not) of the companies providing servers to VPN operators. In a typical VPN setup, compromise of the exit server completely compromises the browsing activity of VPN users.

Correlation AttacksEven if the exit server itself is not compromised, network based correlation attacks can still compromise a user. By seeing who is connecting to an VPN exit server at a given instant, and what sites the VPN exit server is connecting to, a user’s browsing can be reconstructed. Such an attack is easily within reach of most state actors as they can request assistance from ISPs.

Tor network is enough for anonymity, but the network is slow and is increasingly being targeted by state actors : https://security.stackexchange.com/questions/119146/tor-cracked-how-do-you-think-the-fbi-did-it

ProtonVPN.
https://protonvpn.com/secure-vpn

Features :
Secure Core : a chain of servers (see : double VPN)
Strong encryption : all your network traffic is encrypted with AES-256, key exchange is done with 2048-bit RSA, and HMAC with SHA256 is used for message authentication.
Forward Secrecy : With each connection, we generate a new encryption key, so a key is never used for more than one session.
Strong Protocols : By using ProtonVPN, you can be certain that your VPN tunnel is not using a protocol that has already been compromised.
Strong legal protection : Because we are based in Switzerland, ProtonVPN is protected by some of the world's strongest privacy laws and remains outside of US and EU jurisdiction. This means that unlike VPN providers based in a fourteen eyes country, we cannot be coerced into spying on our users.
Physical Security : Critical infrastructure in Switzerland is located in a former Swiss army fallout shelter 1000 meters below the surface...By shipping our own equipment to these locations, we ensure that our servers are also secure at the hardware level.
No Logs Policy : Under Swiss law, we are not obligated to save any user connection logs, nor can we be forced to perform targeted logging on specific users.
DNS Leak Prevention : By routing your DNS queries through the encrypted tunnel and not relying on third party DNS providers, we ensure that your browsing activity cannot be exposed by leaks from DNS queries.
Kill Switch : ...block all network connections in the event that the connection with the VPN server is lost.
Tor VPN : ...Tor support built-in. Through our selected Tor servers, you can route all your traffic through the Tor anonymity network and also access dark web sites.

After reading features offered by ProtonVPN, you have a good idea what a good VPN is supposed to be. When deciding which VPN to choose, keep in mind this list of best features.

If you feel like trying ProtonVPN, there is a free account, but it lacks some outstanding features, such as Secure Core.

Guess what? Having two VPN working at the same time may be a way to simulate this feature :
Using a built-in VPN from Opera (or Windscribe addon for Firefox) and having a VPN client such as VPNbook can give you a kind of chain servers.

Related websites :
Check your IP with : http://whatleaks.com/en/
For WebRTC leak test : https://browserleaks.com/webrtc
For DNS leak test : https://www.dnsleaktest.com
whatismyipaddress : http://whatismyipaddress.com

Check your dns nameserver with this command : grep nameserver /etc/resolv.conf

192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)

Numbers above are private IPs, not to be confused with public IPs.
Here is a related article :
http://whatismyipaddress.com/private-ip

UPDATE :
Using ProtonVPN free account, i switched from VPNBook to ProtonVPN, and i see no speed change. You need to have a username and password for OpenVPN, provided by ProtonVPN. Contrary to VPNBook, you don't need to change your password from time to time. So, for the time being, i will stay with ProtonVPN free account, since VPNBook is a somewhat shady business.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 974
Location: Canada

PostPosted: Tue 03 Oct 2017, 14:08    Post subject: how to prevent dns leak in Debian / Ubuntu
Subject description: check your ovpn config file and add some configuration, if needed
 

Have a look at your VPN config file (.ovpn) in /etc/openvpn/ and check for :

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

If you see these three lines, you are protected against dns leak.
Add them if they are absent from your config file.

To be sure you are not leaking dns, go to dns leak test website : Your ISP should not be in any of the results.

Chances are Google public DNS servers will be in the results, while some VPN providers provide their own DNS servers to their clients.

https://dnsleaktest.com
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 974
Location: Canada

PostPosted: Thu 05 Oct 2017, 10:31    Post subject: Fourteen Eyes countries
Subject description: why you should avoid using a VPN in one of Fourteen Eyes countries
 

https://www.privacytools.io

Global Mass Surveillance - The Fourteen Eyes

The UKUSA Agreement is an agreement between the United Kingdom, United States, Australia, Canada, and New Zealand to cooperatively collect, analyze, and share intelligence. Members of this group, known as the Five Eyes, focus on gathering and analyzing intelligence from different parts of the world. While Five Eyes countries have agreed to not spy on each other as adversaries, leaks by Snowden have revealed that some Five Eyes members monitor each other’s citizens and share intelligence to avoid breaking domestic laws that prohibit them from spying on their own citizens. The Five Eyes alliance also cooperates with groups of third party countries to share intelligence (forming the Nine Eyes and Fourteen Eyes), however Five Eyes and third party countries can and do spy on each other.
Back to top
View user's profile Send private message 
tallboy


Joined: 21 Sep 2010
Posts: 804
Location: Oslo, Norway

PostPosted: Sat 07 Oct 2017, 00:06    Post subject:  

I saw that at least one VPN service, this one located in Romania, do not reveal who is behind the service, and who owns it. Hmmm, me no like!

If I was the sleazy chief of some govt. bureau, one of my attempts to get a hold on the 'very, very bad guys', would be to find a way to read their messages. I've got it! Why not set up a free VPN service? With anonymous owners at an unspecified location, of course... Cool
'Very, very bad guys' may be low on monetary resources, so maybe they would use such a free VPN? Right?

Gosh, maybe I should be writing crime novels instead... Laughing

tallboy

_________________
True freedom is a live Puppy on a multisession CD/DVD.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 974
Location: Canada

PostPosted: Tue 10 Oct 2017, 10:59    Post subject: VPN not for nefarious activities
Subject description: a VPN is to be used in a public hotspot provided by hotels, airports, public libraries, etc
 

https://www.theregister.co.uk/2017/10/08/vpn_logs_helped_unmask_alleged_net_stalker_say_feds/

Article provided by Belham2
Here is his/her post :
http://murga-linux.com/puppy/viewtopic.php?t=111780
Back to top
View user's profile Send private message 
tallboy


Joined: 21 Sep 2010
Posts: 804
Location: Oslo, Norway

PostPosted: Tue 10 Oct 2017, 18:55    Post subject:  

Quote:
Gosh, maybe I should be writing crime novels instead...


Haha, well, sometimes reality surpasses fantasy! Someone stole my idea. Laughing

tallboy

_________________
True freedom is a live Puppy on a multisession CD/DVD.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 974
Location: Canada

PostPosted: Fri 20 Oct 2017, 16:13    Post subject: Installing a VPN on Linux with encrypted home directory
Subject description: a tutorial
 

https://helpdesk.privateinternetaccess.com/hc/en-us/articles/227831828-Installing-the-PIA-app-on-Linux-with-encrypted-home-directories

If you are using an eCryptfs encrypted home directory with your favorite distribution (which is what Ubuntu and derivates uses), you are probably having trouble connecting to PIA. This is because by default, eCryptfs does not allow SUID binaries to run with elevated privileges for security reasons. As a result of that, the Private Internet Access application will need to be moved outside of your home directory for it to function properly. We use an SUID binary for OpenVPN so that the PIA application doesn't require you to enter your password every time the VPN is connected or disconnected and avoid requiring root privileges for the entire application.

Tutorial for users of Private Internet Access (PIA), but useful as a tutorial for other VPN.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1145s ][ Queries: 13 (0.0111s) ][ GZIP on ]