Slightly Off Topic: anonymizing your presence on the internet

I use a service Hide my ass (HMA) for a virtual VPN to encrypt stuff when wireless surfing. Great company, good service. But when surfing piratebay.se recently somebody at my machine apparently downloaded some porn and used US servers at HMA--which, due to a overzealous porn copyright holder using the DMCA (http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act)-- got HMA to block my account (at least temporarily until I promised to monitor my machine so it never happens again).

Which raises the question:

1) obviously (I think) if somebody wanted to circumvent the tracing of yourcomputer they can use a VPN outside the USA, correct? HMA has such servers (for example, in Singapore). Other companies are offshore entirely (one is in Malta). I'm pretty sure that the San Pornando Valley people in the USA would not bother with foreign downloaders of their porn.

2) from within the USA you can use TOR (Onion network) to jump from server to server in a https encrypted manner. But it's super slow except for sending text email I have found. Still, for text, it's a useful service.

3) you can buy a piece of hardware that you stick onto your DSL or cable modem that also (I think) dials up some VPN server and does essentially what HMA does for a fee, but using hardware. And I'm not sure what country the server that this piece of hardware talks to is--if it's in the USA you're back to square one. And I think this would slow down your surfing.

Any other ideas? Are the above ideas correct?

RL

 

Forgive any implied or otherwise legal misuse I may, or not, have
incurred by a cross-post/copy I've included below. I'd imagine after
any length of dedicated study, perhaps there might stand a chance of
better keeping at least a step ahead of the usual crowds being
monitored. Not exactly sure how I think of it -- sort of a scatter-
gun or hit-&-miss approach -- for largely applying to the greater
numbers in practice. Apart targeted individuals, a matter of
severity, there being really only so much information to be obtained
from sampling a cup of water taken from the sea. Should one then meet
some criteria for quasi- or direct legal intervention past propaganda
or assurances, as usual, tacked to distribution of products and how
they're intended by means generally reducible, howsoever, for a
monetary compensator. In the case of a whore being paid for a sexual
performance, at the least common denominator, perhaps such individuals
might have higher aspirations of assured respectability by procuring a
government endorsed copyright. It's difficult to assess special
rights for one ass when so many are freely given freer, modern means
of distribution, within an appeal, if not more than begging attention,
from less consequent zeal and religiosity accorded former times;-
unless of course the world or a portion thereof were to accede to
ideals I heard proposed from the Obama camp, that computers be
certifiably "identity chipped," effecting accountability and
responsibility to users, delegated much as drivers are at times
singled and identified for discourteous recognition of acts when
legally so addressed.

CP in following. . .
--
Raymond.CC Blog

List of Free VPN Trial Accounts Without Paying Upfront

Posted by Raymond in category: Online Services

With more services and freebies being geographically restricted, there
is a frequent need to change our IP address to a specific country so
that we are able to bypass the country or region restriction. There
are two common ways of changing our IP address which is either through
open proxy or VPN. Basically when connecting to a proxy or VPN, the
internet traffic from our computer is encrypted and sent to the VPN/
proxy servers to be decrypted and they will relay it destination. The
below image would give you a better idea on how a VPN or proxy works.

How VPN works

Open proxy is mostly unstable, slow, doesn’t last for a long time and
it requires manual configuration of the specific software to use the
proxy. VPN would be a better choice because it is stable, fast and
would automatically redirect all of your connections from your
computer to the VPN without changing any settings. However, most of
the VPNs out there are paid services that are commonly being used to
protect the users data from being intercepted or hijacked at public
wi-
fi hotspots through encryption. They too offer money back guarantee
which means you will have make payment first via paypal or credit/
debit card and inform them within the guarantee period that you’re
unhappy with their services.

Good news is I have searched for VPN companies that offers free VPN
trial accounts without making an upfront payment and briefly tested
them to make sure that it is working. Most of the time you will just
need to sign up for a free account, verify it by clicking on the
activation link from your email and follow the given instructions to
connect to their VPN for free. I hope that this will be a great
resource for people who wants to quickly use a VPN to change their IP
address without wasting time in searching and testing.

1. CactusVPN
Protocol: OpenVPN, PPTP, L2TP, Proxy
Expiry/Bandwidth Limit: 24 hours after account creation
VPN Server Location: US, UK, Netherlands
Steps: Register account, download software, install and connect.
Restrictions: None

Free CactusVPN

2. ibVPN
Protocol: OpenVPN, PPTP, L2TP, SSTP
Expiry/Bandwidth Limit: 2 hours after account creation
VPN Server Location: US, UK, Netherlands, Canada, Germany,
Switzerland, Ireland, France, Luxembourg
Steps: Register account, download software, install and connect.
Restrictions: None

Free ibVPN

3. etteGo
Protocol: L2TP
Expiry/Bandwidth Limit: After 512MB bandwidth usage
VPN Server Location: US, Netherlands, Canada, Ukraine, Latvia
Steps: Enter email address, activation account from email, download
software or manually setup L2TP connection.
Restrictions: None

Free etteGo

4. SecurityKISS
Protocol: OpenVPN, PPTP, L2TP
Expiry/Bandwidth Limit: 300MB usage per day with NO EXPIRY
VPN Server Location: US, UK, France, Germany
Steps: Download and install. To use PPTP or L2TP, provide email to
receive the individually generated configuration.
Restrictions: Capped speed, no games, email clients, voip or video
chats, and video/music streams.

Free SecurityKISS

5. Hotspot Shield Free
Protocol: L2TP
Expiry/Bandwidth Limit: NONE
VPN Server Location: US
Steps: Download and install.
Restrictions: Display advertisements on top of web browser

Free Hotspot Shield

6. CyberGhost
Protocol: OpenVPN
Expiry/Bandwidth Limit: 1GB per month with NO EXPIRY
VPN Server Location: Germany
Steps: Download, install and create account. Optionally get a 1 month
free premium trial by providing email.
Restrictions: Involve a lot of steps in setting up which can be a bit
confusing. Auto 6 hours disconnection and download speed limited to
2Mbps.

Free CyberGhost VPN

7. proXPN
Protocol: OpenVPN
Expiry/Bandwidth Limit: NONE
VPN Server Location: US
Steps: Download, install software, create account and activate account
from email.
Restrictions: Speed limited to 300Kbps and initially forwards you to
upgrade your plan to premium then wait 10 seconds to get to your site.

Free proXPN

8. HideIPVPN
Protocol: OpenVPN, PPTP, L2TP
Expiry/Bandwidth Limit: 3 hours after account creation
VPN Server Location: US, UK, Netherlands, Germany
Steps: Create account from website, download software and check email
for login information
Restrictions: NONE

Free HideIPVPN

9. vpnjack
Protocol: PPTP
Expiry/Bandwidth Limit: 24 hours after account creation OR after 10
minutes of usage
VPN Server Location: US
Steps: Click a button to generate and display account information
Restrictions: Unable to load any websites for the first few minutes
after connection.

10. GlobalVPN
Protocol: PPTP
Expiry/Bandwidth Limit: After 30 minutes of usage
VPN Server Location: Netherlands
Steps: Create account from website, check email to activate account
Restrictions: Speed limited to 9KBps. During testing, I was unable to
connect to VPN.

11. inCloak
Protocol: OpenVPN, PPTP, L2TP
Expiry/Bandwidth Limit: 24 hours after account creation
VPN Server Location: US, UK, Russia, Korea, Germany, Poland, Turkey,
Hungary, Ukraine, Luxembourg, France, Switzerland, Austria, Italy,
Sweden, Latvia, Vietnam, Hong Kong, Czech Republic, Indonesia, New
Zealand, Finland
Steps: Enter email, check email to get code and enter code in VPN page
to get the configurations.
Restrictions: NONE

Free inCloak

12. VPN Solution
Protocol: PPTP
Expiry/Bandwidth Limit: 48 hours after account creation
VPN Server Location: US
Steps: Fill up form and redirected to a page with instructions
Restrictions: Auto disconnect every 3 minutes

13. TorVPN
Protocol: OpenVPN
Expiry/Bandwidth Limit: 1GB per month with NO EXPIRY
VPN Server Location: Hungary
Steps: Create account, activate via email, install OpenVPN and copy
files to OpenVPN config folder.
Restrictions: Account auto deactivated if idle for 7 days

14. Free VPN Today
Protocol: PPTP
Expiry/Bandwidth Limit: NONE
VPN Server Location: US
Steps: Move slider using your mouse and click Get VPN info button.
Restrictions: Password are changed every 24 to 72 hours

15. USAIP
Protocol: PPTP, L2TP, SSTP
Expiry/Bandwidth Limit: NONE
VPN Server Location: US, UK, Netherlands, China, Germany, Hungary,
Pakistan, Sweden, Ukraine
Steps: Download software, login using demo account and select server
to connect
Restrictions: Auto disconnect every 7 minutes and speed capped at
200Kbps

Free USAIP

16. Spotflux
Protocol: OpenVPN
Expiry/Bandwidth Limit: NONE
VPN Server Location: US
Steps: Download, install and connect
Restrictions: Software runs on Java

Free SpotFlux

17. Tigervpns
Protocol: PPTP, L2TP
Expiry/Bandwidth Limit: After 100MB bandwidth usage
VPN Server Location: US, UK, Japan
Steps: Register and download software. Optionally activate account via
email to get full 100MB or else only 10MB.
Restrictions: NONE

Free Tigervpns

18. PRIVATE WiFi
Protocol: OpenVPN
Expiry/Bandwidth Limit: 3 days after account creation
VPN Server Location: US, UK, Netherlands, Singapore
Steps: Enter email, download software and install
Restrictions: NONE

Free Private WiFi

19. VPN Tool
Protocol: L2TP
Expiry/Bandwidth Limit: NONE
VPN Server Location: France
Steps: Fill up form, download software, install and enter login
information to connect.
Restrictions: Download and upload speed limited to 96Kbps

20. Shellfire
Protocol: OpenVPN
Expiry/Bandwidth Limit: NONE
VPN Server Location: Germany
Steps: Download, install, create account, activate account by clicking
on the verification link from email. Login to software and connect.
Restrictions: 60 seconds wait time before connecting, unable to stream
video and speed limited to 384Kbps.

 

That is a bad story -- you create a partially anonymizing situation
which you allegedly then proceed to turn loose to presumably unknowns --
or perhaps the bad guy is you or a cohort/crony/co-conspirator of yours.

.... and now you are proceeding to try to figure out a strategy to avoid
the oversight of a service like HMA.

There are a number of pitfalls, disadvantages, and traps to using free
proxies and if you decide to use a pay service of which there are many,
those providers still fall under the aegis of having to be responsible.

This is actually the wrong newsgroup to be discussing these issues.

You should probably go to one of the privacy groups.

If you read the policies of services like cotse, you will find that they
are a privacy company, not an anonymity service, and as such they
emphasize that *YOU* are responsible and accountable for your actions.

Cotse is a US company and operates under US laws. Some other services
act like they are immune to such laws because they are under some other
country's flag, but the reality is that you and your computer cannot
misbehave and not be held accountable.

Depending on how strong your adversary is -- sometimes the adversary is
strong because of the 'criminality' of an act resulting in subpoenas for
the logs and such and sometimes the adversary is strong because it is to
their financial advantage to be strong, such as MS or other strong
copyright organizations.

 

I don't think you understand the dynamics of my question. Rather than waste time let me simply point out that insofar as I know there is no privacy forum in Usenet, and, more importantly, the issue is whether an anonymizer service has a duty to respond to foreign country requests. There is a legalanswer and a practical answer.

RL

 

Why don't you take it to the HMA forum. The opinion is that some
proxy servers don't keep logs and are not subject to the laws of the
US. You are completely shielded and totally anonymous. Are far as any
duty suggesting they would offer you up for God and country or any
other reason is something you would have to ask them.

 

In the past, there were several usenet newsgroups where those issues
were discussed, some of which groups have deprecated, but the 'answers'
are still about the same.

For your example of HMA, HMA provides a free web proxy and a pay service
with VPN. HMA describes the advantages of using a web proxy over not,
and also describes the advantages of their pay VPN over their free webproxy.

HMA also has a page in which they describe all of the logging and data
they have on you and what they can do with it. See below.

Cotse has provided privacy services for a long time and has answered
frankly about their logging and the logging of other such services. All
of cotse's services are pay, including their VPN. HMA is a much bigger
pay VPN than cotse.

I suggest you read cotse's advice about privacy and logging which
includes commentary about those services which make claims which are
untrue or misleading about what they do and don't log and then also read
HMA's policies.

http://www.cotse.net/logging.html Our competition markets their service
as anonymous with no logs, why don't we? -- *** No paid service can
provide anonymity nor operate without any logs at all ***

http://www.cotse.net/is-overseas-safer.html Is Overseas Safer?

https://vpn.hidemyass.com/vpncontrol/privacy.html Privacy policy

 

On Thursday, August 9, 2012 1:13:37 PM UTC-4, RayLopez99 wrote:
Well thanks Mike Easter.

This link was quite helpful: http://www.cotse.net/is-overseas-safer.html

So what it boils down to is this:

1) If a US private company (say a porn maker) and alleged copyright holder demands a server log from a non-US server held by a US-based VPN company, arguing Digital Millennium Copyright Act (DMCA) violations, then likely theywill be not given any server logs unless they can prove the US company hascontrol over the servers and none of the Safe Harbor provisions apply, seehere: http://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act (OCLLA)

From my reading this is very hard to do, because of the Safe Harbor provisions of the DMCA.

More likely then is this scenario: of interest on Safe Harbor in the OCLLA is that the US-based VPN company must identify and terminate 'repeat infringers' see ("First, the OSP must “adopt and reasonably implement a policy”[2] of addressing and terminating accounts of users who are found to be “repeat infringers"). How the VPN company determines who is a 'repeat' infringer appears to be simply how many times a accused copyright owner complains about a work that can be traced, through the US-based VPN company logs, to a particular account holder. So it works like this: US porn companyclaims copyright in a work (whether true or not does not matter, often, asI have observed, the party cannot prove they own the copyright but they think they do, witness the music copyright litigation where something like 10% to 20% of copyrights could not be proved valid), and the US porn company complains it was downloaded by a certain port traced to the US-based company VPN servers. If the VPN server was inside the USA that's trivial to trace by the US porn company, but, if outside, the porn company has to show control of the non-US based server by the US VPN company. Do these server addresses by VPN companies change I wonder? If so, it would be harder to trace..

In any event, for non-US servers it appears harder to trace but by no meansimpossible. Anyway, once the VPN company registers say three or so complaints against a user, it terminates the user, and thus under the OCLLA Safe Harbor is off the hook for copyright infringement. Presumably the copyright holder can subpoena the VPN for the accused infringers identity, but thatis expensive and unlikely, unless that user has downloaded 1000 films and is based in the USA (both facts being unknown to the porn company), so oddsare it would not pay to subpoena and prosecute them, given high lawyer fees in the US.

2) if a non-US company is involved as in #1, likely no progress will be made by the US copyright holder unless some sort of bribe is involved, under the table, to identify the accused infringer. This is because the DMCA doesnot apply overseas. But bribing to learn the party's identity would be a wasted effort unless the infringer was pirating 1000s of films, and was based in the USA where they could be sued. No porn company would spend money not knowing if the party they identify is even based in the USA, nor that they might not have downloaded thousands of films.

All in all then, based on the above, it pays to go with a VPN outside the USA if you are a copyright infringer, preferably one based in say Africa or some country like Russia that does not respect copyrights that much (thoughRussia did join some world trade organization recently). But then you runthe risk of other hazards like having your identity or credit card information stolen.

RL

 

Good.

Re your bad message formatting:

- this particular message of yours was 'abnormally' wrapped because it
was wrapped as QP QuotedPrintable as indicated by the header and nature
of the wraps
- I am beginning to suspect that part of the problem with your
'integration' with GG being different from my GG posting testing is
perhaps because you interface with GG by way of either VPN or webproxy
- if that is the case, then your choice of such an interface,
proxy/vpn + GG is an 'awkward' interface which inconveniences others
very unnecessarily

Such an interface is unnecessary because the only thing you 'gain' from
such an interface is to hide your actual IP from the GG headers. You
could also hide your IP by using a normal newsreader and choosing a free
news server which doesn't post the NNPH IP.

 

That cotse link about overseas privacy providers does not directly
address DMCA or Safe Harbor.

There is nothing in the cotse link to support your theory. The reality
is that those who would enforce DMCA seem to have a very strong sway
with providers in many countries and I would say the answer to your
premise above would be that the provider would 'take action' against the
offender (whether they provide logs or not to the copyright holder). In
your case, probably HMA didn't provide logs but HMA sanctioned against
your usage.

I agree with that part of your analysis. You say you had to assure HMA
that you wouldn't repeat offend. HMA doesn't publish in its policies
about terminating vs suspending vs making a client promise something or
other.

Cotse's article is about how local laws and the nature of the issue
affect the answer to what a US vs non-US company is more likely to do.

That has not been the general activity of the DMCA enforcers; they
belong to organizations bent on enforcing the DMCA and the cost of
subpoenas and litigating court cases doesn't bother them at all.

Also, generally it doesn't directly depend on the *number* of files
downloaded. The enforcers typically get into the concept that such as
torrents and other P2P mechanisms amount to your being in a pool by
which you provide the copyrighted material to thousands of others, so
you can be sued for many many many times the number of files, by a
factor of thousands.

 

Yes I think you're right perhaps, maybe it's what you say. Too lazy to use a normal newsreader and it's just another program to store, maintain and run. Why bother if the browser is working (as it is now)?

RL

 

I doubt it. My reading of this litigation is that it's very specific: theplaintiff don't allege criminal conspiracy, as you say, but instead specifically recite xyz number of songs downloaded by defendant and then ask for statutory damages on each song. Thus one song or one film downloaded is not worth the trouble of prosecution. They try and pick low lying fruit. Ofcourse they'll try and scare everybody, that's just a PR stunt.

RL

 

Since I wrote that, I've done further research with posting via GG but
not with a proxy/vpn. I believe that if you post with the old interface
that the problem of the format of your messages can be remedied.

I've researched the problem with posting with the old GG interface and
determined that it is slightly more trouble to achieve with the current
new interface, but not impossible.

You should try to use the old interface.

There are two different strategies to get there. One way is achieved
after you log in, while the other is started before you log in. GG
tries to push you into the new interface and sometimes does not provide
access to the old interface unless you log in via the old.

On my system, not logged in, this link takes you to the old
https://groups.google.com/

(If you are logged in, it might redirect you to a new interface, but
then the addressline changes). If the addressline changes, it becomes
something like https://groups.google.com/forum/?fromgroups#!overview

Under certain conditions when you are logged in, the new interface will
give you access to the old interface in the gear menu with the item
'revert to the old interface'.

Under some other conditions, the new interface does not show you the
gear menu option to revert to the old interface. In my research I was
able to overcome that problem by logging in from the old interface

 

<snip>

You DO know that you're replying to a known troll?

 

They won't let me post to the forum--some issues with a overzealous forum moderator it seems (he thought I was cross-posting too much or something stupid like that, I disagree).

Anyway, I'm pretty sure I got it right--that HMA will indeed shield you if necessary unless they get a subpoena from a country where one of their servers are--but this is true of any VPN company including piratebay.org, whichhad to turn over their logs when the Swedish police raided their offices awhile back.

RL

 

On Wednesday, August 15, 2012 6:03:47 AM UTC-4, William Poaster wrote:

[idiotcy deleted]

Im(Poaster), I only troll when I'm trolling, and that's clear from context.

How's that uphill battle going? You know, the one with using Linux?

RL

 

RayLopez99 wrote:
Content-Transfer-Encoding: quoted-printable

Did you post that message with the old or new GG interface?

The lines were wrapped but the QP affected the quoted material's line
spacing appearance.

I can't figure out why GG would make some posts QP. QP can help 'solve'
some problems (while creating others) but I can't see any good reason
for GG to think it has any problems to try to solve with QP.

 

I have no idea. But right now GG is not 'acting up' (> symbol in front of each reply line).

RL

 

How can you not see/know/notice whether GG is saying new or old interface?

Are you saying you can't see what is wrong with your message? Look at
your line spacing in the quote.

http://al.howardknight.net/msgid.cgi?ID=134516505100

 

OK. I thought BTW GG owes Usenet now, no? I mean the servers are Googles.

RL

 

How come you can't figure out if you are using new or old GG interface?

Google owns google servers. Lots of them for lots of different purposes.

Google doesn't own the any of the many many worldwide servers that are
used by nntp newsreaders and newsservers. Those news servers are
commercial for profit, free, and specialty for support and often carry
groups that GG doesn't.

In the beginning, long before google, an evolution led to usenet and
nntp news servers. Then deja.com started archiving. Then dejanews
started letting people read and post to groups. Then it shut down.

Then google acquired dejanews and its archive. Then for a while google
made a better archive source and search than deja had. Then google
started 'revising and extending' GG and now GGers are largely a
deleterious influence on usenet groups. It would not be a significant
loss of all of them were filtered including you.

Ideally someone besides google would come along and figure out a way to
support the proper archiving of usenet groups and buy the archives from
google and get google out of the usenet archiving business, because in
the end they have done a poor job. They only did a good job up until
the early 2000s which is now 10 years ago. Google has had 10 years
experience doing a bad job of messing with the archives they bought from
deja and expanded 10 years ago.