Jump to content

Research before subscribing to a VPN


Batu69

Recommended Posts

While many would probably disagree, I consider VPNs essential when it comes to improving your privacy and security on the Internet.

The past couple of years have seen a surge in VPN services that all try to get a piece of the market that grew significantly ever since Edward Snowden revealed how national agencies tracked users across the Internet.

 

There are big differences between VPN services, from price and availability to privacy and traffic.

While it is easy enough to sign up for any one of those services, it is usually not a good idea to do so before you research the service to make sure it offers all the features you require of it.

 

Not all questions may be relevant to your use case. If you just want to improve your privacy and security for regular web browsing for instance, you may not care about logging, or whether a service supports P2P or media streaming.

 

Or, if you want to protect your data while traveling and using hotel Wi-Fi or public connections, then you may not really be interested in anonymous payment options.

 

Basic questions

 

vpn questions

 

Basic questions can be answered quickly usually by browsing the website of the VPN service. They help you sort out the services that are not suitable for you, and help you get a clear comparison of different services that may be suitable.

 

You should get answers for the following questions:

  1. How much does the service cost (discounts)?
  2. Which plans are offered?
  3. Unlimited bandwidth / traffic?
  4. What are the payment options (important for anonymity, Bitcoin, Gift cards, cash)?
  5. Which devices are supported (desktop, mobile, router)?
  6. How many devices can connect simultaneously to the VPN?
  7. How many countries and servers are available?
  8. Is a free trial offered?
  9. Money back guarantee?
  10. Support availability?

 

Advanced questions

Advanced questions dig deeper into the service. They address privacy and security related questions but also others that are more technical in nature.

  1. Does the service or used third-party services keep any logs? If so, for how long and what.
  2. Which company operates the service and what is the company's jurisdiction?
  3. Does the company own and control the servers the VPN operates from, or are they controlled by third-party companies?
  4. Does the company who operates the VPN share data with third-parties?
  5. Which encryption algorithms and protocols are supported (weakest, strongest)?
  6. Does the service offer DNS, IPv6 and WebRTC leak protection?
  7. Is a Kill Switch supported which turns off traffic if the connection to the VPN drops?
  8. Is the company using a Warrant Canary?
  9. What's the actual download and upload rate you get when using the service (works best for services that offer free trials).
  10. Check the company's Privacy Policy and Terms of Use for additional information about logging, blocked and allowed services, cooperation with authorities and more.

Situational questions

These questions are important to some users but not all users.

  1. Does the service allow P2P traffic?
  2. Do Netflix or other streaming services block the VPNs IP range?
  3. Is the VPN usable in country xyz?

Closing Words

Some questions may be hard to answer. If a service does not offer a free trial or speed test for instance, you cannot really say anything about your throughput unless you subscribe to it and test it.

 

The same may be true for information that the company that operates the VPN does not reveal on the website.

The only option you have then is to contact them to ask them directly about it, or drop them and check out other services that are more open about it.

 

A good starting point for your research is this VPN comparison chart on Google Docs. It answers many of the questions which helps you sort out VPN providers that are not suitable for your use cases.

 

It is still a good idea to verify the findings.

 

Article source

Link to comment
Share on other sites


  • Replies 1
  • Views 959
  • Created
  • Last Reply

I am wondering about Martin Brinkmann, the author of the source

 

His information looks like it is a good idea to take 3Monkey because its not a part of the Fourteen Eyes Country's, but in Europe every interested person knows about the competence of intelligence services in the online monitoring in Switzerland. Here is a great article in German about the efforts in Switzerland and this is the google translation to english

 

Quote

New Intelligence Law in Switzerland: security esotericism place human rights

by Guest Post on 12th January 2016, 21:43 in Switzerland / 7 Comments
 
Esoterik-Pentagramm

 

Photo: Pentagrama Esoteric , CC by-nc-sa

Switzerland spends its intelligence service largely free hand - despite secret files scandal and Edward Snowden. Everyone is suspicious and is monitored.

This article by Martin Steiger appeared in slightly different form originally in Digma, the Swiss journal for data law and information security (PDF download) . Martin Steiger is a lawyer and member of the digital society in Switzerland.

Whistleblower Edward Snowden revealed the global surveillance by American secret services. The technical progress opened the security authorities increasingly monitoring opportunities in the digital space. The monitoring Hunger knows no boundaries. Intelligence act helpless in the face of small, fanatical groups and make the entire population under general suspicion.

The outrage in Europe was large after the Snowden revelations and stops. The European Court of Justice (ECJ) made even the Safe Harbor agreement between the EU and the US to be invalid. In Switzerland, the revelations aroused memories of the "State ravenous" from the secret files scandal .

Indignation gave European states but not prevent them from expanding their own monitoring. In Switzerland, the law enforcement agencies are using the on revised federal law the Surveillance of Post and Telecommunications (BÜPF) get new skills, and with the new intelligence law (NDG) is replaced by the Federal Intelligence Service (FIS) largely free hand in almost any desired way. The Snowden revelations serve almost as a wishlist for security authorities faced with their desires to open doors with governments and parliaments.

Intelligence paradigm shift

With the new NDG a place paradigm shift instead: The NDB to numerous competences obtained previously reserved for the law enforcement authorities or are totally new. The new competences are mainly based on the fact that the NDB is no longer limited to preventive state protection, but also be able to intervene should. The NDB would with the new "Measures Act" developed into a powerful security authority. The "protection of important national interests" (Art. 2 and 3 NDG) to the NDB also may pursue parallel with law enforcement agencies and to a large extent its discretion in secret.

The new capabilities include on the one hand, "requiring authorization procurement measures" (Art. 26 ff. NDG) in particular the monitoring of the Post and Telecommunications under the BÜPF and hacking into computer systems and networks, including through the use of Federal Trojans and IMSI catchers as well as Cyberwar abroad (Art. 37 NDG). The so-called. Cable Enlightenment (Art. 39 ff. NDG) to supplement already practiced radio reconnaissance is legalized. On the other hand, new competences arising from the "license-exempt" procurement measures (Art. 13 ff. NDG), including inter alia the monitoring with drones and the use of V-people ( "human resources") is one.

New skills beyond human rights

The new skills lead to serious encroachment on fundamental and human rights. Particularly affected are the right to privacy ( Art. 13 BV and Art. 8 of the ECHR ) and the right to informational self-determination. Depending on the person concerned are more affected rights, the legal and medical secrecy and protection of sources of journalists.

Example: Federal Trojan

State spyware is called a federal or state Trojan, sometimes with the Newspeak "GovWare». Federal Trojan represent a particularly serious infringement of fundamental rights, since they relate to a combination of digital house search and bug the entire digital privacy and intimacy.

With the use of federal Trojans not only monitoring will take place, but the computer being monitored must be absolutely manipulated so that the spyware can operate. Rule of law admissible evidence can it actually does not arise.

Even legal bases for Bundestrojaner in Switzerland have yet to be created . They are nevertheless already begun, as was shown in the summer of 2015:

In Italy was Hacking Team, a provider of spy software, have been hacked. The hacker published any hacking team data on the Internet. This not only different wrong States were exposed as a customer, but also the Canton of Zurich - apparently with secret authorization of the competent compulsory measures court. The example also demonstrates the fundamental dangers of Federal Trojans:

Hacking Team had on the black market for new vulnerabilities move to infiltrate the Federal Trojan ever undetected can. Such vulnerabilities - for example, in Microsoft Office - will not be solved, because the software manufacturers know nothing about it. The Canton of Zurich transferred not only tax dollars to criminals, but endangered the data security of countless users around the world.

Example: data retention

The new NDG would enable the NDB to access the data from the data retention according BÜPF. The metadata of communication to any person in Switzerland - for example, who where and when with whom the phone - are stored anlasslos and given suspicion at least six months. Even without the actual content is the information content of these stock data, like trivialized as "edge data" considerable. In Big Data era everyone can be fully profiled. The supervisors benefit from the reality of our lives is increasingly being incorporated in the digital space.

2014 the ECJ stated that retention in criminal proceedings with reference to the EU Charter of Fundamental Rights for inadmissible . The ECJ a "particularly serious interference [...] in the fundamental rights to respect for private life and to protection of personal data" determine who is also capable of generating the feeling, the private life of all residents and EU citizens should be subject to constant monitoring ( called. Chilling Effects). Next criticized the ECJ that the data retention "generally to all persons, electronic [n] means of communication and traffic data, without any differentiation, limitations or exceptions based on the objective of combating serious crime" refers to storage of the retained data is not necessary to the absolute time is limited and there is no effective protection against misuse. The constitutional courts in several European countries assessed the retention as a basic law.

The ECHR and the BV grant similar protection. The data retention must therefore be regarded as a basic law in Switzerland. the illegality obvious - When NDB is outside criminal proceedings - without a need for suspicion and to be heard.

Example: Cable Enlightenment

What the new NDG as cable Enlightenment refers enables complete monitoring of cross-border internet connections. Telecommunications providers need to request, all traffic - the content - deliver. The traffic is scanned with selectors, and the NDB obtained the corresponding results.

The new NDG gives the impression, at least to protect the fundamental rights of people in Switzerland, because the use of domestic traffic is prohibited. This protection fails, however, because there is no Swiss Internet. The communication of people within Switzerland is often done via fiber optic cable via abroad. In addition, connections can not be filtered out if the anlasslose and without suspicion monitoring - and thus of serious encroachment on fundamental rights - has already taken place. Human rights are, moreover universally to all people, which negates the new NDG.

The German working up the Snowden revelations demonstrates the dangers of cable Enlightenment: The Federal Intelligence Service (BND) not only failed at the task of filtering out inner-German connections, but supported even the American NSA in monitoring both in Germany and in Europe. For that alone were over 40,000 (!) Selectors, demonstrating the unlimited and uncontrollable nature of cable Enlightenment.

Otherwise pry secret the limitations of surveillance at home often through cooperation with foreign partner services from: Man monitors their population abroad and exchanges the data from then, which would also allow the new NDG (Article 12 NDG.).

Switzerland promotes a "Focused Cooperation" with the NSA and works with many States secret service together. The Attorney General also tells us to, data from American supervision in Switzerland via NDB exploit .

No justification by regulatory and judicial order

The serious violations of basic rights by the new NDG be partially justified by the fact that a judge of title introduced and supervision would be improved. These justifications are unfounded:

Even in criminal proceedings, the judicial authorization of surveillance measures can not ensure effective judicial protection. The coercive courts to decide without the involvement of those affected. Most summarily reasoned decisions are never published subsequently and almost always fare in favor of law enforcement. This secret justice impossible the necessary political discussion and freed all participating branches of government of the need to have to answer publicly. The subsequent release of supervised accused does not take place in many cases .

When NDB whose monitoring measures must be approved in part by a single judge at the Federal Administrative Court (Art. 29 ff. NDG), is therefore to be expected no effective legal protection. Notification obligation and right to information are, where they exist, designed patchy (Art. 63 NDG), and the NDB is largely excluded from the principle of public access (Art. 67 NDG). The examination by the FDPIC as well as by the Federal Administrative Court (Art. 64 ff. NDG) mocked with their one-sidedness and confidentiality the rule of law and violated to the courts ( Art. 29a BV and Art. 13 of the ECHR).

The former intelligence oversight failed, as countless became public grievances at the NDB and its predecessors prove. These grievances were mostly discovered by chance, which is also the planned independent at least in theory authority as a further (!) Supervisory body (Art. 76 ff. NDG) will not change.

Overseeing intelligence services depends on their willingness to cooperate, but there is usually only for their own benefit. Secretly it acts itself - quite human - much easier. In the United States monitored the CIA their own parliamentary overseer, and in Germany the independent expert for the processing of illegal BND NSA cooperation could catch it, unchanged for an advisory opinion is not marked as such BND sources used to have.

Intelligence oversight of this kind, since they can be carried out only after the fundamental rights, based on the principle of trust, making it a constitutional fig leaf. Intelligence services deserve no confidence because of the misuse of intelligence skills is created in large numbers at home and abroad. It is sometimes asked rightly, whether today's secret services are compatible at all with the necessary openness and transparency in a democratic state.

Security esoteric instead proportionality

With the new NDG would - albeit vague - legal bases for the numerous new NDB skills created. Legal bases are necessary in a constitutional state, but not sufficient (Art. 36 BV) .

Occasion lots and without suspicion mass surveillance violated - as the ECJ in its safe harbor decision - the essence of the fundamental right to respect for private life, which in itself the new NDG disqualified in many parts. But it is missing in all new skills for the NDB always at the necessary suitability and necessity in the sense of proportionality:

In all European countries, to expand the their police state, is security esotericism maintained: More security through (still) more monitoring is alleged fixed price or with individual anecdotes, but never substantiated. Critical scientific findings and the serious interference with human rights are hidden. The supreme court is not perceived in terms of their own Überwachungswut: If the ECJ declared the Safe Harbor agreement, inter alia because of the mass surveillance and the lack of legal protection in the US to be invalid, the indignation is great. During monitoring actions in Europe, however, warning voices as remain Nils Muižnieks , Human Rights Commissioner of the Council of Europe, lonely exceptions .

The NDG met with relatively little resistance. Politicians who otherwise profess to human rights, fell security esotericism and forgot both freedom and the rule of law. On the serious concerns of Nils Muižnieks answered the Bundesrat succinctly, the freedom of the majority (sic) of the population in Switzerland remain guaranteed. It remained unclear whether the new skills for the NDB are necessary at all, especially as the law enforcement authorities already have considerable expertise.

perspectives

With the new NDG would be created on the American model in disregard of basic and human rights a secret. The Switzerland would have missed it thus, to position itself as the rule of law that protects on constitutional bases its population against terrorism and other threats without undermining human rights at home and abroad, or to jeopardize the data security and privacy of their own population.

Against the new NDG signatures for a referendum collected . A successful referendum Switzerland had another chance to focus on the actual protection of privacy. A new NDG takes the intelligence competencies relatively embellish and significantly strengthen the rights of all stakeholders and the public. Such intelligence could possibly be effectively supervised.

The need for a secret service is largely undisputed, but intelligence skills must always be designed with fundamental rights and the rule of law - also based on the findings of secret files scandal and Snowden revelations. The essence of fundamental rights must remain untouched, and the principle of proportionality must not be replaced by security esotericism.

 

This example illustrates that it is not easy to find a secure VPN provider which  you can trust

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...