Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Using Torguard's VPN? Best not for pr0n, nor in Iran :-/

Encouraging best practices in the VPN industry via independent, community-certified verification of clean installers and clean basic service operations. Let's reward the good, and make the bad a little bit less tempting 〰 github repo#cleanVPN
User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Using Torguard's VPN? Best not for pr0n, nor in Iran :-/

Postby Pattern_Juggled » Thu Mar 21, 2013 1:51 pm

One of the more ironic truths of the VPN "industry" is that a big chunk of VPN companies seem to be entirely comfortable with censorship on their own networks. Which just seems fucking weird because, really... isn't the whole point of using (and paying for) a VPN service to be free of censorship and other network blocking? Ah, but read the Terms of Service...

Every once and a while, I stumble on an example of this so egregious - so utterly amazing - that I can't help but shake my head and marvel at the mysteries of the universe. I mean, it'd be like buying a car that has with it the provision that you're not allowed to drive it over 20 km per hour. Obviously, nobody (well, almost nobody) keeps their car under 20 km/h - so either people buying those cars aren't even aware that the Terms of Service prohibit it, or they know it but just don't care and figure it'll never be enforced. Either way, wtf? :think:

This week, I've been doing some research on the recent blocking of Iranian 'net access - it harkens back to what was going down during the Green Revolution of 2009... something I remember well from firsthand experience. Anyway, I came across this page, extolling the services of a VPN company called "Torguard" (although near as I can tell they have absolutely nothing to do with the actual Tor project itself, apart from stealing their brand to appear more legitimate-ish, I guess). They're promoting something called "Iran VPN Service", and I wanted to see what special technologies they're using to get around the latest DPI/protocol-based blocking being done by the Iranian censors.

Finding: they're not doing a fucking thing to get around those blocks; they're just selling standard VPN service, which will certainly be blocked in Iran under the current system of censorship, and pretending otherwise... quite smarmy in and of itself.

Here's the promises made:

Best Iran VPN Service

Bypass the great firewall of Iran with VPN service from TorGuard

If you ever traveled to Iran you would know about the extreme Internet filtering measures that the Iranian government has in place. There are currently over 15.000 sites blocked in Iran, including Facebook, YouTube, Twitter, Blogger, Wordpress, and some that contain political, adult, human rights or anti-Islamic content.

Fortunately, there is now an easy way to bypass the Great Firewall of Iran, unblock these websites, and get Full Internet Access anywhere in Iran. With TorGuard's VPN service. you will completely unblock your Internet access in Iran and surf websites like in your home country.

Unblock Facebook in Iran
Unblock YouTube in Iran
Unblock Twitter in Iran
Hide your browsing history

Paying for your TorGuard Iran VPN service just got a little easier. We've partnered with popular reseller's in Iran to give you the largest number of payment options! To purchase a pre-paid service PIN, select from your local Iran VPN resellers below:

Eshtrakat
http://www.eshtrakat.com/torguard
Payment methods accepted: LibertyReserve, DixiPay, WebMoney

Unblock the internet in Iran with TorGuard VPN Service...

Order today and take back your freedom!


And here's a screenshot of the page:
Torgruard_IranFraud.png


So, I had a look at their Terms of Service (TOS) page, and my first surprise was that they say that it's prohibited to use their service in Iran. Hmm... but aren't they promoting it as "Iran VPN Service?" Here's the language from the TOS, verbatim:

Export Control Policy

NOTICE ABOUT PERSONAL LIABILITY FOR PROHIBITED EXPORTS OF THIS SOFTWARE

This software contains sophisticated and powerfull encryption methods that make it a federal crime for one to do certain things with it, even unknowingly. Ignorance of these laws does not reduce your personal liability. Please read the following guidelines carefully before accepting this software.

You may not 'export' this software to certain countries listed on the Commerce Control List, which currently includes Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria. This list may change from time to time so please visit HTTP://WWW.ACCESS.GPO.GOV/BIS/EAR/PDF/740.PDF to get updates. This prohibition on 'exports' means you may not send the software itself to such countries but it also means you may not carry your own personal computer containing this software into or through such countries.

Anywhere in the world, even inside the United States, you may not transfer this software (or a computer containing this software) to certain persons or organizations or companies listed on the Denied Parties List. See HTTP://WWW.ACCESS.GPO.GOV/BIS/EAR/PDF/740.PDF for the current list. Such a transfer is a "deemed export" subject to federal Export Administration Regulations. Do not deliver or transfer this software or a personal computer containing this software to a national or resident of a foreign country anywhere in the world without first checking the Denied Parties List. If the intended recipient is listed or belongs to a listed organization or company, you must contact the U.S. Department of Commerce, Information Technology Controls Division at (202) 482-0707 to apply for permission to make the transfer via an Export License. A transfer without the required license is a felony.

By downloading and/or using this Software and encryption services, you accept full and personal responsibility for the custody of this software and agree to comply with all applicable export control laws and obtain all necessary licenses should you wish to 'export' any copies of the Software. {color added - Pt_jD}


And a screenshot of same:
Torguard-ExportIran.png


Now, the actual applicability of the aforementioned export limitations to opensource applications such as OpenVPN (or proprietary PPTP) is worthy of a separate discussion. Suffice to say that, since the big "crypto wars" of the 1990s - and Zimmerman's brave stance against these asinine provisions - there is very much an open question as to whether they're relevant at all. Those of us who were actually part of those "crypto wars" and know the lessons firsthand don't have to learn this from other sources. Folks who weren't there and thus don't have firsthand can, of course, research these things and educate themselves. Folks who are, you know, running a commercial VPN "privacy" service sure as fuck should know at least a little bit about these things... right?

Anyway, according to Torguard it's illegal - felony level illegal, natch - to download and use their software in Iran. They say this as they are promoting their service in Iran. Which is... cute.

But wait, there's more!

Once I had their Terms of Service open, I couldn't resist taking a peek at what else is hidden in there. And sure enough, ouch:

Acceptable Use Policy:

All services provided by TorGuard may be used for lawful purposes only. Transmission, storage, or presentation of any information, data or material in violation of any United States Federal, State or City law is prohibited. This includes, but is not limited to: copyrighted material, material we judge to be threatening or obscene, or material protected by trade secret and other statute. The subscriber agrees to indemnify and hold harmless TorGuard and its employees from any claims resulting from the use of the service which damages the subscriber or any other party. Our acceptable use policy is actively and strictly enforced. Offending content or users are suspended from our network, usually as soon as they are discovered, although we will always inform you when and why any action has been taken. Pornography is prohibited on all TorGuard servers. This includes sites that include sexually explicit or hardcore images and/or advertising.

Subscriber acknowledges that the service provided is of such a nature that service can be interrupted for many reasons other than the negligence of the company and that damages resulting from any interruption of service are difficult to ascertain. Therefore, subscriber agrees that the company shall not be liable for any damages arising from such causes beyond the direct and exclusive control of the company.

Subscriber further acknowledges that the company's liability for its own negligence may not in any event exceed an amount equivalent to charges payable by subscriber for services during the period damages occurred. In no event shall the company be liable for any special or consequential damages, loss or injury.

Illegality In any form, including but not limited to the unauthorized distribution or copying of copyrighted software or other data, harassment, fraud, trafficking in obscene material {'sic' - this isn't even a complete sentence, so it's not clear what it's trying to say}. Undesirable Content Certain types of content are not allowed on our network. We do not host adult content of any description. Content relating to Hacking, Cracking, Warez and IRC is not allowed. Software, audio and video downloads may only be hosted if you are the writer and copyright owner of the resources or you have a right to distribute the materials. Accounts suspended due to content or AUP violation are not refunded under any circumstances.

Banned Scripts:

The following scripts are banned from use on our servers and may not be uploaded or run. Reasons for banning them include adverse effects on server load, invitations to hackers/spammers/criminal activity, etc.

    IRC egg drops
    Proxy servers
    Mail bombers
    Anonymous mailers
    IP spoofers
    Port scanners
    Hivemail
    Telnet or SSH Access Scripts
    nph-proxy (and other scripts what operates like proxy)
    UBB (Ultimate Bulletin Board, all versions)
    lstmrge.cgi
    phpShell
    FormMail.cgi, FormMail.pl from Matt's Script Archive are not allowed.
{color added - Pt_jD}


Screenshot of same:
Torguard-NoPr0n.png


Phew. Now, in an attempt to be fair it looks like this text was ctrl-C/ctrl-V'd from the ToS of some hosting/colo provider or something; it keeps talking about "server load" and so on, and clearly nobody "runs" scripts (or anything else) on a VPN network's servers (which simply provide packet transit, by definition). So one could argue that this cut/paste effort was merely sloppy and unprofessional.

But I think that's a serious problem. Because these TOS do, in fact, govern what customers can and cannot do on the Torguard network. Paying customers. Even the sentences that are grammatically garbled are, technically, dispositive. And in the event some law enforcement officer (LEO) shows up on a fishing expedition, the fact that the company's own TOS (appear to) forbid "obscene materials" would be the perfect leverage point for the LEO to get in and start fishing. Plus the copyright stuff, of course.

These TOS are execrable. Not the worst I've seen, admittedly... but close. And so sloppy. It's as if the company is saying "we don't think you're smart enough to actually read these TOS, and we're not even going to bother to make them internally logically consistent, let alone coherent. Give us your money, and fuck off." That's how it reads to me.

So the moral of the story is, don't use Torguard if:

    1. you live in Iran (ironically);
    2. you watch porn;
    3. you ever share or otherwise touch "copyrighted materials," irrespective of Fair Use provisions.


Given that, do you feel like you want to pony up close to $20 a month for the "protection" offered by this service? I didn't think so - and neither do I.


EDITED TO ADD: since I posted this article last week, there's been a series of forum trolls showing up here to submit spammy topics using racist screen names (there's a bit of info down below, in this thread). We deleted the early versions of the trolling, as they - again - had racist overtones and really aren't acceptable. However, the latest iterations of them have been collected into a handy thread in our Dumping_Ground area - where spam and other off-topic detritus goes to die. The link to the thread is here. I have no idea whether the "sudden" appearance of this silly troll is directly related to the above article you've just read, or not. Nobody's told me either way. But the timing is... interesting. And the IPs associated with the troll are... interesting. I leave it as an exercise for the reader to draw conclusions - or not - from there. I will note that, despite several hundreds of views, nobody has made any substantive responses to the points I bring up in this article. Which is... interesting. :think:
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

racism - seriously?

Postby Pattern_Juggled » Fri Mar 22, 2013 5:49 am

Been some strange happenings around the forum today. More news soon. For now, I wonder whose IP address this is?

niggerdicks.png


And, by the way... overt racism - or any form of hate-based bigotry - isn't welcome here. It's one of the few things that'll get someone sent into time-out. We saw that account name come through this morning, and the admin on duty approved it but kept a close eye on it. Hate spawns only more hate. Not welcome here, for the record.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Rider
Posts: 97
Joined: Tue Jan 01, 2013 11:21 pm
Contact:

Re: racism - seriously?

Postby Rider » Fri Mar 22, 2013 6:21 am

Pattern_Juggled wrote:Been some strange happenings around the forum today. More news soon. For now, I wonder whose IP address this is?

niggerdicks.png


And, by the way... overt racism - or any form of hate-based bigotry - isn't welcome here. It's one of the few things that'll get someone sent into time-out. We saw that account name come through this morning, and the admin on duty approved it but kept a close eye on it. Hate spawns only more hate. Not welcome here, for the record.


I saw that already, if it's true, it's sad and maybe explains why support is not active and Haze is not active. If it's not true then, shame on people who spreads rumors. I wonder what would be their motive?

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: racism - seriously?

Postby Pattern_Juggled » Fri Mar 22, 2013 7:29 am

rider wrote:
Pattern_Juggled wrote:I saw that already, if it's true, it's sad and maybe explains why support is not active and Haze is not active. If it's not true then, shame on people who spreads rumors. I wonder what would be their motive?


To be clear, that was a troll who registered an account here this morning under that screen name. The troll already tried some troll-ish stuff here, and has already been banned.

Trolls are funny, eh? :yawn:
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


~redacted~
Posts: 63
Joined: Mon Dec 17, 2012 2:30 am
Contact:

Re: Using Torguard's VPN? Best not for pr0n, nor in Iran :-/

Postby ~redacted~ » Sat Mar 23, 2013 9:17 pm

A bunch of people have contacted me the last few days to tell me "woah, dude that Pattern guy is doing crazy shit in the forum!" Reluctantly I came over to check in on things since I do not enjoy trolling forums and to read his post here that's getting so much attention. Yep, there it is.

I want to make a few things clear, and this is as good time as any to do it

1. Pattern does his thing, and he doesn't "ask permission" from me or anyone else before doing it. Like anyone else posting here on our forum, he can say what he wants and stand behind his own words. We don't censor stuff like that, and we don't adjust it. He wrote this because HE wanted to. He's like that.

2. If people have a problem with something HE or anyone else has said (and I am not sure what that would be, but whatever), then seriously respond in the thread. Pretty obvious, but I guess I have to say it. If you think he is being a total dick, hit the "reply" button and type: "YOU ARE A TOTAL DICK!!" HE can handle it, and hopefully anyone else who posts in our forum can as well. I hope you will have more to say than that, and maybe you will actually argue with him about something relevant. But that's up to you.

3. Filling out a bunch of repetitive helpdesk tickets, or whatever, in response to the post Pattern made seems kind of childish. Whatever rocks your boat, I guess, but that's no way to set the bar high and show how he is wrong in what he says. He doesn't handle support tickets so it really doesn't affect him at all.

4. People who know me know that I don't run around throwing stones at other VPN companies. I've been in this industry for as long as anyone, and that's not my style. Personally I do think its healthy and fair to point out serious problems and I am not going to censor Pattern or anyone else if they want to do that here in the forum. That's good stuff, and helps all of us get better. And if people want to slag Cryptocloud for mistakes we make, then do it here too! Seriously, that's totally in line with what this forum about, what Cryptocloud is about, and what I am about personally: improving, getting better, real talk, honesty.


I don't want it to seem like Cryptocloud is out there taking potshots at other VPN companies. We don't do that. BUT... if someone like Pattern has real criticisms, that can back up with screenshots and details, then I think it's totally wrong to expect that writing should be censored - here or anywhere else. No way. That kind of criticism helps us all to be stronger and do things better. It's not personal, anyway. It's about technology and running really good VPN services. Nobody needs to feel like they are being targeted. We all have thick enough skin to take some legitimate criticisms and not get all sore and angry. Possibly if you don't the security industry is not a place for you.

Play nice, and try to see the positive in all this. We all want the VPN industry to be better, and I think Patterns' post does that. I wouldn't write it the way he does, but he is quite a wordsmith and its a good read.
[color=#FF0080:3g2b1ap0][size=150:3g2b1ap0]Hi, I'm Marc A. Tager and I'm a degenerate gambler... & a drunk, too. Check me out of Facebook - it's the only place I feel safe, lol.

...oh, and don't ever trust me with money - I'm a [url=http://thesaint707.com:3g2b1ap0]scammer & a liar[/url:3g2b1ap0] who preys on the trust of others - hell, it's how I pay my bookies when I lose... and I [b:3g2b1ap0]always[/b:3g2b1ap0] lose, lol.[/size:3g2b1ap0][/color:3g2b1ap0]

User avatar

norgemag
Posts: 2
Joined: Thu Apr 04, 2013 8:29 pm
Contact:

Re: Using Torguard's VPN? Best not for pr0n, nor in Iran :-/

Postby norgemag » Mon Apr 08, 2013 7:44 am

Love the post. While it is quite amusing that a VPN Service specifically advertised to work well in Iran explicitly prohibts its use in said country. Unfortunately it isn't the only issue with Terms & condition statements on many VPN provider's websites.

Most VPN providers prohibit illegal activities in their T&C (what else are they going to say?), some even provide examples of what they consider to be illegal:

No sharing of copyrighted materials (but specifically highlight their P2P capabilities!)
Don not use for illegal purposes (this one is really telling!)
Don't access content prohibited in your country

The list goes on and on, and most aren't as creative as Torguard's. If you have read enough T&C and Privacy statements, you'll soon realize that it is rather easy to violate the terms you agreed to. Besides T&C may go right out the window as soon as law enforcement comes knocking, as Cody Kretsinger found out when he used HideMyAss to hide his activities. Isn't it also true that VPN services don't really care, because customers engaged in just such activities contribute to, at least a portion of, their revenue?

Then, of course, there is the issue of how would they know who did what on their network if they don't keep any logs?

User avatar

cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: Using Torguard's VPN? Best not for pr0n, nor in Iran :-/

Postby cryptostorm_support » Mon Apr 08, 2013 10:51 am

the catch is they cant help law enforcement if they dont log
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: Using Torguard's VPN? Best not for pr0n, nor in Iran :-/

Postby Pattern_Juggled » Tue Apr 09, 2013 4:27 pm

Cryptocloud_support wrote:the catch is they cant help law enforcement if they dont log


That's generally what we assume to be the case, true: no logging = protection from being snitched out

However, historically that has not always been the case. I am referring, of course, to the Hushmail/DEA situation from the mid-2000s. If it's useful, I can pull over some historical articles on it as it might not be as well-known as it was back then.

The moral of the story is that, if the cops (or someone claiming to be the cops) knock on the front door of someone with admin access to the backend of a VPN network (or a proxy service), the cops will ask two things. First, they want the logs/records of past activity. That's true, and if you don't have those then it's easy enough to say "can't help, so sorry, nothing to provide."

But next they say "ok, fine, so we'll just install this little sniffer app on one of your machines and collect information ourselves from this point forward." Everyone remember the FBI's infamous "Carnivore" fiasco from back before the millenium? They didn't end the project - they just rebranded it with less inflammatory nomenclature and there's 100 other toolsets like that available and ready to be deployed.

You can't claim you don't have admin access to the machines, because by definition someone does. Sure, the cops don't have a warrant or court order or anything like that... but they make it very, very clear that your life will get very difficult if you don't "help them out." Just this one time. To catch some really, really bad guys. Nobody will ever know...

Those knocks on the door happen. The fact that people don't hear about them is actually not a good sign at all. Because, in truth, the only time you're ever going to hear about those is when some crazy motherfucker tells those cops: go fuck yourselves. And when you do that, cops get really vindictive really fast. They don't play fair, and they don't play nice, and they don't go to prison if they break the law.

How many people running VPN companies today - right now - will tell some shifty cop-type thug standing at the front door with a gun and a badge: go fuck yourself, do what you will do but I'm not going to let you into my network, period - how many will pay the price that comes from making such a stand? How many have paid that price, publicly, and thereby shown their ability to stand the heat when the heat comes for real?

If it were as simple as just not keeping logs, the whole question of the integrity and durability and straight-up badass/no-compromise level of VPN company teams wouldn't be all that relevant. But the fact that network access is as useful to cops as detailed logs - perhaps more so, in fact - shifts things back in the other direction.

Cryptocloud's Privacy Policy has said, since 2007, the same thing about being forced to install snitchware on the network: if the cops ever demand that, and if the courts ever actually back them up to the point where there's no further way to fight the demand through the legal system, the company's next step is simple and effective: shut the entire network down, wipe all the machines, trash every bit on every server in every colo they've got a machine in. Wipe it all. Done.

Quoting verbatim:

If a law enforcement agency with proven jurisdiction over our business comes to us with a valid order from a valid judicial authority that our own corporate lawyers are able to independently verify, we will comply with that order as written. Naturally, we can't provide information we don't store - such as network traffic logs. We cannot be compelled to provide what we do not have.

If a court orders us to close an account, we will do so. If a court orders us to allow them to secretly place surveillance "sniffers" on a specific account, we will fight this order to the highest judicial authority possible. If we lose, we will shut down the business and call it a day. End of story.


Hard to install snitchware on a VPN network that's been null'd. Problem solved.

How many other VPN companies have that in their Terms of Service? How many of them would go through with it, even if they did? Hmmm... :think:
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

The general question of network companies as #snitchware

Postby Pattern_Juggled » Wed Apr 10, 2013 11:40 am

Pattern_Juggled wrote:If it were as simple as just not keeping logs, the whole question of the integrity and durability and straight-up badass/no-compromise level of VPN company teams wouldn't be all that relevant. But the fact that network access is as useful to cops as detailed logs - perhaps more so, in fact - shifts things back in the other direction.


As if on queue comes this example from the litigation surrounding FBI 'Stingray' usage, in which Verizon went above and beyond to "comply" with a court order described by wired.com as follows...

In July, the government served Verizon Wireless with another court order directing the company to assist the FBI in the use and monitoring of a mobile tracking device to locate an unidentified suspect. The order directed Verizon Wireless to provide the FBI with any “technical assistance needed to ascertain the physical location of the [air card]….”


This is where the rubber meets the road. Of course, nobody is surprised that Verizon - or any of the other big American network/cellular/telco companies - is going to bend over backwards to help their "friends" in the federal police state apparatus. And of course, Verizon didn't ask that an actual warrant from an actual judge be procured by the FBI - they just took this "court order," signed by a magistrate (in the federal system, a step below a full District Court Judge). None of this is surprising: corporate America is as tightly integrated with the police state as are any corporate forces in a fascist social structure. Hand in glove, as Mussolini's apologists termed the relationship.

But - what about smaller companies? Companies that might not even be American, but which can be pressured by American police state thugs showing up - extralegally, sure, but still showing up - most anywhere in the world, with guns and badges and threats? What about "privacy" companies, subject to this pressure? We expect Verizon to prostate itself and become a giant example of #snitchware; but do we expect that of other companies, too? Every company? Which ones?

Food for thought...
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

norgemag
Posts: 2
Joined: Thu Apr 04, 2013 8:29 pm
Contact:

Re: Using Torguard's VPN? Best not for pr0n, nor in Iran :-/

Postby norgemag » Thu Apr 11, 2013 8:40 pm

Pattern_Juggled makes some good points that are often forgotten in the discussion about logging policies. Obviously there is nothing to provide to LE if a provider doesn't keep any logs, easy, no matter the size of the VPN provider. After that it gets complicated, unless a provider is willing to terminate their business as per Cryptocloud's T&C. I have read a lot of T&C and privacy statements and very few even mention this scenario.

I have a question that so far I was unable to find a definitive answer to. What if you are a non-US based VPN provider that does not log and you rent or buy a server within the US, are you required to keep logs?

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: Using Torguard's VPN? Best not for pr0n, nor in Iran :-/

Postby Pattern_Juggled » Sat Nov 09, 2013 3:30 am

The trolling begins anew; a reply via a subreddit:

I assume this is the same troll from Torguard that was caught red-handed doing exactly this kind of smear campaign earlier this year? Anyway, we've learned along with everyone else that when competitors have no legitimate reply to innovation, a pathetic few will resort to simply making things up.
(link to underlying thread & full backstory included below)

I'd ask where your "information" is that backs up what you're saying... but of course we all know you have no such information.

All the members of cryptostorm's team - which includes the entire tech and development team that originally built cryptocloud - have chosen to remain pseud-anonymous, via nicknames online, at this point. Given the extreme lengths that some government entities go to in order to harass and hinder those involved in real security technology nowadays (just ask @ioerror about this). doing so is good OpSec practice. Assumptions may be made, as a result, about who we "really are" - or are not We are not engaging in fishing expeditions regarding our identities, in this regard. Rather, people will make what conclusions they will and we will do our work in the meantime. So be it, for the best.

This is somewhat sad, admittedly, but nevertheless true. We should be able to stand behind our work without fear of reprisal or dirty-tricks campaigns by surveillance state stooges. Unfortunately, that has proved not to be the case - a lesson our team knows from years on the front lines of the security service battles. Some companies, like Silent Circle, are genuinely trying to buck this trend by taking a public stance personally, within the US no less! And although we wish them luck, we simply don't see that as a wise move when it comes to providing durable, reliable security service to customers. Perhaps we're wrong, and in time they prove their model works better - I'd say, personally, I hope that proves to be the case. For now, as a team this is not the path we have chosen - and we've been clear and public about our reasons fro that choice (yes, it provides an attack surface for a particularly desperate kind of troll, but this is not relevant to member security and thus is at most a distraction to consider).

For projects offering simply "security theatre" services, of course they have no fears that anyone from the spy agencies will bother then - their protection is useless anyway. For those actually provisioning competent security service, the situation is far different. I have discussed this, on behalf of cryptostorm, numerous times in published interviews - particularly since our work on the NSA's torsploit attack against the Tor network this summer; said attack being quite relevant, given that members of Tor's core development team have been subject to intensive U.S. government harassment as a result of Tor's legitimately strong security model (ironic, yes, given the majority of their funding comes via U.S. government sources).

So, with all due respect - and although it is quite fascinating to be "outed" as this or that individual - neither I nor anyone else with cryptostorm will be responding to such fishing expeditions. Doing so simply feeds the trolls, and does nothing to improve the security of our project for members. Perhaps, in the future, we will choose to approach this question differently; for now, putting our personal identities into the mix provides a larger attack surface for genuine threats to network security.

As we've told this troll before, if he has a personal issue with the individual about whom he apparently has some sort of personal/sexual obsession, perhaps he should contact that person directly. It seems there's no difficulty in doing so:

http://wrinko.net
http://uniquelydangerous.com

We've expected our Torguard troll to reappear during the launch, and planned to write something up to address this troll-bait attack on our service. However, speaking candidly, we've chosen to invest our time in more substantive work rather than waste it on this sort of hot-air nonsense. I still suspect that's the best choice; we don't see Torguard or any other old-generation "VPN service" as "competition" and don't find it productive to engage in vacuous mudslinging with them via their disposable reddit accounts, sorry.

But, despite the fact that I know better, if the person about whom you have such an obsession is subject to computer monitoring... how is it that I am he? That's such a logical failure that it really shouldn't need to be mentioned - but I'm mentioning it. Obviously, there's no credible answer to that. Like this entire smear campaign you've waged since we outed the lame policy choices made by your employer, this has no basis in logic nor fact. For archival purposes, here's the thread that set off this particular smear campaign:
viewtopic.php?f=39&t=2378

Also, and most vehemently, let me say something that we've discussed as a team since that thread was created this spring: we do not regret speaking up about Torguard's duplicitous policies and marketing hype, not one bit. We've had this particular troll smearing us, as a team and as individuals, ever since. So be it. It confirms our worst predictions about Torguard and about the "VPN service" industry in general, and indeed helped motivate cryptostorm's development as a substantive alternative to this kind of senseless bullshit.

And, no, I'm not DPR version 2.1 or anything like that. Apologies for the disappointment that must bring, but such is the case.

Cheers :-)
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


catwilder

Re: Using Torguard's VPN? Best not for pr0n, nor in Iran :-/

Postby catwilder » Sun Apr 12, 2015 11:27 am

To the straight shooters administrating this forum. Please accept my humblest apology for an elementary interjection/inquiry (which may appear as a cloud of smoke) as I am less familiar with some terminology being delivered in an evolving quasi-coded scriptpogram format, slightly akin to an emerging paradox in the geeks' slang dictionary; perhaps found under the term, "techno-prose".

Please regard the following inquiry as nothing more than request for clarification with hopes of gaining a better appreciation of ToS, not some poorly outfitted "fishing expedition" with where the trophy is made available for a show and tale exercise that undermines the spirit of the VPN experience.

Are the ToS, aka, ToC referred to above, the Board's stated Policies which are intended to be self imposed by the endusers and enforced within the purview of their power to act (or not) consistent with the stated ToS as means of optimizing the endusers' rights to privacy, so long as no harm comes to others in the process? Or have I over weighted the moral intent and/or tone here? Thereby, trusting the enduser to bare the full ownership and responsibility for their encrypted internet activity? Also, it sounds as though should the content/context of any unregulated internet activity be navigated through Crypostorm, be called into question by concern authorities, the administrators of Torguard shall terminate further access to those endusers' generating untoward attention?

Should this cipher be a miss, surely the analysis above will be reckoned or disavowed.


Return to “#cleanVPN ∴ encouraging transparency & clean code in network privacy service”

Who is online

Users browsing this forum: Yahoo [Bot] and 0 guests

cron

Login