Discussion:
Please improve this setup which will get you torrenting on free public VPN in minutes
(too old to reply)
Bob J Jones
2018-05-27 21:05:10 UTC
Permalink
Please improve this setup which will get you torrenting on free public VPN
in minutes

This procedure is being posted for two reasons:
1. So that users can be torrenting on VPN in minutes, and,
2. So that users can help debug upcoming KillNetwork switches
(i.e., switches in Windows set to kill the network when VPN drops)

Please improve this procedure which I just typed up from memory
using URLs that I doublechecked worked fine today.

I. Download & install any desired bittorrent client on Windows.
Transmission = https://transmissionbt.com/download/
Deluge = http://deluge-torrent.org
Bittorrent = http://www.bittorrent.com/downloads/win
Vuze = https://www.vuze.com/
uTorrent = https://www.utorrent.com/downloads/win
etc.
NOTE: Many people use uTorrent but it's filled with crapware IMHO.

II. Download & save any torrent file large enough to take some time.
https://www.ubuntu.com/download/alternative-downloads
For example:
http://releases.ubuntu.com/14.04/ubuntu-14.04.5-desktop-amd64.iso.torrent
http://releases.ubuntu.com/16.04/ubuntu-16.04.4-desktop-amd64.iso.torrent
http://releases.ubuntu.com/18.04/ubuntu-18.04-desktop-amd64.iso.torrent
etc.

NOTE: If you have a better torrent for test purposes, please post.

III. Download & install any openvpn client:
https://openvpn.net/index.php/open-source/downloads.html
Note: If you set it up right, doubleclicking on the text file.ovpn
file instantly connects you to the free public VPN of your choice.

IV: Download a few free public OpenVPN configuration files to run tests:
http://vpngate.net
https://www.freeopenvpn.org/en/cf/usa.php
https://www.bestvpnserver.com/list-of-top-free-openvpn-servers/
etc.

Please improve this test process, where, once installed, the test procedure
is as follows:

A. Connect to the free public VPN (I just doubeclick on any ovpn file).
B. Rightclick on a "torrent" URL & send it to your registered bittorrent client.
C. That should start the torrent downloading (and later seeding) on VPN.

Then, later, kill the VPN to test the VPN killswitch which will be
explained in a different thread, since this thread is only to perfect the
concept of getting ANYONE on Windows on a free public VPN in minutes.

Please improve these steps by trying them out & asking questions where
issues arise - but note that I've done them all myself so I know they work.
--
I realize people work only off keywords - and that they make the same
complaints all the time base on keywords - so please note that it is off
topic to complain about the NSA or any other unsavory characters who you
think are running free public VPN servers. If you want to PAY for your VPN
server, it changes NOTHING in this sequence, other than where you get your
text openVPN config files from. You are welcome to recommend a payware VPN
service if you think that will help the user run these simple tests.
Bob J Jones
2018-05-27 21:48:47 UTC
Permalink
Post by Bob J Jones
Note: If you set it up right, doubleclicking on the text file.ovpn
file instantly connects you to the free public VPN of your choice.
Once you're on VPN, check that you're on VPN with this simple script.

checkvpn.bat

@echo off
set pingwebsite=www.google.com
:doitagain
curl.exe icanhazip.com
timeout 1 /nobreak>nul
ping %pingwebsite%
pause
goto doitagain
:stop
exit

(You can obtain curl from: https://curl.haxx.se/dlwiz/)

When you run that simple script, it will report your IP address, which you
will recognize if it's your normal ISP-provided IP address or if it's the
VPN-provided IP address.

The ping is optional, where it simply gives you a speed indication.
If you want, you can add a speedtest if you have a command for that.

Every few minutes, you can press the return key to check that you're still
on VPN (and what the speed is).

As always, if you have improvements, please make those improvements, test
them, and then post them here as I make no claims about the scripts other
than I got them from somewhere and that I've tested them on my machine.
--
Standard disclaimer (which if I don't say, someone else will):
Please do not abuse the icanhazip site by putting this to a loop.
Always use it manually.
Bob J Jones
2018-05-27 22:39:16 UTC
Permalink
Post by Bob J Jones
When you run that simple script, it will report your IP address, which you
will recognize if it's your normal ISP-provided IP address or if it's the
VPN-provided IP address.
Please improve this process so that folks can add a vpn killswitch easily!

Once you can easily get on and off a free public VPN, it's time to test out
the VPN kill switch that was discussed in this thread earlier today.
<http://www.pcbanter.net/showthread.php?t=1104224>

Here's my vpnkill test, which is posted for two reasons:
1. So that others can more quickly come up to speed on vpnkill switches,
2. And so that folks who know more than I do can suggest improvements.

That way, everyone benefits from the effort!

Here's my test sequence that I followed today (please improve!).

1. Pick up the VPN killswitch batch file from LiquidVPN:
https://www.liquidvpn.com/billing/dl.php?type=d&id=49

Specifically click "Download LiquidVPN Simple VPN Kill Switch" link at:
https://www.liquidvpn.com/billing/dl.php?type=d&id=49
(Note that option 1 enables the vpn kill switch; option 2 disables it.)

If desired, view, edit, and rename that VPN Killswitch batch file to:
Filename = vpnkill.bat

If desired, make a desktop (or menu) shortcut to that batch file:
Filename = vpnkill.lnk

2. If desired, create this VPN test script
Filename = vpntest.bat
@echo off
set pingwebsite=www.google.com
:doitagain
curl.exe icanhazip.com
timeout 1 /nobreak>nul
ping %pingwebsite%
pause
goto doitagain
:stop
exit

If desired, make a desktop (or menu) shortcut to that batch file:
Filename = vpntest.lnk

3. Obtain & doubleclick on any free OpenVPN text config file to get on VPN:
Filename = vpn.ovpn

4. Check that you're on VPN using the vpntest.bat script or shortcut:
Filename = vpntest.bat or vpntest.lnk
(This should report your VPN IP address and ping speeds.)

5. Only after you're on VPN, run the vpnkill script (or shortcut):
Filename = vpnkill.bat or vpnkill.lnk
(Then press option 1 to enable the network kill switch.)

It's that easy.

At this point, all network traffic will pass only through the public VPN.
If the VPN disconnects, so will the network (to protect your privacy).

The vpnkill command window will remain open for you to interact with.
To return to your normal network, just select option 2 (disable).

During this test, you can hit the return key in the vpntest window.
(If the VPN is working, you'll get an obvious VPN IP address.)
(If the network is disabled, you will get an obvious network error.)
(If the network is enabled, you will get your normal ISP IP address.)

NOTE: Optionally you can run "route print" before & after starting VPN
to get an idea of how the VPN breaks up the Internet in the routing table.
========
Here is the vpnkill.bat script (verbatim, sans modifications):
========
@echo off

:: GetAdmin
:-------------------------------------
:: Verify permissions
Post by Bob J Jones
nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
:: On Error No Admin
if '%errorlevel%' NEQ '0' (
echo Getting administrative privileges...
goto DoUAC
) else ( goto getAdmin )

:DoUAC
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B

:getAdmin
pushd "%CD%"
CD /D "%~dp0"
:--------------------------------------


@echo off
:: CHANGE DEFAULT GW IP BELOW
set defgw=192.168.0.1


@For /f "tokens=3" %%1 in (
'route.exe print 0.0.0.0 ^|findstr "\<0.0.0.0.*0.0.0.0\>"') Do set defgw=%%1
cls
:start
cls
echo.
color 0C
echo LiquidVPN's Simple VPN Kill Switch, ver. 0.1 - by LiquidVPN

echo.
echo.
echo Your routers gateway is probably "%defgw%"
echo -if nothing appears or its incorrect, add it manually (Press '3')
echo.
echo USAGE:
echo.
echo -Press "1" to Enable Kill Switch (IP "%defgw%")
echo -Press "2" to Disable Kill Switch (IP "%defgw%")
echo -Press "3" to manually set default gateway if its not detected above.
echo -Press "h" for Kill Switch Help
echo -Press "x" to exit Kill Switch.
echo.
set /p option=Your option:
if '%option%'=='1' goto :option1
if '%option%'=='2' goto :option2
if '%option%'=='3' goto :option3
if '%option%'=='x' goto :exit
if '%option%'=='h' goto :help
echo Insert 1, 2, x or h
timeout 3
goto start
:option1
route delete 0.0.0.0 %defgw%
echo Default gateway "%defgw%" removed
timeout 3
goto start
:option2
route add 0.0.0.0 mask 0.0.0.0 %defgw%
echo Defaulte gateway "%defgw%" restored
timeout 3
goto start
:option3
echo
set /p defgw=your gw IP (e.g. 192.168.0.1):
goto start
:help
cls
echo.
echo.
echo ======================
echo This simple kill switch removes your default gateway
echo and blocks traffic from reaching the internet when
echo your VPN gets disconnected.
echo.
echo Here is how you use it.
echo.
echo Step 1: Connect to LiquidVPN
echo Step 2: Enable LiquidVPN's Kill Switch (option "1")
echo.
echo Now Any internet traffic will pass through LiquidVPN only.
echo.
echo - If your VPN gets disconnected so will your internet.
echo - Disable the Kill Switch and reconnect.
echo.
echo.
echo When you disconnect from LiquidVPN follow these steps
echo to reconnect or to browse the internet normally.
echo.
echo Step 1: Close any software that may leak your real IP
echo Step 2: Disable the LiquidVPN kill switch (Option "2")
echo Step 3: Reconnect to LiquidVPN and enable the kill switch (Option "1")
echo.
timeout /T -1
goto start
:exit
exit
Bob J Jones
2018-05-27 23:03:21 UTC
Permalink
Post by Bob J Jones
Please improve this process so that folks can add a vpn killswitch easily!
To summarize, the simple procedure I performed was the following:
a. Download any free public VPN text configuration file.
b. Doubleclick on that text ovpn file to start the OpenVPN session.
c. Run the vpnkill.bat command to disable the 192.168.1.1 gateway.
d. Do whatever you want on VPN (see prior torrenting example).
e. Kill the VPN session (to simulate an unexpected VPN disconnect).
f. Test that the network was really dead (e.g., using vpntest.bat).
g. Re-enable the gateway to return to the normal ISP connection.
Voila!
It worked with the first, second, and third VPN - so that's good news.

I don't have to test these other possible vpnkill solutions then:

A. Windows Firewall (http://practicalrambler.blogspot.com/2011/01/windows-7-firewall-how-to-always-use.html)
B. Windows Task Scheduler (https://www.raymond.cc/blog/automatic-vpn-kill-switch/)
C. VPNCheck (http://www.guavi.com/vpncheck_free.html)
D. VPN Lifeguard (https://sourceforge.net/projects/vpnlifeguard/)
E. VPN Watcher (https://ugdsoft.com/vpnwatcher-editions/)
F. ?
--
This test didn't even look at DNS leaks, which is a different problem.
Bob J Jones
2018-05-28 19:37:51 UTC
Permalink
Post by Bob J Jones
========
========
After using the killswitch for a day, the original LiquidVPN killswitch
logic appears (to me) backward, philosophically, since all it seems to do
is disable & re-enable the users' gateway - but they term that enabling and
disabling the kill switch.

Their logic is sound - but it's easier to think of it as enabling and
disabling the gateway, at least to me it is.

Plus the instructions assume you're using LiquidVPN, which most people will
not be using (since it works with any standard OpenVPN service).

Hence I suggest clarification changes to the text output, from:
echo -Press "1" to Enable Kill Switch (IP "%defgw%")
echo -Press "2" to Disable Kill Switch (IP "%defgw%")

To something like:
echo -Press "1" to Enable Kill Switch (which DISABLES your gateway "%defgw%")
echo -Press "2" to Disable Kill Switch (which ENABLES your gateway "%defgw%")

And, perhaps from:
echo Step 2: Disable the LiquidVPN kill switch (Option "2")
echo Step 3: Reconnect to LiquidVPN and enable the kill switch (Option "1")

To something like:
echo Step 2: Disable the kill switch (Option "2") which ENABLES your gateway
echo Step 3: Reconnect to VPN and enable the kill switch (Option "1") which DISABLES your gateway
Bob J Jones
2018-05-28 19:42:55 UTC
Permalink
I just succeeded in putting that "vpnkill.bat" script into both the Windows
10 Start Menu (both the left side and right side) and in the Windows 10
Task Bar.

The procedure was NOT intuitive! https://postimg.cc/image/x26tcwb65/

START MENU:
Normally you just right-click and select "Pin to Start", but that option
doesn't exist in the right-click menu of a batch-file.lnk shortcut.

TASK BAR:
Normally you just slide the program shortcut onto the task bar, but that
method doesn't work with a batch-file.lnk shortcut either.

After some googling and testing, the solution was simple enough, which is
to change the shortcut "Target" to vpnkill.bat
FROM: C:\your-path\vpnkill.bat
TO: %windir%\system32\cmd.exe /K "C:\your-path\vpnkill.bat"

The reason for the "/K" option is to keep the vpn killswitch window open.

Once you change the shortcut target to add the "cmd.exe" prefix, then (and
only then) you can add the shortcut to both sides of the start menu and to
the taskbar easily.

This hint applies to Windows 7 and Windows 10, I think.
(I'm not sure how it applies to WinXP but everything else in this thread
should apply to WinXP so I leave that ng in the header for continuity.)

The detailed step-by-step procedure was just now documented over here:
Win7: <http://www.pcbanter.net/showthread.php?t=1104254>
Win10: <http://www.pcbanter.net/showthread.php?t=1104255>
Bob J Jones
2018-05-28 21:28:53 UTC
Permalink
Post by Bob J Jones
I just succeeded in putting that "vpnkill.bat" script into both the Windows
10 Start Menu (both the left side and right side) and in the Windows 10
Task Bar.
The procedure was NOT intuitive! https://postimg.cc/image/x26tcwb65/
In addition, I just succeeded in changing the icon for the batch file
shortcut so that it looks *different* from the normal black command window
icon (especially important in the task bar with small icons set).
Loading Image...

Here is the vpn killswitch shortcut icon switched to a scissors icon:
Loading Image...

So that the shortcut could be easily pinned to both the Start Menu (right
side) and to the taskbar, I changed the shortcut Target:
FROM: C:\bin\vpnkill.bat
TO: %windir%\system32\cmd.exe /K "C:\bin\vpnkill.bat"
Loading Image...

An then I set the "Change icon" "Look for icons in this file" field
FROM: C:\Windows\System32\cmd.exe
TO: %SystemRoot%\System32\SHELL32.dll
Loading Image...

Only after that can you choose any of about a hundred or so icons inside
that SHELL32.dll file to use in order to distinguish your vpn killswitch
shortcut from any other batch-file shortcut icon.
Shadow
2018-05-28 14:59:36 UTC
Permalink
On Sun, 27 May 2018 21:05:10 +0000 (UTC), Bob J Jones
Post by Bob J Jones
https://openvpn.net/index.php/open-source/downloads.html
Florida, USA.

Honeypot anyone ?
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Bob J Jones
2018-05-28 16:00:42 UTC
Permalink
Post by Shadow
Honeypot anyone ?
Shadow,

Please stop this nonsense.
It's not helpful to the cause of the team knowledge.

You didn't IMPROVE the process one iota.
In fact, you're just wasting our time (and yours) unfruitfully.

I realize you want to be a white-knight hero. I do.
So please *focus* on improving the process.

If you want to focus *positively* on the security of the VPN,
then please *suggest* a better more secure VPN if that is important
to you.

I already told you in the original post not to post your crap.
Go back and read the original post.

I know you're not a Usenet newbie so YOU are whom I was talking about!

This is a key part of the OP, verbatim:
"I realize people work only off keywords - and that they make the same
complaints all the time base on keywords - so please note that it is off
topic to complain about the NSA or any other unsavory characters who you
think are running free public VPN servers. If you want to PAY for your VPN
server, it changes NOTHING in this sequence, other than where you get your
text openVPN config files from. You are welcome to recommend a payware VPN
service if you think that will help the user run these simple tests."

Shadow,
Why do you think I spent as much time trying to ward off your keyword crap
as I did explaining the process?

It's because experienced people like you *can* help.

But you're not going to help by simply pooping on the picnic table.
All you do by pooping on the picnic table is ruin the picnic.
And then I have to make this useless post cleaning up your poop.

Don't poop on the picnic.
If you don't like the food - bring *better* food to the table.

To wit:
If you know of a safer VPN that all can easily use in privacy
(which means they *never* have to use their name and they don't
have to jump through hoops to pay anonymously) then *suggest*
that better food.

But if all you want to do is poop on the picnic, I'm stating flatly that
it's not helpful. It just ruins the picnic for everyone.

*Please bring value to the picnic (not poop) in your response.*
I know you have value to add. You're a good Usenet cook.

Add value.
Bob J Jones
2018-05-28 16:18:01 UTC
Permalink
Post by Bob J Jones
*Please bring value to the picnic (not poop) in your response.*
I know you have value to add. You're a good Usenet cook.
Since this thread is for noobs to get up to speed on a killswitch-enabled
VPN on Windows in minutes, and for *experts* to improve that process for
noobs, I opened a *separate* thread, just now, asking Shadow and other
experts to provide a better open-source openvpn client if Shadow (or
others) feel that the suggested open-source openvpn client is a "honeypot".

Is there evidence that the open-source OpenVPN is a "honeypot"?
If so, what openvpn client do you suggest that isn't?

<https://groups.google.com/forum/#!topic/microsoft.public.windowsxp.general/MT8BbFZ6Beo>
<https://groups.google.com/d/msg/microsoft.public.windowsxp.general/MT8BbFZ6Beo/lB0-p1a-AQAJ>

If *experts* wish to suggest a *safer* more private open-source openvpn
client (or safer public vpn servers), then *that thread* is the one for
experts to debate the merits of the honeypot.

That picnic is for experts.
This picnic is for noobs to get up to speed in minutes on a readily
available to everyone vpn solution on Windows with a network killswitch.
--
Note that if it's not free, then that *adds* problems of paying
anonymously. Those anonymity problems can be overcome, but they complicate
the matter for noobs to get up to speed on using an open-source vpn
solution on Windows with an integrated network killswitch.
Yousuf Khan
2018-05-30 16:14:01 UTC
Permalink
Post by Bob J Jones
Since this thread is for noobs to get up to speed on a killswitch-enabled
VPN on Windows in minutes, and for*experts* to improve that process for
noobs, I opened a*separate* thread, just now, asking Shadow and other
experts to provide a better open-source openvpn client if Shadow (or
others) feel that the suggested open-source openvpn client is a "honeypot".
Most VPN clients already have a killswitch feature built-in, so it has
nothing to do with noobs, as they will be using whatever is already
included in their clients.
Bob J Jones
2018-05-30 19:43:11 UTC
Permalink
Post by Yousuf Khan
Most VPN clients already have a killswitch feature built-in, so it has
nothing to do with noobs, as they will be using whatever is already
included in their clients.
Thank you for bringing up the fact that some VPN clients have a killswitch
built in.
https://www.vpnranks.com/vpn-with-kill-switch/

This seems to attempt to list those VPN clients with a killswitch:
https://www.best-bittorrent-vpn.com/vpn-kill-switch.html

This search shows that lots of people ask this question:
https://duckduckgo.com/?&q=openvpn+killswitch&ia=web

Unfortunately, since most people recommend OpenVPN protocol and the OpenVPN
open-source client, the most important open-source vpn client doesn't have
a killswitch built in.
https://forums.openvpn.net/viewtopic.php?t=19193

BTW, here's a tutorial for using Comodo to built your own killswitch:
https://www.bestvpn.com/build-your-own-vpn-kill-switch-in-windows-comodo/
Yousuf Khan
2018-05-31 13:21:53 UTC
Permalink
Post by Bob J Jones
Post by Yousuf Khan
Most VPN clients already have a killswitch feature built-in, so it has
nothing to do with noobs, as they will be using whatever is already
included in their clients.
Thank you for bringing up the fact that some VPN clients have a killswitch
built in.
https://www.vpnranks.com/vpn-with-kill-switch/
https://www.best-bittorrent-vpn.com/vpn-kill-switch.html
https://duckduckgo.com/?&q=openvpn+killswitch&ia=web
Unfortunately, since most people recommend OpenVPN protocol and the OpenVPN
open-source client, the most important open-source vpn client doesn't have
a killswitch built in.
https://forums.openvpn.net/viewtopic.php?t=19193
They recommend OpenVPN for Linux and other open-source OS, because
hardly any support exists from providers for Linux. On Windows, there's
plenty of support, so there's no reason to use OpenVPN, just use the
client that they provide for you.

Yousuf Khan
Bob J Jones
2018-05-31 19:24:25 UTC
Permalink
Post by Yousuf Khan
They recommend OpenVPN for Linux and other open-source OS, because
hardly any support exists from providers for Linux. On Windows, there's
plenty of support, so there's no reason to use OpenVPN, just use the
client that they provide for you.
You bring up a good point Yousuf, which is a MAJOR point of CONFUSION for
users who are noobs, like we all were at one time.

If you're a noob, it's horribly confusing all the different proprietary
CLIENTS and PROTOCOLS.

To simplify the protocol decision, I recommend a person use the OpenVPN
protocol, for the obvious reasons already stated.

To simplify the client decision, I recommend the OpenVPN client, which runs
on all desktop platforms, and probably both Android & iOS.

There are *many* reasons for this client decision, where it's highly
unlikely that most other clients will already run on all the other
platforms.

Remember, the configuration file is simply a text file, so, it works on all
platforms already.

Of course, like everyone here, I started out with solutions that were NOT
OpenVPN based, and I started out using all those horrid clients also, but
over time, I learned that the SIMPLEST and MOST LEVERAGED solution is to
use:
a. OpenVPN client
b. OpenVPN config files

For portability and compatibility, OpenVPN is the best, bar none.
It's also generally among the best in security (although details matter).

Hence, the OpenVPn client is the best for many things - but ... but the
OPenVPN client doens't have all the bells and whistles of perhaps some
other clients (which, for example, might have a killswitch built in).

I don't like proprietary security software for the obvious reasons, so,
that's a strike against the proprietary clients.

BTW, even the VPN Gate solution I recommend for noobs has a free OpenVPN
client software package named "SoftEther"
http://www.softether.org/

I tried it, and hated it, but it certainly did some things very well, such
as run a working config file and switch easily between them.

In summary, the only client that you can be sure of that is on ALL the
major platforms is OpenVPN, and there's nothing wrong with OpenVPN, but if
you have a client that has bells and whistles that you like, then by all
means use it.

But for a noob tutorial, I think OpenVPN is a good starting point.
If you think there's a better starting point, that's fine too.

In the end, it doesn't really matter which VPN client they use as they all
do the same thing in the end analysis.
Yousuf Khan
2018-06-01 04:03:10 UTC
Permalink
Post by Bob J Jones
If you're a noob, it's horribly confusing all the different proprietary
CLIENTS and PROTOCOLS.
To simplify the protocol decision, I recommend a person use the OpenVPN
protocol, for the obvious reasons already stated.
To simplify the client decision, I recommend the OpenVPN client, which runs
on all desktop platforms, and probably both Android & iOS.
There are*many* reasons for this client decision, where it's highly
unlikely that most other clients will already run on all the other
platforms.
Remember, the configuration file is simply a text file, so, it works on all
platforms already.
Of course, like everyone here, I started out with solutions that were NOT
OpenVPN based, and I started out using all those horrid clients also, but
over time, I learned that the SIMPLEST and MOST LEVERAGED solution is to
a. OpenVPN client
b. OpenVPN config files
That's your choice if you want to complicate your life, noobs will use
whatever is recommended to them by their VPN provider. That provider
might very well likely recommend OpenVPN client, for customers using
Linux, but they won't do that for Windows. Very few people are full
noobs on Linux.
Bob J Jones
2018-06-01 20:01:24 UTC
Permalink
Post by Yousuf Khan
That's your choice if you want to complicate your life, noobs will use
whatever is recommended to them by their VPN provider. That provider
might very well likely recommend OpenVPN client, for customers using
Linux, but they won't do that for Windows. Very few people are full
noobs on Linux.
You bring up a good point that it's "simple" to simply choose a provider
and then use *their* (likely proprietary) VPN solution.


As you're aware, there is a potential danger and potential ease of
integration to proprietary solutions, for example, you can get bells &
whistles, such as an integrated killswitch.

The noob should be aware there is a flip side to the "proprietary" solution
also, such that they're not necessarily vetted, and they may not work on
all platforms.

For example, the suggested open-source client works on all platforms, iOS,
Android, Linux, Windows, & MacOS - but you have to add your own killswitch.
|
The suggested proprietary client works on most (but not all) platforms, but
it has its own killswitch included.

It's the users' choice, we both agree, what they use.

The noob need only know that they need to choose these two things:
1. An OpenVPN client (such as ProtonVPN or OpenVPN)
2. An OpenVPN config file (such as those from vpnGate.net or ProtonVPN

So thanks for helping the user decide which to use, which is great, as both
the proprietary and open-source solutions work fine.
nospam
2018-06-01 20:07:40 UTC
Permalink
Post by Bob J Jones
The noob should be aware there is a flip side to the "proprietary" solution
also, such that they're not necessarily vetted, and they may not work on
all platforms.
it only needs to work on the platforms the 'noob' uses.
Mike Easter
2018-06-01 20:28:16 UTC
Permalink
Post by Bob J Jones
The noob should be aware there is a flip side to the "proprietary" solution
also, such that they're not necessarily vetted, and they may not work on
all platforms.
Using the VPN proprietary app adds even more hazard to the process than
the fact that you already have to trust the VPN service itself.

- rarely is the proprietary app open source
- often the proprietary app was created by yet *ANOTHER* unknown
entity/coder not the VPN service provider
- articles which discuss using the VPN's provided ware vs not
(occasionally impossible to not) appear to me to always recommend NOT
- if *I* were going to be a nefarious VPN provider, I would surely do
it with proprietary ware.
--
Mike Easter
nospam
2018-06-01 20:52:52 UTC
Permalink
Post by Mike Easter
Post by Bob J Jones
The noob should be aware there is a flip side to the "proprietary" solution
also, such that they're not necessarily vetted, and they may not work on
all platforms.
Using the VPN proprietary app adds even more hazard to the process than
the fact that you already have to trust the VPN service itself.
- rarely is the proprietary app open source
- often the proprietary app was created by yet *ANOTHER* unknown
entity/coder not the VPN service provider
- articles which discuss using the VPN's provided ware vs not
(occasionally impossible to not) appear to me to always recommend NOT
- if *I* were going to be a nefarious VPN provider, I would surely do
it with proprietary ware.
i wouldn't.

let the user use whatever client they want, thinking that it's safe.

there's a *lot* more a nefarious person can do server side.
Mike Easter
2018-06-01 21:02:25 UTC
Permalink
Post by nospam
Post by Mike Easter
- if *I* were going to be a nefarious VPN provider, I would surely do
it with proprietary ware.
i wouldn't.
let the user use whatever client they want, thinking that it's safe.
there's a *lot* more a nefarious person can do server side.
Welllll...

... I'm neither a coder nor nefarious, but if I have (some)
control/influence of the user's machine with 'my' naughty client ware
AND I have control of the server side, I have the 'best of both worlds'
for nefarious.

And I still have my server side for those using their own clean ware to
access my server.

That would be my thinking without the technical chops to pull anything off.
--
Mike Easter
nospam
2018-06-01 21:22:08 UTC
Permalink
Post by Mike Easter
Post by nospam
Post by Mike Easter
- if *I* were going to be a nefarious VPN provider, I would surely do
it with proprietary ware.
i wouldn't.
let the user use whatever client they want, thinking that it's safe.
there's a *lot* more a nefarious person can do server side.
Welllll...
... I'm neither a coder nor nefarious, but if I have (some)
control/influence of the user's machine with 'my' naughty client ware
AND I have control of the server side, I have the 'best of both worlds'
for nefarious.
And I still have my server side for those using their own clean ware to
access my server.
that's the point.

do it server side and *all* users are affected no matter what client
they use and without any way to detect it either.
Shadow
2018-05-29 14:40:58 UTC
Permalink
On Mon, 28 May 2018 16:00:42 +0000 (UTC), Bob J Jones
Post by Bob J Jones
Post by Shadow
Honeypot anyone ?
Shadow,
Please stop this nonsense.
It's not helpful to the cause of the team knowledge.
You didn't IMPROVE the process one iota.
In fact, you're just wasting our time (and yours) unfruitfully.
No, any string is only as strong as it's weakest knot. And
using a server that any TLA has unlimited legal access to is not the
best way to preserve privacy.
People might have taken you seriously if you had placed the
backbone of your scheme outside the US government's control..
Wondering why you got no replies ?
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Bob J Jones
2018-05-29 21:36:27 UTC
Permalink
Post by Shadow
No, any string is only as strong as it's weakest knot. And
using a server that any TLA has unlimited legal access to is not the
best way to preserve privacy.
People might have taken you seriously if you had placed the
backbone of your scheme outside the US government's control..
Usenet is a potluck picnic.
Everyone contributes in a way that enhances knowledge for everyone else.

Again, just having to deal with your insanity is completely off topic,
since all you're doing is bringing negativity to the equation, WITHOUT
providing any semblance of a solution.

Anyone can shit on the picnic table like you are trying to do.
It's harder to ADD VALUE to the picnic - which you are NOT doing.

You have to realize that you're purely 100% keyword driven, so the moment
you see VPN you respond the SAME WAY every time. That's fine the first
time. That's fine the second time. Even the third and fourth and fifth and
sixth and seventh and eighth time, ninth, and then tenth time.

Given you add zero value even the first time, why do we *always* have to
suffer the *same rant* every single time VPN is mentioned - WITHOUT any
semblance of a solution.

It's like you ranting about the weather.
If you don't do anything about it - then your rant is just your own private
rant against the forces of nature.

You don't help ANYONE with your rants.

I'm clearly trying to HELP people.

I know you have it in you Shadow to HELP.

If you think the VPNs I noted are insecure, that's fine, but what you
complained about was non sensical since NOBODY but you seems to understand
why you ranted on the open-source well-vetted OpenVPN solution, and none of
us can figure out what the heck Florida has to do with anything.

So why don't you first explain your own post?
Post by Shadow
Wondering why you got no replies ?
You think this is a game?

Do you think it matters how many crap replies we get?
What do you think this is? A popularity contest?

The main reason there were no replies is because I have a VERY WELL THOUGHT
out process. You can rest assured if my process sucked, someone would have
come up with a BETTER ONE. And that's fine.

But if my process is the best there is, then there is nothing for experts
to add to, since we're all old men who have been at this for decades.

Besides, it could also be that nobody cares, which, again is just fine.
One reason for including WindowsXP is that it's a well-archived group, in
addition to a lot of experts are still on XP, so, the great news is that
the Internet tribal knowledge for the group is enhanced by this thread.

This is the thread that started the quest for this complete solution:
http://www.pcbanter.net/showthread.php?t=1104224
VPN for connection that randomly drops?

All I'm doing is helping solve that problem.
And asking for experts to further IMPROVE the solutions.

It's pretty simple stuff.
You don't seem to comprehend that this is the purpose.

But sometimes, Usenet is people working together for the common good.
Without people like you shitting on the picnic table ruining the picnic.

Everything you said was negative, and every response I am forced to make to
you also detracts from the main point, but this isn't a game as you seem to
think it is.

1. I posted so that others would have the ability that I already had, and,
2. The killswitch added to that knowledge (which is a universal need)
3. The StartMenu/Taskbar/Icon tricks also added to that knowledge
4. And the current effort to improve the killswitch "choice" is underway

The fact that any Windows user who could already do all dozen of the tasks
this thread covered, is likely already an expert - so now - with this
expert documentation - even noobs can do the following dozen things, not
only for the killswitch, but for any desired batch file which requires
input from the user and a command window to stay up.

a. Set up the best bittorrent client
b. Torrent a canonical large file
c. Download thousands of free public OpenVPN config files
d. Install the best VPN client
e. Run a classic gateway disabling switch for protection
f. Create a shortcut to the killswitch that has added cmd.exe capabilities
g. Those added cmd capabilities include keeping the windows open for input
h. Place that killswitch cmd shortcut in the left side of the Start Menu
i. Place that killswitch cmd shortcut in the right side of the Start Menu
j. Place that killswitch cmd shortcut in the Task Bar
k. Change the icon to that killswitch cmd shortcut using SHELL32.dll
l. Change the input method to remove the need to press carriage return
(See work in progress http://www.pcbanter.net/showthread.php?t=1104264)
m. Decide among any of a half dozen other documented killswitch methods
- Batch DOS file methods
- Batch Bash Shell methods
- Firewall methods
- Task Scheduler methods
- VPN-server-provided methods
- etc.

Could you do *all* that before this thread?
If so, then you're an expert.

If you're an expert, then you should be able to IMPROVE the process.
But all you've done is made nonsensical complaints about Florida being a
state, and about a well-vetted open-source program named "OpenVPN".

So all you've contributed to the pot luck picnic is a steamy pile of shit.

Since you didn't improve the process, you're clearly not an expert.
Please stop shitting on this picnic since you didn't bring any food.

Usenet is a potluck picnic.
All you brought to the picnic was a pile of shit.

Try to bring something of VALUE to the picnic please.
I know you have it in you Shadow.

If you know ANYTHING USEFUL, please add that value to this picnic.
If you don't know anything useful, then stop shitting on the picnic table.
Shadow
2018-05-29 22:40:15 UTC
Permalink
On Tue, 29 May 2018 21:36:27 +0000 (UTC), Bob J Jones
Post by Bob J Jones
The main reason there were no replies is because I have a VERY WELL THOUGHT
out process.
Congratulations.
Put it on a web site or something.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Bob J Jones
2018-05-30 01:08:35 UTC
Permalink
Post by Shadow
Post by Bob J Jones
The main reason there were no replies is because I have a VERY WELL THOUGHT
out process.
Congratulations.
Put it on a web site or something.
[]'s
You still feel the need to shit on the potluck Usenet picnic table.
Instead of bringing a single morsel of added value.
Your actions tell everything anyone needs to know about you Shadow.
Shadow
2018-05-30 02:15:48 UTC
Permalink
On Wed, 30 May 2018 01:08:35 +0000 (UTC), Bob J Jones
Post by Bob J Jones
Post by Shadow
Post by Bob J Jones
The main reason there were no replies is because I have a VERY WELL THOUGHT
out process.
Congratulations.
Put it on a web site or something.
[]'s
You still feel the need to shit on the potluck Usenet picnic table.
Instead of bringing a single morsel of added value.
Your actions tell everything anyone needs to know about you Shadow.
Read Mike Easter's post. The weakest point in your " VERY WELL
THOUGHT OUT PROCESS" was the VPN you chose. Which I pointed out in my
first post.
Believe it or not, I was trying to help you.
Your replies were not very civilized ....
Whatever.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Bob J Jones
2018-05-30 03:14:28 UTC
Permalink
Post by Shadow
Read Mike Easter's post. The weakest point in your " VERY WELL
THOUGHT OUT PROCESS" was the VPN you chose. Which I pointed out in my
first post.
Believe it or not, I was trying to help you.
Your replies were not very civilized ....
Whatever.
Tell us Shadow:
*What VPN service do you recommend and why?*

The fact is that you're 100% keyword driven.
It doesn't matter, to you, what the TOPIC of the thread is.
If you see the words "VPN", you have a predetermined output.

You do it EVERY time, Shadow.
You think this is my first date with you?

You're 100% keyword driven.
You respond the same to EVERY thread that mentions "VPN".

You've been doing this silliness for YEARS Shadow.

Did you even *read* the OP?
If you read it, did you *comprehend* anything inside that OP?

For example, did you notice this statement in the OP?
* I realize people work only off keywords - and that they make the same
complaints all the time base on keywords - so please note that it is off
topic to complain about the NSA or any other unsavory characters who you
think are running free public VPN servers.

Did you read this statement in the OP?
* If you want to PAY for your VPN server, it changes NOTHING in this
sequence, other than where you get your text openVPN config files from.

Did you read this statement in the OP?
* You are welcome to recommend a payware VPN service if you think that
will help the user run these simple tests.

OK. Those are 3 very simple statements, are they not?

You think I'm stupid?
You work off of keywords.
I know that.

You have the SAME RANT every time you see the keyword "VPN".
I know that too.

Your rant didn't even make sense "Florida?) WTF?
OpenVPn client? WTF?

That simply PROVES that you're 100% keyword driven.
You never even *read* the original post.

All you saw was the word "vpn" and then you rushed to find some clue
(Florida anyone?) that proves to everyone that the NSA (or whomever) is
running that VPN (even as you chose the openVPN client for your victim).

Do you see Shadow, I already KNEW exactly that you would waste our time.
I tried to STOP you by writing those three sentences into the OP.

But, you INSIST on the SAME RANT every time you see the keyword "VPN".

If you really want to be helpful, then SUGGEST a GREAT VPN service.
Do that.

That would be helpful.
But I predict you will NEVER do that.

Since it's almost impossible to do (it's like choosing the best
girlfriend).

But if you want your silly rant to be useful to people, then simply add
value.

Tell us Shadow:
*What VPN service do you recommend and why?*
Bob J Jones
2018-05-28 22:23:02 UTC
Permalink
Post by Bob J Jones
1. So that users can be torrenting on VPN in minutes, and,
2. So that users can help debug upcoming KillNetwork switches
(i.e., switches in Windows set to kill the network when VPN drops)
SUMMARY

I have been testing the VPN DOS batch file kill
script on Windows 10 for a day or so now, where it's working just
fine having been tested on a dozen or more randomly selected different
free public OpenVPN services.

The use model is very simple (as is the logic):
A. While on your network, connect to any desired OpenVPN service.
B. Then run the killswitch, & press (1) to disable your gateway.
C. Hence, if the VPN drops, then you'll just have no network.

To re-enable the network after VPN drops (or you shut VPN down),
you just press (2) in the killswitch open window and you get
your normal Internet back using your router gateway.

It's that easy to do, with the logic being simply:
(1) To remove (ROUTE DELETE) your gateway from the routing table, and,
(2) To add (ROUTE ADD) your gateway back into the routing table.

Even as the vpn killswitch solution turns out to be surprisingly easy,
I generally document solutions in gory detail so that anyone, even noobs,
can easily follow in my footsteps.

The detailed documentation of my tests is mostly in this thread:
SUBJECT: Please improve this setup which will get you torrenting on free public VPN in minutes
ARCHIVE: <https://groups.google.com/forum/#!topic/microsoft.public.windowsxp.general/56KgMK6n090>

Where finesse in customization for ease-of-use is documented here:
SUBJECT: For noobs: How to make a Hello World batch script *AND* put it in both the Start Menu & Task Bar (which isn't intuitive!)
ARCHIVE: Win7 <http://www.pcbanter.net/showthread.php?t=1104254>
ARCHIVE: Win10 <http://www.pcbanter.net/showthread.php?t=1104255>

My current customized DOS killswitch script is included below
where the only changes are to the philosophical logic and the
removal of Liquid VPN from all but the originating attribute
so as to be clear that this VPN killswitch should work with all
OpenVPN services.

This DOS killswitch even works without VPN, if you ever have a
need to kill your network temporarily, for example, when installing
those annoying programs that phone home during the installation.

===== cut here for vpnkill.bat =====
@echo off

:: GetAdmin
:-------------------------------------
:: Verify permissions
Post by Bob J Jones
nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
:: On Error No Admin
if '%errorlevel%' NEQ '0' (
echo Getting administrative privileges...
goto DoUAC
) else ( goto getAdmin )

:DoUAC
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B

:getAdmin
pushd "%CD%"
CD /D "%~dp0"
:--------------------------------------


@echo off
:: CHANGE DEFAULT GW IP BELOW
set defgw=192.168.0.1


@For /f "tokens=3" %%1 in (
'route.exe print 0.0.0.0 ^|findstr "\<0.0.0.0.*0.0.0.0\>"') Do set defgw=%%1
cls
:start
cls
echo.
color 0C
echo VPN Kill Switch, ver. 0.1 - by LiquidVPN (disables your gateway)

echo.
echo.
echo Your routers gateway is probably "%defgw%"
echo -if nothing appears or its incorrect, add it manually (Press '3')
echo.
echo USAGE:
echo.
echo - After connecting to any desired OpenVPN service...
echo -Press "1" to DISABLE your gateway IP "%defgw%")
echo - After disconnecting from any desired OpenVPN service...
echo -Press "2" to ENABLE your gateway IP "%defgw%")
echo - If needed...
echo -Press "3" to manually set default gateway if its not detected above.
echo -Press "h" for Kill Switch Help
echo -Press "x" to exit Kill Switch.
echo.
set /p option=Your option:
if '%option%'=='1' goto :option1
if '%option%'=='2' goto :option2
if '%option%'=='3' goto :option3
if '%option%'=='x' goto :exit
if '%option%'=='h' goto :help
echo Insert 1, 2, x or h
timeout 3
goto start
:option1
route delete 0.0.0.0 %defgw%
echo Default gateway "%defgw%" removed
timeout 3
goto start
:option2
route add 0.0.0.0 mask 0.0.0.0 %defgw%
echo Defaulte gateway "%defgw%" restored
timeout 3
goto start
:option3
echo
set /p defgw=your gw IP (e.g. 192.168.0.1):
goto start
:help
cls
echo.
echo.
echo ======================
echo This simple kill switch removes your default gateway
echo and blocks traffic from reaching the Internet when
echo your VPN gets disconnected.
echo.
echo Here is how you use this gateway killswitch.
echo.
echo Step 1: First, while using your normal Internet connection, connect to any OpenVPN server
echo Step 2: Once connected to the OpenVPN server, then disable your gateway (option "1")
echo.
echo Now Any Internet traffic will pass through your VPN only.
echo.
echo - If your VPN gets disconnected while you're using it, so will your Internet
echo - because your gateway will have been temporarily removed.
echo - Step 3: When you want your normal Internet back, and with VPN down, simply re-enable your gateway (option "2").
echo.
echo.
echo When you disconnect from your VPN follow these steps
echo to reconnect or to browse the Internet normally.
echo.
echo Step 1: Close any software that may leak your real IP
echo Step 2: Re-enable your gateway (Option "2") so you can connect to the VPN
echo Step 3: Connect to VPN and then disable your gateway (Option "1")
echo.
timeout /T -1
goto start
:exit
exit
===== cut here for vpnkill.bat =====
Bob J Jones
2018-05-29 13:40:55 UTC
Permalink
Post by Bob J Jones
I have been testing the VPN DOS batch file kill
script on Windows 10 for a day or so now, where it's working just
fine having been tested on a dozen or more randomly selected different
free public OpenVPN services.
Some bad news ...

You can also use this killswitch to turn off your gateway when you install
programs ... but ...

But I installed TurboTax just now, after turning off the gateway, and
TurboTax _still_ updated itself over the net.

How did it to that?
Clearly it didn't use the gateway 192.168.0.1 IP address.

So killgateway.bat won't stop hard-coded calls to the Internet.

What I will do, moving forward, is I will turn off the gateway each time I
install new programs, so that I can get an idea of what percentage of
"phoning home" during installation this simple method blocks.

PRO: It's a quick and easy way to partially disable the network.
CON: It won't disable phoning home of hard-coded IP address calls.

How do you think TurboTax updated itself sans a gateway?
Paul
2018-05-29 18:19:44 UTC
Permalink
Post by Bob J Jones
Post by Bob J Jones
I have been testing the VPN DOS batch file kill
script on Windows 10 for a day or so now, where it's working just
fine having been tested on a dozen or more randomly selected different
free public OpenVPN services.
Some bad news ...
You can also use this killswitch to turn off your gateway when you install
programs ... but ...
But I installed TurboTax just now, after turning off the gateway, and
TurboTax _still_ updated itself over the net.
How did it to that?
Clearly it didn't use the gateway 192.168.0.1 IP address.
So killgateway.bat won't stop hard-coded calls to the Internet.
What I will do, moving forward, is I will turn off the gateway each time I
install new programs, so that I can get an idea of what percentage of
"phoning home" during installation this simple method blocks.
PRO: It's a quick and easy way to partially disable the network.
CON: It won't disable phoning home of hard-coded IP address calls.
How do you think TurboTax updated itself sans a gateway?
In addition to the gateway thing (which might be stopping DNS),
there's a route command.

https://superuser.com/questions/586517/disable-internet-access-but-leave-lan-working

"It's probably the best to remove the default route to disable internet access:

route delete 0.0.0.0 mask 0.0.0.0

And to re-enable, add it back again:

route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
"

Use "route /?" to learn about a couple arguments you can
pass to that to make it persistent or not-persistent-across-reboots.

*******

I gather there's a ton of ways to "half do it".

https://superuser.com/questions/81364/allowing-local-network-access-while-blocking-internet-access

Paul
Char Jackson
2018-05-29 23:13:26 UTC
Permalink
Post by Paul
Post by Bob J Jones
Post by Bob J Jones
I have been testing the VPN DOS batch file kill
script on Windows 10 for a day or so now, where it's working just
fine having been tested on a dozen or more randomly selected different
free public OpenVPN services.
Some bad news ...
You can also use this killswitch to turn off your gateway when you install
programs ... but ...
But I installed TurboTax just now, after turning off the gateway, and
TurboTax _still_ updated itself over the net.
How did it to that?
Clearly it didn't use the gateway 192.168.0.1 IP address.
So killgateway.bat won't stop hard-coded calls to the Internet.
What I will do, moving forward, is I will turn off the gateway each time I
install new programs, so that I can get an idea of what percentage of
"phoning home" during installation this simple method blocks.
PRO: It's a quick and easy way to partially disable the network.
CON: It won't disable phoning home of hard-coded IP address calls.
How do you think TurboTax updated itself sans a gateway?
In addition to the gateway thing (which might be stopping DNS),
there's a route command.
https://superuser.com/questions/586517/disable-internet-access-but-leave-lan-working
route delete 0.0.0.0 mask 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
"
Nope, that's not it. The default route simply points to the default
gateway. If the default gateway setting has been cleared, then the
default route has no role to play in networking.

Speaking of the default route, you can leave the default gateway in
place and remove the default route to achieve the same thing as removing
the default gateway by itself. The benefit is that having a default
gateway, without a default route, puts you in a position where you can
selectively enable WAN access by configuring individual static routes.
For example, in case you wanted to be completely off the Internet except
for email, or except for Facebook, or except for <fill-in-the-blank>.
Char Jackson
2018-05-30 15:50:12 UTC
Permalink
On Tue, 29 May 2018 13:40:55 +0000 (UTC), Bob J Jones
Post by Bob J Jones
Post by Bob J Jones
I have been testing the VPN DOS batch file kill
script on Windows 10 for a day or so now, where it's working just
fine having been tested on a dozen or more randomly selected different
free public OpenVPN services.
Some bad news ...
You can also use this killswitch to turn off your gateway when you install
programs ... but ...
But I installed TurboTax just now, after turning off the gateway, and
TurboTax _still_ updated itself over the net.
How did it to that?
Clearly it didn't use the gateway 192.168.0.1 IP address.
Short answer: Without a packet capture, I don't know.

Longer answer: This pseudo logic is one possibility, but it's way out
there. As in, you really need a packet capture to avoid wild guesses
like this.

1. Let's get this program updated.
Success=DONE
Fail=go to next step
2. Am I standalone or networked?
Standalone=QUIT
Networked=go to next step
3. Do I have a default gateway?
Yes=try to reach it
No=try to determine the gateway address

Note that it's not necessary to have a default gateway to have Internet
access. That's only done for convenience, (so that you don't have to
manage a large number of static routes), not out of necessity, and since
the longstanding convention is to assign either .1 or .254 as the
gateway address, while the first 3 octets MUST be the same as the local
IP, let's try those addresses first. In most cases, bingo, we have a
winner. Create a non-persistent static route to your update site and
you're golden.

Now, is TurboTax doing that, or anything remotely like that? I have no
idea and think it's doubtful, but a packet capture would be very
interesting. Maybe even a dump of the routing table, with 'route print',
and the ARP table, with 'arp -a', and the connection table, as well. All
of those data gathering steps would have to be done in such a way as to
catch TTax in the act.

Some people disconnect the Ethernet cable. It's much harder to work
around that, but that would also obviously kill the VPN. ;-)
Mike Easter
2018-05-29 23:27:00 UTC
Permalink
Post by Bob J Jones
http://vpngate.net
https://www.freeopenvpn.org/en/cf/usa.php
https://www.bestvpnserver.com/list-of-top-free-openvpn-servers/
etc.
Please improve this test process, where, once installed, the test procedure
I understand there is a difference between running tests and *actually*
using VPNs, which genuine VPN usage is supposed to be all about privacy.

I also feel that a great many VPNs are *worse* in that respect than
connecting 'directly' using one's own connectivity provider. That is,
the provider cares even less than do some VPNs, and depending on the
'severity' of whatever you are doing that requires privacy, a great many
VPNs definitely should NOT be used.

For that reason, I believe that the research and ratings provided by
TOPS (That One Privacy Site) mentioned and linked earlier is a necessary
ingredient in the process of 'messing with' VPNs. He has done a lot of
work in his evaluations; and unlike most (such as list of top free
openvpn servers), I believe that he is honest in his evaluations and not
tied to/ shilling/ any particular VPN service.

Your principal strategy is to create some openvpn configs from free
service because you don't want to go to the trouble to anonymize
payments and then from that crop of freevpn/s, testing your schemes for
such as killswitch. Those are useful endeavors, but they don't actually
get the job done at all as far as selecting a *good* VPN service, which
seems extremely important to me.

Your 'selection' process is that of using the first free VPN service
that connects for you.

Earlier I mentioned one VPN service I had found after gaining some
knowledge from TOPS; but it turns out that ProtonVPN was just liked by
the person in a newsgroup because he also liked ProtonMail. Just
recently I learned that TOPS had reviewed ProtonVPN 2017 Nov and while
it wasn't really bad, it wasn't actually good either.

The TOPS guy has actually tested the pay servers of many VPNs (as
opposed to just free VPNs), thus evaluating how discreet one can be in
payment as well as how well one can get a refund. The
/business/marketing/ of VPN services seems to be that even those who
don't have to/ or /choose to/ provide any free services almost always
provide a 'money-back guarantee' for the pay section. While that route
might seem more tedious, it does seem like a more thorough approach to
evaluating VPN services.

I would hope that once you have moved beyond just testing 'any old' free
VPN, that somewhere along the way you start getting interested in
finding VPNs for the privacy purposes for which they should be used.
--
Mike Easter
Bob J Jones
2018-05-30 03:46:24 UTC
Permalink
Post by Mike Easter
I would hope that once you have moved beyond just testing 'any old' free
VPN, that somewhere along the way you start getting interested in
finding VPNs for the privacy purposes for which they should be used.
Hi Mike,

Thanks for your helpful advice, Mike.

I know you're naturally a helpful guy, and I love your witticisms at the
end of your posts (which you're not using in this thread, it appears).

And, I did openly ask for improvements, and you provided an improvement,
which is that VPN-comparison site (see details below) for COMPARING various
openVPN servers.

Hence, I thank you for that improvement!
It's a GREAT improvement for selecting a VPN server (or comparing them).

I WILL include that improvement in subsequent versions of the tutorial, so
that comparison site is an excellent resources.

But you know what would be even better than a comparison site?
The answer to this question would be a LOT better than a comparison site.
*What VPN service do you recommend and why?*

Now you know, as well as I do, that there is no perfect answer to that
question, but, if you really want to add value, then *that* is the question
for you to answer which would add value - especially for noobs to follow
easily.

You could respond to that question by saying that you provided this link:
https://thatoneprivacysite.net/vpn-section/

Which contained "summary" charts, such as:
https://thatoneprivacysite.net/simple-vpn-comparison-chart/

Looking at just one site, vpngate, here are the ratings in that chart:
Y = Privacy Jurisdiction
R = Privacy Logging
Y = Privacy Activism
R = Technical Serv Conf
Y = Technical Security
G = Technical Availability
R = Business Website
G = Business Pricing
G = Business Ethics
Where, Y===yellow, R===red, G===green.

Well, that's not all that valuable, right?
I mean, it's just a color-coded summary chart.

What the noobs need, really, to get started right away, is the answer to
this critical question:
*What VPN service do you recommend and why?*

You could say, "read the reviews", but, of course, there are no reviews for
that simplest-of-simple sites:
https://thatoneprivacysite.net/blog/

But then you'll say, of course, there is more to that comparison site than
just a blank review and a generic summary table, where the next link you'll
suggest users visit is this:
https://thatoneprivacysite.net/vpn-comparison-chart/

And again, I choose VPNgate (since I know it well):
(which you'll note, was #1 in the OP so it's
not like I'm seeking a "ringer").

VPN SERVICE VPN Gate
Jurisdiction Based in (Country) Japan
Jurisdiction """Fourteen Eyes"" Country" Cooperative Yellow
Jurisdiction Enemy of the Internet No green
Logging Traffic logs yes red
Logging DNS Requests yes red
Logging Timestamps yes red
Logging Bandwidth yes red
Logging IP Address yes red
Activism Anonymous Payment Method yes green
Activism Accepts Crypto Currency no red
Activism PGP Key Available no red
Activism Gives back to Privacy Causes no red
Activism Meets PrivacyToolsIO Criteria no red
Leak protection 1st Party DNS Servers no red
Leak protection IPv6 Supported / Blocked no red
Protocols Offers OpenVPN yes green
Obfuscation Supports Multihop white
Obfuscation Supports TCP Port 443 yes green
Obfuscation Supports Obfsproxy white
Obfuscation Supports SOCKS white
Obfuscation Supports SSL Tunnel yes green
Obfuscation Supports SSH Tunnel white
Obfuscation Other Proprietary Protocols white
Port blocking Blocks SMTP (Authent.) white
Port blocking Blocks P2P some yellow
Speeds US Server DL Speeds (%) 0.00 white
Speeds International Server DL Speeds (%) 0.00 white
Servers Dedicated or Virtual white
Security Default Provided white
Security Strongest Provided AES-256 green
Security Weakest Provided white
Security Strongest Provided white
Availability # of Simultaneous Connections 25 green
Availability # of Countries 24 green
Availability # of Servers 7,670 green
Support Linux Support (Manual) white (BTW, it works fine on Linux)
Website # of Persistent Cookies 3 yellow
Website # of External Trackers 2 green
Website # of Proprietary API's 1 green
Website Server SSL Rating white
Website SSL Certificate issued to no ssl cert red
Pricing $ / Month - (Annual Pricing) 0.00 green
Pricing $ / Connection / Month 0.00 green
Pricing Free Trial Available Free
Pricing Refund Window (Days) 0 red (huh? It's free. How could that be red?)
Ethics Contradictory Logging Policies white
Ethics Falsely Claims Service is 100% Effective white
Policies Incentivizes social media spam white
Policies Forbids spam white
Policies Requires ethical copy white
Policies Requires full disclosure white
Affiliates Practice ethical copy white
Affiliates Give full disclosure white

OK. Mike. So that's good information. It really is.
(Particularly for COMPARING one VPN service to another.)

So I'll add that link to the tutorial, so that users can COMPARE VPN
services, apples to apples, so to speak, for the criteria that *they* care
about.

While some of the lines in that chart are clearly bullshit, the overall set
of selections is a good example of what people can look at when comparing
VPN services.

So THANK YOU for adding value to the thread that many others can use.
That site is an IMPROVEMENT that is USEFUL, so I appreciate that input.

But that comparison site still doesn't solve the critical question, Mike.

The answer to this question most helps everyone reading this thread:
*What VPN service do you recommend and why?*
--
PS: I know how difficult it is to answer that question; but that doesn't
change that the answer would be the most useful answer one could provide.
Bob J Jones
2018-05-30 04:37:43 UTC
Permalink
In <news:***@mid.individual.net>, Mike Easter
<***@ster.invalid> wrote:

Hi Mike,
This response is really just to you.
Consider this a "personal note" just to you.

Everyone else ... I warned you ... this is betweem Mike and me.
I don't think it will be helpful for tribal knowledge, overall.

But since you are a helpful guy, I respond to you directly, mano a mano.
Post by Mike Easter
I understand there is a difference between running tests and *actually*
using VPNs, which genuine VPN usage is supposed to be all about privacy.
Yup. If you want a noob to get up to speed, what you want to give that noob
is a text config file that he can doubleclick on and it "just works".

Once the noob has the whole process working, then he can luxuriate in the
intimate charms of selecting among what must be hundreds of potential VPN
server providers, each with their own detailed pros and cons.

For the purpose of the tutorial, *any* OpenVPN config file that was self
contained is sufficient for the purpose of the tutorial.

NOTE: By self contained I mean *everything* is in the config file,
including the encryption keys and passwords, etc.
Post by Mike Easter
I also feel that a great many VPNs are *worse* in that respect than
connecting 'directly' using one's own connectivity provider. That is,
the provider cares even less than do some VPNs, and depending on the
'severity' of whatever you are doing that requires privacy, a great many
VPNs definitely should NOT be used.
To adequately answer that paragraph would take ten PhD's the rest of their
lives, and they'd still not agree.

Suffice to say everyone has a "threat model", where mine, for example, is
simply that I want a "new IP address" (e.g., a proxy works as well for me,
except it only works in a browser - where the encryption in VPN is simply
an added bonus for me).

Q: What is my thread model, aka Whom am I hiding from?
A: Major aggregators, such as Google, Facebook, Amazon, whatever.

Specifically:
Q: Am I hiding from a state-sponsored adversary?
A: Hell no. Not in your wildest dreams. They'd have me pegged in 2 seconds.

But some people, as Shadow alluded to, are hiding from state-sponsored
adversaries. OK. If you're hiding from a well-funded adversary, you sure as
hell better not be a noob who is using this tutorial to save your ass.

Really.
Let's be realistic here, Mike.

I'm not writing a tutorial for noobs to learn how to hide from TLAs, right?
Nobody thinks that, do they?

So let's dispense with this spooky stuff and stick with the two very basic
things you get with any decent VPN service.
1. A new IP address, and,
2. Encryption of your traffic from you to the VPN service.

That's all that we should reasonably expect of a noob tutorial.
Post by Mike Easter
For that reason, I believe that the research and ratings provided by
TOPS (That One Privacy Site) mentioned and linked earlier is a necessary
ingredient in the process of 'messing with' VPNs. He has done a lot of
work in his evaluations; and unlike most (such as list of top free
openvpn servers), I believe that he is honest in his evaluations and not
tied to/ shilling/ any particular VPN service.
As I noted, a bunch of his fields were pure bullshit (e.g., he rated
VPNGATE as red, and a "No" for refunds, when they never charge anyone any
money - and - he lists Linux as white - even though all you download is a
text file - which works just fine on *any* platform that runs an OpenVPN
client for heaven's sake).

But overall, his detailed chart is fine for someone to CHOOSE from one VPN
to another, but for a noob tutorial, we have to do that choosing for them.

Remember, the only two things that matter for the noob tutorial are:
1. Encryption to the VPN server, and,
2. A new IP address

That's it.
Every VPN service gives you that.

So that's why I said in the OP that it doesn't matter that you don't like
my choice of VPN services. Choose whatever VPN service you like best.

It's impossible to tell someone how to pick the "best" VPN service, just as
it's impossible for me to tell you how to choose the best wife.

Everyone uses whatever metric they care about, but all I'm asking for in
this tutorial are two things of the VPN service.
1. It gives you encryption to the server, and,
2. It gives you a new IP address.

They all do that.
Post by Mike Easter
Your principal strategy is to create some openvpn configs from free
service because you don't want to go to the trouble to anonymize
payments and then from that crop of freevpn/s, testing your schemes for
such as killswitch.
Remember my thread model, Mike.
I just want to jumble up my data on the Internet.

Let me give you a hint how I do that, but this is why I said this post is
only to you, and not really for general use.

I have about a score of web browsers.
Do you know how many web sites each one visits?

The answer is "one".
Yup.

Each browser only goes to a single web site.
Now WHY do I do this?

First off, it's trivial to set up, so it's easy to do, and then I can
customize the settings of the browser for each site, e.g., Google needs
some stuff, while duckduckgo doesn't, etc.,

But more to the point, the browser fingerprinting and cookies (if any) and
other browser-specific data will not cross reference as easily as if I used
a browser to go to more than one site.

Of course, I'm not so stupid as to not know about fingerpringint of the
operating system and fonts and screen technical data and canvass
fingerprinting, etc., but always remember I'm NOT hiding from a
state-sponsored adversary.

If I was, I would say that even Edward Snowden got caught.
He just ran faster than they could go to catch him.

The point is that "my adversary" is the common aggregators.
I'm not hiding from the mafia or a terrorist organization or a
state-sponsored adversary.

And I'd say that 99.9999999999999999% of the people out there who would
benefit from this tutorial have a similar threat model as I do.

It's not like I have secret blueprints on my computer which I pass daily to
my assistant in some sanction-ridden third-world country.

All I want is one thing:
1. A new IP address
Where I get the second thing, as a bonus, for free:
2. Encryption

Now, if I *pay* for a VPN service, do I get anything more than those two
things that I care about?
Post by Mike Easter
Those are useful endeavors, but they don't actually
get the job done at all as far as selecting a *good* VPN service, which
seems extremely important to me.
Mike,
You know as well as I know that the threat model is the key starting point.
If 99.9999999999% of the people out there simply need these two things:
1. A new IP address, and,
2. Encryption to the VPN service

Then how many VPN services out there do NOT give the noob those two things?

If you have a bigger threat model, then you sure as hell shouldn't be a
noob.

There's this Dunning-Kruger concept of skills self assessment (most people
don't understand the DK effect - but it affects everyone - even experts).

As I said, this is really a personal note to you, Mike, so I'll summarize
the DK effect as, basically, the less skilled people are, the more skilled
they self-assess themselves to me - and - conversely - the more skilled
they are, not only do they self assess lower but they drastically
underestimate what it takes for others to reach their skill level.

The relevance of that summary is that any noob who thinks that by running
this cut-and-paste step-by-step tutorial, that they then have the skills to
defeat a state sponsored adversary, is certainly on the lowest end of the
DK scale.

All the noob is gonna get from this tutorial is that he'll be up and
running on VPN in about an hour (or so) and if he has already installed the
software and tested it, he's up and running in minutes.

It took me *years* to get to this point, so that is a VAST savings in time!
Post by Mike Easter
Your 'selection' process is that of using the first free VPN service
that connects for you.
All I want is a new IP address.
Every VPN service gives me that.
Post by Mike Easter
Earlier I mentioned one VPN service I had found after gaining some
knowledge from TOPS; but it turns out that ProtonVPN was just liked by
the person in a newsgroup because he also liked ProtonMail. Just
recently I learned that TOPS had reviewed ProtonVPN 2017 Nov and while
it wasn't really bad, it wasn't actually good either.
Mike,
This isn't our first rodeo.
I was one of the first people on Usenet, on the Linux and Windows
newsgroups, to be asking about "public VPN services", many years ago.

That's when I learned all the people respond by Keywords only.
Everyone (including you, as I recall), responded with a "roll your own"
answer.

Remember, this is a note just to you, so, what I'm saying is that I've been
on free public VPN services since before almost everyone on this newsgroup
(I wager).

When I used to ask for help in changing an IP address, everyone would tell
me to roll my own VPN server. When I asked about public VPN services,
everyone would tell me to roll my own VPN server. When I asked if I should
name my dog VPN, everyone would tell me to roll my own VPN server.

I've been on this rodeo for many many years (too many to count).

The problem you're bringing up with ProtonVPN is the same problem then as
now, which is that every vpn service has its pros and cons, but if all you
want is
1. A new IP address, and maybe, a bonus of
2. Encryption to the VPN service

Then *any* VPN service will work for you.

I'd suggest only OpenVPN, and I'd suggest the better encryption, but other
than that, any VPN service will work for *that* purpose.

You have asked many times, as I recall, "what is the threat?" which is a
perfectly valid question.

IF the threat is the NSA, then shit ... you're dead.
Really.

They tap EVERYTHING. They spend BILLIONS of dollar a year listening to all
our traffic. They must own thousands upon thousands of Tor directory
servers and Tor exit nodes. They have probably an arsenal of thousands of
zero-day vulnerabilities.

If you, or anyone here, thinks they're smarter than the NSA, then I'd say
they are likely on the lower end of the DK scale.

A VPN isn't gonna protect you from the NSA.
But, a VPN will give you a new IP address to, oh, say, Facebook.
Post by Mike Easter
The TOPS guy has actually tested the pay servers of many VPNs (as
opposed to just free VPNs), thus evaluating how discreet one can be in
payment as well as how well one can get a refund. The
/business/marketing/ of VPN services seems to be that even those who
don't have to/ or /choose to/ provide any free services almost always
provide a 'money-back guarantee' for the pay section. While that route
might seem more tedious, it does seem like a more thorough approach to
evaluating VPN services.
OK. Now we get to payware.

The only difference between payware and freeware is that you have to figure
out a way to anonymously pay for the payware, right?

There's no other difference right?
Now, since people are only keyword driven, I know you "could" and probably
"will" say that freeware makes your data the product, while payware
doesn't, but you don't know that.

You could also say that the NSA runs the free stuff but not the payware
stuff, but, again, you don't know that.

Besides, the most important thing of all which is that freeware is
available to EVERYONE INSTANTLY RIGHT NOW.

That's a biggie when you're writing a tutorial to get a noob up to speed.
If a noob just wants to do in minutes what took me years to set up, then
freeware is the way to go, is it not?

Now, let's get back to payware though, as most people are keyword driven,
so they simply assume that payware is 'better' than freeware (which, is
hard for me to comprehend since I know plenty of freeware that is better
than plenty of payware - but - I know how weak people's minds are when it
comes to keywords).

Let's get back to basics, where all I want is a new IP address and where
the encryption is simply an added bonus.

At the moment, with freeware, I can choose between any one of over six
thousand IP addresses, at will (according to your site and to the number of
config files I currently have).

Remember, all I want is the "random" IP address.

So, tell me Mike,

If I pay for the VPN service, what do I get that I don't already have, when
all I care about is to have any one of six thousand random IP addresses?

I'll tell you one thing I don't get - which is anonymity. If I use a free
VPN service, they know my IP address, and my traffic, but if I pay for a
VPN service, they *still* know my IP address and my traffic - and - they
have my credit card and home address and name.

Of course, since you're all keyword driven, you'll tell me that if I jump
through hoops, I can hide all that - and - you know what - someday I'll
bother - but at the moment, the freeware is easier than jumping through all
those hoops since all I want is any one of over six thousand IP addresses
at will.

And I get that with freeware.
Post by Mike Easter
I would hope that once you have moved beyond just testing 'any old' free
VPN, that somewhere along the way you start getting interested in
finding VPNs for the privacy purposes for which they should be used.
The tutorial is for noobs.
For noobs, any working config file is perfect.
You can get them anywhere.

NOTHING changes in the tutorial if you choose a DIFFERENT VPN provider.
Nothing.

So, if anyone is gonna harp on "my choice" of VPN provider, the only way
you're going to HELP the NOOB is to suggest that VPN provider.

To wit, Mike:
*What VPN service do you recommend and why?*
Mike Easter
2018-05-30 14:05:38 UTC
Permalink
Post by Bob J Jones
*What VPN service do you recommend and why?*
I don't (recommend a VPN service) - nor does the guy who knows a lot
more about it at TOPS. I can only advise someone some suggested
information sites such as TOPS and another I found from a link at the
TOPS place with an article and links about five, nine, and fourteen eyes
as well as a number of other privacy suggestions
https://www.privacytools.io/#

The business including recommendations and arguments about free vs paid
VPN services is discussed at numerous sites; generally it has to do with
protocol, server, and data limits availability.

Admittedly, if you don't want much from a VPN service, then the privacy
convenience of free is a very important element. Such as an anonymous
email address is a easier to achieve than an anonymous method of payment.
--
Mike Easter
Bob J Jones
2018-05-30 19:31:35 UTC
Permalink
Post by Mike Easter
I don't (recommend a VPN service) - nor does the guy who knows a lot
more about it at TOPS.
Hi Mike,
That's exactly my point.
Thanks for being reasonable, as it's hard to find people who are rational
on Usenet.

I *knew* neither you nor Shadow would recommend a VPN service.
You know why I knew that?

Because
a. The threat model is different for some people, and,
b. All VPN services have their pros and cons.

But guess what?
I *will* recommend a VPN service for noobs to get up to speed on VPN.
Yup.

I will even recommend a specific *client* for them to use.
And a protocol. And the encryption.

It's two steps:
1. Download & install & configure the open-source OpenVPN client.
2. Download & doubleclick on any text config file from http://vpngate.net
Voila!
You're on VPN.
Post by Mike Easter
I can only advise someone some suggested
information sites such as TOPS and another I found from a link at the
TOPS place with an article and links about five, nine, and fourteen eyes
as well as a number of other privacy suggestions
https://www.privacytools.io/#
Thanks Mike for that link.
Looking up "VPN GATE" in that link, I find it's not on the list.

What does that mean?
Dunno.

If you look at the base criteria of the site, it's:
"All providers listed here are outside the US, use encryption,
accept Bitcoin, support OpenVPN and have a no logging policy."

Well, VPNgate is:
a. Outside the US
b. Uses encryption
c. Doesn't need bitcoin because it's free
d. Supports OpenVPN
e. And it does have a logging policy (so it's not for doing bad things)

So if your threat is logging, then VPNgate isn't your tool of choice; but
if your threat doesn't include logging, then VPNGate seems to be in the
list of the best providers based at least on those criteria.

The main point is that, for noobs, just getting any VPN running gets them:
1. A new IP address, and,
2. Encryption to the VPN servers.

Once they have all that working, *then* they can spend the rest of their
days trying to pick among the VPN providers to find the *best* provider
that protects them against whatever their threat model happens to be.

There is no "best VPN provider" for everyone, as you, Shadow, and I well
know.
Post by Mike Easter
The business including recommendations and arguments about free vs paid
VPN services is discussed at numerous sites; generally it has to do with
protocol, server, and data limits availability.
If all you want is:
1. A different IP address, and,
2. Encryption from you to the server,
then *all* the VPN providers give you that.

If you then want, say, "no logging", then some of the VPN providers give
you that. If they must be outside the USA for your threat model, then even
fewer give you that. If you want high speeds and unlimited bandwidth,
again, fewer still. If you want low cost, fewer still. If you want
reliability, fewer still. If you want technical support, fewer still. If
you want bells and whistles, fewer still. (ad infinitum)
Post by Mike Easter
Admittedly, if you don't want much from a VPN service, then the privacy
convenience of free is a very important element. Such as an anonymous
email address is a easier to achieve than an anonymous method of payment.
Exactly Mike.

If all you want from a noob tutorial is the user to be able to get:
1. A different IP address, and,
2. Encryption to the VPN server,
then *any* VPN (free or not free) gives you that.

All you need are two things:
A. A client (where I suggest noobs use the open-source openVPN client).
B. A text config file (where I suggest any file from vpngate.net).

You can download both of the above under a browser proxy if you like.
Now you're "anonymous" to everyone except the VPN server.

To your point, if you asked me which is the *best* VPN client or service,
the answer would be different for each person's threat model.

But, for the purpose of a noob tutorial, those two files are just fine:
A. client = https://openvpn.net/index.php/open-source/downloads
B. config = http://vpngate.net (pick any text *.ovpn config file you want)
Mike Easter
2018-05-30 22:56:52 UTC
Permalink
Post by Bob J Jones
Post by Mike Easter
https://www.privacytools.io/#
Thanks Mike for that link.
Looking up "VPN GATE" in that link, I find it's not on the list.
What does that mean?
Dunno.
If I wanted to know about some pros and cons of VPN Gate I would go to
TOPS. He has several different ways to look at the site's evaluation.
It seems he gave it a red flag for logging (among other things), 3
points by his criteria. I don't think the 'tools' site did the kind of
evaluation that TOPS did, except that little list mentioned they didn't
like logging.

The tools site also recommends using TOPS.

There are other sites which discuss logging in more detail and the basis
for not recommending services depending on their presumed logging.

I've looked around the TOPS site for more information about logging
scoring, and I noticed that in one review they considered 5 types of
logging: traffic, DNS requests, timestamps, bandwidth, and IP address.

Sites which talk much about logging point out that VPN services are
frequently vague, and also that one doesn't REALLY know what logging
they are doing, so in that sense as many others one is *trusting* the
VPN service. If one is focusing on privacy, trusting some entity seems
haphazard to me.
--
Mike Easter
Bob J Jones
2018-05-31 02:28:34 UTC
Permalink
Post by Mike Easter
If I wanted to know about some pros and cons of VPN Gate I would go to
TOPS. He has several different ways to look at the site's evaluation.
It seems he gave it a red flag for logging (among other things), 3
points by his criteria. I don't think the 'tools' site did the kind of
evaluation that TOPS did, except that little list mentioned they didn't
like logging.
Thanks Mike for looking at the vpngate evaluations.

I'm sure VPN Gate logs because it's a research project (AFAIK).
Who knows what their research is.

While I'd prefer no logging any day (as would anyone), my threat model is
Facebook, not the FBI, so, logging isn't all that critical to me.

But I should probably bone up on what their current logging policy is.
http://www.vpngate.net/en/about_abuse.aspx

It says 3 or more months at the Japan server, and 2 or more weeks at the
VPN server.
Post by Mike Easter
Sites which talk much about logging point out that VPN services are
frequently vague, and also that one doesn't REALLY know what logging
they are doing, so in that sense as many others one is *trusting* the
VPN service. If one is focusing on privacy, trusting some entity seems
haphazard to me.
I agree with you on everything Mike.

The problem is that this discussion ALWAYS ruins all VPN technical threads.
Always. Never once was there a VPN thread that didn't have this discussion
about trust ruin the technical content of that thread.

The fact is we've had this exact same discussion a thousand times, where no
new information has been provided with respect to which VPN service you can
"really" trust for "privacy".

You can essentially trust all VPN services to give you an IP address, hence
you can likely trust them all to obfuscate who you are to the likes of
Facebook and Google. Right?

What that leaves is the fact that the VPN service knows everything you do.

There is no way you're gonna teach me anything about that problem set, and
there's no way I'm gonna teach you (or Shadow) anything either, as we all
know how this works.

It's like asking "How can you trust your daughter's boyfriend?"
* He can say he doesn't keep logs - but he might keep them.
* He can say he doesn't log all your actions - but he might.
* He can say he doesn't work for a well-funded adversary - but he might.

Certainly the two very helpful sites you brought up HELP to vet these VPN
providers, but ultimately, it's like vetting your daughter's boyfriend.

You never know.

Hence, my recommendation for noobs is to use the VPN service as an IP
address proxy, and leave it at that. For that purpose, *all* the VPN
services work fine.

If the noob truly has a threat model that *requires* the encryption, then
they can still get up to speed with this tutorial - but they have an extra
homework step - which is to choose a VPN provider that meets their threat
model.

But no matter what VPN provider they choose, as long as it's OpenVPN (and
it probably is), then this tutorial should work fine for them, right?

So let's focus on improving the tutorial, and not on improving the VPN
service provider - since we already know that we'll never know which VPN
service providers truly do what they say they do.
Mike Easter
2018-05-31 16:56:15 UTC
Permalink
Post by Bob J Jones
The problem is that this discussion ALWAYS ruins all VPN technical threads.
Always. Never once was there a VPN thread that didn't have this discussion
about trust ruin the technical content of that thread.
It is not my intention to 'ruin' anything, or 'rain on anyone's parade'
- *BUT* ...

On the one hand, your primary 'target' has been to scratch your own
itch, which is fine. You are bothered about the inroads to your
privacy, which is a very legitimate concern.

In your endeavors to develop a strategy which fulfills your needs in
that regard, you have also chosen to adopt a 'secondary' target, that of
showing 'noobs' how to go about solving *THEIR* privacy issues.

In that regard, I believe we differ in philosophy, and that difference
is what has to - OR is going to - arise in your discussion of these
technical aspects.

Before 'we' (all of us, including noobs, intermediates, experts) begin
to refine a technical approach to a 'problem' we have to correctly
identify what the actual *problem* is.

In that regard, I believe that many people take on the business of using
a VPN without proper consideration of what is wrong with the idea and
some approaches that they might use to mitigate their concerns about
privacy.

So, when you direct your tutorial at noobs on how to employ free VPNs
which are the first to connect from a group of convenient free VPNs,
some others are going to come along and say, "Hey; wait a minute. You/
We all/ have a lot to learn before you start employing a VPN to protect
your privacy."

It may not be important to remind *YOU* of what is wrong with VPNs
because you already know. But lots of things besides your technical
tutorial are going to get into such a thread. You have your itch to
scratch and you are getting it scratched. Someone else's privacy needs
are bound to be different from your own, and in that sense the technical
tutorial is going to 'invite' additional points of view of philosophy
that is different from your own.

The people who are considering employing a VPN need some guidance such
as good privacy sites and *away from* bad privacy sites (such as those
devolved from greedy affiliates whose purpose is to feed their greedy
untrustworthy VPNs who USE foolish uninformed VPN users to their own
advantage).

The reason some people should stay away from VPNs is because they are
being misled to the wrong VPNs.
--
Mike Easter
Bob J Jones
2018-05-31 19:15:06 UTC
Permalink
Post by Mike Easter
It is not my intention to 'ruin' anything, or 'rain on anyone's parade'
- *BUT* ...
We can always learn from you Mike - as it's clear your purpose, as is mine,
is to be helpful.
Post by Mike Easter
On the one hand, your primary 'target' has been to scratch your own
itch, which is fine. You are bothered about the inroads to your
privacy, which is a very legitimate concern.
All I really want is an arbitrary IP address.
If I could get an arbitrary IP address without VPN, I would.

(Proxies are a PITA and only work for browsers, AFAIK, although I tried,
many years ago, setting up Vidalia & Privoxy, but it was just too complex.)
Post by Mike Easter
In your endeavors to develop a strategy which fulfills your needs in
that regard, you have also chosen to adopt a 'secondary' target, that of
showing 'noobs' how to go about solving *THEIR* privacy issues.
I've written thousands of "noob tutorials".

I've always wanted others to be able to do what I do, and to know what I
know, in a billionth of the time it took me to figure it out. It's how I'm
wired.
Post by Mike Easter
In that regard, I believe we differ in philosophy, and that difference
is what has to - OR is going to - arise in your discussion of these
technical aspects.
I don't think we differ in the least, Mike.

Technically. Or Philosophically.

Where do you see any disagreement between us?

I know what you know, which is that there is no safe VPN and that nobody
can pick the VPN for you and that nobody knows anything about any VPN that
they didn't roll themselves, in reality, whether or not that VPN charges
money.

You think I don't know all that?
The noob tutorial was intended to get noobs up to speed.

The advice requested was so that we can *all* learn how to get up to speed
better, quicker, or more efficiently. And there *has* been useful input
(e.g., folks added the "CHOICE" command, in another related thread, so that
the user could be more efficient when disabling the gateway).
Post by Mike Easter
Before 'we' (all of us, including noobs, intermediates, experts) begin
to refine a technical approach to a 'problem' we have to correctly
identify what the actual *problem* is.
This is true that we need to define the problem, but if the problem is
simply getting up to speed to run a torrent for the first time under VPN
for the first time using a killswitch for the first time, then that is the
definition of the problem set.

Once you get the torrenting done the first time, doing more advanced
torrenting tasks is easier.

Once you get the VPN setup done the first time, doing more advanced
VPN-related tasks is easier.

Once you get the killswitch done the first time, doing more advanced
network disabling tasks is easier.

The tutorial was never intended to be a VPN expert tutorial, as that would
take many many many many many many pages to do (and I don't have those
skills anyway).
Post by Mike Easter
In that regard, I believe that many people take on the business of using
a VPN without proper consideration of what is wrong with the idea and
some approaches that they might use to mitigate their concerns about
privacy.
Mike - if all you want is to try out VPN for the first time, does it really
matter anything you're talking about?

You can look at the packets to see they're encrypted and you can test your
IP address to see that it's "spoofed", and that's all you want for a
beginner tutorial to VPN.

Once you get that working, it's then a lifetime of learning to choose the
"best" VPN (which you and I know is impossible to do for everyone).

The problem I have with you complaining that I didn't choose the best VPN
or that I didn't cover all VPN issues is that we get NOWHERE disucssing
that stuff since it's like you complaining about the weather.

Unless you're gonna solve the weather, what good is you complaining about
the weather gonna do?

The first time I heard the complaints about VPN it might have been
interesting, but this is the billionth time we've heard the same spiel.

If you're not gonna suggest a better VPN, then it's like complaining about
the weather. Easy to do. Everyone understands. But it's not actionable.
Post by Mike Easter
So, when you direct your tutorial at noobs on how to employ free VPNs
which are the first to connect from a group of convenient free VPNs,
some others are going to come along and say, "Hey; wait a minute. You/
We all/ have a lot to learn before you start employing a VPN to protect
your privacy."
Again, it's like complaining about the weather.

What are you going to *do* about that problem set you just described?
Post by Mike Easter
It may not be important to remind *YOU* of what is wrong with VPNs
because you already know. But lots of things besides your technical
tutorial are going to get into such a thread. You have your itch to
scratch and you are getting it scratched. Someone else's privacy needs
are bound to be different from your own, and in that sense the technical
tutorial is going to 'invite' additional points of view of philosophy
that is different from your own.
I don't think there's a single thing you've said, or even that Shadow said,
that is any different than what my philosophy is.

Do you think that I don't KNOW that all VPNs are different?
That's like assuming I don't know that all wives are different.

They all do the same things.
And they all are different in how they do them.

I don't see a single place where your "philosophy" is any different than
mine is.

All I'm saying is that we both know what the weather is outside, but you
(and Shadow) want to harp on the complaints that the weather isn't perfect,
and I'm just explaining how to get around in whatever weather there is.

I don't think it does any good to complain about the weather.
I don't think it does any good to complain about any particular VPN server.

If you don't like the VPN server I chose, choose a different one.
The VPN server you choose changes nothing in the tutorial.

It doesn't make the tutorial better; it doesn't make it worse.
Post by Mike Easter
The people who are considering employing a VPN need some guidance such
as good privacy sites and *away from* bad privacy sites (such as those
devolved from greedy affiliates whose purpose is to feed their greedy
untrustworthy VPNs who USE foolish uninformed VPN users to their own
advantage).
The reason some people should stay away from VPNs is because they are
being misled to the wrong VPNs.
Mike,
We do not disagree on anything meaningful.
We're both trying to help people.

The only place we are in disagreement is that you seem to think that
complaining about the weather does something about the weather, and I don't
think it's useful to complain about the weather unless you're going to
provide a solution that works.

In other words, complaining about any one choice of VPN is like complaining
about any one choice of wives, where they all do the same thing, but
differently.

It's not meaningful to complain about any particular VPN because you can
just pick a DIFFERENT VPN.

But, let's look at pragmatics:
If you're gonna recommend a VPN server to noobs, it has to be simple.
It also has to be EASY to ACCESS.

What does that mean?
- Well, it means free, for sure - since paying raises the entry barrier to
astronomical levels for something as simple as running VPN for the first
time.

- It also means open-source and standards, for the obvious reasons, which
is why we picked the OpenVPN client.

- It also means SIMPLE, which is why we didn't pick a VPN solution that
requires your email address or a password, or separate encryption keys,
etc.

So we pick http://vpngate.net and a couple of others simply because all the
user needs is a valid text config file, which is a simple single-click
download off the sites listed in the OP.

Remember, the point is to get the noob running VPN for the first time,
where I can't make it any simpler than downloading and installing the
client and downloading and doubleclicking on the VPN config file.

I can't make it any simpler than that.
You want it to be more complex - I know.

But I'm trying to make it as simple as possible for a person to "be on VPN"
Once they get practice, they can then pick ANY vpn provider.
Char Jackson
2018-05-31 19:39:00 UTC
Permalink
On Thu, 31 May 2018 19:15:06 +0000 (UTC), Bob J Jones
Post by Bob J Jones
Proxies are a PITA and only work for browsers, AFAIK
<snip>

That sounds like a design decision because there's no technical reason
why that should be so. The enterprise grade proxies that I work with
every day handle any TCP or UDP protocol.
--
Char Jackson
Bob J Jones
2018-06-01 02:45:38 UTC
Permalink
Post by Char Jackson
Post by Bob J Jones
Proxies are a PITA and only work for browsers, AFAIK
<snip>
That sounds like a design decision because there's no technical reason
why that should be so. The enterprise grade proxies that I work with
every day handle any TCP or UDP protocol.
Hi Char Jackson,
I know you to be generally helpful so I'd like to ask you a question about
"user level" proxies - not enterprise level - but mom and pop level proxies
for average Windows users.

I only know of two ways to get proxies, so, the first question to you is
whether there is an "easy" way that works for all ports. If so, I'm all
ears.

I only know of two ways to get proxies on Windows, which handle either
a. All ports, or
b. Only browser tabs

ALL PORTS:
AFAIK, the "hard" way that works for all ports, AFAICR, was to set up
vidalia/privoxy (I forget which is which - it was long ago), which, at
least years ago (before they invented the Tor Browser Bundle) was a royal
PITA.

BROWSER TABS:
The easy way that only works inside of a single tab of a single browser, is
to choose a proxy and then type a URL into that web proxy's web interface.
That's super easy. But almost useless since you have to type the web page
proxy address each time you visit a URL and each browser you use, and it
doesn't work outside of a browser (AFAIK).

Given the browser-tab proxies are basically wortheless for this discussion
since they don't handle all ports, the question is whether you, or anyone
out there, can tell us what system-wide proxies exists today for the
general Windows user.

For general use, it almost always needs to be free (or else, the hurdle for
general use is too great in most cases).

It should be open source, if possible.

Does anyone know of a system-wide proxy that is available on Windows for
general use that meets those most basic of requirements?
Char Jackson
2018-06-01 17:42:00 UTC
Permalink
On Fri, 1 Jun 2018 02:45:38 +0000 (UTC), Bob J Jones
Post by Bob J Jones
Post by Char Jackson
Post by Bob J Jones
Proxies are a PITA and only work for browsers, AFAIK
<snip>
That sounds like a design decision because there's no technical reason
why that should be so. The enterprise grade proxies that I work with
every day handle any TCP or UDP protocol.
Hi Char Jackson,
I know you to be generally helpful so I'd like to ask you a question about
"user level" proxies - not enterprise level - but mom and pop level proxies
for average Windows users.
I only know of two ways to get proxies, so, the first question to you is
whether there is an "easy" way that works for all ports. If so, I'm all
ears.
I only know of two ways to get proxies on Windows, which handle either
a. All ports, or
b. Only browser tabs
AFAIK, the "hard" way that works for all ports, AFAICR, was to set up
vidalia/privoxy (I forget which is which - it was long ago), which, at
least years ago (before they invented the Tor Browser Bundle) was a royal
PITA.
The easy way that only works inside of a single tab of a single browser, is
to choose a proxy and then type a URL into that web proxy's web interface.
That's super easy. But almost useless since you have to type the web page
proxy address each time you visit a URL and each browser you use, and it
doesn't work outside of a browser (AFAIK).
Given the browser-tab proxies are basically wortheless for this discussion
since they don't handle all ports, the question is whether you, or anyone
out there, can tell us what system-wide proxies exists today for the
general Windows user.
For general use, it almost always needs to be free (or else, the hurdle for
general use is too great in most cases).
It should be open source, if possible.
Does anyone know of a system-wide proxy that is available on Windows for
general use that meets those most basic of requirements?
Back in the day, people used to use SOCKS proxies. Back then, we lived
in an innocent world where anyone could set up a SOCKS proxy and anyone
else could then use it to anonymize their traffic. SOCKS owners would
quickly tire of the experiment, so SOCKS proxies came and went. This
meant that a proxy you used yesterday was likely to be gone today, so
every day you'd start by searching for and downloading an updated list
of available SOCKS proxies. Life was good. Even now, Firefox, for
example, includes a config screen for using a SOCKS proxy, but SOCKS
works for all protocols.

All of this SOCKS talk may be a dead end, though, because who, in 2018,
is offering free use of a SOCKS proxy? Are there still lists, updated
daily, that a person could download? I don't know.

<begin quote>
http://www.jguru.com/faq/view.jsp?EID=227532
What is the difference between a SOCKS proxy and an HTTP proxy?

A SOCKS server is a general purpose proxy server that establishes a TCP
connection to another server on behalf of a client, then routes all the
traffic back and forth between the client and the server. It works for
any kind of network protocol on any port. <snip>

An HTTP proxy is similar, and may be used for the same purpose when
clients are behind a firewall and are prevented from making outgoing TCP
connections to servers outside the firewall. However, unlike the SOCKS
server, an HTTP proxy does understand and interpret the network traffic
that passes between the client and downstream server, namely the HTTP
protocol. Because of this the HTTP proxy can ONLY be used to handle HTTP
traffic <snip>
<end quote>
Bob J Jones
2018-06-01 19:24:48 UTC
Permalink
Post by Char Jackson
Back in the day, people used to use SOCKS proxies.
I forgot about SOCKS.

I don't think I ever dealt with socks, although I set up Mixmin once on an
older newsreader which required me to set up socks I think (as I recall).

Is the bottom line that there isn't really an all-ports proxy available to
the general public?
Char Jackson
2018-06-02 22:56:11 UTC
Permalink
On Fri, 1 Jun 2018 19:24:48 +0000 (UTC), Bob J Jones
Post by Bob J Jones
Is the bottom line that there isn't really an all-ports proxy available to
the general public?
VPN solutions have become that option. VPNs used to be used to connect
satellite offices and remote workers to the corporate network, but these
days the commercial VPN offerings have a totally different purpose. They
let you pop out onto the Internet from an IP range different from your
own. An additional benefit is that your ISP can't easily snoop on your
traffic, although that's probably unlikely in most cases.

A VPN provider could easily offer the service without the encrypted
tunnel, making it a simple proxy for all ports and protocols, but I
think there'd be no market for that. They might as well add the
encrypted tunnel and be done with it.
Bob J Jones
2018-06-03 04:04:49 UTC
Permalink
Post by Char Jackson
Post by Bob J Jones
Is the bottom line that there isn't really an all-ports proxy available to
the general public?
VPN solutions have become that option.
Ok. THat makes sense. I never did get the vidalia/privoxy stuff working so
I missed the "proxy" stage that came before public VPN servers existed.
Post by Char Jackson
VPNs used to be used to connect
satellite offices and remote workers to the corporate network, but these
days the commercial VPN offerings have a totally different purpose.
Yup.

For years, when I'd ask on the Windows/Linux newsgroups about VPN, everyone
always worked off the keywords assuming it was the kind you're talking
about, when free public VPN servers were virtually unknown.

Now the public VPN server is the de-facto standard.
Post by Char Jackson
They
let you pop out onto the Internet from an IP range different from your
own. An additional benefit is that your ISP can't easily snoop on your
traffic, although that's probably unlikely in most cases.
For me, it's more likely as I live in a remote area where the ISP only has
about 50 customers and he tells me what people do (he even asked me what
VPN I use once).

He hates getting those DCMA (or whatever they're called) notices so he
wants everyone to use VPN which makes his life easier in that regard.
Post by Char Jackson
A VPN provider could easily offer the service without the encrypted
tunnel, making it a simple proxy for all ports and protocols, but I
think there'd be no market for that. They might as well add the
encrypted tunnel and be done with it.
I agree with everything you say, where I thank you for the helpful
information.

The net is that a "proxy" for all ports is unrealistic.
VPN for all ports is the way to go nowadays.

With the suggestion from Mike, ProtonVPN, it's free and not too much of a
hurdle to set up. So it's within the grasp of everyone who reads this.

They should be up in an hour if they have to install all the software, or
in minutes if they have the software installed.
nospam
2018-05-31 20:07:25 UTC
Permalink
Post by Bob J Jones
Post by Mike Easter
On the one hand, your primary 'target' has been to scratch your own
itch, which is fine. You are bothered about the inroads to your
privacy, which is a very legitimate concern.
All I really want is an arbitrary IP address.
If I could get an arbitrary IP address without VPN, I would.
learn how.
Post by Bob J Jones
(Proxies are a PITA and only work for browsers, AFAIK, although I tried,
many years ago, setting up Vidalia & Privoxy, but it was just too complex.)
that's because you have absolutely no idea what you're doing.
Post by Bob J Jones
Post by Mike Easter
In your endeavors to develop a strategy which fulfills your needs in
that regard, you have also chosen to adopt a 'secondary' target, that of
showing 'noobs' how to go about solving *THEIR* privacy issues.
I've written thousands of "noob tutorials".
that's very unfortunate.
Post by Bob J Jones
I've always wanted others to be able to do what I do, and to know what I
know, in a billionth of the time it took me to figure it out. It's how I'm
wired.
others do what you do with a lot less hassle and aren't interested in
your convoluted overly complex solutions.
Post by Bob J Jones
It's not meaningful to complain about any particular VPN because you can
just pick a DIFFERENT VPN.
If you're gonna recommend a VPN server to noobs, it has to be simple.
It also has to be EASY to ACCESS.
most vpns are incredibly easy to access, much more so than trying to
get your scripts to work.

sign up, install an app and party on.
Post by Bob J Jones
What does that mean?
- Well, it means free, for sure - since paying raises the entry barrier to
astronomical levels for something as simple as running VPN for the first
time.
nonsense. paid vpns are generally $5-10/mo, hardly 'astronomical', some
of which have free trials.

free vpns need to make money somehow, and the easiest way is by
tracking and monetizing your internet activity.
Post by Bob J Jones
- It also means open-source and standards, for the obvious reasons, which
is why we picked the OpenVPN client.
there are better alternatives than openvpn.
Post by Bob J Jones
- It also means SIMPLE, which is why we didn't pick a VPN solution that
requires your email address or a password, or separate encryption keys,
etc.
in other words, not particularly useful in protecting one's privacy.
Bob J Jones
2018-06-01 02:45:37 UTC
Permalink
Post by nospam
others do what you do with a lot less hassle and aren't interested in
your convoluted overly complex solutions.
Hello nospam,
Someday you're going to add technical value to a thread when you post.

But apparently not today.
Wolf K
2018-06-01 13:30:10 UTC
Permalink
On 2018-05-31 22:45, Bob J Jones wrote:
[...]
Post by Bob J Jones
add technical value
[...]

I've been following this thread, apart from a couple of useful
assessments based on personal experience from mike, there has been no
added technical value, for "noobs" or anybody else. The links provided
are available to anyone who does the appropriate searches, nothing new
there.

Bottom line: Nothing is secure.

But we knew that already.
--
Wolf K
kirkwood40.blogspot.com
Ethics is knowing the difference between what you have a right to do and
what is right to do. Potter Stewart
Mike Easter
2018-06-01 15:00:44 UTC
Permalink
Post by Wolf K
[...]
Post by Bob J Jones
add technical value
[...]
I've been following this thread, apart from a couple of useful
assessments based on personal experience from mike, there has been no
added technical value, for "noobs" or anybody else. The links provided
are available to anyone who does the appropriate searches, nothing new
there.
Bottom line: Nothing is secure.
But we knew that already.
Subject: ... torrenting on free
public VPN in minutes
Almost all of my 'torrenting' is for linux .iso/s to boot live and
sample; no value in VPNs there :-)
--
Mike Easter
Bob J Jones
2018-06-01 20:28:52 UTC
Permalink
Post by Mike Easter
Almost all of my 'torrenting' is for linux .iso/s to boot live and
sample; no value in VPNs there :-)
Mike and anyone else, wishing to improve the tutorial for the noobs...

In the original post, I provided a nice safe but reasonably large torrent
to Ubuntu.

For Windows users, what's a good link to a relevant nice safe torrent that
Windows noobs would benefit from downloading?

(I looked for a Windows ISO but I didn't find a Microsoft-provided torrent,
for example. What we want is something safe, big, and relevant to Windows
users.)
nospam
2018-06-01 15:21:05 UTC
Permalink
Post by Wolf K
Bottom line: Nothing is secure.
quite a bit is.

good luck trying to guess or brute force a 256 bit encryption key.

while it's not 100% secure, it's close enough.
Post by Wolf K
But we knew that already.
apparently not.
Mike Easter
2018-06-01 15:26:58 UTC
Permalink
Post by nospam
good luck trying to guess or brute force a 256 bit encryption key.
How much 256 bits is worth in difficulty depends on the algo.

AES 256 is pretty difficult currently in need of some kind of future
quantum computer; 256 asymmetric RSA isn't.
--
Mike Easter
Bob J Jones
2018-06-01 20:28:54 UTC
Permalink
Post by Wolf K
The links provided
are available to anyone who does the appropriate searches, nothing new
there.
Everything is easy once you know it, Wolf K., but if you don't know it, you
have to look it up, and when there are a hundred different paths, a noob
needs a well-selected path to hone the lookup and decision-making process.

For xkittexample, if you didn't know to use OpenVPN, you'd spend a lot of
time using the wrong protocols.

If you didn't know that the config file is all that you need on the server
side, you could spend a lot of time figuring that out too.

If you didn't know which free VPNs existed that actually work, you could
also spend a long time figuring that out.

Since you, Wolf K, are clearly on the lower end of the DK scale, you don't
understand anything that I just said - but guys like Mike do.

Just knowing that you can use either VPNGate text config files (which nets
you six thousand servers) or ProtonVPN config files (which nets greater
speed and security), is a huge savings in time and effort.

And just knowing they all work with the canonical OpenVPN client means you
get the same power on all your platforms (ioS, Android, Windows, Linux,
MacOS, etc.).

Just knowing that the MacOS doesn't support OpenVPN, for example, which was
stated clearly in this thread, means you save time NOT using the Mac
solution.

And, knowing that you can set up your own killswitch easily, or use one
that comes with the proprietary solutions (which I wouldn't recommend),
also saves the user a lot of time.

I realize, Wolf K, all this is lost on you because you don't understand
what value a step-by-step tutorial has for people who have never done the
task before.

Still - your job is to ADD technical value for the noob to benefit from.

What technical value did YOU add to the thread?
Bob J Jones
2018-06-01 20:41:57 UTC
Permalink
Post by Bob J Jones
Just knowing that the MacOS doesn't support OpenVPN, for example, which was
stated clearly in this thread, means you save time NOT using the Mac
solution.
BTW, Wolf K, if a Mac user wanted to use the native solution, they'd be
hosed because the native solution (AFAIK) doesn't support the OpenVPN
protocol (so it's essentially useless to the user).

AFAIK, I don't think the open-source OpenVPN client works on the Mac
either, but luckily there are OpenVPN clients that do work on the mac, such
as tunnelblick.
https://tunnelblick.net/

There's a tunnelblick tutorial for the Mac user over here
https://tunnelblick.net/czUsing.html

One requirement is that you *must* be have access to the system password
the first time you run tunnelblick:
https://openvpn.net/index.php/access-server/docs/admin-guides/183-how-to-connect-to-access-server-from-a-mac.html
"The first time Tunnelblick is run on a given Mac,
it will ask the user for the an system administrator's
username and password. "

You might think, Wolf K, that a noob knows all this, but in general, you'd
be wrong.

Those of us who are experienced with VPN know that there are literally
hundreds of ways to go off in different directions, many of which turn out
to be dead ends.

The purpose of a noob tutorial is to eliminate, at least in the first pass,
those hundreds of dead ends for the user.

Wolf K, your job, if you're up to it, is to ADD TECHNICAL VALUE (like Mike
did).
nospam
2018-06-01 20:52:52 UTC
Permalink
Post by Bob J Jones
AFAIK, I don't think the open-source OpenVPN client works on the Mac
either,
of course it does.

<http://swupdate.openvpn.org/privatetunnel/client/privatetunnel-mac-2.8.
dmg>
Post by Bob J Jones
but luckily there are OpenVPN clients that do work on the mac, such
as tunnelblick.
https://tunnelblick.net/
actually, there are quite a few clients.
Post by Bob J Jones
One requirement is that you *must* be have access to the system password
which is the password for any admin user, usually the only user.

it's no different than installing many other apps, updating the os
itself and numerous other tasks.
Post by Bob J Jones
Those of us who are experienced with VPN know that there are literally
hundreds of ways to go off in different directions, many of which turn out
to be dead ends.
those of use who are experienced with vpn know that you aren't.
Bob J Jones
2018-06-01 21:15:36 UTC
Permalink
Post by nospam
Post by Bob J Jones
AFAIK, I don't think the open-source OpenVPN client works on the Mac
either,
of course it does.
<http://swupdate.openvpn.org/privatetunnel/client/privatetunnel-mac-2.8.
dmg>
Look nospam,
Stop playing your silly semantic games as it's not helpful for noobs.
You can play silly semantics all you want because OpenVPN is both a
protocol and a specific set of open-source code.

But your silly semantic games are not helping anyone.
And you're not adding any value, not even for the Mac users.

Someday nospam you're going to stop playing your silly semantic games
trying to make up for the many deficiencies in the Mac environment.

But not today.

One of those many deficiencies in the Mac ecosystem is that the Apple
native client does not natively support the OpenVPN protocol. And you know
this.

Another of the many deficiencies of the Mac is that the canonical OpenVPN
client isn't compiled for the Mac (why it's not compiled, I don't know -
but if it was - then you'd have a download to it on OpenVPN.org which isn't
a re-direct to either tunnelblick or to privatetunnel when they try to
advise Mac users).

Tunnelblick: https://tunnelblick.net/
PrivateTunnel: https://www.privatetunnel.com/

If the user needs to, most (but not all) of the VPN providers have compiled
their solution for the Mac.
https://www.hideipvpn.com/setup/how-to-setup-open-vpn-on-macos-x/
https://nordvpn.com/tutorials/x-mac-os-x/app-recommended-for-osx-10-10/

But my recommendation, for Mac noobs, is simply to use the Tunnelblick app,
where, to add value, interested users can read this review dated March
2018:
https://www.bestvpn.com/tunnelblick-review-2018-tunnelblick-free-open-source-vpn-mac/
nospam
2018-06-01 21:22:07 UTC
Permalink
Post by Bob J Jones
Post by nospam
Post by Bob J Jones
AFAIK, I don't think the open-source OpenVPN client works on the Mac
either,
of course it does.
<http://swupdate.openvpn.org/privatetunnel/client/privatetunnel-mac-2.8.
dmg>
Look nospam,
Stop playing your silly semantic games as it's not helpful for noobs.
You can play silly semantics all you want because OpenVPN is both a
protocol and a specific set of open-source code.
no games.

the above link is from:
<https://openvpn.net>

where there are windows, mac, android and ios solutions.

for those who want to build it from source, openvpn will compile on a
mac.
nospam
2018-06-01 20:52:53 UTC
Permalink
Post by Bob J Jones
Just knowing that the MacOS doesn't support OpenVPN,
yes it does
Mike Easter
2018-05-31 21:05:29 UTC
Permalink
Post by Mike Easter
Earlier I mentioned one VPN service I had found after gaining some
knowledge from TOPS; but it turns out that ProtonVPN was just liked by
the person in a newsgroup because he also liked ProtonMail.  Just
recently I learned that TOPS had reviewed ProtonVPN 2017 Nov and while
it wasn't really bad, it wasn't actually good either.
Again about ProtonVPN...

This is a more positive review, and fairly extensive.
https://www.bestvpn.com/protonvpn-review/ 2017 Oct. I have no idea how
trustworthy Douglas Crawford is. The site would appear to promote some
VPN providers as 'some alternative sites' with high scores, particularly
ExpressVPN.

There are a lot of sites which one cannot distinguish honest evaluations
from shilling.

On an 'honest' positive note about ProtonVPN. I've had occasion to
follow some comments in their support blog. They seem to be
open/transparent and helpful.

Proton also got some attention on Slashdot today because they have a new
Mac app for their VPN. They already had one for Win & Android and a cli
for linux which was their previous Mac solution. The Win app has a
killswitch which allegedly works better than 'others' and anti-DNS leak
feature.

One of the slashdot comments was about some positive discussion of
protonmail at GRC's Security Now between Leo Laporte and Steve Gibson.

I'm not saying I'm recommending ProtonVPN; my recommendation is that
people make themselves aware of privacy issues and how to go about
solving them.
--
Mike Easter
Bob J Jones
2018-06-01 02:45:35 UTC
Permalink
Post by Mike Easter
Again about ProtonVPN...
Thanks for improving the choice of VPN for the tutorial.

The good news is that you seem to be "big" (not recommending, but positive"
on ProtonVPN for privacy reasons and I seem to be big on VPNGate for
ease-of-adoption reasons, which makes for a good choice for the noob to
compare against since they're at opposite ends of the spectrum.

Both use the OpenVPN protocol, so that part is easy for noobs to decide.
Post by Mike Easter
This is a more positive review, and fairly extensive.
https://www.bestvpn.com/protonvpn-review/ 2017 Oct. I have no idea how
trustworthy Douglas Crawford is. The site would appear to promote some
VPN providers as 'some alternative sites' with high scores, particularly
ExpressVPN.
The review says ProtonVPN is fast in Europe, which is good as I'll never
state that VPNGate is fast, so that's great. The review says they have
"minimal logs", so let's just take that at face value, which again, is
great (I agree that VPNGate holds logs).

Specifically, they say ProtonVPN doesn't save "IP logs", which is good.
And they have a LE warrant canary where the review went into some detail
but in the end, it concluded that you just have to trust them on it (which
is the only reasonable conclusion there is).

The review says they have a lower-speed "free" option (which the reviewer
later says is still pretty fast), where you need to give them an email
address (that can be disposable but it will be verified) and an SMS text
number (generally that would be your mobile phone). They say they don't
keep your phone records. Or you can pay them to not have to give them your
SMS text number (but that would require figuring out how to do that
anonymously).

The review says the proprietary client uses the best type of killswitch,
which is a firewall-based killswitch, but that the text OpenVPN config
files work with any OpenVPN client.

An important point we haven't discussed yet is that Netflix blocked the
ProtonVPN servers, which is something I've run into with Tor Exit Nodes
being blocked - which just goes with the territory since you're sharing an
IP address with many other people.

In summary, the author liked ProtonVPN, and I didn't see anything there
that was a red flag.

A quick short comparison with VPNGate might be:
a. ProtonVPN free requires SMS while VPNGate works fine even with Tor
b. ProtonVPN saves almost zero logs while VPNGate saves logs
c. ProtonVPN security, privacy, & speeds seem far greater than VPNGate
d. ProtonVPN free has few servers while VPNGate has thousands

Overall, I *like* what I read about ProtonVPN, so I will, myself, see if I
can download the config files without having to give them my SMS number.

For the noob, for this tutorial, Mike's suggested ProtonVPN is just fine,
with the only caveat being that SMS number (since a throwaway email address
is easy to create).

If you're OK with that, everything else sounds better than VPNGate, where I
think the presumed speeds of ProtonVPN should outweigh the VPNGate
advantage in thousands of servers.

Plus, if you find that you're blocked on ProtonVPN (say, by Netflix), then
you can always drop back to the VPNGate servers as a backup failsafe plan.
Post by Mike Easter
There are a lot of sites which one cannot distinguish honest evaluations
from shilling.
Trust me. I know. Almost all "reviews" are shills, which the experienced
person can generally see through - but often not the noob.

That's why your recommendation and mine (and if Shadow can supply one), is
useful to the users who aren't already well entrenched in VPN experience.

Unless we work for the NSA, we don't gain anything by recommending any one
VPN provider over another. We're altruistic.
Post by Mike Easter
On an 'honest' positive note about ProtonVPN. I've had occasion to
follow some comments in their support blog. They seem to be
open/transparent and helpful.
Based on that review, it seems to be the case. The reviewer said you have
to wait a day for support, but in general, there's no need for support
since VPN only takes two things:
a. A client
b. A config file
Post by Mike Easter
Proton also got some attention on Slashdot today because they have a new
Mac app for their VPN. They already had one for Win & Android and a cli
for linux which was their previous Mac solution. The Win app has a
killswitch which allegedly works better than 'others' and anti-DNS leak
feature.
Long ago I tested VPNGate for the dns leaks and I didn't find any (but who
knows what changed). For now, I'm not getting into the port 53 leak issue
as that's something for later.

Since all ProtonVPN needs is an openVPN client and a text config file, it's
portable in my mind (once you have a bit of experience on VPN).
Post by Mike Easter
One of the slashdot comments was about some positive discussion of
protonmail at GRC's Security Now between Leo Laporte and Steve Gibson.
I'm not saying I'm recommending ProtonVPN; my recommendation is that
people make themselves aware of privacy issues and how to go about
solving them.
I thank you Mike for suggesting a possible VPN provider that is seemingly
far more secure, far faster, and which has an integrated killswitch.

I think it's a worthy replacement for VPNGate config files, given the much
greater lack of logging and presumed speeds.

About the only negative compared to VPNGate is that you have to give an SMS
number (effectively) even if they say they'll delete it (the NSA is always
looking and your cellular provider will have the logs) and that there are a
limited number of servers compared to VPNGate.

But those two issues are minor, compared to the three biggies:
1. Speed (we presume it's faster, as VPNGate is admittedly very slow)
2. Security (we can presume that the security is better - perhaps)
3. Logging (we can presume that the logging policy is truthful)

Thank you Mike for IMPROVING the noob tutorial to get users up to speed in
minutes on VPN.
Mike Easter
2018-06-01 04:08:25 UTC
Permalink
Post by Bob J Jones
About the only negative compared to VPNGate is that you have to give an SMS
number
To sign up for protonvpn free you provide username, password, and an
email address.

SMS is an alternative.
--
Mike Easter
Bob J Jones
2018-06-01 20:28:50 UTC
Permalink
Post by Mike Easter
To sign up for protonvpn free you provide username, password, and an
email address.
SMS is an alternative.
Hi Mike,
I'm pretty good at gleaning detail out of a resources, so I wasn't wrong,
but, I think you're thinking of a different use model (which I didn't
explore).

I think we're talking about two different use models for signing up.
1. Free (requires SMS or money)
2. Not free (requires money)

This is what the article said, verbatim, on the free use model:
"To sign up for a free account, you need to provide a username
and valid email address. There's nothing to stop you using a
disposable email address for this, but all free accounts must
be verified. To verify an account, you can either accept an
SMS message or make a donation."

Remember we want noobs to do this tutorial, so free is a great reduction in
barriers since the risk is very low and the effort is low.

According to the article, the free use model requires the SMS (or money),
but money isn't free, so, as I said, the free use model requires SMS.

The article could be wrong though, as I haven't tried it yet.
- Has anyone here tried the free use model?
- Did it require your SMS number to verify?

BTW, the more I read about ProtonVPN, the more I like it, so, I think it's
a GREAT idea to add to the recommended list for noobs to test out VPN.

I guess we should look for a free VPN that is as good as ProtonVPN that
doesn't require SMS though ... which would lower the barrier to entry even
more.

So if folks know of an OpenVPN solution as good as ProtonVPN for security
and speed, and whose signup process doesn't require a phone number, that
would be useful to noobs and experts alike.
Mike Easter
2018-06-01 20:41:33 UTC
Permalink
Post by Bob J Jones
Post by Mike Easter
To sign up for protonvpn free you provide username, password, and an
email address.
SMS is an alternative.
I'm pretty good at gleaning detail out of a resources, so I wasn't wrong,
but, I think you're thinking of a different use model (which I didn't
explore).
- when I created a free account some time ago I did not provide SMS
(nor donate)
- when I currently approached the free account signup (without signing
up) the page appeared to me to allow me to provide user/pass/email and
the SMS was optional.

https://account.protonvpn.com/signup
Create new Proton Account
username
Choose password
Confirm password
Email address

<further down>
Email
SMS
Donate

... and only email was checked.
Post by Bob J Jones
"To sign up for a free account, you need to provide a username
and valid email address. There's nothing to stop you using a
disposable email address for this, but all free accounts must
be verified. To verify an account, you can either accept an
SMS message or make a donation."
I did not have to nor make a donation.
--
Mike Easter
Bob J Jones
2018-06-01 20:56:43 UTC
Permalink
Post by Mike Easter
- when I created a free account some time ago I did not provide SMS
(nor donate)
I believe you. Things change, or, the article can be wrong.
Or, the article could have started with a "suspicious IP address" since I
noticed the author's screenshots, as I recall, were using the Tor Browser
Bundle.

So, the possibilities are:
a. The article is wrong
b. The author came in from a Tor exit node so they required more validation
c. Or, they require SMS nowadays.

I don't need ProtonVPN, but from what you've said, and from the review, I
think I'd like it, but I will need to figure out how to get around the SMS
requirement, if it exists.

I'll figure that out where it's important to lower the entry barriers to
VPN for a noob tutorial to as low as possible (which is one reason whey I
liked VPNGate as you can download the config files on Tor).

I think your suggestion of ProtonVPN free is great - so I just want to
reassure you that the SMS requirement (if it exists), isn't a big deal for
most noobs (it's a big deal to me, but I never give out my number to anyone
if I can help it).
Post by Mike Easter
- when I currently approached the free account signup (without signing
up) the page appeared to me to allow me to provide user/pass/email and
the SMS was optional.
Could it be, based on what the author wrote, that the SMS requirement ofr
the free service may come later during the email-identity *authentication*
stage?
Post by Mike Easter
https://account.protonvpn.com/signup
Create new Proton Account
username
Choose password
Confirm password
Email address
<further down>
Email
SMS
Donate
... and only email was checked.
I'll try it out, from the Tor Browser Bundle, just as the author did, and
see if it forces me to provide an SMS number.
Post by Mike Easter
Post by Bob J Jones
"To sign up for a free account, you need to provide a username
and valid email address. There's nothing to stop you using a
disposable email address for this, but all free accounts must
be verified. To verify an account, you can either accept an
SMS message or make a donation."
I did not have to nor make a donation.
I'll check it out.
If it doesn't require an SMS, then all it requires is a valid email.
If noobs are ok with that, then they're golden.

To me, the hassle of creating an email that works is the bitch (a lot of
throwaway emails don't always work with all services so I have a multi-step
process that always works - but it's a pain to implement).

If the noob doesn't mind giving their real email (and possibly real SMS),
then they're good to go. I mind, so, for me, it's a hurdle to overcome,
where your privacy is enhanced the less you provide.

Of course, every VPN has your IP address anyway ...
(is there any way around that?)
Mike Easter
2018-06-01 21:26:01 UTC
Permalink
Post by Bob J Jones
If it doesn't require an SMS, then all it requires is a valid email.
If noobs are ok with that, then they're golden.
The business about how to acquire the equivalent of a 'throwaway' email
address is another subject.

The business about how to access a site, especially one which doesn't
require significant bandwidth without giving up one's principle
connectivity IP is yet another subject. Don't forget the anonymized
dialup strategy (there /are/ a few free dialups in the world).

The business about how to pay or donate money without giving up one's
identity is yet another subject.

By the time one starts thinking about VPNs and such there are many
privacy angles which should be available without having to develop a
clandestine phone account.
--
Mike Easter
Bob J Jones
2018-06-01 21:50:52 UTC
Permalink
Post by Mike Easter
The business about how to acquire the equivalent of a 'throwaway' email
address is another subject.
I agree with you.

As an aside, to you only, I've got the anonymous email process down to a
science, where I can even get a Google email address sans SMS challenges,
but it's convoluted and certainly not for a noob.

(BTW, A google address is easy to get if you give them an SMS or if you
start on Android, which has your phone identification already, or if you
give them an additional valid email - but I can do it - without any of that
- but it takes jumping through hoops - and - even so - Google *still* hates
when you log in from China at 9am, then log in from Russia at 9:30, and
then log in from France at 10am, etc. - so it takes a ton of tricks to keep
it alive on widely varying VPN).

In the case of ProtonVPN, since they have so few free servers, it might
actually work better with Gmail (if Gmail trusts the ProtonVPN servers).

But I agree - it's off topic for this thread.
For this thread, we simply state what ProtonVPN needs.
Post by Mike Easter
The business about how to access a site, especially one which doesn't
require significant bandwidth without giving up one's principle
connectivity IP is yet another subject. Don't forget the anonymized
dialup strategy (there /are/ a few free dialups in the world).
Dialup? That's interesting. Does Dialup protect your native IP address?
(I haven't done Dialup since those US Robotics modems we all used to have)
Post by Mike Easter
The business about how to pay or donate money without giving up one's
identity is yet another subject.
Yup. Someday someone will write a tutorial for noobs like me on bitcoin,
where you anonymously mine bitcoins up to, say, five bucks, and then you
spend that five bucks anonymously.

THAT would be a neat noob privacy-spending tutorial I'd love to follow.
Post by Mike Easter
By the time one starts thinking about VPNs and such there are many
privacy angles which should be available without having to develop a
clandestine phone account.
I've tried all the second phone number solutions, which only rarely work
for the verification, less and less so nowadays. Even so, THEY have your
real phone, since they work on the real phone.

One thing that would be nice to see is a noob tutorial for VPN-on-VPN.
I don't even know how to go about that - but it would be nice for someone
who knows what they're doing to write that up.

Noob tutorials I'd love to follow if someone wrote them for us:
1. Mine five bucks in bitcoin and then spend it anonymously.
2. Run VPN inside of VPN.
3. Access VPN without giving the VPN server your IP address.
Mike Easter
2018-06-02 23:48:17 UTC
Permalink
Post by Bob J Jones
3. Access VPN without giving the VPN server your IP address.
There are discussions of combining VPN and TOR in two different ways;
Tor thru' VPN (computer > VPN > TOR browser > internet) and VPN thru'
TOR (computer > TOR browser > VPN service).

I recently had occasion to exercise the current TOR browser system to
see if the reports I had heard about tor being quicker than in the past
and I found that the display of webpages did not seem slowed at all.
Brief observation time and no file dl speed testing.

The current tor browser calls itself v.7.5.4 on Ffx ESR 52.8.0 and the
torproject maintains pages where one can see current and past tor
performance metrics.
--
Mike Easter
Bob J Jones
2018-06-03 04:14:53 UTC
Permalink
Post by Mike Easter
There are discussions of combining VPN and TOR in two different ways;
Tor thru' VPN (computer > VPN > TOR browser > internet) and VPN thru'
TOR (computer > TOR browser > VPN service).
Thanks Mike, but if I undertoood you, that's not what I meant, asw the Tor
Brower Bundle works just fine with VPN (which is your first case).

I'm sure some VPN providers block the Tor Browser Bundle (I think ProtonVPN
said so, for the free version, but I'd have to doublecheck) but I use the
Tor Browser (which is really just a hardened Firefox to the Operating
System) on VPN all the time.

I don't use VPN on Tor though... and I'm not sure I even know what that
means.

Bearing in mind that Tor is a protocol and the Tor Browser Bundle is,
essentially, a browser, can you clarify what it might mean to use VPN on
Tor?

Tor Browser Bundle ===> directory server + encrypted node1 + encrypted node
2 + encrypted exit node 3 ===> destination HTTP-protocol address

Tor === all traffic, not just web traffic (just like VPN).
Post by Mike Easter
I recently had occasion to exercise the current TOR browser system to
see if the reports I had heard about tor being quicker than in the past
and I found that the display of webpages did not seem slowed at all.
Brief observation time and no file dl speed testing.
I have been using the Tor Browser Bundle since its very first release,
where I tried the "roll your own" vidalia/privoxy/tor process prior and it
was just horridly complex for me so I generally failed.

The Tor Brower Bundle connections have been FANTASTICALLY fast.
I guess we can thank the NSA for that since they must be adding servers at
the rate of a dozen a day... :)
Post by Mike Easter
The current tor browser calls itself v.7.5.4 on Ffx ESR 52.8.0 and the
torproject maintains pages where one can see current and past tor
performance metrics.
I didn't look up the metrics, and I know, from experience, that the TBB
(Tor Browser Bundle) is a LOT faster now than it ever was. There was
mention in Snowden's papers that the TLA stated that one "solution" to the
Tor problem was to degrade the users' experience on the safe nodes to make
the user defer to the NSA-compromised nodes.

Who knows what they do - but one thing you can rest assured of is that they
have far more capability than they will ever let us know about. They'll sow
disinformation for decades, so that we believe we're safe.

As I said earlier, if you're not hiding from a well-funded adversary, Tor
(or VPN) should be sufficient - but if you're hiding from the state
sponsored adversaries - you're already dead.
Mike Easter
2018-06-03 15:32:20 UTC
Permalink
Post by Bob J Jones
Post by Mike Easter
There are discussions of combining VPN and TOR in two different ways;
Tor thru' VPN (computer > VPN > TOR browser > internet) and VPN thru'
TOR (computer > TOR browser > VPN service).
Bearing in mind that Tor is a protocol and the Tor Browser Bundle is,
essentially, a browser, can you clarify what it might mean to use VPN on
Tor?
This is one article with a decent discussion.
https://www.bestvpn.com/using-vpn-tor-together/ Using VPN and Tor together

That site is one which receives commissions from the VPN providers which
people click to access from the ads and evaluation/recommendations, so
many of their articles are written with bias. Example: their article
on free VPNs ranks Express highest which doesn't even have a free VPN
but instead a money-back trial of their pay package.

As a similar example, the discussion of free VPNs pretty much argues
against free VPNs; however, overall, if you can filter the bias, there
are helpful articles. If one can't, they should stay away from biased
sites altogether rather than separating the wheat from the chaff there.

It would be nice if there were more transparency about the ad/
commission/ affiliate/ whatever/ relationships between the myriad VPN
providers and the myriad websites evaluating VPN providers.
--
Mike Easter
J. P. Gilliver (John)
2018-06-03 19:45:36 UTC
Permalink
In message <***@mid.individual.net>, Mike Easter
<***@ster.invalid> writes:
[]
Post by Mike Easter
As a similar example, the discussion of free VPNs pretty much argues
against free VPNs; however, overall, if you can filter the bias, there
are helpful articles. If one can't, they should stay away from biased
sites altogether rather than separating the wheat from the chaff there.
If YOU can, if ONE can't, THEY should - I _think_ you were talking about
Post by Mike Easter
It would be nice if there were more transparency about the ad/
commission/ affiliate/ whatever/ relationships between the myriad VPN
providers and the myriad websites evaluating VPN providers.
It is ever such, with any such review, of course - whatever the subject.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

If something works, thank an engineer. (Reported seen on a bumper sticker.)
Loading...