Someone talk to me about using a VPN Virtual Private Network

I am in the US where all the big ISP's just agreed to start playing internet traffic cop and punish you for downloading copyrighted stuff...

I'm not entry sure to what extern this will cover. I know they will go after you for using P2P, but I don't use any file sharing software.

Only JDownloader to get multiple files from places like Oron, Rapidshare etc...

I don't know if they will be keeping track of people who download from those sites or just folks running fileshaing programs...

But, not wanting to risk having them shut my internet service off permanently, I have been reading about VPN's...

This seems to be the way to go if its legitimate.

They are cheep, $5 or $10 a month and claim complete encryption with no logging.

So what do I need to know about using a VPN, which one is best, preferably one NOT US based too.

Also I run a Mac so any software would been to me Mac OS compatible.

Thanks!

Copied and pasted from TorrentFreak

---------------------
We asked them two direct questions instead:

1. Do you keep ANY logs which would allow you or a 3rd party to match an IP address and a time stamp to a user of your service? If so, exactly what information do you hold?

2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?

P2P Supporting VPN providers


BTguard

Response to Q1: “It’s technically unfeasible for us to maintain log files with the amount of connections we route,” BTguard explain. “We estimate the capacity needed to store log files would be 4TB per day.”

Response to Q2: “The jurisdiction is Canada. Since we do not have log files, we have no information to share. We do not communicate with any third parties. The only event we would even communicate with a third party is if we received a court order. We would then be **** to notify them we have no information. This has not happened yet.”

BTguard website (with discounts)
Private Internet Access

Response to Q1: “We absolutely do not maintain any VPN logs of any kind. We utilize shared IP addresses rather than dynamic or static IPs, so it is not possible to match a user to an external IP. These are some of the many solutions we have implemented to enable the strongest levels of anonymity amongst VPN services. Further, we would like to encourage our users to use an anonymous e-mail and pay with Bitcoins to ensure even higher levels of anonymity should it be required. Our core verticals are privacy, quality of service, and prompt customer support.”

Response to Q2: “Our company currently operates out of the United States with gigabit gateways in the US, Canada, UK, Switzerland, and the Netherlands. We chose the US, since it is one of the only countries without a mandatory data retention law. We will not share any information with third parties without a valid court order. With that said, it is impossible to match a user to any activity on our system since we utilize shared IPs and maintain absolutely no logs.”

Private Internet Access website
TorrentPrivacy

Response to Q1: “We have connection logs, but we don’t store IP addresses there. These logs are kept for 7 days. Though it’s impossible to determine who exactly have used the service.”

Response to Q2: “We have servers in Netherlands, Sweden and USA while our company is based on Seychelles. We do not disclose any information to 3rd parties and this can be done only in case of a certain lawsuit filed against our company.”

TorrentPrivacy website
TorGuard

Response to Q1: “Our sever connection logs are purged on a daily basis since we don’t maintain hard drive’s big enough to store all this data. TorGuard’s torrent proxy and VPN connection logs do not associate an IP with each request as there are hundreds of users sharing the same connection at any given time. Since there are no logs kept or IP’s recorded, it is not possible to identify exactly who has used the connection.”

Response to Q2: “Our parent company is based in Panema, with secure servers in Netherlands, Romania, Ukraine and Panema. We do not share any of our user’s information with third parties, period. Only in the event of an official court order would we be **** to communicate with a third party. This scenario has never occurred, but if it were to, we would be **** to explain in more technical terms how we don’t maintain usage logs.”

TorGuard website
ItsHidden

Response to Q1: “No logs, they are not kept. Even system logs that do not directly link to users are rotated on an hourly basis.”

Response to Q2: “The company has recently been sold and falls under the Jurisdiction of the Seychelles. As such there is no requirement [to log] within that jurisdiction.”

ItsHidden website
Ipredator

Response to Q1: “We don’t store the IP at all actually. It’s in temporary use for the session you have when you’re connected but that’s it. We’ve had very few issues with not having logs, but not keeping them makes it safer even for us since we can’t accidentally give out information about anyone.”

Response to Q2: “We fall – mostly – under Swedish jurisdiction when it comes to the service. When it comes to organisational stuff (who keeps the data, who owns the service, who owns the server, who owns the network etc etc) it’s very mixed, intentionally. This is to make it hard and/or impossible to legally bully us around if that would be the case.”

“We can’t be easily shut down, and we can’t be pressured by courts to implement stuff we would oppose. For end-users this is not affecting them in a negative way at all, only the opposite.”

Ipredator website
Faceless

Response to Q1: “We do not log any IP addresses and no information about what data is accessed by our users, so we have no information that could be interesting to third-parties.”

Response to Q2: “We have servers in The Netherlands and our company is based in Cyprus. If authorities would contact us we would have to tell them that we have no connection logs or IP-addresses saved on our systems.”

Faceless website
General VPN providers


IPVanish

Response to Q1: We in no way record or store any user’s activity while connected to IPVanish. The only information we collect from a VPN session is: Timestamp (date and server time) of the connection to us, duration of the connection, IP address used for the connection and bytes transferred. Logs are also regularly cycled. Additionally, IPVanish users are given dynamic and SHARED IP addresses on the same servers—making it impossible for us to single out anyone for anything.

Response to Q2: ” We operate out of the US and, like all companies and citizens, must comply with local law. As detailed earlier, we have generic connection logs, but that information is not sufficient for identifying individual users. We take privacy and reliable extremely seriously and will also never share, rent or lease any information to any 3rd party.”

IPVanish website
AirVPN

Response to Q1: The company carries no identifying logs.

Response to Q2: “Jurisdiction is in the EU, under most circumstances Italy (country of the company and home of the person legally responsible for data protection), but applicable law may be one of the EU Member States where the servers of the network are physically located (no servers are in Italy),” AirVPN told us.

“We don’t share any information with anyone.”

AirVPN website
PRQ

Response to Q1: “We do not log anything, not even temporary logs. We do not have any “personal information”, since we only require a working e-mail address to sign up. Many customers use anonymous e-mail services like hushmail and the like. Even if a customer gives us their information, we do not use it.”

Response to Q2: “We fall under Swedish jurisdiction, no circumstances will be accepted to share information, since we do not have any information to share.”

PRQ website
VPNReactor

Response to Q1: “Only for 5 days to stop abuse[..]. After 5 days we have absolutely no way to match any IP address or time stamp to any users. Privacy and Security is further enhanced for individual users because their VPN connections are basically lost in the crowd.”

“Our free VPN users share a block of IPs when they connect to the internet via VPNReactor. So at any given time hundreds/thousands of our VPN users that have active connections could all be sharing a single IP address. None of our VPN users are assigned individual public IPs.”

Response to Q2: “We strive to be upfront and transparent with our logging policies for the benefit of our VPN users.” Logs seen by TorrentFreak seemed to confirm no identifiable information being stored.

“We are a U.S. based company and are bound by U.S. based court orders,” VPNReactor continued. “However, if a U.S. based subpoena comes in requesting info for activity that occurred more then 5 days prior, we have absolutely nothing to provide as our logs would have expired off. Request for connection details outside a U.S. based court order will be fully ignored.”

VPNReactor website
BlackVPN

Response to Q1: “We do not keep any logs about our users internet activities including which sites they access or what data they transfer. We also run log cleaners on our systems which removes the IPs from logs before they are written to disk,” the company told TorrentFreak.

“For tax and legal reasons we do store some billing information (name, email, country), but it is stored with a third-party and separate from the rest of BlackVPN.”

BlackVPN say they hold a username and email address of their subscribers and the times of connection and disconnection to their services along with bandwidth consumption. Logging is carried out as follows:

“On our Privacy Servers, NL & LT we don’t log anything that can identify the user, but on our US & UK server where we don’t allow sharing copyrighted materials we do log the internal RFC1918 IP that is assigned to the user at a specific time,” BlackVPN explain.

“So to clarify, we don’t log the real external IP of the user, just our RFC1918 internal one, this we have to do to comply with local laws and to be able to handle DMCAs.”

Update: in their FAQ BlackVPN now writes:

“Although we do not monitor the traffic, incoming or outgoing connections of our users we may assign users to a unique IP address and log which user was assigned which IP address at a given time. If we receive a copyright violation notice from the appropriate copyright holder then we will forward the violation to the offending user and may terminate their account. We therefore ask our users not to distribute or transmit material which violates the copyright laws in either your country or the country in which our Service is hosted.”

Response to Q2: “We operate under the jurisdiction of the Netherlands and we will fiercely protect the privacy and rights of our users and we will not disclose any information on our users to anyone, unless **** to by law enforcement personnel that have produced the proper legal compliance documents or a court order. (In which case we don’t really have a choice).”

BlackVPN website
PrivatVPN

Response to Q1: “We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user our service. The only thing we log are e-mails and usernames but it’s not possible to bind a activity on the Internet to a user.”

Please note: PrivatVPN also offer use of a US server for watching services like Hulu. IP logs are kept when users use this service.

Response to Q2: “Since we do not log any IP addresses [we have] nothing to disclose. Circumstances doesn’t matter in this case, we have no information regarding our customers’ IP addresses.”

PrivatVPN website
Privacy.io

Response to Q1: “No logs whatsoever are kept. We therefore simply are not able to hand data out. We believe that if you are not required to have logs, then you shouldn’t. It can only cause issues as seen with the many data leaks in recent years. Should legislation change in the juristictions we operate in, then we’ll move. And if that’s not possible, then we’ll shut the service down. No compromises.”

Response to Q2: “We span several jurisdictions to make our service less prone for legal attacks. Servers are currently located in Sweden. We do not share data because we don’t have it. We built this system because we believe only when communicating anonymously, you can really freely express yourself. As soon as you make a compromise, you are going down a slippery slope to surveilance. People will ask for more and more data retention as seen around the world in many countries recently. We do it because we believe in this, and not for the money.”

Privacy.io website
Mullvad

Response to Q1: “No. And we don’t see why anyone would. It would be dishonest towards our customers and mean *more* potential legal trouble.”

Response to Q2: “Swedish jurisdiction. We don’t know of any way in which the Swedish state in practice could make us behave badly towards our clients and that has never happened. Another sign we take privacy seriously is that we accept payments in Bitcoin and cash in the mail.”

Mullvad website
Cryptocloud

Response to Q1: “We log nothing at all.”

Response to Q2: “We don’t log anything on the customer usage side so there are no dots to connect period, we completely separate the payment information,” they told us.

“Realistically unless you operate out of one of the ‘Axis of Evil Countries” Law Enforcement will find a way to put the screws to you,” Cryptocloud add.

“I have read the nonsense that being in Europe will protect you from US Law Enforcement, worked well for HMA didn’t it? Furthermore I am pretty sure the Swiss Banking veil was penetrated and historically that is more defend-able than individual privacy. The way to solve this is just not to log, period.”

Cryptocloud website


VPN providers who log, sometimes a lot




VyprVPN

VyprVPN is the VPN service connected to and offered by the Giganews Usenet service, although it can be used completely standalone. In common with many other providers we contacted, VyprVPN acknowledged receipt of our questions but then failed to respond. We’ve included them here since they have such a high-profile.

The company policy says that logging data “is maintained for use with billing, troubleshooting, service offering evaluation, [Terms of Service] issues, [Acceptable Use Policy] issues, and for handling crimes performed over the service. We maintain this level of information on a per-session basis for at least 90 days.”

On Usenet forum NZBMatrix several users have reported having their VyprVPN service terminated after the company processed “a backlog” of DMCA notices which pushed them over the “two-strikes-and-out” acceptable use policy.

So, does VyprVPN log? You bet.
SwissVPN

We included SwissVPN in our survey because they are well known, relatively cheap and have been used by those on a tight budget. To their credit, they were also the fastest company to respond. They are one of the few companies that do not make anonymity claims.

Response to Q1: “SwissVPN is being operated based on Swiss Telecommunications and Personal Data Protection Law. Session IP’s (not visited content, websites, mail, etc.) are being logged for 6 months,” the company told us.

Response to Q2: The company responds to requests from 3rd parties under Swiss criminal law (pdf).

SwissVPN website
StrongVPN

This company did not directly answer our questions but pointed us to their logkeeping policy instead.

StrongVPN do log and are able to match an external IP address to their subscribers. We have included them here since they were the most outwardly aggressive provider in our survey when it came to dealing with infringement.

“StrongVPN does not restrict P2P usage, but please note sharing of Copyrighted materials is forbidden, please do not do this or we will have to take action against your account,” they told us, later adding in a separate mail: “StrongVPN Notice: You may NOT distribute copyright-protected material through our network. We may cancel your account if that happens.”

StrongVPN website


Disappointing: VPN providers who simply failed to respond



In addition to the above, TorrentFreak also approached a number of other fairly well known VPN providers. It’s not clear if our questions were simply too tricky to answer in a positive light or whether there was some other reason, but disappointingly none of them responded to our emails, despite in some cases having acknowledged receipt of our questions.

They include Blacklogic.com, PureVPN.com, VPNTunnel.se [Update: VPNTunnel.se have now responded, see here], Bolehvpn.net [Update: Boleh responded after publication - they carry no logs] and Ivacy.com.

Should the above now feel able to respond directly to our questions, or if there are any other VPN providers reading who would like to be included in a future update, please contact us now with direct responses to the questions above. Apologies to the providers who contacted us at the last minute but were too late to be included in the report – we had to stop somewhere.


Final thoughts



When signing up to a VPN provider it really is evident that their their logging and privacy policies should be read slowly. And then read again, even more slowly than at first. Many are not as straightforward as they first appear (some even seem to be deliberately misleading) and that is the very reason why we asked our own questions instead.

In contrast to the the pessimism generated by yesterday’s report, as we can see from the list above, when it comes to offering real privacy there are plenty of services out there.

wow great info, super in depth. thanks for looking into and explaining a convoluted topic

thanks a lot!

Here is some more information, which seems to suggest that ISPs are not going to start implementing 6 strikes until this fall (Source: Time Business)

The entertainment industry’s ongoing battle with digital pirates (also known as average Americans) will enter a new chapter this fall as music and movie companies take a more sweeping–but less litigious–approach to dealing with widespread copyright infringement.

The recently formed Center for Copyright Information is a collaboration between the Motion Picture Association of America, the Recording Industry Association of America and five of America’s biggest Internet service providers: AT&T, Cablevision, Comcast, Time Warner Cable and Verizon. The organization hopes to systemize the way in which digital copyright infringement is handled, which has been fairly scattershot over the last ten years.

Here’s how the new system works: An Internet user downloading media illegally gets flagged by the copyright holder (a record label or movie studio). The copyright holder doesn’t know who you are, but they can detect your IP address if you’re on an open file-sharing network. They tell your Internet service provider that they’ve noticed some questionable activity coming from your address. The ISP will email you a copyright alert, which informs you that your account has been used for illegal file-sharing and directs you to legal avenues to acquire movies or music.

“It’s sort of a new model of cooperation enabling the movie and music companies to be able to identify allegedly infringed files and pass those notices on to subscribers to their ISPs,” said Jill Lesser, the executive director of the Center. “If it works right, it’s not going to be seen as punitive but as helpful.”

The alert system has been colloquially dubbed the “six-strikes rule.” On the first two strikes, you’ll receive a warning email noting illegal activity. For strikes three and four, you’ll be required to confirm your receipt of the notice through a landing page or pop-up window.

Get a fifth strike and harsher consequences, called mitigation measures, kick in. The ISP may reduce your Internet connection speed for a couple of days, make you watch an educational video or force you to call their office to explain yourself. However, specific actions taken are left at the discretion of the individual ISP. Once you’ve run out of strikes, you’re no longer in CCI’s system and are at the mercy of the content providers, who have been known to sue pirates in the past.

At no point under this system will a user’s Internet get totally cut off, and access to key services such as email will not be hampered. If you’re getting copyright alerts but haven’t been downloading illegally, an independent board will review your claim–for a $35 filing fee (the fee is refunded if you’re in the right).

The CCI program will mark the first time that the ISPs have worked in lockstep to address copyright infringement. Lesser said the increased coordination would probably lead to more users getting flagged for copyright infringement and more alerts being sent out.

Still, the measures are actually tame by anti-piracy standards. In France, a strict three-strike rule means you get booted from the Internet for as long as a year if caught sharing illegal files three times. In the United States, past tactics have included lawsuits that value a single pirated song at $65,000 and song encryptions that deter music fans from sharing their libraries. Earlier this year Congress considered the sweeping Stop Online Piracy Act, but the bill was tabled after drawing the ire of most of the Internet.

“We’re moving away from simply rapping people on the hands to try to giving them the info they need to get to various kinds of media content in a way that is both legal, accessible, and cost-effective,” Lesser said.

E. Michael Harrington, a music business professor and member of the Future of Music Coalition Advisory Board, said the new initiative seemed too similar to past approaches to piracy to make a significant difference.

“When you try education, that can be a complicated subject,” Harrington said. “You’d have to try to educate someone on every aspect of copyright. I think it’s just late. People can get music any way they want…Those who want to be clever can stay clever.”

Digital piracy is already on the decline in the United States, with the percent of U.S. Internet users using peer-to-peer networks to download music declining from 16% in 2007 to 9% in 2010, according to the NPD Group. But it’s unclear whether that’s because of legal actions by the RIAA (such as getting popular peer-to-peer network LimeWwire shut down in 2010) or the increased ease of acquiring music digitally. iTunes has been the biggest American music retailer since 2008, and subscription services like Rhapsody and Spotify are finally gaining traction with the general public.

“We need to have access to eveything, everywhere, at any time and in any format,” Harrington said. “[Record labels] just have to get more creative and offer things to people the way they want them at reasonable prices. That’s actually a really old-fashioned idea.”

The piracy debate gained new life last week, when a 20-year-old NPR intern admitted that she’d only bought 15 CDs in her life, though she owned 11,000 songs. She drew the outrage of an older generation who questioned the moral sensibilities of her and other young people who acquire digital music illegally.

Harrington, who has purchased music for decades and continues to do so, did not see a problem with the intern’s actions. “I don’t think it’s immoral,” he said. “It’s practical. It’s evolution. The way computers are set up is to copy. The computer does this perfectly, quickly and conveniently. Why isn’t it legal if it’s built to do this? It’d be like having an incredibly fast car but you refuse to go above 22 miles per hour in it.”

As the CCI demonstrates, though, record labels and movie companies aren’t willing to completely surrender to pirates. Lesser said the main goal of the CCI is to educate consumers in a positive way. “The idea is to put together a system that has all the elements to help consumers do what they need to do to change behavior,” she said. “There is a perception, particulary on the music side, that music is free or should be free. Part of that central understanding needs to be changed. I think it’s important for people to understand why content isn’t always free.”

For the moment, music and film companies seem content to slice it both ways–encouraging more legal, digital options to access media while reminding those that download media illegally that they are doing something wrong.

“Those twin goals of crafting and understanding of the value and creating an understanding of what’s out there is where we are right now,” Lesser said.

Harrington said the CCI’s softer approach was an improvement over past tactics. “They’re not saying illegal as much. The tag has gotten a little better.”

It’s unclear whether educational emails and reduced Internet speeds will get people to stop downloading music for free (or cruelly depriving artists of their money, depending on your perspective). But it’s a big improvement over suing deceased grandmothers for digital piracy. The media landscape is ever-changing, and the companies that once controlled it are learning–slowly–to adapt.

________________________

After reading this I was left with the impression that ISPs are notified by third party copyrights holders who are monitoring p2p/torrents. So I am left to assume that this leaves out filelocker activity since there is not way for third parties to monitor that internet behavior. The only recourse left to intellectual property rights holders is through court injunction served on the filelocker (e.g., megaupload, oron, etc.). So it seems that short subscriptions to filelockers may still be the best. I noticed that those VPN Service Providers are not necessarily cheap.

5p1d3r wrote:
The Hadopi act started in 2009, and no french user has ever got its internet access shut down.
Either the Hadopi act just does not work, or it was meant to scare internet users.

Furthermore, surveillance cost much money : in 3 years €30 M for.... 1 acquittal, 1 dismissal of charges, and 1 fine of €150....
Yes, 3 years for that.

One quick thing about France, OVH is in France and pretty much everybody uses their servers for seedbox purposes, they get port scanned like a mofo and nobody even looks at that so you're pretty safe if it comes to the 3 strikes haha.

If you have cash to burn and want epic security go with cryptocloud (their customer service suuuuuux though so hope you don't have a problem haha) otherwise any of the above seem to work, AirVPN is only 5 euro (or bucks?) or something like that yet they carry no logs what so ever (according to their policy), the applicable law thing they discuss above ^ seems a bit "meh" but it looks like they have nothing to share so even if they have to share something they don't have anything to share.

You can also create your own tunnel on a small server or a seedbox (I work for a seedbox company and i set atleast 1 tunnel up a day ) even. You will however lose the "needle in a haystack" protection the above have because you're the only user but your logs will be shredded every hour and you will have a 100mbit/1Gbps server speed all for yourself so the only thing that might be left is the end connection on record at a data center but alot of seedbox services (not unlike mine) claim plausible deniability so you're safe .

You can also multi-hop, add a VPN to your router and one to your computer so the initial connection is a VPN the moment you start your computer then you connect to another VPN and hop over in their tunnel.

One thing VPN services spam you with that has no value what so ever is the 2048bit encryption thing. The actual 2048bit encryption used is just for the initial handshake which is an RSA asymmetric encryption which after the handshake jumps into a 256bit AES-Rijndael (in most cases) tunnel.
So the only thing they boast about is the 5 sec it takes to build up an RSA bridge to exchange certificates and keys... that's it.
2048bit assymetric RSA is roughly translatable into a 112bit symmetric encryption (sort of, it's often used as a thumb rule to explain newbies ).

Current paranoid setups (what hacktivists and such use) are (to give people an idea of what they do for privacy):
Tor->fresh proxy->Free VPN -> fresh proxy -> VPN bought with bitcoins -> fresh proxy -> secondary VPN bought with bitcoins -> fresh proxy -> VPS with I2P installed -> Fresh proxy -> Internet.

This is insanely slow but fast enough for people to send commands, i wouldn't advice it for a normal user though i'm just showing an example.