Use a cheap bulletproof host if you are afraid of them exposing you.
How do you determine if a host is bulletproof? From what I've learned, some companies are simply fronts for intelligence agencies. As long as you don't do anything illegal, you probably have nothing to fear anyway, even if there was an intelligence agency recording all that you did with your vpn. Besides you only have the word of the host that there's no logging. The host is also using servers in various datacentres, and we don't know if there's any additional logging apart from on the machine your vpn-instance resides on. For example, the routers in the datacenter might log traffic as well, so even if there's no logs on the server running the vpn-instance, law enforcement might be able to extract logs anyway. Also, some datacenters have dedicated boxes installed by intel agencies recording EVERYTHING that goes in and out of that datacenter. In addition, if there's a server of interest, that servers traffic might as well be
hijackedIf a box of interest was shared between several VPN-users, also the traffic of the innocent users would be captured. As we know, there's even been reports of BIOS-level backdoors in some servers, according to Snowden leaks. And some systems are even stopped in transit, so the NSA special division can inject backdoors in systems of interest before they're shipped to their end destination. For example, there's been tales of computer systems that have had radio transmitters injected inside the cabinet, and then the intel crew just drives up in a van within radio range and connects to that machine, altering files and extracting files.
If you visit unsecured websites with Tor, your information transferred can be seen by exit nodes.
Exactly, and there's been several report of this. People thinking they're safe when using tor, and then all their e-mails has been exposed... Use PGP for private e-mails if you want to keep them confidential.
If you use VPN together with Tor, your VPN provider can still expose you if they want to.
The VPN provider can only expose you if they have your actual IP address. If they do not have that, they can only reveal whatever IP you did connect from.
I have not investigated VPN/TOR combinations much but for instance, if you use ssh over TOR the vps you're connecting to will only see the TOR exit IP, and the TOR exit node will only see encrypted traffic.
As with everything else - define what you need, and then make a plan sufficient to fullfill the requirements. For example, any VPN provider is sufficient to hide web surfing from your local ISP and it will also give all websites an ip which is not your home ip, and it's also good for switching location if you want to use certain services that's not available in your country.
Lastly, I'm a bit annoyed with people stating that people concerned about privacy and anonymity is up to something bad. I would love to have such people broadcast from their toilet or bedroom to the entire world 24/7, they don't have anything to hide, right?
That paragraph was not meant for anyone in this thread however particularly, just a general thought. Personally I think avoiding cookie tracking, targeted ads, and preserving a certain level of anonymity online is important. I find it uneasy to know that my real life identity is only a phone call away for the person with the right authority if I surf the web with my real IP.
For the same reason, most of the time when going for a walk, I don't bring with me a mobile phone. It's not because I'm up to something bad, but it's because I do not like the fact that I cannot move freely without some faceless organization follow my every move.
Imagine the looks on people's face if an official approached them, then proceeded to put a tracking device in their pocket, patting their backs and saying: "Hey, it's all good - just keep this on you, we need to track you wherever you go, if you have nothing to hide, don't worry, nothing will happen, it's for your own protection, to prevent terrorism and to save the children".
I think very many people would feel extremely uneasy about that - yet they voluntarily carry around devices that track their every move, and also possibly is remotely accessible at a moments notice for those with the right knowledge, the baseband stuff in a mobile phone is not known to be very secure..
In addition, these days we have police running around with
powerful Stingray devices. I better hope you did not purchase a phone from a former drug dealer or terrorist suspect without knowing it, once the police comes around with a stingray device, you might be having a really nasty experience..
I can't for the life of me understand why anyone willingly want to carry devices that the police can tap into easily, and in addition devices that track far too much about your habbits.
http://www.thestar.com/news/world/2013/02/27/the_astonishing_amount_of_personal_data_police_can_extract_from_your_smartphone.htmlEven stuff on your phone that you delete is not really deleted according to the source above.
What's important to realize is that our rights and freedoms are step by step removed, leading to a totalitarian state system.
That's why knowledge, and protecting yourself is important. For example, there's been stories of bloggers being sued because they write negative reviews of a company. If these bloggers ran their blogs anonymously and it was not possible to find their identity, a legal challenge would simply not work.
Being anonymous is also being safer imo. True, some people will always do bad things protected by anonymity, but as we've seen, those targeting big enough goals have been brought down. It's easy to slip up somewhere.
