BestVPN's article on " I know what you downloaded "

I agree and reiterate what I have previously posted .VPN’s give a degree of privacy but not anonymity . Thanks for your interest in the post .

Much thanks to everyone especially vax2000 for your info. Been with FOXTEL for over 20 years
and every year gets worse with excessive commercial content and reject programming which I
pay for and do not use (the standard package). I’ve been to their community website and expressed
my views. Of course they sympathize , but are FOXTEL prone. They think commercials are a necessary part of life and sponsors doesn’t seem to be in their vocabulary.
Anyway, I’ve been thinking of streaming (STAN) would be better and my question about VPN
usage. Of course, who can you trust with your privacy and security when no one really gives a stuff
about it and what you want (like Yahoo’s security breech in 2013 , just recently notifying us users.
I feel like I’m between a rock and a hard place.

And for @bigmitch8 @vax2000 @njfking @Fred and any others who may be interested

Yes there are shonky VPN providers out there and that is why before using one you should look into it and see what others are saying about it. There are lots of sites where people talk about VPN providers and even articles on reputable web sites that discuss them. Search on Google about the VPN/s you are interested in and see what feedback there is about it/them. And many VPNs do give their users a large degree of privacy and anonymity when browsing the web and make their interactions much safer.

But a VPN is a tool and like all tools there are good and bad ways of using them. Encrypting your data when sending it over the net is a safer option than sending it unencrypted. A VPN encrypts your data, and only at your PC and where it exits the VPN is the data unencrypted. If the VPN doesn’t keep detailed logs (some don’t) of your traffic then it is very hard or impossible for them to see what you have sent/done. If the site you wish to visit properly uses HTTPS (check the security on the address bar) rather than HTTP then even after your data exits the VPN it is encrypted until it is on the site you are visiting and is not able to be deciphered by the VPN provider at any time. Using Tor over a VPN increases your security as the Tor system also encrypts your data and sends it through many channels until it reaches the Tor Exit Node and again if the site you wish to visit uses HTTPS then the data remains encrypted until it is on the site or on your PC.

HTTPS is what your Bank/Financial Institutions use to keep your data safe when you web bank. HTTPS is what keeps your interactions with this site safer from outside interference. Google, Yahoo and others encourage you to use their secure services to keep your data private from snooping as it passes through the web. The sites in these cases can be where the fault lies for the loss of control over your data but that is not the fault of VPNs, the use of HTTPS, or your secure habits. The day will come that Quantum computers will break the current security but hopefully that day is a long way off. But as the future advances of computing occur, the way we secure our communications will also advance. So if you visit a site that doesn’t use HTTPS drop them a line and encourage them to do so, even if you don’t use a VPN it will make your web interactions much more secure. Use HTTPS Everywhere (https://www.eff.org/https-everywhere) from Electronic Frontier Foundation (and have a read of their articles from here https://ssd.eff.org/en and here https://www.eff.org/) to help you connect to sites that do have HTTPS but that can be hard to use.

There is a very good site about VPN providers and what their structures are like see this link to a previous post Geoblocking and accessing content online that has a link to the site and it’s tables.

6 Likes

@SarahAgar might be able to chime in on this one - our privacy policy expert. I can see someone has also posted the link to our previous article.

You can find out VPN reviews here ($): https://www.choice.com.au/electronics-and-technology/internet/connecting-to-the-internet/review-and-compare/vpn-services

And a buying guide here (free for non-members): https://www.choice.com.au/electronics-and-technology/internet/connecting-to-the-internet/buying-guides/vpn-services

4 Likes

Hi @grahroll. Agree with what you have said and leads to the question why use a vpn? The only reason I can see is to bypass the Australia Tax if one desperately needs to watch say a just released UK or US serial…or to buy something slightly cheaper. One has to assess if the risks of putting data through a vpn is worth not waiting until it is available/additional cost in Australia. If used for this purpose, a vpn should be used solely for streaming and not for general use where all data goes through the vpn.

In relation to logging, most vpn established in western countries log even if they say that they don’t keep your personal information. This is to protect their owners in case a vpn user commits criminal activities when using the vpn (the vpn IP would be that of the criminal investigation and evidence)…logging removes the vpn owner as being ultimately responsible.

There are vpns which allegedly don’t log in countries such as China, Russia etc, but sending traffic through these countries is like playing Russiin roulette and there is a likelihoood that your traffic is being monitored by others than the vpn owners. There has been much in the media lately of these countries being interested in such data…independent of how significant it is.

There are also vpns in some Scandinavian countries which say that any collected data is safe from legal enquiry, but, this has not been tested. I am sure that the treaties/agreements these countries they have entered would expose this data in the long term.

If security over a open public network is an issue, then one is best to set up their own home vpn using a device/router that supports openvpn. This means that the connection is more secure to your normal home connection and then back out to the wide internet world. Such connections don’t help bypassing the Australia Tax though.

1 Like

There are quite a few reviews of VPNs from very respectable sites such as CNET. They give pros and cons of the best free ones as well as paid ones.

2 Likes

Excellent post, grahroll - thanks. :slight_smile:

What a great post. Thanks

There are several reasons for using a VPN, and one very important rule to remember. First, the rule:

If you are not paying for it, then you are the product.

That is, don’t use a ‘free’ VPN or similar.

Now to why you may want to use a VPN:

  • To use the Internet without all of your metadata being collected by your ISP. Australian law now requires your ISP to collect all the metadata you produce while online, and there is a list of 60+ agencies that can request access to it. As pointed out by many privacy experts, “oh it’s just metadata” is a smokescreen - metadata can tell the reader an awful lot about the individual.
  • In order to download that movie for free.
  • To access online material that is blocked by the Australian Internet Filter - which at implementation apparently blocked a Brisbane dental practice by mistake, so evading this does not mean you’re just after ‘teh pornz’.
  • In order to watch Game of Thrones - or its successor - while paying the provider for the privilege and before it becomes available in Australia (i.e. to avoid geo-blocking).

Finally, how do you choose your VPN? Yes, you could go to a website like BestVPN, whose entire business model is based upon selling VPN services. You may choose to check CNET, a reputable reporting entity that provides relatively unbiased reviews of such products. My recommendation is to look at both of these, and then make your final decision using either or both of:

The latter produced an incredibly detailed spreadsheet comparison of VPNs, which is well worth your while if you are serious about getting the best for your purposes.

Finally, something to keep in mind in relation to everything you do online. There is a difference between the terms ‘secure’, ‘private’, and ‘authenticated’.

5 Likes

Superb post, postulative. Thanks again for your advice!

Somethings in this world should always be paid for one if a VPN, another is computer protection/antivirus software.

Not only is a paid VPN much more secure, it will also be a higher performer. Freeware such as free VPN’s can and do who knows what with your information - so such thing as a free lunch etc.

I use PIA (Private Internet Access) and have found them very good and the cost is very little.

2 Likes

Just a copule of comments.

A VPN is only private from the user to the VPN server (if the data in dact is encrypted). Data on the other side of the VPN server is not private unless the end website/host uses encryption (such as https). The post VPN traffic can be monitored even if the user to VPN link is encrypted by the vpn host. There are examples of orgamised crime syndicates using VPNs thinking they were private and anomymous only to have authorities knocking at their door.

All paid VPN keep even more information on their customers than free ones. A free VPN will only have ip address logging, whereby a paid vpn also has this ip linked to a payment method…payment methods can be used ro easily trace individuals using a particular ip.

The only benefit of paid vpns is to the company running the vpn…as they make significant money from providing a service which does not stack up to most of the rhetoric.

As outlined above, the only real use of a vpn is to bypass the Australia tax (geoblocking of cheaper overseas services in Australia)… until such time the provider of such content doesn’t block vpn ips. Any other prupose such as those outlined by @postulative do not provide any anonymity and may result in being caught should traffic post can be monitored.

The other benefit can be for dns attacks, but this is not usually an issue for private users.

VPN that say they don’t log or keep metadata are not telling the truth and say such as a marketing tool…the easily way to disprove this is how do they manage data allowances or billing information…if such information is not collected. This infornation as a minimum needs to be logged and their claims are highly misleading.

If a VPN is in a country with progressive laws, any data collected by the VPN is available to authorities through usual legal channels.

3 Likes

Citations please, @phb. Your comment contains a lot of vitriol and little basis.

The sources to which I referred are very clear on what they trust and why; you obviously don’t like VPNs, but at least justify what you are claiming.

You claim that “All paid VPN keep even more information on their customers than free ones” on the basis of payment method. Well, yes - except that every VPN that you would find recommended for privacy purposes allows payment by Bitcoin. (There is also the one company that accepts honey, but you may be able to track that.)

Yes, post-VPN traffic can be monitored - which is why if you want to gain privacy from a government you do not buy a VPN from a US provider - or any of the other ‘five eyes’ partners, or the ‘fourteen eyes’. Of course, this monitoring is largely only available to governments, so you really need to think about what you intend to do with your VPN connection. I am not acting unlawfully.

“The only benefit of paid vpns is to the company running the vpn”. We have already largely dealt with this, but if you go back and read what I wrote I pointed out that if you don’t pay then you are the product. If you are fine with having your information sold (and yes, there have been documented cases by free VPN providers), then don’t bother paying for the service.

You claim that “the only real use of a vpn is to bypass the Australia tax”. Seriously? As for content providers blocking VPN IPs - Netflix did a bit of that, I gather, late last year. I don’t think they kept it up - none of these companies ever do, since it is really only for show; Netflix knows it is better for them to have an Australian use the US Netflix than not pay for Netflix at all. Additionally, blocking IPs can have nasty side effects in the pre-IPv6 world, while a customer-focussed VPN merely needs to move to a new IP in order to evade that block.

Your statements that VPN providers are lying need some evidentiary basis, otherwise they are mere dust in the wind. As for metadata collection, if you are in Australia then your metadata will definitely be collected if you do not use a VPN - you seem to be getting the new laws confused.

At the moment, your attack on VPNs appears the baseless complaint of someone who got caught because they put their trust in the wrong place. So citations please; explain the basis for your rather vicious attack. And no, VPNs do not generally manage data allowances. Data is cheap! Even if they did need to, they do not need to know the user’s name, or address, or personal details - they simply need to have a user-ID… as with billing.

No, a VPN is not Tor - and even Tor can be broken if you are a government and have sufficient resources. But regardless of what you might want to do online, did you write all the software on your computer? Did you melt the sand to make the silicon to make the CPU? Do you know what every part inside that case does? (No, because on an Intel motherboard there is one part that is a black box to the outside world.) You can choose to trust, or you can go offline and stay offline.

I do not use a VPN in order to commit a crime, and so am not putting my personal liberty at risk by my trust. That said, my liberty would be more at risk were I committing a crime and not using a VPN - because I know that my government is prepared to monitor everything I do online.

Speaking of which, I have no particular reason to give my government information on every website I visit. I encourage every Australian to use a VPN - bearing in mind some of these caveats, and for the purposes of shaking a fist at an unjust law as much as or even more than for its other benefits.

I have tried to be polite in this response, but get very irritated when I feel that people are spreading misinformation or themselves lack the understanding that they are seeking to portray. This is an area in which I have done quite a lot of reading, and based upon that I am not at all convinced that all comments are equally reality-based. Please feel free to correct me - with evidence.

4 Likes

@postulative.

I did not say I did not like VPNs, I just realise their limitations and work within these limitations.

In relation to citations, there is much information in relation to the limitation of VPNs from cyber security experts. I recently spoke to one who worked for the Australian Government and much of what is outlined above was discussed. I was curious, from a layman point of view, how ‘security’ available on the internet impacts on their ability to carry out their core functions. Their only main concern at this point of time is the bulletproof servers being created in countries such as China and Russia which have been solely set up to hide (criminal) activities…and these jurisdictions don’t have reciprocal arrangements with most other countries in relation to legally accessing the data for external authorities.

In relation other citations, one should read the terms and conditions of many of the VPN providers that say that they don’t log. Many of these terms and conditions indicate that information may be kept and be available to authorities through usual legal process. VPNs record the IP of the under to allow traffic to pass through and to manage data limits/billing.

The US has also introduced Law 41 which allows the FBI to effectively ‘hack’ any computer which allows them to bypass VPNs which they currently have no statutory powers to exercise upon. This has radically changed the VPN environment for those who choce to use VPNs for illegal activities which may be of interest to this or similar authorities.

Many believe that the Swedish VPNs are reasonably safe and secure for downloading say pirated videos. Swedish service provider must obey the ‘Electronic Communications Act 2003 389’. Sections 5, 6, and 7 under “Processing of traffic data” completely protect your privacy, However, section 8 is quite interesting and revealing.

Authorities in Sweden can order secret wire-tapping/data collection, the service provider shall not disclose information about it. Such information is logging and inconsistent with VPN T&Cs.

Other countries in the world are progressively implementing similar legislative requirements…is is likely however that countries such as Russia, China and in Middle East may not implement such measures in the short to medium term.

I agree with your statement about bitcoins, but how many law abiding citizens are going to purchase highly speculative bitcoms to pay for a VPN service. Using bitcoins for such service would only increase the level of suspicion of the use for the VPN server.

I use VPN to get around the ‘Australia’ tax and also checking email on public/open WIFI but would never use them for any other purpose, especially those which may be seen as being in contravention of any law (in Australia for overseas). I also change my password for any access achieved using a high risk public/open WIFI after its use…as there is a chance that it was captured through traffic leaving the VPN (albeit remove, but possible)…and where I believe the risks of using a VPN are less than not. I don’t have a private (e.g. business or home open VPN connection available) to negate the password changing.

I also agree that a VPN will bypass the metadata collected by the Australian government but does not guarantee that it will not be collected elsewhere.

The cost to block VPN IPs by either business or the government is costly. The blocking is usually reactionary when they become aware of a VPN IP for some reason. It is possible and can be doe…especially if it becomes co-ordinated across number of organisations/agencies. Such could happen quite easily in the future and would make VPNs less reliable as they continually scramble to be one step in front.

To find a secure VPN is very difficult as one has to consider not only the operators of the VPN and how it handles traffic (what information it may collect), but also the legislative environment which may impact on the operation of the VPN (such as the Swedish example above…UK is other I am aware of), and the potential for authorities or hackers to access the information held/collected by the VPN or in the unencryipted post VPN traffic. None of the reviews of the best VPNs cover all three aspects and generally only consider the first (that being, information the VPN may or may not collect through information publicly available). And this broadly was outcome of discussions with the cyber security expert I recently had the chance to chat with.

1 Like

@phb I am pleased to see that you have moderated some of your expressed concerns.

You are absolutely correct that if a law enforcement or other government agency wants to track you, there is very little you can do other than take extreme steps to secure your privacy. The pain involved in those actions mean that very few people will ever bother.

That said, I will re-state the fact that each additional individual who chooses to use privacy tools makes monitoring of themselves and the rest of the global population more difficult. This applies even to the lowest-hanging fruit that is US-based VPNs, because collecting all the traffic that goes through a single cable is much easier than having to combine that with VPN-provided traffic (assuming the three-letter agencies have demanded and received all US-based VPNs’ private keys).

So you choose a VPN provider that is not based in the US. It cannot be based in one of the ‘five-eyes’, or any of the ‘nine-eyes’ or ‘fourteen-eyes’ spying countries. Per my previous post, you can see these countries listed at privacytools.io. Yes, Sweden is part of the latter group, and a bad place to buy a VPN service (apart from the moral question of its desire to help get Julian Assange to the US, and the crazy games it has played to keep those charges alive in the face of the alleged victims’ desire to drop them).

Yes, you need to check your VPN’s logging policies. Pretty much every VPN will say that they turn over data in their possession upon receipt of a valid warrant. The good VPNs also point out that either they do not log, or they delete logs after 24 hours.

You must do your research - and fortunately some people have already done it in a manner that has been acknowledged by well-known security researches. This is why I say you should check privacytools.io and That One Privacy Site (operated by That One Privacy Guy).

Bitcoin is difficult to use, yes. Fortunately, the only reason you would need to use it when paying your VPN is if you think you are the specific target of a government entity - and most of us are not!

Of course, your cyber security pal wants to make the world a scary place, or they are out of a job. They want everyone to think that someone is constantly looking over their shoulder, but that’s okay because ‘if you have nothing to hide you have nothing to fear’. GARBAGE! The security industry does not have complete visibility of the Internet or the Tor network. If you do not like everything you do online and most of what you do offline to be monitored, I suggest that you should use all of the legally available tools at your disposal to make the task of those monitors more difficult.

The excuses you are making for why one should not use a VPN are just that - excuses. ‘It’s too hard’. ‘They’ll get you anyway’. ‘If the dysentery doesn’t kill you, the malaria will’.

All of the information you need to choose a good, safe VPN is out there, summarised for your convenience.

P.S. warrant canaries are your friend.

4 Likes

Read Choice’s Review. Noticed that AVG was not tested. Does anyone in our community have a view?

1 Like

AVG is assessed and rated in the APC magazine March 2019.

There is no detailed review of AVG in the print edition. The comparison table enables you to size it up against many others. I have used a free version on my spare desktop for many years without issue. Aside from the occasional pop ups and up sell messages.

There may be more content available on the APC website?

1 Like

Thanks, Mark but I am not that tech-savvy!

1 Like

Also, at the moment, their VPN has a bug and AVG is still trying to fix after 6 days. Have to wait another 6 days!. Anyway, if I download another VPN will this conflict with the AVG other software?

2 Likes

No, VPN usage should not conflict with any AV function. It might interfere with getting updates if you choose a country for VPN appearance that is subject to sanctions re usage of particular AV products eg if using a US product so that it appears you are in Iran might stop your AV from being able to access the update servers for the product.

AVG supply the VPN as a value added service (VAS) to attract users and just like any VAS it can be disabled/removed and you can choose to use any alternative.

3 Likes