Have you ever had a public VPN rat on you when downloadingtorrents?

Marek Novotny wrote:

I'd be most interested if you disabled dns-dnsmasq and then executed the
dig redhat.com command with and without the vpn.

With dns-dnsmasq enabled...

This is what I get with and without VPNREACTOR VPN:
1. https://www.dnsleaktest.com/ leaktest with and without VPN:
http://i62.tinypic.com/2sblhlg.jpg
WITHVPN: dns server is vpn dns server
WITHOUTVPN: dns server is google dns server
2. dig with and without vpn reports the same thing:
$ dig redhat.com|grep SERVER
WITHOUTVPN: ;; SERVER: 127.0.1.1#53(127.0.1.1)
WITHVPN: ;; SERVER: 127.0.1.1#53(127.0.1.1)

With dns-dnsmasq disabled...

This is what happens with and without VPNREACTOR VPN:
1. https://www.dnsleaktest.com/ leaktest with and without VPN:
http://i60.tinypic.com/qxw3rk.jpg
WITHVPN: dns server is optimal link corp (presumably from VPN)
WITHOUTVPN: dns server is google dns server (from my home router)
2. dig with and without vpn:
$ dig redhat.com|grep SERVER
WITHOUTVPN: ;; SERVER: 192.168.1.1#53(192.168.1.1
WITHVPN ;; SERVER: 216.230.224.34#53(216.230.224.34)

Notice the only thing different is the result of the dig command
between the first case (which is the default dns-dmasq set) and
the second case (which is the dns-dmasq commented out).

Can someone help me understand these results?

Marek Novotny wrote:

I've been testing this with the dns=dnsmasq disabled. When I do it that
way I get two different results for dig redhat.com.

I also get different results for dig, depending on the situation:

With dns-dnsmasq enabled...this is the result of "dig redhat.com":
NO VPN: SERVER: 127.0.1.1#53(127.0.1.1)
WITH VPN: SERVER: 127.0.1.1#53(127.0.1.1)

With dns-dnsmasq commented out...this is the result:
NO VPN: SERVER: 192.168.1.1#53(192.168.1.1)
WITH VPN: SERVER: 216.230.224.34#53(216.230.224.34)

I don't understand what is going on at all (sorry).
Do you?

Marek Novotny wrote:

The problem is, we actually want to know via a script how it actually
got resolved. And we can't really do that if the middle man is in the
way. It's not that the middleman isn't doing the job well, it's that
having the middleman there at all makes it harder for us to see what the
actual resolver is. So fire the middleman and just run the script when
you use the VPN endpoint to see where you are resolving to.

Make sense?

Thanks Marek for explaining.
Is this what you tried to tell me, paraphrased?

1. With /etc/NetworkManager/NetworkManager.conf at the default, the
dns=dnsmasq is set, which causes the local machine (127.0.1.1) to
be the dns cache, which it resolves by going to the home broadband
router, which tells it to get its DNS from Google's 8.8.8.8, which
it does (but you don't see that happening in the DIG command).

2. With the #dns=dnsmasq commented out in a modified
/etc/NetworkManager/NetworkManager.conf file, the dns cache is now
the home broadband router (192.168.1.1) which tells Ubuntu to go
to the Google DNS server 8.8.8.8 by default. In this case, you can
easily see that the DIG command is deferring to the router for its
DNS server definition.

3. When I add the VPNReactor free public VPN to the first situation
(#1 above), the VPN service takes over the job of DNS (which prevents
DNS leaks); but you can't see that from a DIG command, because the
DIG command still reports the localhost (127.0.1.1) as the DNS cache
(because the dns=dnsmasq is enabled).

4. However, when I add VPNReactor free public VPN to the second situation
(#2 above), since #dns=dnsmasq is disabled, it's easier to see that the
DNS server is coming from the VPNReactor DNS server (216.230.224.34).

Did I get that right yet?

Maraela J. wrote:

I have a few dozen free public VPN services set up, so, I will try a few
of them to see if they all provide the DNS server.

If not, I'll try to report back (but the setup from VPN to VPN takes
time because the files aren't automatically configuring the openvpn on
Ubuntu).

For example, when I load any of the openvpn setup files from
http://mofolinux.com/vpngate.html, I still have to modify the settings
in order for all of them to take (but it's supposed to be automatic).

I tested a second free public VPN service (of dozens)...

With #dns=dnsmasq disabled in NetworkManager.conf, and using one of the
many mofolinux DNS servers for the USA, I get the following from DIG
(which is expected)

$ dig redhat.com | grep SERVER
;; SERVER: 10.211.254.254#53(10.211.254.254)

And, from the leaktest at https://www.dnsleaktest.com I get what appears
to be a DNS server assigned by that free public VPN service, which is a
good thing (I think).

http://i62.tinypic.com/257q89c.jpg

So, I think it's working the way it should in that 'dig' is reporting good
stuff, and the dns leaktest isn't showing any dns leaks.

$ vpntest.sh
ISP: AS31939 DirecPath, LLC
Country: US
Device IP: 10.211.1.17 (tun0)
External IP: 65.50.111.240
Default Route: 10.211.1.18
DNS IP: 10.211.254.254
DNS Name: public-gw.vpngate.net.

In alt.os.linux.ubuntu Mel Bourne wrote:
On 03/28/2015 02:32 PM, The_Chris wrote:

It's worth it to me to pay the $4.95 a month for peace of mind.

Review your selection of provider...

They haven't ratted on me, but, they tell me when people are nosing
around.
I'm using HMA (Hide My Ass)

http://www.deepdotweb.com/2014/07/08...legit-or-****/


Well, to be fair... I don't do anything bad....I just do it for
security (bank activity, etc)

I looked up HMA... I don't care that they keep that for 2 or 3 months...

On 03/29/2015 03:28 PM, The_Chris wrote:
In alt.os.linux.ubuntu Mel Bourne wrote:
On 03/28/2015 02:32 PM, The_Chris wrote:
It's worth it to me to pay the $4.95 a month for peace of mind.
Review your selection of provider...
They haven't ratted on me, but, they tell me when people are nosing
around.
I'm using HMA (Hide My Ass)
http://www.deepdotweb.com/2014/07/08...legit-or-****/
Well, to be fair... I don't do anything bad....I just do it for
security (bank activity, etc)

Well, in that case you may wish considering utilising a less costly
option. https://tails.boum.org/

I looked up HMA... I don't care that they keep that for 2 or 3 months...

A very generous attitude which could back-fire...

Per Maraela J.:
Which VPN Services Take Your Anonymity Seriously?
http://torrentfreak.com/which-vpn-se...dition-140315/

They asked the VPN services these questions:
1. Do you keep ANY logs which would allow you to match an IP-address and
a time stamp to a user of your service? If so, exactly what information
do you hold and for how long?

Am I losing my mind or does this quote not make sense?

"2. We operate out of the US which is one of the few, if only, countries
without a mandatory data retention law. We explored several other
jurisdictions with the help of our professional legal team, and the US
is still ideal for privacy-based VPN services."
--
Pete Cresswell

In article ,
"The_Chris" wrote:


Well, to be fair... I don't do anything bad....I just do it for
security (bank activity, etc)

.... and to be even fairer, it's a long way from (say) downloading last
night's Bones episode to hacking into Sony's computers. And some
information on the first chart on that site is wrong.
--
Too much kipple.

On 2015-03-28 03:32, The_Chris wrote:
In alt.os.linux.ubuntu Maraela J. wrote:
I am just looking for user experience since I can easily guess what
happens when you use public free vpn server to download torrents.

The CDMA can either:
a) Do nothing (if they know the free vpn provider will do nothing),
b) Or send the takedown notice to the free vpn server company,
c) Or have the vpn server company rat on your IP address.

I'm sure each of those happens, but I am just wondering what YOUR
collective experience has been when you use one of the many free vpn
servers out there on the interweb.

Well, if you're using a public free one, you're getting what you pay
for..

It's worth it to me to pay the $4.95 a month for peace of mind.

They haven't ratted on me, but, they tell me when people are nosing
around.

I'm using HMA (Hide My Ass)

HMA will comply with DMCA notices. So choose your server appropriately
if doing anything sketchy.

On Sun, 29 Mar 2015 08:30:10 -0400, (PeteCresswell) wrote:

Per Maraela J.:
Which VPN Services Take Your Anonymity Seriously?
http://torrentfreak.com/which-vpn-se...our-anonymity-
seriously-2014-edition-140315/

They asked the VPN services these questions:
1. Do you keep ANY logs which would allow you to match an IP-address and
a time stamp to a user of your service? If so, exactly what information
do you hold and for how long?

Am I losing my mind or does this quote not make sense?

"2. We operate out of the US which is one of the few, if only, countries
without a mandatory data retention law. We explored several other
jurisdictions with the help of our professional legal team, and the US
is still ideal for privacy-based VPN services."


Essentially, they're saying "we can set it up and are NOT required to
keep extensive logs for the NSA[1]". Unlike certain other jurisdictions,
the only "mandatory" logs here are the 72[2] hour logs that you're
keeping anyway so that you can diagnose the cause of a problem when you
start having network issues.


[1]They don't have to, NSA is logging everything already .

[2] for some value of "72"

Per Dan Purgert:
"2. We operate out of the US which is one of the few, if only, countries
without a mandatory data retention law. We explored several other
jurisdictions with the help of our professional legal team, and the US
is still ideal for privacy-based VPN services."


Essentially, they're saying "we can set it up and are NOT required to
keep extensive logs for the NSA[1]". Unlike certain other jurisdictions,
the only "mandatory" logs here are the 72[2] hour logs that you're
keeping anyway so that you can diagnose the cause of a problem when you
start having network issues.

Now that I have some coffee in me... I realize that I read "We operate
out of the US..." as "We operate outside of the US....".
--
Pete Cresswell

(PeteCresswell) wrote:

Now that I have some coffee in me... I realize that I read "We operate
out of the US..." as "We operate outside of the US....".

Do the copyright trolls only send letters within the USA?

In article ,
"Maraela J." wrote:

(PeteCresswell) wrote:

Now that I have some coffee in me... I realize that I read "We operate
out of the US..." as "We operate outside of the US....".

Do the copyright trolls only send letters within the USA?

No, they send letters wherever such letters might catch someone in their
net.

They sent out US-style letters to Canadians, that were just meaningless.

http://www.michaelgeist.ca/2015/01/r...ng-copyright-n
otice-notice-system-citing-false-legal-information-payment-demands/

http://tinyurl.com/mkhlr8j

In the UK, they send out "letters before claim" which can't be ignored,
but don't really lead to judgements

http://www.adviceguide.org.uk/wales/...nternet_and_co
mputers_index_e/consumer_the_internet_filesharing_and_copyright_e/what_to
_do_if_youre_accused_of_copyright_infringement.htm

http://tinyurl.com/nfdmtuz
--
Where's the Vangelis music?
Pris' tongue is sticking out in in the wide shot after Batty has kissed her.
They have put back more tits into the Zhora dressing room scene.
-- notes for Blade Runner

On Sun, 29 Mar 2015 18:07:07 +0000 (UTC)
"Maraela J." wrote:

(PeteCresswell) wrote:

Now that I have some coffee in me... I realize that I read "We
operate out of the US..." as "We operate outside of the US....".

Do the copyright trolls only send letters within the USA?

The concept of copyright, even when we have agreements with other
countries, is still and will hopefully always be a national law kind of
thing.

Cybe R. Wizard
--
Nice computers don't go down.
Larry Niven, Steven Barnes
"The Barsoom Project"

Op 28-03-15 om 16:12 schreef JF Mezei:
On 15-03-28 05:44, Dirk T. Verbeek wrote:

Make no difference if you pay, they are registered at a certain
jurisdiction and will follow local law, in the US and some other
DCMA/ACTA-like places they will pass on your originating IP.

If you pay for the VPN service, then the VPN operator can pass your
identity/address to the copyright troll when requires since the VPN
operator knows who you are.

If the VPN service has no commercial link with you, they don't know who
you are are at worse, can pass the IP used to establish the VPN, at
which point the copyright troll can go to your ISP and get your identity
from them.

In Canada, the trolls have been selective with which IPs they choose to
pursue/threaten. For instance, Voltage paid some company for a whole
bunch of IPs belonging to a specific ISP because they figured the ISP
was too small to resist. They figured wrong. Voltage had to promise to
go through with the legal processes against the suspects, and the judge
put conditions which will result in Voltage losing much money on this
endeavour. (in Canada, maximum for copyright infringement is $5000 per
person, and Voltage has had to spend much in legal costs just to get to
the stage where they are allowed to send the treathening letters to
individuals. Each letter has to be approved by the judge.

So it is more likely that trolls will not select IPs that belong to VPNs
or other "difficult to get" companies since the legal proceedings would
be double, having to get court orders to have the VPN company hand over
the equivalent IP and then court order to have the ISP link that IP t a
customer.





Sounds credible and I sure hope you are right...