PPUK endorsed VPN service

[azrael]

There have been discussions in the past about VPNs, whether PPUK should set up its own, and which other ones are reliable and trustworthy. Until now though we have not actively endorsed a particular VPN service. Today that changes.

Pirate Party UK has been in discussion with a trusted long-time supporter and member about setting up a new VPN service dedicated to bringing back some privacy and anonymity to internet use, giving users a valid option to opt-out of Government spying.

We are happy to be able to announce that (given sufficient interest) a new VPN service - PRV.IO - will launch to provide VPN services. Once there is sufficient interest, this service will launch with market competitive prices. Anyone registering now will receive a discount once the service goes live.

Pirate Party UK is reassured that this VPN will only log to the extent required by law, and no further. PRV.IO will never voluntarily provide any information to authorities. Given a dynamically-changing IP service model and no connection logs kept, anonymity is maximised to the extent currently possible under UK law.

Finally we are happy to announce that the more popular this service becomes, the better for us as we have an agreement in place to receive a proportion of PRV.IO profits as a corporate donation. Your online privacy will help fund us to keep on fighting for your rights.

If you currently use a VPN service and would be happy to switch to a service endorsed by PPUK, or are not yet using a VPN but would consider it, please register your interest and select 'Pirate Party UK' in the 'I heard from...' drop-down.

I heard from.png (12.38 KiB) Viewed 5491 times

[tdobson]

Well that was an interesting decision...

I'd remind borgs that randomly portscanning things/looking for vulnerabilities isn't the best kind of thing to do...

But anyway, going back to the proxy service...

I figure whoever is running it is likely to be someone I've spoken to in the past, and anyway, is certain to read this thread (as this appears to be the only publicity they've received so far).

---

Dear sir

There's no advantage being anonymous, because you're only anonymous from the people who care about you the most - your users. I just tried googling, whois-ing, for details - it's a pretty solid gap - for now, from me. From anyone with any kind of legal remit to know who you are, there are multiple ways to find out who's who - the easiest is simply to throw your ISP a court order or similar. You're protected from people like me finding out who you are but not from the people you don't want. This is disingenious.

Whilst Mr. Assange, on a personal level, may, at best, be legitimately called, "a bit of a tosspot", towards the end of 2010, strategically, he pulled off a masterpiece.

Wikileaks was a faceless Organisation, he couldn't stay secret for ever and he certainly couldn't stay secret from a really peed off US government. There were other people, but they weren't as involved/committed - and so he started making appearances in public, letting the public see who he was.

When it comes to random bittorent trackers, 'hacker' groups - it's quite clear they're going to get caught at some point. Why? Because once someone of similar or greater intellect is on to you, they're on to you. Just like a hacker only has to succeed once whilst a sysadmin has to succeed millions of times, suddenly it becomes a game of trying to protect your identity... and eventually they'll get you. What you see as morally or legally correct, is not really the point - if someone's out to get you, they're likely to get you first, and worry about it later (I'd agree not how it should be - that's why I'm here!)

Now obviously, VPN services are perfectly legal in the UK - a 5am smash at the door seems unlikely. But for users, VPN services mean putting a lot of trust in the operator - essentially the operator controls the endpoint and if the endpoint is compromised, so is the contents of any unencrypted traffic and certainly where to/from that traffic is going.

So how can one gain the user's trust? Well let's look at some of the ISP's I'd trust most.

In the UK, this guyI'd trust this guy. Why? Because he's a machine! He's a clear stance on DEA and silly filters

We do not have any black boxes designed to filter or monitor traffic and you are welcome to ask RevK on irc if this is still true at any time and take a lack of reply or evasive reply as you wish.

-source

What's more, he publicly run a business with not too shabby accounts

Rsync.net are a non-UK based company who seem quite clued up. They have a similar kind of stance as the previous, except they got there first actually. Anyway, look.

The people behind it? Yeah, really hard to find. Especially when they've had at least 9 books published, and blog about the EFF.

There are others, but I don't feel the need to list every reputable organisation in a list. The point is - if someone goes after the first guy, all his users know him whether they like it or not - if someone goes after the second guy - all his users know him. If someone goes after anonymous £8 VPN guy then anonymous £8 VPN guy has gone, and co-incidentally, no one really knows who Jim Roe who was arrested in Flint, so there's no political pressure and hardly anyone would wan to donate to his defence fund.

In my opinion, strategically, the best thing you can do is do nothing wrong, be quite clear about who you are, be quite clear on your opinions, technical setups. Be as paranoid as possible, all the time, and do nothing wrong. Ideally, also have a good way of warning yourself away from crazies.

Meh, I hope that helps. I doubt it does, but this is why I won't be signing up.

Best of luck!

[meeb]

Prior to anyone signing up properly to anything (if there is sufficient interest) all technical details will be public on the website for potential users to check over. Naturally I have no qualms over anyone using any other VPN service or asking detailed questions. I largely agree with the quoted text as after it is mostly based on a position of trust as you say.

[designbyadrian]

Prv.IO registration page is awful on the iPhone.

[aramoro]

The weird way it's setup make it look very scam-worthy. No names, no accountability just pay them the money? Do you take bitcoins?

[azrael]

The site is just to register your interest. If you aren't interested, that's ok. If you are interested, and register, then later don't like any aspect of the service, you don't need to actually sign up and pay any money. If there are questions you'd like answered that would alleviate your concerns, do ask them and we'll see about getting them answered.

[argyleblanket]

I consider it entirely inappropriate for the PPUK to endorse a commercial service in return for kickbacks. If the PPUK wishes to promote the use of VPN services, then it should either link to or commission an independent study of existing providers.

[azrael]

Hi argyleblanket

I accept that you think it is inappropriate, and you are absolutely entitled to your opinion. If you want to undertake such an independent study and make it available via this forum I am sure many will appreciate it. I know I would.

I do want to note that the Party is being transparent about the arrangement. The Party is not taking a 'kickback' (the term has strong connotations of improper and underhand behaviour). Instead it is promoting a service/company/individual that it trusts, is promoting online privacy, and will receive donations to allow the Party to continue to promote online freedoms and privacy via political means. The Party is being above-board with the arrangement and if/when donations come in we will likewise be transparent about that too.

Nor are we randomly endorsing a service. It has been suggested in the past that PPUK should run a VPN to provide such services and make money for its political activity. We aren't in the position to undertake such commercial activity - so the next best thing is to support a well-trusted member with the reciprocal arrangement in place (promotion and donation). I assure you that if at any time the Party loses faith in this member or service and feels no longer able to endorse this service, we will not hesitate to make that clear also.

[otester]

So how does UK law affect VPN's, is there any logging required by law?

Any way to identify users by IP?

[JoFreddie]

Looks like it may be over priced, even if you slide the "I'd pay" bar all the way to the left it only goes down to £5 a month, at the moment I pay $85 (US) a year about £4.50.

[otester]

Looks like it may be over priced, even if you slide the "I'd pay" bar all the way to the left it only goes down to £5 a month, at the moment I pay $85 (US) a year about £4.50.

Same, and I get access to multiple locations and protocols.

[Jimadilo]

I'm genuinely disinterested in this. In fact, I think that it's a bad idea. It actually provides no useful anonymity, provides a false sense of security, and charges for the privilege.

I understand that donors may be providing funds for these kinds of 'suggestions' (ads), but I would suggest that you check the technical aspects of these before you suggest them to us.

If people really want anonymity, I suggest that they use tor and i2p. In spite of suggestions to the contrary, these still offer the best anonymity available online for most people. And they're both free (although you can donate money and/or bandwidth to the cause if you so desire).

Thanks

Jimadilo

[meeb]

Hey, cheers for the feedback.

There are multiple factors for pricing, UK-based hosting is typically in excess of US-based hosting or most other EU countries in terms of baseline cost. Quality and less contention is also an important factor. Whatever price the service initially launches at will be fluid for a while most likely as the service gets started. I was after hosting a very uncontended service with near zero slowdown regardless of connection speed. Despite most other services being "unlimited" I usually find there's a 10-15mbit or so ceiling hit regularly which doesn't suit me personally.

There are only a couple of ways to offer a service so cheaply, one is to pack users onto servers at a greater density, one is to oversell to people who probably won't really use it much and the other is to use poor hosting or cheap transit. While all options are possible and might appear in the future I was after the initial service being the best it could be for the money.

Naturally if the overwhelming feedback is that it's too expensive (or, "£5 is too much" on the interest registration site I suppose) and people want a service for less money then it's possible to modify what I was going to offer, but it won't be the quality of service I originally intended to launch with. I'm sure you can appreciate there is a baseline cost to such a service that can only be decreased by affecting the service itself, regardless of any donations to the party or mark-up.

The entire point of this step is to get the feedback of people like you who might be potential users to gauge the most popular service to launch with. Multiple protocols are most definitely planned, pretty much the entire list of options on the site are planned to be available, however the most popular so far by a long margin is OpenVPN which providing it's actually possible to build for the price people are willing to pay (and there's enough people about) will be launched first.

[meeb]

With regards to the UK laws, currently they are actually surprisingly friendly. The service will not keep connection logs, only data for billing and real-time connection data (stored purely so that you can't just have 500 people sharing an account). There are proposed laws that would change this, however they are planned for 2014 at the earliest if they are implemented. The service would cease operation or move offshore if there was any attempt to strong-arm it into tracking people.

It does provide anonymity over your bare ISP connection. I'm happy to detail any technical aspects if you wish. The issue with i2p and Tor is they're typically terrible for performance.

[Pedgeth]

Any chance someone could provide an idiots guide here? What is a VPN? Why would I need one? Why would I want one? Imagine I'm not a network geek and explain it to me in baby steps.

[Jimadilo]

Ok, well, two things, and then I'll go away and stop being such a corncob.

First, the authorites will be take control of your whole operation if they regard your users as doing anything that interests them. And they can put a gagging order on you, so that they can throw you in prison if you tell anyone about it. If that's something that you're happy with, you're a braver man then me.

Second, performance on tor and i2p is bad. That's why you should donate bandwidth (like me!). However, bad is a bit of a gradient here. It's 'bad' for playing games, watching porn, downloading movies, etc. But light surfing, tweeting, reading and posting to forums, etc, you'll probably not notice the difference. If you do, it's probably more to do with config than actual performance.

Anyhow, as the candidate for Manchester suggested, "Be as paranoid as possible, all the time, and do nothing wrong". Sounds like a good plan to me.

Jimadilo

[argyleblanket]

I do want to note that the Party is being transparent about the arrangement.

If that were the case, the Party would elaborate on how it knows the individual planning to provide the service and how it has come to the conclusion that he can be trusted, including what evidence (if any) there is to support its case.

I used the term "kickback" deliberately because I do consider this type of arrangement unethical. The party should not be promoting commercial businesses in return for financial gain. You might consider this an extreme conclusion, but this practice takes us in the direction of the US government system, where policy is set by corporations with deep pockets, not in the interests of the people.

The Party must keep itself free of commercial influence, and must be seen to be doing so.

[azrael]

Some good places to start are http://en.wikipedia.org/wiki/Virtual_private_network http://www.howstuffworks.com/vpn.htm and http://whatismyipaddress.com/vpn

A VPN secures and encrypts your internet use between you and the VPN (doesn't mean your connection between the VPN and random website is secured or encrypted). To the internet you will appear to be connecting to websites (etc) via the IP address of the VPN rather than your home computer. This provides a level of anonymity - the owners of http://www.train-spotting.com won't have your personal IP address and can't tease you about being a train spotter.

[meeb]

Sure, VPN stands for Virtual Private Network. Typically in the past these were used by, for example, business to allow remote workers to "join" the company central network. They have had another purpose recently though because they basically proxy or bounce your connection through a remote computer. This can be used to effectively mask your actual IP address on the internet and as the connection between your computer and the VPN server is strongly encrypted (well, other than the slightly lame PTPP variant which is only uses average strength encryption) it stops ISP-based monitoring of your activity on the internet.

It's not a be-all end-all ticket to being totally anonymous on the internet but it certainly does help a lot. The other issues being discussed are based around the quality of the service offered as you can host multiple VPN users per server.

[meeb]

I would just like to remind people here that primarily the service is meant to combine party donations with a useful and appropriate service. There is no nefarious corporate politics and the service will never discuss any "influence" with the party under any circumstances. This is not a core part of the of what I usually do by any means.

Quite simply, I thought it would be helpful and mesh well with the party users. If the general reaction is mostly negative then it won't happen.