I feel pretty double about VPN as a solution for masking my online activities. My reasons for using a VPN break down into these (related) categories:
1. Security. I don't trust this network at all, such as unsecured wifi in coffeeshop.
2. Access. This network has draconian restrictions I need to get around, such as corporate proxy servers or country firewalls.
3. Privacy. It's none of this network's business what I'm doing.
4. Legal. I don't want to get in trouble here. Especially when traveling where I don't know the laws, but increasingly in my own country. Hell, the courts in NL haven't figured out if TPB is legal, how should I know?
VPN can solve many of these problems most of the time... but always using a VPN means that I have a single point of failure for all four of these.
Regarding "3. Privacy", it's not just the network you're on, you're protecting your privacy from, it's every single service your device regularly polls or connects to. If you find yourself hopping on and off wifi at home and work and else where, every service your device polls is building up a log of your movements.
This is mainly why I have a VPN on my phone. Apps that make internet connections from my phone always appear to be coming from the same IP address as far as the end service is concerned. It doesn't matter if I'm on wifi at home, on wifi at work, or on 3G. All of the connections are routed over an encrypted channel to a box I control before hitting the Internet.
My personal choice is privateinternetaccess.com: $40/year, unlimited bandwidth (cloak and many others limit bandwidth), multiple platforms (Windows/MAC/*nix/iOS/Android), multiple protocols (PPTP, OpenVPN and IPSEC/L2TP), multiple gateways (US/UK/Switzerland), and most importantly, NO user activity logs.
It's beyond me how providers who operate in the EU space, hence under the 2006 Data-Retention Directive, can claim "no user activity logs" are kept. Either they do retain logon-logoff times, or they're technically breaking the law -- unless the directive has not been adopted yet in the specific country, in which case they're just exploiting a temporary loophole.
I'm pretty sure any VPN operating on UK nodes would need to retain logon/logoff times linked to individual subscriber data; they won't have to log website access, but that's about it.
We utilize shared IP addresses rather than dynamic or static IPs, so it is not possible to match a user to an external IP.
Also:
We maintain logs describing the time at which a client connects, length of connection time, source IP, as well as payment information. We use custom hashing to maintain separation between our payments database and user database.
My interpretation is, under a court order, authorities can, with considerable difficulty, force a match between a criminal request and several users, but not one user.
Reasonable enough for me - I believe in good-enough security through obscurity given enough obscurity - YMMV of course.
VPNs aren't just used for file-sharing. One of the main reasons why people outside the US (including American expats) use VPN services is to get access to geo-tarded services.
Almost all my traffic goes over a VPN these days. I don't do any file sharing, but I just don't want my ISP keeping tabs on me. (Yes, yes, I know, a VPN ISP can keep track too) It's so easy (and cheap) to set up a VPN or SSH tunnel with your own server (or servers). My favorite site for finding a cheap provider is www.lowendbox.com or www.lowendstock.com.
I have several VPN/SSH servers around the world for an average of $20-$25 per year.
At least you get a choice among hundreds of VPN providers and can choose a privacy-respecting one, whereas most of us are stuck with a monopoly or duopoloy in ISPs.
I've been using my Linode as a VPN lately since I do a lot of work in coffee shops and it works great. More recently I've been using it here in Bahrain to access sites that are blocked by the government (innocent ones that come up on HN, dunno why they're blocked), and US-only sites like Pandora.
However, Linode is kind of expensive for this purpose only (I also host my small website on it, though), and have been looking into maybe an AWS micro instance which I can spin up when I need it, or possibly others.
Anyone have good recommendations here for VPNs that are fast, relatively inexpensive, reliable, and other criteria that might be useful?
http://arpnetworks.com/ is ballin'. I've been using them for a few months now. Very fast upstreams. They're only on the west coast of the USA, though. They have a $10 option.
Since I have a bunch of EC2 nodes anyway, I route my own traffic through one of them when I want a VPN (mostly for a little extra safety on untrusted wifi).
It works great until you realize how much of the web blocks access from EC2.
My fear is that use of an anonymising VPN will in itself become cause for the state to hassle you, and that this won't require any new laws to be passed.
I'm more afraid that the use of a VPN will actually become less secure than without using it. ISPs are governed by different laws ensuring your privacy (to some extent). VPNs aren't subjected to those laws and can thus, legally, sell you out long before your ISP ever could. Sure, the potential outrage for such behavior is probably enough to convince most VPN services to never do it (although a secret agreement with MPAA or similar is probably tempting for many) - but you get no extra protection against the law.
Since the moment someone has a warrant against you both the VPN and your ISP are obligated to cooperate you really have nothing to gain, in theory, from using a VPN in order to pirate.
There is one exception and that is if your VPN resides in a different country, then filing a warrant is probably trickier but with time this hole will probably be a lot smaller (at least within countries of EU etc.). And having a VPN in another country is of course not the best thing you can do performance wise.
That or the absurd idea that VPNs is to be criminalized. I wish it was a joke but politicians are seriously considering it.
I think a lot of it depends on which ISP you have, how much you trust your ISP, and how much you trust your VPN. Many VPNs claim to keep no data at all, which means that government intervention cannot reveal your Internet activities, because there are no records. If you live in an area where your ISP is required to maintain certain histories, and you have a trusted VPN in a more relaxed country, it's easy to see how a VPN might be preferred.
This works until your VPN provider gets an order "please start logging for user PaperclipTaken and turn over all logs for the coming 30 days to $BADGUYS".
There have already been attempts to restrict their use, written into proposed U.S. legislation, as just one example.
And I can't disagree with your comment, "won't require any new laws to be passed", either.
Again in the U.S., Federal authorities have already and are increasingly demonstrating willingness to act in extra-judicial fashion. It's not too much of a leap from ISP reporting to demands that ISP's detect and shut down such pipes (think of the "terrists", the children, the poor starving record labels and producers, etc., etc.).
What the ISP's really want, is release from any and all liability. That is one aspect of the recent CISPA negotiations. As long as they can't be sued nor otherwise hauled into court, they may view "shutting down the pipes" as one more avenue for shoving users onto their own, in-house services.
If you are using an SSL-VPN is there any way, apart from the destination address, of someone detecting that the SSL traffic is a VPN and not a secure website?
This is one of the dangers of course. When I read it I thought "Ok now they can show they know what they were doing was wrong, because they tried to hide it." In the US that could work towards proving intent.
And when you are out looking for bad actors of a modestly sophisticated nature you might start with the VPN traffic.
A much nicer solution would be create all VPNs everywhere to protect us from Google Street view type drive by snooping (you know common good and all) which keeps you from being lumped into the 'usual suspects' pot. This is a Good Thing (universal VPNs) because even though Google has stopped their practice, there are still cars/vans out collecting this information for resale.
I don't think courts would take kindly to that kind of blatant attack on free speech and privacy rights that are well-established in law in most countries.
In many countries, I agree. But there are some places, like the UK, where I could easily see this kind of thing happening. Free speech and privacy don't seem to be very fundamental in some systems of government.
This is obvious progress due to the lawsuits of recent years. File-sharing will move over to take advantage of IP addresses of countries with relaxed copyright legislation. If all countries implemented strict copyright laws, there's I2P and other similar encrypted anonymous networks. People just have to trade off transfer speed to get what they already used to have in the 90's.
I think that the fact people are willing to pay for a VPN just to get a better, "pirated", product no thanks to MAFIAA aptly underlines the severity of the challenges that content industry is facing.
Money is not the issue why those who have money do pirate content.
I suppose what's interesting about this to me is that the pirates are presumably paying for VPN service? Which means that I guess we've figured out the threshold where they are and aren't willing to pay for things -- to keep out of jail.
I should launch a Piracy as a Service app. Each month, you send me $100, and I will send you back copies of hot movies of varying quality, but all perfectly legal. You stay out of jail, I stay out of jail, and the pirates can rest assured that they never had to actually pay for the media they're consuming.
> Each month, you send me $100, and I will send you back copies of hot movies of varying quality, but all perfectly legal
Your snide comment is way off the mark. By your tone I'm assuming you're staunchly anti-piracy and don't pirate stuff, so you don't have experience with the actual quality of pirated media.
As a long-time pirate (10+ years), I can unequivocally tell you that pirated media is lightyears ahead of anything available legally. By using just 1 (one) torrent site, I can gain access to pretty much every single movie, music album, video game (console or PC), piece of software (all platforms), and book. The downloads almost always max out my connection.
As for quality - it's better than if you buy the media. Netflix and iTunes are just now bringing out 1080p content, and it's almost definitely going to be compressed in a lossy way. I can torrent the original Bluray disc image (~50 GB) if I want to, or get a high quality X264 compressed version to save space/bandwidth. You're not forced to go with the one thing that's offered to you. Both options have been available ever since Bluray (and HDDVD) first came out. I've been watching 1080p content for years without ever buying a Blu-ray drive or any other special hardware.
And the best part of all - both the downloading process and the files I get are in standard & open formats that I can run & view on my Linux PC. What's available for download is browsed via a normal web browser, the BitTorrent protocol is open and has been implemented on Linux many times over, and I've never had any issues playing back content once it's been downloaded - the formats are open and are supported by a variety of open source media players.
Let me know when I can run iTunes or Netflix on Linux. I doubt it'll ever happen.
Oh, and VPN services don't cost $100 a month. You can get them for less than $20/month. When I was sharing a seedbox with a friend, it was $10/month for unlimited data transfer and 250 GB of storage space.
Not to mention you can enhance all sorts of playback stuff. Simple one: Subtitles. Netflix took forever to add subtitles, and even now the coverage is spotty, and languages are very limited. And if sync is off, tough luck.
Also, if there's any problem with playback, you can fix it. A few things I use often: Brightness control, dynamic range compression (nighttime mode), subwoofer support (2 channel audio on Windows just goes out L and R; ffdshow lets me easily split low freqs to the sub).
I didn't imply that VPN services did cost $100 a month, nor did I think they did. I would honestly be surprised if I had to pay more than $5 a month for one.
The $100 a month figure I threw out was what I thought it might cost me to buy assorted 'hot media' on the market and resell it at a small margin.
I also didn't imply that your pirated media was of poor quality, but since you so proudly brought it up, looking over a single torrent site shows a broad range of quality options for a given download, which fits with my earlier snide comment.
As for your remarks about Netflix/iTunes and Linux, I consider that a feeble response. I can't buy a Ford transmission that fits my Jeep Wrangler, but that doesn't entitle me to steal cars, even if Ford makes a better transmission that fits more vehicles. And before we get into the whole "can't pirate a transmission" rhetoric, let's get out of the way that there are iTunes-like services and Netflix-like services for Linux. They exist. Sure, they aren't the exact same thing, but I honestly suspect that their non-existence is just another strawman excuse to justify pirating whatever you want without having to consider that it might actually be a harmful thing -- or you're too caught up feeling entitled to care that your cop outs are just that.
Also, these things never go anywhere. I'll just go ahead and apologize now for hitting the reply button, because I know I'm going to, but I will not respond to this. If you want to pirate things, go ahead. But I frankly am not interested in hearing how you've justified how great and open and free it is. Either you're willing to pay for the things you consume or you aren't. By my opinion, if you aren't, you aren't entitled to consume them. That's my opinion. You're welcome to yours.
I'm not naive enough to believe that copying your friend's Range Rover takes anything away from him. I understand that.
It takes away from the people who design, manufacture and sell Range Rover vehicles.
To turn that analogy on its head -- identity theft is also not 'stealing'. I haven't taken anything away from the original holder of that identity, as they are decidedly still who they are. That doesn't make it victimless, and it certainly doesn't make it right.
Doesn't turn it on its head, in fact, supports my point. Copying your identity info doesnt hurt you in any way. Using that ID for commerce does.
Copying a movie you'd truly never pay for doesn't hurt. Reselling your copy does.
Making a copy uses resources and work. Copying a Land Rover would cost you more than buying a new one. Mass production and distribution lowers the price enough you can buy it cheaper than you can make it.
Studios should be thinking the same way, realizing that people will pay for convenience. To get paid more, make it more convenient. Just look through these comments to see how much "piracy" is actually about convenience.
"I can unequivocally tell you that pirated media is lightyears ahead of anything available legally"
I find this unlikely. Piracy is just a copy. It's not like anything new is actually created in the process. You are getting a very nice duplicate of the original.
You are part of the entitlement generation. Since you are so used to just getting things for free, you will just keep making excuses to pirate when the company doesn't give you exactly what you want.
This will have many consequences in the future, including:
1) Commercial software will only be serviced-based. So, instead of paying one-fee for software, you will be required to pay for it every month/year. IE: the "cloud".
2) Software developer salaries will be much lower. Although not directly related to piracy, open source being so freely available means that businesses only need people to do updates (software mechanics not engineers).
3) DRM and more protections schemes. DRM was a direct result of piracy, not the other way around.
Continue to pirate all you want, but don't be shocked at the future you helped create.
> I find this unlikely. Piracy is just a copy. It's not like anything new is actually created in the process. You are getting a very nice duplicate of the original.
As unlikely as you may find it, it's a fact. Pirated media has none of the restrictions that legitimately obtained media does. For example, I don't have to worry about whether a new device that I've just bought will be compatible with all the media I already possess - since it's not DRM-encumbered, I'm free to do whatever neccessary to get the file onto the device.
Acquiring the media is the same - I can torrent music on my Linux PC, but I can't download music using many legitimate sources.
> You are part of the entitlement generation. Since you are so used to just getting things for free, you will just keep making excuses to pirate when the company doesn't give you exactly what you want.
Wrong. I buy media when it's provided in a cross-platform and non-DRM encumbered manner. I've purchased every single Humble Indie Bundle until now (and paid more than the average), not only because Linux & Android versions are available, but also because I can download the games from my web browser. I haven't really played the games that much, but that's not the point.
When Louis CK announced his $5 comedy special that was available online (from a web browser) in a non-DRM encumbered manner, I went and purchased it immediately, even though I don't particularly enjoy his comedy, and did the same with Aziz Ansari's comedy special as well.
Well they still watch/use/listen to the "inferior" product, so if it's worth watching/using/listening to, why is it not worth paying for? Or should people be able to set their own prices on what they get?
No, pirates constantly get a superior product to anything you can buy.
That's because the DRM is stripped, the DRM often have many compatibility/integrity/security issues etc. that pirates never have to worry about. They are not forced to watch through FBI warnings before watching a movie.
The experience of downloading something is vastly superior to buying it in most cases, and that's assuming you can buy it at all (pirates don't have to wait/hope for a TV series to be released outside of US, for instance).
To add to the points made by previous responses, you can see for yourself the benefit of unencumbered files by ripping your own legally obtained Blu-ray movies. Once you have a DRM-free file on your hard drive, everything is better: there are no forced trailers, the movie loads nearly instantly (the standalone Blu-ray player I've used took about 5 minutes to load a disc), and seeking is practically instantaneous. You can even watch your legally obtained full-quality movies on non-HDCP-capable projectors and monitors.
For me, being able to avoid TV ads, forced movie ads, and ads on services like Pandora are some of the greatest advantages to piracy.
Furthermore, you know things like Bitrate before you download. On Netflix, you don't know how a movie has been compressed. Even 1080p movies can have noticeable quality differences depending on the method of compression. Using a private tracker, you can see the exact program and settings used before downloading.
Actually I was thinking that should be the content industry's next business model. People subscribe to torrent/content services. The services buy licenses for content. People download content.
It's almost the same thing as radio, the difference being that you have a copy.
how about having "donate" buttons on torrent sites that would allow you to donate either to studio, or actor, or producer. That money would go to a offshore account where they would wait to be claimed by the cast or copyright holder. And the only condition for transferring money from this account would be to sign a carefully worded document that would mean that copyright holder agrees to such distribution model?
I've been wanting a service like this for anime for years. Instead of paying ridiculous import prices for DVDs without English subtitles, let overseas fansub watchers pay what they want, directly to the studio, anonymously. Admittedly this might discourage some buyers who previously imported DVDs from Japan, but I'd bet there'd be an overall net increase in revenue for the studios.
If you want to pay to improve your piracy experience, Usenet is the way to go. For about $20 a month you can get unlimited downloads of whatever, as fast as your home connection can handle, non-peer-to-peer. It's not as general a solution as VPN, but it's kind of amazing to me that Usenet doesn't get more attention, at least if VPNs are now starting to.
I know Astraweb and others charge less. I agree, it's significantly cheaper and easier to use Usenet. Plus I believe it to be more legal, since you aren't actually sharing copywrited material. Just downloading it, and I don't believe anyone has been sued for just downloading.
I believe many here have some sort of VPS or dedicated server. Just setup VPN and use it. Just use it. Installing pptp server is very easy. And if you are more determined - install OpenVPN - it allows compression and better security.
The only VPN I know that explicitly guarantees no logging is the Swedish vpntunnel.se
They operate many nodes, and they tell you that due to data retention laws in the EU and USA, your traffic with them or any other provider will be logged for a period of time no matter what anyone says otherwise.... except if you use their Swedish endpoints because, apparently, Sweden has no and is subject to no data retention laws (yet).
There is evidence of links to terrorism. Well, VPN is 3 letters and so is IRA, ETA and RAF so thats a link. Better throw child pornography and drug smuggling in there as well
This is already becoming the true in Germany. ~10% vote Pirate Party in Berlin, more states have similar voting numbers. PPDE is now the third largest party in Germany by member count.
This is why you can't legislate the Interwebz very well. Legislation will typically be ~5 steps behind technology (a rough guesstimate that has no basis in research).
1. Security. I don't trust this network at all, such as unsecured wifi in coffeeshop.
2. Access. This network has draconian restrictions I need to get around, such as corporate proxy servers or country firewalls.
3. Privacy. It's none of this network's business what I'm doing.
4. Legal. I don't want to get in trouble here. Especially when traveling where I don't know the laws, but increasingly in my own country. Hell, the courts in NL haven't figured out if TPB is legal, how should I know?
VPN can solve many of these problems most of the time... but always using a VPN means that I have a single point of failure for all four of these.