LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 09-18-2013, 02:12 AM   #1
joey39
LQ Newbie
 
Registered: Sep 2013
Posts: 1

Rep: Reputation: Disabled
Responses I got from VPNs regarding their GPG public key


I decided to contact the VPN services listed in this article and ask them to provide their PGP/GPG public key.

Here is a short summary:

PROVIDED GPG KEY: AirVPN, BolehVPN, Ipredator, IVPN, Mullvad.

DID NOT PROVIDE GPG KEY: Boxpn, EarthVPN, NordVPN, Private Internet Access, PrivatVPN, Proxy.sh, VikingVPN.

DID NOT RESPOND MY E-MAILS: Anonine, BTGuard, Privacy.io, TorGuard, TorrentPrivacy.

NOT CONTACTED: PRQ, Faceless.ME, IPVanish, BlackVPN.
Those companies were not contacted because they either keep logs, or their policies are too vague, or they use a deficient SSL/TLS certificate.

Below you will find their responses to my messages. My name, my e-mail address, and tracking links have been removed. Conclusion is in the end.



AIRVPN:
Quote:
Originally Posted by Me
Hello, please provide your PGP Key. Thanks.
Quote:
Originally Posted by AirVPN
Hello!

Please find our gpg public key attached. Please send us yours at your convenience.

Kind regards
AirVPN Support Team


BOLEHVPN:
Quote:
Originally Posted by Me
Hello, please provide your PGP Key. Thanks.
Quote:
Originally Posted by BolehVPN
Hi there. We do not use PGP encryption and so have no pgp key to provide.

If you have any further questions then please just reply to re-open the ticket.

Yours faithfully,
BolehVPN Support Team
Quote:
Originally Posted by Me
Hello,

I am very surprised that you do not use PGP/GPG (Pretty Good Privacy).

Your business claims to offer high levels of Privacy, Security, and in a way Anonimity, but when it comes to customer relationship it seems that none of those things really matter.

If a person wants to contact you through e-mail, he has left no option but to have his whole message transmitted unsecurely. Although e-mail is unsecure by design, GPG is a popular free encryption tool used by many privacy conscious users - and companies - to increase security.

So, as you allow your customers to contact you through e-mail, why do you choose *not* to use GPG since your business is privacy and many of your customers may use GPG?

Also, I found your business through the article "VPN Services That Take Your Anonymity Seriously, 2013 Edition" (https://torrentfreak.com/vpn-service...dition-130302/), published by TorrentFreak.

I did a little research and of all the VPN services listed there, only four of them provide their GPG public key to their customers; they are: AirVPN, Ipredator, IVPN, and Mullvad. They are usually highly regarded as credible and efficient by users.

So I have some questions:

How is your service compared to those mentioned here?
Is your service in any way better than theirs?
Why should I should choose your company over them?

Thanks.

Kind regards,
-----
Quote:
Originally Posted by BolehVPN
First of all our PGP Key is (and apologies for the delay in providing this) as this was not escalated to me.

We will definitely include our PGP key publicly soon.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v.1.20130820
Comment: http://openpgpjs.org

xsFNBFIy6/UBD/9jLNzo8nq6Kx03iUL0owJmmLQXO/pee1Vz4xHfDTyXj4pY
UJugPE1VMivp2k5V4KiIR1t/fjJYk3GZQxXn+DCJCoSSf+rN11272sQz2Gta
KdqNDEuo22RjnxDYvgnz3xSKKQe0hoPUs6wBVPU7rqQl+RJKxigS80mAyug2
a3SU+nUSew/hcsHPNtizbwwrx+AzhVXFuRENg+I4i9yMpyseMgIC93IK1xuE
81GNm5EI4Dipue2WcP+veYbChDi+ihUn1tq64U/3nSOUrx+/0jXMGrqfoFoK
LEJx9/gjI56Ke8SKwU0LN+xesfCZJb/mh8I+XKy/gNgeMe3aFG9h4UQhuZuO
652zTWPM8g0v9nxQ3LfVQZUoa2QXZM3IAgz2i/IFdx713Ncqi7DKbU+EKTU0
F7S+ddLSAED15DTnxhC6+d4WElPvO4HE3ZnUHQ3l87dXt0Len51fFnSYpUhM
dXIMph8zZJ5Xol3p4G6HxMR9FeKVY2L1k04ljKg75grY/i9tpTA0OnBfCB6t
tM5xrvGB88vq9VaxETSHNcUwtLH+vhCDS7lEMCQhFD7agGCTzTl5T+lFDMGl
xN3eyhXM4V4ILmn8xS+jVWAhoBxTtLqSWcrrUdYhO5Q2/FK9ITeZqcHIQfvx
NijK36r8zVScUnzWL0EMk/EQ0vDjXerxwwFyXQARAQABzR9Cb2xlaFZQTiA8
c3VwcG9ydEBib2xlaHZwbi5uZXQ+wsFcBBABCAAQBQJSMuv6CRA5OsIriWPu
dgAA3+gP/0EDCLoGx8nMdGdMiGrT4oXhpgW0Fe8Hug5yZ58rws1fphyOFY1y
F130LdBHrQ2yD1YP5BPVABkY/g/AVSd2Dh7Av0Qi0QIZIbIYRwCoXpZnEZKv
H81wSMyuKjwQY5bIyq92o3mE8puONX+mLBUoK9m8g2755f718oxg9BeE7f1s
3uiBU5sn2XsK5Ev+CBhirZAEPeMw5ZentX6YaxVM9dnhfI82E2fVODRFhOgB
oBxmOorI9RCE42QztvbxiEuC9hawhwJ44Lmh82Pryf7afMiDO5K5YKswnMFN
y86/IbOdDL/aBn65L5chSpEjOI09KHucfxDiwyt1oh4Z3ry9T9pJONkT7duZ
5veRSz/QiMyolclpQuKEOHRTT/idVJLz9jiJKBPfHfJBUjxOAry7cGTDqH6G
39BHuemueeIliyoCHLFMqveS0hoi8LOamAibf7v+/UPUijCdUna1IS56B3A/
3/rrVZAmSD25l2L9wgevtJCVrMUVA5pADh45KKuUYu6gEMV5tbkdtK2jxIBz
yTaY54aAyA6QWGchUFffcTrxXK51ruz6pi1GRTKfb+78EgLebgWGuZxDHz4H
Xfa/TZKQ9F3iXLtIME7Khqn1gdxD49c04LdCix+/5FxdHYdlQ6WeMjjOdLPF
zLpHGxL7yaVbWEKE+ypc+Y+leyuvoWvJ
=50hP
-----END PGP PUBLIC KEY BLOCK-----

You may continue the communication there

I believe our service has unique advantages compared to other providers:
a) Our company is under Malaysian jurisdiction, arguably better protected than let's say a US/UK/EU jurisdiction
b) As usual, we don't take logs as well and are not required by law to do so.
c) Our speed is pretty good (although of course your mileage may vary depending on which server you choose but you can see regular reviews of our service in terms of speed).
d) We offer access to our friends tracker at IPT for subscribers 30 days and above if you're a fan of P2P. We are not affiliated to them but do have a cordial relationship with them. However we do not share customer details with them.
e) We hope our personal service in answering your questions as thoroughly as possible will set us apart from other providers


BOXPN:
Quote:
Originally Posted by Me
Hello, please provide your PGP Key. Thanks.
Quote:
Originally Posted by BoxPN
Hello -----,

Thank you for the mail,

May i know to what device are you trying to set-up with?
Can you please clarify what you mean by PGP key?Please rate my reply:
<LINK REMOVED>
Quote:
Originally Posted by Me
Hello,

I am very surprised that you do not use PGP/GPG (Pretty Good Privacy).

Your business claims to offer high levels of Privacy, Security, and in a way Anonimity, but when it comes to customer relationship it seems that none of those things really matter.

If a person wants to contact you through e-mail, he has left no option but to have his whole message transmitted unsecurely. Although e-mail is unsecure by design, GPG is a popular free encryption tool used by many privacy conscious users - and companies - to increase security.

So, as you allow your customers to contact you through e-mail, why do you choose *not* to use GPG since your business is privacy and many of your customers may use GPG?

Also, I found your business through the article "VPN Services That Take Your Anonymity Seriously, 2013 Edition" (https://torrentfreak.com/vpn-service...dition-130302/), published by TorrentFreak.

I did a little research and of all the VPN services listed there, only four of them provide their GPG public key to their customers; they are: AirVPN, Ipredator, IVPN, and Mullvad. They are usually highly regarded as credible and efficient by users.

So I have some questions:

How is your service compared to those mentioned here?
Is your service in any way better than theirs?
Why should I should choose your company over them?

Thanks.

Kind regards,
-----
Quote:
Originally Posted by BoxPN
Hello -----,

Thank you for the mail,

boxpn is not similar to other vpn services like strongvpn, hma etc.
They are all providing simple encrypted proxy with no security layers.
Boxpn is the only vpn service provider that provides corporate grade
security with hardware base firewalls, threat management gateways,
antimalware filters. Also we can encrypt your traffic with up to
2048bit which is only provided by boxpn.
Please rate my reply:
<LINK REMOVED>

Please don't hesitate to ask if you have any further questions or
problems.
Best Regards,
----
Paul G.
Level 1 Support


EARTHVPN
Quote:
Originally Posted by Me
Hello, please provide your PGP Key. Thanks.
Quote:
Originally Posted by EarthVPN
Hello,

Thank you for your interest.Unfortunately we do not use PGP.
Quote:
Originally Posted by Me
Hello,

I am very surprised that you do not use PGP/GPG (Pretty Good Privacy).

Your business claims to offer high levels of Privacy, Security, and in a way Anonimity, but when it comes to customer relationship it seems that none of those things really matter.

If a person wants to contact you through e-mail, he has left no option but to have his whole message transmitted unsecurely. Although e-mail is unsecure by design, GPG is a popular free encryption tool used by many privacy conscious users - and companies - to increase security.

So, as you allow your customers to contact you through e-mail, why do you choose *not* to use GPG since your business is privacy and many of your customers may use GPG?

Also, I found your business through the article "VPN Services That Take Your Anonymity Seriously, 2013 Edition" (https://torrentfreak.com/vpn-service...dition-130302/), published by TorrentFreak.

I did a little research and of all the VPN services listed there, only four of them provide their GPG public key to their customers; they are: AirVPN, Ipredator, IVPN, and Mullvad. They are usually highly regarded as credible and efficient by users.

So I have some questions:

How is your service compared to those mentioned here?
Is your service in any way better than theirs?
Why should I should choose your company over them?

Thanks.

Kind regards,
-----
Quote:
Originally Posted by EarthVPN
Hello -----,

Thank you for your interest in our services.If you have concern about email traffic you can use our https form below to contact us.

<LINK REMOVED>

We provide best price/performance ratio on the vpn market.You can visit below link for the features which differentiates us.

<LINK REMOVED>

Best Regards,

EarthVPN Ltd.


IVPN:
Quote:
Originally Posted by Me
Hello, please provide your PGP Key. Thanks.
Quote:
Originally Posted by IVPN
Hi,

Please send PGP encrypted emails to admin@ivpn.net using the attached certificate.

Kind regards,

Chris

Technical Support


NORDVPN
Quote:
Originally Posted by Me
Hello, please provide your PGP Key. Thanks.
Quote:
Originally Posted by NordVPN
Dear -----,

Please let me know what PGP key are you requesting for?
Best regards,
Marty K.
NordVPN.com
Quote:
Originally Posted by Me
Hello,

I am very surprised that you do not use PGP/GPG (Pretty Good Privacy).

Your business claims to offer high levels of Privacy, Security, and in a way Anonimity, but when it comes to customer relationship it seems that none of those things really matter.

If a person wants to contact you through e-mail, he has left no option but to have his whole message transmitted unsecurely. Although e-mail is unsecure by design, GPG is a popular free encryption tool used by many privacy conscious users - and companies - to increase security.

So, as you allow your customers to contact you through e-mail, why do you choose *not* to use GPG since your business is privacy and many of your customers may use GPG?

Also, I found your business through the article "VPN Services That Take Your Anonymity Seriously, 2013 Edition" (https://torrentfreak.com/vpn-service...dition-130302/), published by TorrentFreak.

I did a little research and of all the VPN services listed there, only four of them provide their GPG public key to their customers; they are: AirVPN, Ipredator, IVPN, and Mullvad. They are usually highly regarded as credible and efficient by users.

So I have some questions:

How is your service compared to those mentioned here?
Is your service in any way better than theirs?
Why should I should choose your company over them?

Thanks.

Kind regards,
-----
Quote:
Originally Posted by NordVPN
(They did not respond.)


PRIVATE INTERNET ACCESS:
Quote:
Originally Posted by Me
Hello, please provide your PGP Key. Thanks.
Quote:
Originally Posted by Private Internet Access
Hi -----,

Thanks for contacting us. Where are you being asked for this information? None
of our set-ups use this setting. Please let me know and I will look into this
further.

Thanks,
Calien M, Level 1 Tech Support
Private Internet Access™
Quote:
Originally Posted by Me
Hello,

I am very surprised that you do not use PGP/GPG (Pretty Good Privacy).

Your business claims to offer high levels of Privacy, Security, and in a way Anonimity, but when it comes to customer relationship it seems that none of those things really matter.

If a person wants to contact you through e-mail, he has left no option but to have his whole message transmitted unsecurely. Although e-mail is unsecure by design, GPG is a popular free encryption tool used by many privacy conscious users - and companies - to increase security.

So, as you allow your customers to contact you through e-mail, why do you choose *not* to use GPG since your business is privacy and many of your customers may use GPG?

Also, I found your business through the article "VPN Services That Take Your Anonymity Seriously, 2013 Edition" (https://torrentfreak.com/vpn-service...dition-130302/), published by TorrentFreak.

I did a little research and of all the VPN services listed there, only four of them provide their GPG public key to their customers; they are: AirVPN, Ipredator, IVPN, and Mullvad. They are usually highly regarded as credible and efficient by users.

So I have some questions:

How is your service compared to those mentioned here?
Is your service in any way better than theirs?
Why should I should choose your company over them?

Thanks.

Kind regards,
-----
Quote:
Originally Posted by Private Internet Access
Hi -----,

Thanks for contacting us. There are several steps we take to ensure the privacy
of our users via email. First, all of, we never request or send sensitive
information via email. Secondly, all of our emails are SSL encrypted, to ensure
that the email is not snagged in transit. We also do not keep logs of any
activity on our network, to ensure there is no way to find out who was doing
what when connected to the VPN, unlike Ipredator and IVPN, which both admit to
keeping logs for "debugging" purposes. The fact of the matter is, if the
information exists, even for debugging, it can be subpoenaed and seized by a
court, and used to prosecute the customers of that service. It is for this exact
reason that we keep NO LOGS WHATSOEVER. Privacy is our number one goal with our
service.

You may also want to check out these posts in our blog:

https://www.privateinternetaccess.co...2013/06/prism/

https://www.privateinternetaccess.co...on-encryption/

They address recent hot topics in the privacy world, like what would we do when
faced with a situation like Lavabit, or what we are doing to ensure the NSA has
no ability to invade our customer's privacy. Please let me know if there are
further quesitons.

Thanks,
Calien M, Level 1 Tech Support
Private Internet Access™


PRIVATVPN:
Quote:
Originally Posted by Me
Hello, please provide your PGP Key.
Quote:
Originally Posted by PrivatVPN
Hi,

For what? We only provide a certificate, ca.crt
Quote:
Originally Posted by Me
Hello,

I am very surprised that you do not use PGP/GPG (Pretty Good Privacy).

Your business claims to offer high levels of Privacy, Security, and in a way Anonimity, but when it comes to customer relationship it seems that none of those things really matter.

If a person wants to contact you through e-mail, he has left no option but to have his whole message transmitted unsecurely. Although e-mail is unsecure by design, GPG is a popular free encryption tool used by many privacy conscious users - and companies - to increase security.

So, as you allow your customers to contact you through e-mail, why do you choose *not* to use GPG since your business is privacy and many of your customers may use GPG?

Also, I found your business through the article "VPN Services That Take Your Anonymity Seriously, 2013 Edition" (https://torrentfreak.com/vpn-service...dition-130302/), published by TorrentFreak.

I did a little research and of all the VPN services listed there, only four of them provide their GPG public key to their customers; they are: AirVPN, Ipredator, IVPN, and Mullvad. They are usually highly regarded as credible and efficient by users.

So I have some questions:

How is your service compared to those mentioned here?
Is your service in any way better than theirs?
Why should I should choose your company over them?

Thanks.

Kind regards,
-----
Quote:
Originally Posted by PrivatVPN
Hi,

First of all, we do provide a secure VPN service not a secure email. I
don't really understand why our VPN security should be less secure because
we don't encrypt emails. We never have personal details in our emails.
Nothing to reveal in emails to us.

I have never used the services you mention, but what I can see is that we
have more servers on different countries. What we're working hard on are
high quality service, such as IP-transit. We buy our service from Internet
providers, and not like other VPN service do, they rent servers from a
small hosting company with shared internet connection. Take Mullvad and
AirVPN, they only rent servers from low profile companies. They rent a
server with 1 gbit for 150€. We pay 1200 - 1500€ for every 1 Gbit, quality
capacity and still we have better prize. We also have servers like that,
but we're working on exchanging that.
We also gonna allow 4 logins simultaneously.


PROXY.SH:
Quote:
Originally Posted by Me
Hello, please provide your PGP Key. Thanks.
Quote:
Originally Posted by Proxy.SH
Hello,

Please let us know the department you wish to talk to. We will provide PGP accordingly.

Kind regards,

Gena
Quote:
Originally Posted by Me
Hello,

I would like to talk to the customer care department.

Also, I found your business through the article "VPN Services That Take
Your Anonymity Seriously, 2013 Edition"
(https://torrentfreak.com/vpn-service...dition-130302/),
published by TorrentFreak.

I did a little research and of all the VPN services listed there, only
four of them provide their GPG public key to their customers; they are:
AirVPN, Ipredator, IVPN, and Mullvad. They are usually highly regarded
as credible and efficient by users.

So I have some questions:

How is your service compared to those mentioned here?
Is your service in any way better than theirs?
Why should I should choose your company over them?
If you do have a PGP/GPG public key, then why don't you provide it in
your website?

Thanks.

Kind regards,
-----
Quote:
Originally Posted by Proxy.SH
Hello,

Thanks for your inquiry.

Regarding the PGP key, we do not publish them to public to avoid them being compromised by unknown decryption methods. Moreover, we generate a unique key for specific cases. This provides even more security than having a public key used for all sorts of communication - we believe it defeats a bit the purpose of having a messaging encryption capacity.

Now, regarding the difference we have compared to the suppliers you quoted, I would tend to believe these consist of:

1) We offer more diverse payment methods (95+) than any other supplier.

2) All our services are run from RAM and they do not log anything.

3) Our network is huge, with more than 30 countries and over 200 nodes for the $10 package.

4) We have a Windows/Mac/Linux/Android OpenVPN client that we hand crafted with love.

5) Our security team is made up of two researchers in encryption. Other providers do not obviously have academia among their ranks.

6) We are not from Sweden, or EU, or worse, United States. We are from Seychelles and our staff is working remotely from the 4 corners of the planet. This makes our structure more resilient to third party assaults.

Voila, that's pretty much about it. Should you have any further question, please do not hesitate.

Kind regards,

Gena


VIKINGVPN:
Quote:
Originally Posted by Me
Hello, do you use PGP (Pretty Good Privacy) for e-mail encryption? Could you provide your PGP Public Key? Thank you.
Quote:
Originally Posted by VikingVPN
We do not consider email to be a safe or secure form of communication.
Our security model works around the idea that anything sent via email is not secure.
Therefore we do not use PGP.
Quote:
Originally Posted by Me
Hello,

I am very surprised that you do not use PGP/GPG (Pretty Good Privacy).

Your business claims to offer high levels of Privacy, Security, and in a way Anonimity, but when it comes to customer relationship it seems that none of those things really matter.

If a person wants to contact you through e-mail, he has left no option but to have his whole message transmitted unsecurely. Although e-mail is unsecure by design, GPG is a popular free encryption tool used by many privacy conscious users - and companies - to increase security.

So, as you allow your customers to contact you through e-mail, why do you choose *not* to use GPG since your business is privacy and many of your customers may use GPG?

Also, I found your business through the article "VPN Services That Take Your Anonymity Seriously, 2013 Edition" (https://torrentfreak.com/vpn-service...dition-130302/), published by TorrentFreak.

I did a little research and of all the VPN services listed there, only four of them provide their GPG public key to their customers; they are: AirVPN, Ipredator, IVPN, and Mullvad. They are usually highly regarded as credible and efficient by users.

So I have some questions:

How is your service compared to those mentioned here?
Is your service in any way better than theirs?
Why should I should choose your company over them?

Thanks.

Kind regards,
-----
Quote:
Originally Posted by VikingVPN
Hi -----!
Sorry about your concern over email security. There are multiple reasons that we do not use PGP email. Mainly that we do not consider email secure, as we have said before. Another big reason is it is customer policy not to personally identify any users on our service. It is especially important in email because all email in many countries is intercepted, including if the email just transits across one of those nations en route to its destination. If there is no identifiable customer data in the email, then the company has no liability to release information to governments, and the user is in no danger of being identified. A unique PGP signature can be tied to a person/computer.
That being said, you are not the first person to come to us with concerns that we do not encrypt our email. It is not technically difficult for us to implement, but we are hesitant to do so because if people feel their emails are "bulletproof" they will reveal identities or illegal activity they are doing, putting liability on the company. We will likely be reconsidering the issue over the next week.
I don't like to plug our own VPN services over others, but here are our advantages:
Strong network security, administrated by certified and experienced personnel.
Our VPN service does not use Windows operating systems, both for security and clandestine reasons.
We do not use any closed-source software server-side, and we do not use a closed-source client.
We do not use any closed-source encryption ciphers. (No PPTP, No IPsec, No SSTP)
We stay on top of standards and actively defend against problems as they arise. (We avoid NIST P_521 certified elliptic curves due to NSA tampering, we updated OpenSSL to 1.0.1e on the day of release, etc)
We use strong encryption settings for the VPN network. The default is 4096-bit RSA and AES-256-CBC (on OpenSSL 1.0.1e to counter the BEAST vulnerability) and our settings can NOT be lowered.
We only use Tier-1 network providers and have a very fast network with 12 redundant carriers, preventing outages, combined with a policy that allocates minimum amounts of bandwidth to each user. In other words, our service is fast and it doesn't go down (with the exception of a rare server update).
We don't log anything. We have a policy of keeping no connection data at all unless we are under DDoS attack and need to update firewalls. That data is stored in memory and permanently destroyed in an unrecoverable fashion on restart.
Speed, Privacy, and Security are our main concerns at VikingVPN.
If you would like to know more information, just ask! We are pretty open about our cryptology and security, although we do keep some secrets about our intrusion detection systems and killswitches.


** CONCLUSION **
As you can see, most VPNs listed here don't use PGP/GPG encryption, either because they don't know how to use it or because they don't care about their customers, which is evident in their responses.

I believe you should NEVER trust in any service that claims to offer privacy, security and anonimity, but does not provide SSL/TLS certificate enabled by default in their pages, and their PGP/GPG public key to contact them.

So here is a brief comment about the services that provide their GPG key:

AirVPN: They are usually well reviewed by users, but they are incorporated in Italy, which may be subjected to EU Data Retention Laws. Beware.

BolehVPN: The least recommended. They did not have a GPG key available when I first requested it; their website does not have SSL/TLS enabled by default, and it does not work when I try "https" manually.

Ipredator: It is from The Pirate Bay guys, so they know very well what they are doing and they have a strong reputation for security. They could only be a little clearer regarding their privacy policy since they log "only for debugging purposes".

IVPN: They are an EFF member, based in Malta, and the only one that has an EV SSL certificate (the green address bar). They also have the most detailed and complete website, and they go as far as analyzing other VPNs' privacy policies. Highly recommended.

Mullvad: It is the only one that accepts cash sent by regular mail as payment, which is the most anonymous payment method ever. Highly recommended.


I hope you have enjoyed it! Please leave your comments. Thanks!
 
Old 09-18-2013, 05:31 AM   #2
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Interesting results. However, I think if the NSA or other god-like agency want the data, they can just go there and get the data. Or they may already be there in the middle, collecting data.
 
Old 11-26-2013, 09:14 AM   #3
NordVPN
LQ Newbie
 
Registered: Nov 2013
Posts: 1

Rep: Reputation: Disabled
NordVPN

Sorry for late response

Our PGP public key is:

mQENBFKPDNkBCACezKTnG2X3wEHqeFQ+vqticBx7UIeA9lzm4zfPs11xCpdzJydg
/VIbbv79WSx5Q5lLiYkPDAaYiKPlyJtbqGDVyowFy4+Rz/aQ/X3Xu3KXlK38R/3E
nAjF988vK6jeV6gWeDPfo6jJ4ypbO9XJk9N3OqVblqndLz4X4mlcHq2T9u7YMrS+
+kjldKR0JM1C2GxrXOxBV7eOALSlqBYEr+ZqThu5q+eeh+zncn5nic6ckeirMGfe
eTHpU48aXC+bnRkfOoyS3OFaJemjp6qQEsOfxbQDriN1OnJNsDwE/BL/z0u+06NJ
dDB6letrKJGF3EjmMG8vRhxFkOJ5bcZTbHofABEBAAG0E3N1cHBvcnRAbm9yZHZw
bi5jb22JARwEEAECAAYFAlKPDNkACgkQocb7qo4Lj77DOQgAg2S5O+dzThOO8MoE
SQcTp/rbs+lzy04bPmfcwwA7e0eNh+Qe/yZbfUNZDKEXwiV++DbXeLFytyORIIFY
VwL9KZlA0KO59XGRaLAtayuo9y82b8dMb2gfLZ+tnYd+rSr3B1WdPPLsmAiOHjYi
4aHEFsvGePBT4armevgVGZ1T3SUUh0JJjhKuS8y6V+YMX7VQIBjT3gOoGZZ6kZqv
zQPaV2luasAqg94i/HCBhNLXFavdhS5WYOgzujdZ6feYoI28l4fcBZUcrFmCpyBs
fG0TuXF2/5D7d59oND+Eci0w7p/rdr77rGs8YOia7vqOYKS2//lxWt7aO4ailXwK
EnU0ag==
=kmxw
-----END PGP PUBLIC KEY BLOCK-----


1. We operate under the offshore jurisdiction of Panama. We do not need to obey the orders of other governments (e.g. US) or third parties.
2. Strong encryption. NordVPN offers AES-256bit for L2TP and 2048bit SSL for OpenVPN encryption.
3. We accept private payments. Bitcoin is a must have payment method for a VPN company which declares itself as a privacy caring provider.
4. The laws of Panama allow NordVPN not to keep logs. It is another huge factor when choosing a VPN provider.
5. For users with low budget we offer free proxies.
6. We offer encrypted chat and secure note services for free.
 
Old 11-27-2013, 09:32 AM   #4
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,324

Rep: Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099
Reality Check:

(1) In most cases you don't have to "ask" anyone for their GPG public-key: it's available on a keyserver. You can just look it up. The same is true of S/MIME keys.

(2) You can never be 100%-sure that the key you received is not that of a "man in the middle." I guess it depends on how "eve-il" Eve is presumed to be.

(3) There is no such thing as "total privacy" on this public TCP/IP network. Nor, necessarily, should there be. If someone used the Internet to burn down your house, kill your spouse, and wreck your car, and you were told that there was absolutely nothing that anyone who's supposedly in the law-enforcement business could know or do or say about it ... you'd feel ill-used.

(3a) ... and furthermore, there really are people in this world who would burn down your house, kill your spouse, and wreck your car, more-or-less "just for sport" if they thought that they could get away with it. (Well, the validity of that third point somewhat depends on your car ... They'd probably buy mine a new set of tires, in sympathy. For the car, not me.)

(4) Don't trust "consumer-grade" encryption, nor a computer system (router, etc ...) that you really don't know 100% of what's running on it, to keep your a*s out of jail if you're committing a felony. (If you are, let me help them pour you a nice set of concrete overshoes and let's go take a boat ride.) Encryption isn't meant to keep the NSA out; it's meant to keep nosy people out. The fact that a doorway is locked is the greater part of pragmatic security. Just make it "less than 'trivially easy'" to get one's hands on the loot.
 
Old 11-30-2013, 10:19 PM   #5
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 284

Rep: Reputation: Disabled
3 words: one time pads.

nuff said
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
gpg: public key not found verbose Linux - Newbie 4 12-31-2009 03:00 PM
GPG error, no public key pr5439 Ubuntu 8 08-12-2009 10:32 AM
Revoking GPG key with only passphrase and public key djib Linux - Security 2 03-13-2007 03:20 AM
yum public gpg key?? Niflheim Fedora 1 03-28-2005 01:46 PM
GPG Data, Secret Key but no Public Key? Aeiri Linux - Software 5 07-20-2004 06:00 PM


All times are GMT -5. The time now is 06:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration