whats going on 'ere then
9 million users will now be waiting the knock from plod for various illegal activies traced to their ip... honest it wasn't me...... let's be 'aving you.
The VPN service Hola, which claims to have more than 9.7 million users, is now selling its access to users' machines as exit-nodes under the Luminati brand. Described as "the world's largest VPN network", Hola's Luminati brand is advertised as being simple and effective to use: "Route your HTTP, HTTPS or TLS requests to any …
Separation of concerns is always a problem with networks unless there's extensive logging in play. For instance, Comcast has an "open" connection [xfinitiwifi] hanging out on many/most of their consumer's routers that anyone with a Comcast (ripped) logon can use. You have to explicitly tell Comcast to turn the damn thing off. Not having any desire to explore it further, I've no idea how the security is set up to separate the traffic between the home WiFi. What I do know is that the Arris routers they've been using have the TCP-32764 vulnerability and default credentials (the consumer has to change it!) that you can read on their site.
I wouldn't mind seeing something like this being opt-in as it would drive the control freaks of all sorts right up the wall, although it does have that attribution problem/opportunity. Now the price? $20 GB for Luminat.io selling connections on other people's machines is ... even my this career sailor can't find the words. I pay $40 annually for a real VPN, works across all my devices (have to pick different portals for using multiple devices simulaneously), and seems to have no limit. It keeps whatever I'm doing away from the people that have their name attached, even on public WiFi, just in case. I'm not worried about myself. Blowback on them? No.
[They want me, all they have to do is call or come over. Being terminal has its rewards if you look at the humor. What are they going to do to me? Like I can run away? Hell, I know I'd get a hell of a lot better medical care. That's a fact. And they'd just chain me to their computer systems. Lastly, the second biggest gang in prison is... <wait for it> ... veterans!]
I gets even better than coming with default credentials. Whenever Comcast feels the need to reset/reconfigure it, all the settings get blown out. The admin password goes back to ''password", uPnP gets turned back on, ... The only "good" thing is that they also blow away the WiFi configuration so it doesn't take too long to figure out something is wrong.
> let's be 'aving you.
Well, it really doesn't work like that.
It is awfully hard trying to tie activity coming out of a particular IP address, or even a specific machine, to a specific user. Even when that user is the sole resident of a dwelling with a fixed IP connection and wired-only network (no Wifi).
Without knowing the particulars of this service, I hazard it only makes the forensic discovery process much harder and even less conclusive than usual.
Some places attempt to get around that difficulty by having laws that essentially make the subscriber responsible for whatever comes out of his router, but those laws are surrounded by uncertainty regarding their conformance to their respective legal frameworks and do not ease significantly the forensic process anyway.
Of course, in many cases neither the accused nor less astute lawyers are aware of these evidential difficulties, which is how police can get people convicted by way of guile more than weight of proof.
PS: I'm trained in computer forensics.
It worries me that the definition of idle includes 'no mouse or keyboard activity detected'. How do they know that, then? Clearly the Hola-running node must report to the network on keyboard and mouse actions. What does it report, and how often? Personally, I wouldn't touch something like this with a very long barge-pole; the opportunities for coming unstuck seem practically limitless.
If I was writing software that had to rely on whether the system was idle or not I would ask the operating system periodically (say once per minute) whether power saving had been activated (screen off / hard drive spun down / cpu speed dropped etc) or screensaver activated. Then if those tests say the system is idle have the software report as being available on the network. and continue checking that the system is still idle but at an increased frequency (maybe once every 5 seconds)
As soon as the tests say that the system is not idle report to the network that the system is not available.
doing it this way would allow my software to know whether there had been any activity without knowing (or needing to know) the details of the activity (leave that to the underlying operating system)
> It worries me that the definition of idle includes 'no mouse or keyboard activity detected'. How do they know that, then?
I do not know about "they". That said, with my programmer hat on, "idle" means that CPU, disk, or network load, or some other criterion or combination thereof, is below a given threshold, not that the user is not moving the keyboard or typing away.
In any event, both circumstances can be detected by querying the operating system or desktop environment via appropriate APIs (e.g., /proc/stat, KIdleTime, or similar stuff depending on what exactly you are trying to achieve).
As they have to get money from somewhere vpn services needs to sell something and these will be your logs. If you are not paying anything think twice to installing these applications on your device. They said that keeping logs and found logless and free vpn named zpn.im . Will wait and see if its true to no log keeping and no 3rd party information share.
Biting the hand that feeds IT © 1998–2022