Congratulations to Europol and the other agencies, although I suspect that this is akin to 'a drop in the ocean' of Internet miscreant sites, I'm assuming it was tricky to track down the actual servers.
Europol, the US Department of Justice, and Britain's National Crime Agency have taken down a VPN service they claimed was mainly used by criminals – boasting that they hoovered up "personal information, logs and statistics" from the site. The DoubleVPN site went dark yesterday after law enforcement agencies swooped on its …
It depends if it is the start of a general assault on VPNs or not. Label them "criminal services" to get the public onside and then take them down one by one.
Lots of governments find VPNs objectionable because it makes it harder to spy on their citizens - e.g. GCHQ’s Tempora programme works by intercepting data on most of the fibre-optic communications cables in and out of the UK. There are apparently around 300 GCHQ and 250 NSA staff processing all that luverly data to snoop on everyone.
All that is a bit screwed with VPNs, so altogether after me "if you have nothing to hide then you have nothing to fear" and "if you have something to hide then you are up to no good".
There is absolutely nothing wrong with having "something to hide". And just about every adult, no matter how law-abiding, has almost certainly done many things in their life that they would not want everyone else to know about. Next time someone claims to have nothing to hide, just ask them to tell you intimate details of their sex life, including fantasies and any embarrasing incidents they suffered in their teens so you can post it on a public web site.
If having something to hide is regarded as undesirable or suspicious, bear in mind that governments want to hide far more things than most citizens.
I'd tell you but tbh I think there's a sort of vpn habitable zone between being too small and obscure and thus super easy to raid and squash, and too big to fly under the spooks radar any more and the visits by serious men with their own equpiment and documents you acknowlege to have received and be bound by terrible penalties if you ever tell anyone
Mullvad was highly recommended by the man who was independent, until he decided that good intentions are great, but he needs to eat too, so he sold out. Trouble is, mullvad _say_ they don't log anything, which is the problem with any vpn. And most of VPN providers know their claims are unverifiable, so they lie. And log (which has been proven a couple of times, when the no-logs surfaced, either hacked, or in court papers). After all, what's worse for a business - a porn-lover or low-rank crim from across the world that threatens to take them to court (from behind the bars), or a visit from local enforcement officers that raid VPN premises? Business is in numbers, and in uninterrupted operations rather than in standing behind some anonymous, possibly law-breaking bloke that pays 5 euro per month.
btw, I have no opinion on mullvad's claim, but I can only _hope_ their claims of no logs are true, nothing more than that. I'm only pointing out there's no _universal_, reliable / incorruptible and _enforceable_ ISO-standard for VPNs. And, given governments' increasingly hostile stand against VPNs, there won't be any standard in place.
It would be stupid to run a VPN without any logging at all. How else could you identify the sources of the inevitable DOS and other malicious attacks? It would be almost as stupid as admitting that you log users.
Exactly what are the criminal charges for the DoubleVPN operators, as other than generic statement from the plod about being used mainly by criminals it doesn't really give any indication as to how it is breaking the law?
Seems like a fishing exercise to me where they don't actually have any evidence against the service. What the bet if they were truly not keeping logs as the operators of DoubleVPN claimed the servers will spring back to life in a few days controlled by the NSA/GHCQ and with logging enabled to try catch anyone still using.
"Exactly what are the criminal charges for the DoubleVPN operators,"
Probably aiding and abetting for starters.
Para 4. of the article;
"Europol said the service was "heavily advertised on both Russian and English-speaking underground cybercrime forums," offering double, triple or even quadruple-layered VPN services to its customers."
...which indicates they were actively courting criminals as customers. It's a bit like the local pawn shop putting a sign in the window saying "we buy anything, no questions asked" and then posting flyers to all the local burglars.
Always wondered if the double/triple VPN tunnels caused issues for the 5 eyes system and this action seems to verify it.
While the 5 eyes spliced optical cables can hoover up all the data and store for a few months at least, they can't easily automate and link the traffic of tunnels inside tunnels. So instead took down a service that didn't have an obvious way to link data like some Double Hop providers where if you go in ip 184.108.40.206 you always come out at 220.127.116.11 or a known IP related to the joining node.
So have your router with wireguard connected to one VPN or your own server and they have another machine on your network used as a gateway before the router with OpenVPN to another provider. Add a third layer with yet another OpenVPN or Wireguard provider with your own machine/virtual machines and even throw TOR in to the equation of you want.
Just means that someone will have to try hard to descramble it all manually which they will only do in extreme cases which most averages joes having all their data logged are not. If they really want someone let them waste a 0day exploit on them rather than bulk logging everyones data. Make it hard for them
So wait... just so that I understand what was going on here...
DoubleVPN was a single, monolithic company with multiple PoPs and they upcharged you to route your traffic through multiple PoPs before heading to the destination.
Yet the infrastructure was all owned by the same organization?
In the old hackers example provided in the article, the protection afforded was that you were bouncing off non-related infrastructures, so it'd take longer and be harder to back-trace the traffic. (According to a friend.)
It seems that all these clowns did is introduce excessive latency and hike the cost to connect to your destination.
We all huff kittens though, admit it. It's no longer the taboo it used to be. I think it was Liz on 30 Rock who admitted that every woman feels the need to squeeze a babies thigh at least once. Not me, but I used to throw my kitten across the room onto cushions, and it would run back for more.
Two famous 'indy' activist websites used to claim that they didn't log IP addresses when they clearly, obviously and demonstrably did. You kind of have to. I called them out on it and offline they admitted it and asked me to keep quiet 'for the greater good'. The thing is they had already been compromised by the police/security services, either by infiltrators or pressurised traitors.
If you leave honey on the internet then sooner or later it will be turned into a honeypot trap.
it would be funny if it was actually a sting related to that major sting, i.e. when they busted that 'secure' comms channel a month or so ago. So, those that managed to evade desperately seek a new new to resume business and here's that cool, vpn service that's like, totally secure, man! :)
Biting the hand that feeds IT © 1998–2021