38 پاسخ به “VPN پنهان چیست؟ نقد و بررسی P.I.A. VPN و استفاده از pfsense & NTOP برای تماشای همه داده ها”

1. I think most people have a problem with US based VPN companies because they're required by law to keep logs of traffic, as well as hand it over on demand to the government. Sure, other VPN companies MIGHT work with the US government by keeping logs and handing them over to US officials upon request, but they don't HAVE to. see the difference? if I go with an american company my traffic WILL be logged and WILL be turned over upon demand, and there is no getting around that. If I go with a non-US company, there is at least a chance that they actually don't keep logs. I actually think the NordVPN hack was a good thing as it showed pretty conclusively that they ACTUALLY don't keep logs. let me put it like this, if I had months of direct access to a server through a server management tool, if there were logs to be found, I would have them, but no logs were found on their server. Do I think that they should have gone public with the information immediately after they had fixed the problem? yes. do I accept their explanation of why they waited? yes and no (their explanation makes sense, but the timing makes it questionable). Do I still trust them to protect my data? yes, I do, more so now in fact, since they're the only company that essentially went through an anonymous unplanned third party audit and essentially proved no logs of user data existed (or at least they only exist on some kind of central server, I've still got my tinfoil hat on, but its at least evidence in their favor). could PIA claim the same? no, they couldn't even begin to, because they're required to keep logs by US law.

2. You said you don't know why it's connecting to Twitter & Facebook at startup. Are the apps for those two services installed?

3. appreciate your transparency

4. It's of note that while with PIA, your ISP will still know you're using a VPN if they do deep packet inspection, there are ISP's out there offering techniques to hide that you're using it.

   Some use the Chameleon protocol that GoldenFrog/Vypr created that's supposed to not introduce much lag. Some providers install obfsproxy on their servers. AIR VPN (and likely some others) has an option to connect where you're openvpn connection is encapsulated inside SSL so that it looks like nothing more than an HTTPS connection, but this method is significantly slower than regular openvpn.

   That said, I use PIA. You can't be 100% sure that PIA truly doesn't log as they claim, but we know that they have multiple cases where they've responded to subpoenas with statements that they have no logs to provide, unlike some other companies that've claimed they don't log then provided logs to people when requested.

5. Why hide? Everything is Hacked. Really does not matter homies. Don’t pay, just Hack!

6. Maybe those packets were generated before you did activate the VPN so some routing is sending them back to your internal ip? You should handle the VPN outside of windows 10.

7. Don’t buy PIA vpn, it’s terribly slow and blocks Netflix. I have a 250/100 connection and I’m getting about 25/20 while using the PIA VPN

8. You can tone down a little telemetry and cut off updates by joining to Active Directory and creating GPOs with fake WSUS settings; though they will still imply that they want to fall back to Microsoft's C&C servers. They'll make a little network noise because the little trojans won't give up tryin' to contact mama botnet but at least is a tiny FU to Microsoft who will have a little less data to "improve" their products -as if- and make bigger profits-ehm-help the world, sorry. All Microsoft products I manage are severely limited, on IPv4-only subnets, with ports open as needed and per host and even then, they're proxied and georestricted. I might not be catching all, but I sure won't stop trying. Anyways is not a word!

9. If I setup "alternative" DNS servers on the router will Windows 10 with its default settings leak anything to any other DNS servers?

10. What about tunnel bear, nord vpn and express vpn?

11. Hat tip for the IT Crowd reference in the diagram 🙂

12. I have been using IPVanish and CloudFlare’s DNS; 1.1.1.1. Like PIA, IPVanish is also based in the USA. But if what they say is true, about the no logs policy, then you shouldn't worth about anything.

13. Thank you for doing this!

14. Have you tried SoftEther? In my experience, it is WAY faster than OpenVPN.

15. Super interesting video!! Amazing to watch all those scary things reaching out after windows bootup. The three thumbs down are MS, Google, and Facebook.

16. I love your internet box! Did you know if you type Google, into Google, that you break the internet? 🙂

17. Seems to me like your router, fixed or portable, needs to firewall those telemetry destinations. If Microsoft won't honor your explicit privacy configurations, you have every right to blackhole them.

18. What software is that he's using to diagram?

19. This site will show you your internet-exposed IP (while using a VPN or not), but also helpfully tells you if WebRTC requests are being leaked (meaning that in spite of using a VPN your ISP-assigned address is still being leaked) – https://ip.voidsec.com/

20. Is there any way to get pfsense working over Tor
    And what IP addresses do I need to block in pfsense to get Windows 10 to stop calling home

21. One way to stop some telemetry is to use something like Spybot Anti-Beacon. Its a compact program that adds a lot of the Microsoft telemetry sites into the host file and points them at a 0.0.0.0 address. You can do it manually, but it also offers to refresh the hosts file on boot in case Microsoft updates alters it.

    Maybe something worth a test to see how much of the telemetry data it gets?

22. FYI the Twitter is because, windows 10 comes with Twitter pre-installed at a tile in the start menu

23. Your misspelled "Deal Wathcing" bookmark folder drives me crazy every video 😛

24. Can you please turn up your microphone? I can hear you clearly but little on the quiet side of things.

25. Weird the OS sent those packets outside the VPN something like a packet squirrel (hardware) would help if you really want to be sure perhaps whilst in a county that filters internet

26. Love the t-shirt! Where can I find one? Oh, and this is a great video. Thanks

27. I see a lot of comments talking about ads and trackers, which are simply scripts that collect data on the user and send it out to a remote host. Using a VPN will not stop this data from being collected, and if you use the same server from the same provider all the time, you'll still be allowing an accurate profile to be built around your browsing habits.

    What a VPN will prevent, in its most basic usage, is from the internet gateway you are currently connected to (and anything up its chain, e.g. the modem and ISP providing service) from viewing your traffic. Instead, they'll simply see that you're connected to some IP address (this will be the VPN box you're connected to) — and that's all. They won't be able to see that you went to facebook, reddit, or anything else.

    HOWEVER – and this is something people new to the area don't often think about – your VPN provider now has all of that information. They could potentially be logging it and other information, like your IP address. This means that you are still exposing your browsing habits to a single entity that may be subject, by law, to surrending data on you if requested by a government entity.

    To address trackers, you have a few options that I recommend:
    * Use Firefox on your computers and phones (optional)
    * Install the Ublock Origin extension in all of your browsers. Ublock Origin is an open source extension that blocks known advertising URLs, preventing ads from loading. Remove any other ad blocker you're using; most of them (e.g. AdBlock and its many, many derivatives) sell your data and/or allow advertisers to buy a position in their whitelist, meaning you'll still see ads.
    * Install the Privacy Badger extension in all of your browsers. This is an extension from the Electronic Frontier Foundation that blocks known trackers, and allows you to block other scripts very easily.
    * Install the HTTPS Everywhere extension in all of your browsers. This is also from the Electronic Frontier Foundation, and redirects any requests made over (insecure) HTTP to HTTP over SSL, or HTTPS. This works not just for URIs you type into your address bar, but also scripts and images and other things loaded from within the page's source code.
    * For the more technically inclined, you can use Steven Black's fantastic `hosts` project: https://github.com/StevenBlack/hosts – this is a project that aims to provide host files that block various services. It has various applications, both at the enterprise and consumer levels.

    Note that because the above solutions are effective in what they do, you might find that sometimes you've broken some functionality on a site. To fix it, you might need to do a little debugging.

    To add more privacy to your network requests, there are various things you can do:
    * Use a VPN service that you trust.
    * Host your own VPN.
    * Use the Tor network. Check out the Tails linux distribution.
    * For the more technically inclined, set up a round-robin VPN service backed by ephemeral machines on various platforms (AWS, GCP, Azure).

    These are just a few ideas. I'm not a security professional, but I value my privacy. Keep in mind that security and convenience are targets that are often opposing forces – you will likely find that being "truly secure" will impact the convenience you've come to enjoy in your day-to-day life. Be smart, be reasonable, and treat yourself 🙂

28. running ipvanish on 100Mb fiber. 100Mb DL over 120Mb Up. good video to explain you need a vpn on the router level. Thank you for your excellent videos

29. i like nordvpn. as it also has a adblocker u can use. so it removes some ads automatic. and it also works with netflix and other streaming websites.

30. Another IT-crowd fan 🙂

31. I've been a PIA customer for 3 years or so now and I love them. I'm not doing anything illegal so I don't care about logs. I only care about privacy in my general daily use and security when I travel or use a hotspot. I think the client software is still a little bit primitive/crude but nothing that would make me leave. Overall, I rate them an A+.

32. Another way to guarantee traffic goes through the VPN is to spin up a VM and bridge it to your nic, install pfsense and make sure the LAN is a unique subnet and set your windows adapter to route traffic through pfsense. Only issue is when you hit places that require a ToS argeement before you can get on the internet. You could use Linux instead of pfsense which would give you a browser, iptables isn'tt all that bad.

33. Lot of that traffic comes from your start menu trying to prepare itself. I think there are a few services running like Xbox/ec.. that are reaching out to the internet.

34. Whoa, just came up for air after reading the pcministry site. I knew a lot of collection was going on, but didn't realize the granularity of what they are collecting. Using a VPN doesn't stop the flow of this data either, it just "lengthens" the hose it's coming out of, to another location. Suggestions of a practical Linux desktop distro are welcome! Thanks.

35. I use ExpressVPN for the past 4-5 years, wonder how clean they are…

36. telemetry, twitter, licensing, bing and facebook all before login. and my friends still call me crazy for attempting to stop all this crap in some minor way. sadly a vpn will still let this thru just your isp wont see it.

37. VPN at the router level would stop that

38. Interesting. So to stop this Win 10 sneaky bypass, you would need to configure the local pfsense to either whitelist only the VPN address, or blacklist that one Windows address.

نظرات بسته شده اند.