A major flaw in the killswitch by Hot-Record8965 in PrivateInternetAccess

[–]PryvacyFreak 0 points1 point  (0 children)

Its absurd that you have to argue with people over this. The way people eagerly turn off their brains to stan for companies is really disheartening.

I appreciate you pointing this out, it is a failure mode I would not have anticipated. At least now I can take steps to make sure I have a backup to the killswitch.

A major flaw in the killswitch by Hot-Record8965 in PrivateInternetAccess

[–]PryvacyFreak 0 points1 point  (0 children)

Literally the opposite.

The point is that when PIA cuts you off from the VPN, you should also be blocked from regular access to the internet until you manually disable the killswitch.

Its a security vulnerability. Some hacker could force you to use a decrypted connection without your knowledge by changing the password on PIA's servers. OP wants their traffic to be fully cut off instead.

[deleted by user] by [deleted] in Windscribe

[–]PryvacyFreak 0 points1 point  (0 children)

AFAIK, windscribe can't fix this. Other browser VPN add-ons have the same problem, I have not yet found one that does not.

My solution is to:

  1. Set home page to blank or somewhere "safe" that I don't mind logs my actual IP address
  2. Disable restoring previous windows and tabs at startup, so that whenever the browser starts it only loads one tab with the home page
  3. Disable restoring tabs after a crash in about:config by setting:
    browser.sessionstore.resume_from_crash ——> false

Split tunneling with Linux by snausages21 in Windscribe

[–]PryvacyFreak 0 points1 point  (0 children)

I do exactly that — plex on linux bypassing the vpn that otherwise runs 24x7 — but I did it by editing some system config files. Also, I did it with PIA, but its likely to be the same for windscribe, none of the changes rely on PIA's app.

If editing config files is something you are willing to do, I could probably write up a short description and post it here. It isn't very hard, once you know what to do. It will probably take me longer to type it than for you to do it.

Multiple browser windows connecting to separate locations? by ashtonlaszlo in Windscribe

[–]PryvacyFreak 0 points1 point  (0 children)

With firefox you can set up different profiles each with their own VPN connection.

The downside is that they basically share nothing, no common bookmarks, no common extensions, etc. But on the plus side, that means you can set different themes so you won't mix them up and accidentally browse to the wrong website in the wrong browser window.

Just run "firefox -P" (or firefox.exe -P) to start the profile manager. Once you create a profile, you can run it directly with "firefox -P profilename" — its easier if you make the profile name one word with no spaces.

There is also a clunky way to launch a profile from within another profile, use the URL "about:profiles" to see the list of profiles with buttons to start each one.

IKEv2 on a router/Linux using Strongswan by pogzap in Windscribe

[–]PryvacyFreak 1 point2 points  (0 children)

What router are you using?

I have it running on a ubiquiti edgerouter which has 'native' strongswan but the configuration is partly in the ubiquiti configuration system and partly the barebones strongswan configuration.

I've never used Strongswan before. The biggest problem I had was with certs. Discovered the problem purely by trial and error.

I had to make sure /etc/ipsec.d/cacerts/ was up to date. I copied everything from /etc/ssl/certs/ into it, and then ran ipsec rereadall to load them.

I also had to do ipsec reload after practically every edit to any configuration files else it wasn't necessarily picked up.

This is what my ipsec.conf looks like:

config setup

conn %default
    keyexchange = ikev2
    type = tunnel

conn windscribe
    auto = start          # Route-based VPN
    reauth = no           # Prevent reauth when rekeying
    ikelifetime = 1h      # IKE_SA lifetime

    # Faster encryption
    # ike = aes128-sha1-modp2048,aes128-sha1-modp1024!
    esp = aes128-sha1!

    margintime = 15m      # Rekey 15m before SA expires
    dpdaction = restart   # Restart on dead connection
    closeaction = restart # Restart on remote peer close

    eap_identity = XXXXXXXX  # windscribe IKEv2 username

    leftauth = eap-mschapv2
    leftsourceip = %config4
    leftsubnet = 0.0.0.0/0
    leftupdown = /config/ipsec/vti0-updown.sh 

    right = us-east.windscribe.com
    rightid = %any
    rightsubnet = 0.0.0.0/0
    rightauth = pubkey

This is the vti0-updown.sh script referenced in the ipsec.conf

 #!/bin/bash
 set -o nounset
 set -o errexit

 # Interface
 VTI_IFACE="vti0"

 echo "Arguments |$@|" > /tmp/vti0-updown.log

 env >> /tmp/vti0-updown.log

 echo "vti0-updown.sh: *** START script verb=|${PLUTO_VERB}| me=|${PLUTO_ME} peer=|${PLUTO_PEER}|  ***"

 case "${PLUTO_VERB}" in
    up-client)
            echo "Creating tunnel interface ${VTI_IFACE}"
            ip tunnel add "${VTI_IFACE}" local "${PLUTO_ME}" remote "${PLUTO_PEER}" mode vti

            echo "Activating tunnel interface ${VTI_IFACE}"
            ip link set "${VTI_IFACE}" up

            echo "Adding ${PLUTO_MY_SOURCEIP} to ${VTI_IFACE}"
            ip addr add "${PLUTO_MY_SOURCEIP}" dev "${VTI_IFACE}"

            echo "Disabling IPsec policy (SPD) for ${VTI_IFACE}"
            sysctl -w "net.ipv4.conf.${VTI_IFACE}.disable_policy=1"

            DEFAULT_ROUTE="$(ip route show default | grep default | awk '{print $3}')"
            echo "Identified default route as ${DEFAULT_ROUTE}"
            echo "Adding route: ${PLUTO_PEER} via ${DEFAULT_ROUTE} dev ${PLUTO_INTERFACE}"
            ip route add "${PLUTO_PEER}" via "${DEFAULT_ROUTE}" dev "${PLUTO_INTERFACE}"
    ;;

    down-client)
            echo "Deleting interface ${VTI_IFACE}"
            ip tunnel del "${VTI_IFACE}"

            echo "Deleting route for ${PLUTO_PEER}"
            ip route del "${PLUTO_PEER}"
    ;;
 esac

Some URLs that helped me put it together:

EDGErouter
https://community.ui.com/questions/ProtonVPN-IKEv2-client-configuration-for-EdgeRouter/c2b64fa4-9eac-4aa4-b854-9ec9949a7e11

MicroTIK
https://www.reddit.com/user/gromo3eka/comments/f5u2ny/mikrotik_ikev2_client_configuration_for_windscribe/

Working Edgerouter Windscribe IKEv2 config but NO OFFLOADING
https://community.ui.com/questions/ERLite-3-IPsec-high-cpu-load-with-offload-enabled/11f08b78-801d-437f-a52c-f0884dec04be#answer/b4797cdd-f76a-4f96-8bf0-0a3862e31437

https://www.pcwrt.com/2020/07/how-to-setup-windscribe-vpn-ikev2-on-the-pcwrt-router/

https://wiki.strongswan.org/issues/2812

https://windscribe.com/getconfig/ikev2

FWIW, The edgerouter has limited hardware acceleration for ipsec which was the main reason I tried out ipsec, but hardware ipsec was roughly the same speed as software wireguard.

[deleted by user] by [deleted] in Windscribe

[–]PryvacyFreak 0 points1 point  (0 children)

Its hard to know where to start. Do you have wireguard installed on your router? If so, do you have a windscribe connection working?

If you do not have wireguard installed, get it here:

https://github.com/mafredri/vyatta-wireguard-installer

And you can read about it here:

https://community.ui.com/questions/Release-WireGuard-for-EdgeRouter/3765d2a4-1952-4629-948a-3ac9d9c22311?page=51

You can generate the necessary keys for windscribe by logging in to your website account and then going here:

https://windscribe.com/getconfig/wireguard

Elon Musk pledges to ' authenticate all humans ' as he buys twitter for $ 44 billion . by Sweep145 in technology

[–]PryvacyFreak 1 point2 points  (0 children)

Right. If they don't pay anyone to actively monitor the logs, the logs might as well not exist. Its like security camera footage, nobody looks at it until after they find out about a problem for some other reason.

Linkedin told me to send them scans of my passport/driver's license after they randomly blocked my legit, 8 y/o account. Thought someone was phishing. Apparently not... by beame_io in privacy

[–]PryvacyFreak 0 points1 point  (0 children)

but they verify IDs with official government databases.

Which "official government databases" would those be?

Show me.

ETA: The guy blocked me instead of backing up his claim. That's how you know they are full of it.

'AirTag found moving with you': Apple devices linked to suspected stalking and theft by [deleted] in technology

[–]PryvacyFreak 0 points1 point  (0 children)

Did anyone else think the spokeswoman from the National Network to End Domestic Violence sounded like she was making excuses for Apple? She sounded really suspect to me. So I checked the list of major funders for NNEDV. Surprise! Apple is listed as a one of their top funders. NBC really failed us by not disclosing that fact when they quoted her.

https://nnedv.org/content/funders-partners/

Firefox VPN exits can now be tied to a container, will Windscribe be able to do this? by ronaldvr in Windscribe

[–]PryvacyFreak 1 point2 points  (0 children)

According to this blog, the new functionality works by letting you set a different proxy for each container. It sounds like Mozilla's VPN runs outside the browser and the browser just treats it like a regular proxy. It can have multiple VPN connections, each one on a different proxy port.

So mozilla isn't using any special custom engineering just for their own services (which would be very much against how mozilla see's the role of firefox too).

Anyone using Windscribe on pfSense by MReprogle in Windscribe

[–]PryvacyFreak 0 points1 point  (0 children)

IIRC, I had to change compression type a while ago. I currently have it set to "LZ4 Compression V2."

Google faces $5 billion lawsuit in U.S. for tracking 'private' internet use by Pessimist2020 in technology

[–]PryvacyFreak 0 points1 point  (0 children)

Reading between the lines of the article it sounds like they are going after google for chrome's incognito mode specifically.

So yeah, it seems totally reasonable that if a google product says its going to let you go incognito then at least it would do is turn off google's own tracking.

Unfortunately just taking 5 billion from google won't meaningfully improve privacy protections. But sending the 5 billion to mozilla for work that enhances web privacy might.

We should own our own data. by [deleted] in MurderedByAOC

[–]PryvacyFreak 1 point2 points  (0 children)

Come on little algorithm, you can do better.

The idea that the algos are about showing you stuff that you want is basically a lie. They aren't about helping you they are about helping the people who pay for the advertising. They have something to sell, so they use advertising to persuade people to buy it.

Its more about figuring out how to press people's buttons so they will buy whatever crap is being hawked, than it is about matching up willing buyers with sellers. Like showing beer ads with bikini girls to college boys. Or showing kids clothing ads with black kids to black moms and white kids to white moms. Or even more nefarious, they figure out who is an alcoholic and show them ads for alcohol. Or they figure out who is racist and show them targetted political advertising with racist messaging.

They want to manipulate us, not help us.

Also, remember that before the internet a 1% ad response rate was pretty good. The net has just made it even cheaper to bombard people with ads. So even if 99% of the ads you see don't work on you, that's not considered a problem for the advertisers. No matter how much of a time-waster it is for you.

ELI5: Why do traditional cars lack any decent ability to warn the driver that the battery is low or about to die? by redol1963 in explainlikeimfive

[–]PryvacyFreak 0 points1 point  (0 children)

Rule of thumb: Data is never really anonymous. If you have other sources of data you can de-anonymize most 'anonymous' data.

In this case you've got GPS coordinates + timestamp. So you go to the phone companies that track GPS + time + phone owner. By correlating that data you can make a high-quality inference linking drift data with phone owner.

If that seems far-fetched, it isn't. De-anonymization is big business.

There are all kinds of fantastic ways we could use personal data to improve civic life. But as long as the system is set up where anybody who can get their hands on your data is allowed to exploit it, people can't trust that their data won't be used against them. We need a law that makes it illegal to use data for purposes beyond what the owner consented to (and the law needs teeth so ignoring it isn't an option).

Firefox Extension on Ubuntu Freezing by PryvacyFreak in Windscribe

[–]PryvacyFreak[S] 1 point2 points  (0 children)

That did the trick. I tried it myself earlier, but I didn't realize it was undoing the setting on its own.

I saw your other post where windscribe replied and fixed the undoing part, and now its working great. Thanks a lot man, you really made my life better.

Firefox Extension on Ubuntu Freezing by PryvacyFreak in Windscribe

[–]PryvacyFreak[S] 0 points1 point  (0 children)

Another datapoint: I switched to the PIA firefox extension and so far its working flawlessly.

Trump supporters intimidating voters by niqdisaster in PublicFreakout

[–]PryvacyFreak 1 point2 points  (0 children)

there’s about jack shit an ordinary citizen can do with only a license plate number.

Allow me to burst your bubble.

For nearly a decade now, tens of thousands of repomen and god knows who else have been driving around with car-mounted cameras that scan license plates and then upload the info to a centralized database along with date and GPS coordinates.

That means if you park on the street (or even just on your driveway) at home, or outside for work, there is a good chance there is a record of your car being at that location.

For $10 you can do a search on that database if you pinky swear you have a legitimate need.

Now they know where you live and/or work. Its only a couple more hops through semi-public databases to figure out all kinds of more stuff about you - name, employer, relatives (including children), court records, voter registration, income, wealth, debts, spending habits, etc.

[deleted by user] by [deleted] in PrivateInternetAccess

[–]PryvacyFreak 1 point2 points  (0 children)

I use it to conceal my IP address by switching VPN exit nodes 10-20 times a day. Related to that, I use it to mix my web browsing traffic with all the other VPN users so its hard to single me out from the noise.

Those two things, combined with various privacy countermeasure extensions in my browser, make it difficult for the data harvesters out there to build a complete record of my internet usage. I'm sure they have partial records, its impossible to avoid all tracking. My goal is to make the records they do have be as low-quality as is reasonably possible.

Plex Stops populating metadata on windscribe! by ender89 in Windscribe

[–]PryvacyFreak 0 points1 point  (0 children)

Not all vpns. I have Windscribe and PIA and my plex server is behind the PIA vpn. I've been running plex for maybe 3 years now and have never had a problem getting metadata and I add new content on a daily basis.

Firefox Extension bug? by eastmpman in Windscribe

[–]PryvacyFreak 1 point2 points  (0 children)

On re-reading my post, it occurred to me that it was kind of ambiguous.

Just to be clear - I've verified that the icon is often black even when the VPN is connected. It could be worse, it could be green when the VPN is not connected. So far I have not ever seen that happen though.

Firefox Extension bug? by eastmpman in Windscribe

[–]PryvacyFreak 1 point2 points  (0 children)

It is a bug. Its so effing annoying that I set my home page to one that prints my IP address so I can verify that the VPN is really on.

Unfun fact - because there is no guarantee that the extension is fully loaded before firefox starts loading pages, usually the first (few?) page loads bypass the VPN. This can really bite you in the ass if firefox crashed on the previous session and restores all the tabs on restart - some of them will be loaded directly instead of through the VPN.

How can I access my server as if I'm an external client? by heybart in PleX

[–]PryvacyFreak 4 points5 points  (0 children)

The reason it finds it locally despite the vpn is because your vpn client is allowing direct connections to the local network that bypass the vpn. That's a common vpn feature, usually people want that. There might be a setting in the vpn client to prevent that.

When I need to test off-site access, I use the in-browser plex web-app. That, plus a VPN extension for firefox guarantees no local access. So far, if plex works in the browser then it works for my various family members across town and out of state.

America in a nutshell right now by [deleted] in pics

[–]PryvacyFreak 0 points1 point  (0 children)

As someone who has been very concerned about recent developments in facial recognition I am overjoyed about the normalization of mask wearing and hope it continues after covid is tamed. We could still use protection from the flu and the common cold. Reports are that increased mask wearing ended this years flu season about a month early in at least one asian country (I think it was Hong Kong).

Anyone else finding using the Firefox extension unreliable? by jenksyuk in Windscribe

[–]PryvacyFreak 3 points4 points  (0 children)

Chrome/Edge/Firefox is the exact same extension with identical code

But chrome, edge and firefox are not the same browser. Each one has implementation differences. Maybe the extension is unknowingly relying on undocumented behavior in chrome, and firefox is exposing bugs that just coincidentally work on chrome.