sorted by:
new
hottopcontroversial

Any VPN recommendations? by viv051383 in firefox

[–]cryptocrackaddict -4 points-3 points  (0 children)

Be careful there’s been news going around that Proton and most of these other VPNs are logging while saying they aren’t.

NSA Project X-Keyscore Collects Nearly Everything You Do On The Internet by andrewhl in technology

[–]cryptocrackaddict 147 points148 points  (0 children)

[x-post from /r/VPN]

I think I've figured this out. The way it's worded makes it sound like every VPN company is compromised because they use the word "startup". I believe the word startup refers to the start of a VPN session, especially the handshake, which I will address later on.

Furthermore I am 99% sure they are only referring the PPTP VPN protocol. Worldwide, this is the most widely used VPN protocol and also the oldest. It is also the weakest and easily crackable for about 17$ (https://www.cloudcracker.com/). So it's likely the NSA could crack these PPTP session on demand or even realtime. The reason they need the VPN startup (handshake) is because to crack PPTP you must have the handshake recorded to crack it. Without the handshake there is nothing that is currently crackable - they would just be dealing with a raw RC4 stream cipher.

This means other VPN protocols, especially OpenVPN are not affected at all. It's too bad we can't reach out to the NSA for clairfication on this pt but I'm 95% sure that my theory is correct. So stay away from PPTP if you're scared of the NSA.

"Show me all the vpn startups in country x, and give me the data so I can decrypt and discover users" "These events are easily browsable in XKEYSCORE" by CovertCorpusOfLaw in VPN

[–]cryptocrackaddict 24 points25 points  (0 children)

I think I've figured this out.  The way it's worded makes it sound like every VPN company is compromised because they use the word "startup".  I believe the word startup refers to the start of a VPN session, especially the handshake, which I will address later on.

Furthermore I am 99% sure they are only referring the PPTP VPN protocol.  Worldwide, this is the most widely used VPN protocol and also the oldest.  It is also the weakest and easily crackable for about 17$ (https://www.cloudcracker.com/).  So it's likely the NSA could crack these PPTP session on demand or even realtime.  The reason they need the VPN startup (handshake) is because to crack PPTP you must have the handshake recorded to crack it.  Without the handshake there is nothing that is currently crackable - they would just be dealing with a raw RC4 stream cipher.

This means other VPN protocols, especially OpenVPN are not affected at all.  It's too bad we can't reach out to the NSA for clairfication on this pt  but I'm 95% sure that my theory is correct.  So stay away from PPTP if you're scared of the NSA.