Open source GNU fcrypt disk encryption

Leave a reply

GNU fcrypt is the official encryption software for the GNU operating system, a Unix like OS differentiated from Linux, GNU is a full OS while Linux is only a kernel that happens to be build around GNU. The GNU fcrypt disk encryption utility can be used to encrypt partitions with plausible deniability, you can have multiple hidden partitions and reveal the password if coerced to do so, there is no way for an attacker to know for sure how many secret partitions you have created, they are all contained inside the other and when examined with a hex editor it will look like random data that could be holding something inside or could not, the deniability system works like Truecrypt hidden containers but unlike Truecrypt with its own licensing, GNU fcrypt comes with a GNU GPL free license.

Encrypted partitions can be formatted to your favoured file system (e.g. ext4, ReiserFS, FAT32)  using mkfs, the software symmetric encryption algorithm is using 512 bit keys and 256 bit ciphers, the manual claims to be resistant to Quantum computer cracking because the best known algorithm to run in Quantum computer can only break up to 128 bits.

GNU fcrypt Linux disk encryption

GNU fcrypt Linux disk encryption

Do not confuse GNU with Unix, the acronym stands for “GNU’s Not Unix!“, they are both compatible and have similarities, GNU was created in order to get rid of all proprietary software and stop others from closing the source code after benefiting from it, certain licenses like the BSD license allows for this to happen. GNU also has it’s own Kernel, called, the Hurd, it is a microkernel architecture where each daemon works independently like a server executing its own functions.

One possible vulnerability is that an attacker could find temporary files or your passphrase inside the swap partition that is used when RAM memory runs out, you should not be using a swap partition with GNU fcrypt, if you do then encrypt the swap partition with a random password. GNU fcrypt is still in development, there are two versions, one for GNU/Hurd and one for GNU/Linux, a few GNU Linux distributions you can download and where GNU fcrypt will work are gNewSense, Dynebolic and Parabola GNU/Linux, in GNU/Linux do not uninstall gcc and linux-headers, otherwise GNU fcrypt could stop working after updating the Linux kernel.

Visit GNU fcrypt homepage

GoAnywhere OpenPGP Studio file and folder encryption

Leave a reply

GoAnywhere OpenPGP Studio is a free tool for file and folder encryption available for Windows, Mac OS X, Linux (CentOS, Red Hat, SUSE, Ubuntu), Solaris, HP-UX and any other Unix system with Java installed, it can be used for personal or business purpose.

User data will be stored in the user/.opengpgstudio directory, the software can create a compatible Diffie-Hellman or RSA OpenPGP keypair of up to 4096 bit, it supports compression with zip and zlip, encryption algorithms AES128/192/256, Blowfish, Cast5, Des, 3Des, Safer and Twofish with hashing support for MD5, RIPEMD160 and SHA512, your personal security choices are set going to File>Preferences.

OpenPGP Studio interface is very simple with just five buttons to create an encryption key, delete it, import and export keys, in one of the tabs you can manage your encryption keys and the second “OpenPGP Tasks” tab gives you access to browsing your hard drive selecting the file or folder you would like to encrypt and digitally sign.

OpenPGP Studio file encryption

OpenPGP Studio file encryption

Encrypted files are saved by default output as binaries .pgp but you can choose to save them as text (ASCII Armored), encrypting a file in .asc mode will make it easy for you to transmit it when no attachments can be added, opening the encrypted .asc with a text editor allows you to copy and paste the text content into any form, after encrypting a file or folder you are shown a confirmation window, the encryption log can be saved as .html.

The shortcomings I found in OpenPGP Studio were the lack of a password strength meter when you create the masterkey and an easy way to encrypt text messages, it doesn’t come with any text editor, the only way for you to encrypt text would be saving it first in a file and then encrypt it as external file.

I don’t think this software is too suitable for continual email communication as it is too cumbersome having to use an external editor to compose the messages first, another thing I found missing is being able to easily upload your public key to a key server, there isn’t a way to do this with the software interface, besides that, OpenPGP Studio is a convenient way to create encrypted OpenPGP compatible files and well-suited for beginners.

Visit OpenPGP Studio homepage

Free P2P VPN server with VPNGate and SoftEther

Leave a reply

VPNGate is a free P2P VPN service set up by Tsukuba University in Japan to help people bypass their government ISP Internet censorship firewall, the service relies on worldwide volunteers to provide their own computer or server resources acting as VPN gateway to the Internet, SoftEhter is a VPN client whose development is subsidized by the Japanese Government Ministry of Economy, to be released as open source.

VPNGate can be set up with your favourite VPN/L2TP/SSTP client or in conjunction with SoftEther, an alternative OpenVPN software developed by the same Japanese university that works with Windows, Linux, Mac, FreeBSD and Solaris. I played for a couple of hours with SoftEther and attempted to set up a manual VPN tunnel using one the VPN hostnames supplied on VPNGate website and I did not succeed, I found SoftEther to be a very complicated VPN client for the average user, advanced settings come with an explanation of what everything is for but you need a technological background to understand what it means and lots of time. My view is that SoftEther VPN client is not something you can send to non computer knowledgeable people, there is an “Easy” mode that allows you to connect to a VPN server with a single click, but you can’t use it unless you have set up a VPN tunnel first which requires the advanced mode. I only managed to use VPNGate after downloading SoftEther bundled with the VPNGate plugin which automatically downloads a list of available public VPN relay servers and allows you to connect to one of them with a simple mouse selection.

Public VPN relay servers VPNGate

Public VPN relay servers VPNGate

During SotEther VPN installation you can choose to only install management tools or the whole package, once you set up a VPN tunnel you can export it with a .vpn extension and import it later on, if the server you are connecting to is reliable it is a good idea to do that, keep in mind that the tunnels are run by volunteers and there are no guarantees of uptime or speed, depending on what country you choose the VPN itself can have filters, I spotted an Italian VPN server run by a College announcing that they run Untangled Internet content filtering, I also connected to an Iranian VPN gateway that was blocking access to all Israeli websites, gambling and adult entertainment content, this was obviously done by Iranian ISP and not the user.

VPNGate can be a magnificent tool to check if your website is accessible abroad, another advantage of a P2P VPN is that you get a real ISP computer IP, with a traditional VPN service the IP is announced as non conventional listing the IP organisation owner in a data centre instead of an Internet Service Provider, I have used VPN services for years and only in VPNGate I was able to get an Sbcglobal IP, many credit card fraud systems flag any purchase attempt done through VPN server, I see potential for credit card fraud with VPNGate, the service logs all activities but there is nothing stopping people from using a double VPN or tor proxy with VPNGate and make themselves untraceable.

SoftEther VPN Easy mode

SoftEther VPN Easy mode

VPNGate has not been designed to hide your computer IP, this is not an anonymity service, the idea is to bypass Internet censorship like the great firewall of China or the Iranian Internet filter, activities are logged and SoftEther corporation warns that it will help the police if necessary with the warning that people has been arrested in the past for using their services to commit a crime. The service has public access logs viewable on their website, showing VPN sessions with partial IP numbers the country they belong to and the chosen VPN server, gateways are allocated a quality score based on reliability and speed, according to the logs at the moment most of the exit nodes appear to be located in Japan and most users based in China, using a Japanese VPN from Europe will cause Internet lagging, it is not a good idea, theoretically there is no reason why an European surfer would need to connect to VPNGate since they are not the target public this project is aimed at.

I loved being able to connect to far away locations to check if my website was being blocked and what advertisements Google wasserving based on location, something I noticed is that Iranian visitors are not shown any advertising from Google Adsense, it could have to do with international sanctions and Google being a US company. VPNGate has vowed to always remain free, Tsubuka University rules prohibit any monetary profit from their activities, unless legal or technical difficulties arise they intend to keep the VPNGate academic research project alive for in between three to eight years.

Visit VPNGate homepage

Set up your own encryption email server with DJIGZO

Leave a reply

DJIGZO is an open source email gateway to encrypt and decrypt email messages, it works with S/MIME X.509 digital certificates or PDF documents encrypted with AES128-bit, the software can be installed in most Unix servers there are packages for Debian, Ubuntu, Red Hat, CentOS and virtual images for VMWare and Hyper-V (Windows). DJIGZO will work like a normal SMTP server with the main difference being that all messages sent inside the network or to the Internet will be first encrypted and digitally signed.

PDF encryption was added so that the receiving part will not need to have your public decryption key to read email, any computer with a PDF reader can be used to decrypt a password protected PDF document, if you choose this option the software will convert your email message into a PDF document before sending it, the document will contain a reply link that takes the receiver to an online page on DJIGZO server where he can securely get back to you without having encryption installed on their end. There are various ways to encrypt a PDF document, with a predefined password that you have previously transmitted to the the receiver via a secure channel, e.g. verbally, with a random password that is sent via SMS to the receiver’s mobile phone or using a One Time Password algorithm that can be transmitted with an invite mechanism where the recipient has to log onto DJIGZO server to read the message, that password will be unique for every single email.

DJIGZO email digitial certificates

DJIGZO email digital certificates

PDF email encryption is not as secure as public key encryption because the password could be compromised somehow but if the people you communicate with do not want or do not know how to use encryption, PDF is the best way to get around that, it would not be different from manually storing a message inside a password protected .rar file with the advantage that DJIGZO does all the encryption process in the server, there are not known vulnerabilities against an encrypted PDF file other than brute force attacks that can be thwarted choosing a long alphanumeric passphrase.

You can configure settings via a webadmin portal, specifying message attachment limit, mailbox size, SMTP helo name (hostname), a few mail transfer agent settings for Postfix, user permissions, digital certificate expiration date and much more, encrypted messages can be sent to a virus scanner for extra security. There is also a DJIGZO Android version compatible with any S/MIME clients like Outlook and Thunderbird, it encrypts HTML email and attachments using a public digital certificate downloadable from any LDAP server, the app has a step by step configuration wizard that guides you setting up an account and importing the encryption keys or generate your own self-signed digital certificate, there is another DJIGZO version for Blackberry.

You can download a very detailed help manual with screenshots guiding you setting up DJIGZO but it still requires advanced Unix knowledge to administer the server, this is a cheap way to secure all of your network emails with open source and minimum work after the initial set up has taken place.

Visit DJIGZO homepage

Commotion wireless P2P mesh network

Leave a reply

Commotion is an open source tool that can create a distributed P2P wireless infrastructure network with two or more Wi-Fi enabled devices that people use every day, like a laptop, desktop computer, smartphone or router, individuals connected to the network can communicate with each other for free, the network is scalable, how good a mesh network scales will depend on the hardware that embodies it and the external environment. Without a central hub information flow is very difficult to censor or monitor. Just like to access the Internet at home you need an Internet Service Provider, to be able to access Commotion wireless network you need a peer running the same software as you located nearby, messages travel along nodes being replicated until they reach their final destination, it is possible to have a whole neighbourhood running Commotion in their computers or mobile phone and talk with each other without relaying on any third party gateway.

After installing Commotion software a configuration wizard will help you with the set up, it is simple enough to allow anyone with basic computing knowledge to set up a node, you will be asked basic questions like choosing a Mesh Network Name (SSID), a node name that can be alphanumeric containing special characters, and network channel which has to be set to the same number as the other P2P nodes, there is a brief explanation next to each box on what it is for, if your router does not have a password setup you will be warned of this security threat, it is also a good idea to change any default router manufacturer password.

Commotion wireless mesh network configuration

Commotion wireless mesh network configuration

Advanced users can configure IPv6 multicast with timing and validity of  IPs, the node operator can log anonymous statistics, like data transfer and number of active routes, he can also see all devices Mac addresses connected to the node, if one of the devices in the network has Internet access, this can be shared with everyone else, obviously too many devices sharing a single bandwidth line will slow down Internet connectivity, data and voice communications across the network are encrypted to stop snooping. Commotion wireless can be installed in open source OpenWRT firmware routers to create a node, any device capable of connecting to the router can then join the network independently of what operating system is running, other supported devices include Android and OpenBTS, a GSM access point for mobile phones that can be used for Voice over IP and replaces the GSM network operator.

The project is being developed by the Open Technology Institute, a New America Foundation department with U.S. State Department funding technologies that promote democracy and online free speech around the world, with a network like Commotion it would be impossible for an authoritarian government to shut down the Internet for the whole country like it has happened in the past during the Arab Spring revolution, the foundation names preventing hostile governments from disrupting communications as one of the project targets, as a by product, Commotion can also be used after a natural disaster if telecommunications infrastructure is damaged, other organisations like the Guardian and Serval Projects also contribute to Commotion advancement.

At this stage the software is still experimental, the download page warns you that anonymity is not provided, there is no strong security against mesh network monitoring and everything could be jammed using radio and data interference.

Visit Commotion wireless homepage

Six years review of NearlyFreeSpeech.net hosting

Leave a reply

Around six years ago I decided to create a controversial website that was legal under US law but it was sure to attract complaints and run afoul of most hosting companies terms and conditions, with plenty of money this is not a huge a problem, you can rent a dedicated server and host whatever you like, the small guy with a small budget for a small site only has shared hosting to go to.

I carried out a thorough free speech shared hosting research and only found two companies fitting for my content, NearlyFreeSpeech and CrisisHost, after an initial bad experience with CrisisHost due to continuous server downtime, I moved my site to NearlyFreeSpeech, another US based company suitable for small sites. NearlyFreeSpeech has a unique in-house developed hosting control panel divided into tabs, not overtly complicated but with many less features than cPanel or Plesk, nevertheless adequate for a small site, only requiring a bit more of work setting up a database, email or domain canonical name than it would require with an industry standard hosting panel.

Static HTML sites are easy to set up in NearlyFreeSpeech, simply upload the files with SFTP and it’s done, if you want a WordPress blog or MediaWiki with a SQL database you will have to roll up your sleeves and spend a few hours reading the documentation, people who has never managed a website will likely find it confusing seeing terms like log automatic rotation, log archival compression, DNS setup or choosing if you want to activate PHP, the host hasn’t got any one-click installer like cPanel. On the positive side after everything has been configured you are not likely to ever have to do it again, it is a one off time investment and if NearlyFreeSpeech exceeds at something that is in documentation, their help pages are very detailed and clear.

NearlyFreeSpeech control panel

NearlyFreeSpeech control panel

The pricing structure is something I did not like, it is abruptly complicated, there isn’t a flat rate, you have to pay tiny amounts for each one of the priced at under a cent resources you use, like bandwidth, storage space, DNS, number of SQL databases, activating PHP, email forwarding and others, the money is discounted daily from your prepaid account.

If you require support this has to be paid for separately buying credits that give you a determinate amount of tickets, I am fairly experienced with websites and I did not have to use NearlyFreeSpeech paid support, a free alternative is to use the active members only forum where you can get advice from other customers, you can only see this forum after signing up for an account, the forum is not indexed by search engines, I found it to be very helpful and staff also posts there often to help you out. Another nice feature is a members only poll where people can vote what new component they would like to see implemented next and it will be taken into consideration by staff depending on how many votes there are and how easy it is to do it. NearlyFreeSpeech can register your domain with whois privacy protection but I considered it best to use a domain registrar separated from the hosting account in case anything happens with one of them, this would later turn out to be a very wise decision.

My site had 4.000 daily visitors, consuming 40GB monthly bandwidth, I was afraid that given that NearlyFreeSpeech charges accounts per consumed bandwidth and you need to prepay it in advance, free speech enemies could bombard the site with an automatic crawler like HTTrack and ansorb all of my bandwidth running me out of funds but this never happened. I would approximately spend around $90 a year on the site, working out at $7.5/month, an average price I think, you can pay with a credit card, Paypal or US check mailed in.

I had a problem with the site the first year when an anonymous person filled in a DMCA complaint against one of my articles quoting him, NearlyFreeSpeech support emailed me giving me the choice of taking the article down or counter the DMCA, to avoid problems and wasting time I decided to pull down that specific post, it was the only time I ever had a ticket opened and it happened the first year.

NearlyFreeSpeech asks for my passport

After six trouble free years of hosting with NearlyFreeSpeech with no server down time I can remember of, the company sent me an email out of the blue informing me that my membership had been selected for supplemental ID verification and asking me to provide them with a copy of a government-issued ID such as a passport and proof of address matching the information I had registered in my account. I was not happy that after so long of hosting with NearlyFreeSpeech and causing no problems they would now come to me with this threatening to close down my account if I did not comply.

In 48 hours I received a second message telling me that I had been “fined” (NearlyFreeSpeeh discounted $1 from my account) for not replying and threatened to increase the penalty amount until I run out of funds if I did not get in touch with them. After a back and forward ticket exchange with support it became clear that they would not back down from their request (ticket 63146) that I send in a copy of a government ID and bill matching the account address, NearlyFreeSpeech kept going on about their terms and conditions saying that accurate registration information had to be provided or I would be violating their terms and conditions and the account terminated. At this point I referred to their refund policy saying that I could contact them at any time to close the account and ask for any left credit to be paid back, to be precise, I had $55 left in my account, NearlyFreeSpeech refused me a refund saying that I had broken their terms and conditions and I could only get a refund if I provided them with a copy of a government ID and matching address.

NearlyFreeSpeech bandwidth usage

NearlyFreeSpeech bandwidth usage

I have to give it to Jeff from support that he went the extra mile explaining me the problem in detail and offering me the choice to donate the money to any website hosted with NearlyFreeSpeech or to the Electronic Frontiers Foundation, saying that they had no interest in getting paid for services not provided. My dispute here was that they could not accuse someone of providing false information when they had no evidence other than realising six years after initial registration, the account address belonged to a homeless shelter, which in itself does not mean I provided a false address since that is where I lived, so, without any corroboration of me breaching NearlyFreeSpeech terms and conditions, they had already considered me guilty, faced with the hard reality of the hosting company not backing off, I instructed them to donate the money to someone else and close down my account for good.

If you wonder why I refused to provide NearlyFreeSpeech with a copy of my passport and a bill with a matching address is because as anyone who runs a controversial website knows, your life can be at risk if that information leaks on the Internet and it is troubling that a free speech hosting company can have such stringent identity measures in place, specially given the length of time one has been a customer, NearlyFreeSpeech had six years of Paypal payments on record, that alone was more than enough to track me down if I there was the need, not that it is their responsibility to track me down anyway.

I am now hosting my site with PRQ in Sweden, slightly more expensive but committed to free speech hosting, and they even allow Bitcoin payments. Be warned if you host with NearlyFreeSpeech, they can ask for your passport and utility bill with your address at any time they like for a random identity check.

Visit PRQ hosting homepage

Cloud data encryption backup with Cyphertite

Leave a reply

Cyphertite is a cross platform service to back up your personal files encrypted to the cloud using AES256-bit in XTS mode which is uncrackable even for Government agencies with supercomputers. Unlike other similar encryption cloud services like SpiderOak, Cyphertite cryptography code is open source,anyone can verify that the client encrypts your data prior to uploading as the company claims and there is no backdoor, there is also  a cryptography white paper with advanced technical details. The password is hashed locally in your machine using javascript, it is impossible for Cyphertite to access your data even if they are compelled to do so by US authorities where they are based, network traffic is encrypted using openssl keys, realm deduplication, where a file is not backed up if it already exists on the cloud in the same user account, and compression through encryption save you cloud storage space, incremental backups only update new files shortening the needed back up time.

After creating your account you will be asked to enter a second passphrase used to encrypt your files, or have an automatic passphrase generated for you, a strength meter shows password entropy with an estimated hack time, which in my case indicated it would take over a thousand years to crack the passphrase, you will be asked if you want to print or save a backup copy, there  is no way for Cyphertite to help you if you lose your passphrase. If you choose the autogenerated phrase it will be over 80 characters long and impossible to remember, having a password manager like KeePass will be handy to save it.

Cloud data encryption Cyphertite

Cloud data encryption Cyphertite

The account interface is very simple, you browse to the files you would like to back up to the cloud select them and watch the progress bar until encrypting and uploading your files is done, there is another button to browse backups where you only get to see file names, no thumbnails or anything similar, and extract backup button and a delete backup button that will not ask for confirmation before you erase the data, the service has not been designed for sharing files or accessing it outside your home, it is an strict backup only service. It is possible to find better solutions when it comes to a more featured backup client and options but Cyphertite is the the only one with open source code and supporting Linux, FreeBSD and OpenBSD with tarballs available for download and easy to follow instructions, Windows and Mac are also supported.

Cyphertite crypto passphrase generation

Cyphertite crypto passphrase generation

They even have a well thought “Threat Models” whitepaper available for download, if you deal with sensitive data and love being able to work with Unix based operating systems Cyphertite is the best cloud service out there for your personal security, the only thing the company doesn’t provide is anonymity but if everything is encrypted at their end and they have zero knowledge of what you are storing the only possible breach will be on your side, and with no file sharing available there isn’t probably much point in being anonymous, the open source code also means that IT staff can securely recommend Cyphertite to their bosses confirming that the code does what the company claims and not just placing blind trust that the cloud company got it right.

Visit Cyphertite homepage

Review Hide My Ass VPN provider

Leave a reply

I have been using Hide My Ass VPN for one month now, HMA is one of the biggest VPN providers in the market when it comes to number of servers and countries available, do not allow that impressive number of servers to determine your shopping decision, my experience is that, living in Europe myself, all of the Asian and Latin American servers are unusable even for browsing the Internet, the ping rate is too lengthy and it hampers the speed making you wait a few seconds before you can load  a webpage. Some of HMA US servers identify themselves as “Anonymous Proxy” to websites and are blocked by online TV services georestricted to the US, you can be sure to find a US VPN to watch Hulu and listen to Pandora but you can’t count on all of the HMA VPN US servers to be able to do that, other servers are also blocked by Google search engine, showing a message saying that your IP could be a bot and it asks you to fill in a captcha before you can search, the only way around these problems are  finding the right server with decent speed that has not been blacklisted anywhere and stick with it.

Out of the  hundreds of VPN servers that HMA has, you will not be able to feasibly use the ones located far away from your home country, because of that, I didn’t find much point in choosing HMA VPN over a smaller VPN providers with less locations.

Hide My Ass VPN software

Hide My Ass VPN software

HMA VPN software client is pleasing to use, it allows you to easily choose your preferred VPN and change it with a single click, if the server is overloaded the software client will warn you and invite you to connect to a different VPN in the same group, advanced configuration lets you to change your computer IP at random set intervals and log IP history, kept inside a window tracking what VPN IPs where assigned to your computer. The VPN client only allows for OpenVPN and the insecure PPTP protocols, used in mobile devices, I expected HMA VPN software to support a more secure PPTP replacement, called L2TP, you can still use L2TP manually but the option is not included with the software and it takes some time to configure having to read the instructions in the Wiki. I couldn’t see any support for Secure Socket Tunneling Protocol  (SSTP) either, a little surprising for such a big company.  Sending email through SMTP in HMA VPN is blocked you will have to manually unblock it using the Wiki instructions or use webmail, you will also notice that if you enter an incorrect URL you will be redirected to an OpenDNS search page, this is because HMA VPN servers are using OpenDNS to resolve addresses. Another concerning problem was that the VPN would sometimes disconnect me  and expose my real home IP, it is very important that if you care about privacy enable the “Secure IP Bind” in the VPN software and attach it to your browser to stop your IP from being leaked out when the VPN disconnects.

I liked that Mac and Linux are officially supported, there is a download from the control panel to install OpenVPN in your Linux computer, there is no bandwidth limit, prices aren’t cheap if you pay monthly but using the yearly discount makes it a reasonable priced VPN and there is a 30 day money back guarantee, if you are not happy during the first two weeks you should be able to claim a refund. The deal breaker for me was HMA privacy policy stating that they keep connection logs for up to two years, this is a joke for a privacy service, even my own ISP keeps logs for much less time than that, if you rather stick with a truly no logs kept VPN you will be better off with VPN4All, if what you want is thousands of IPs then HMA VPN is a good choice, if your main VPN motivation is to be able watch US online TV from abroad you don’t need HMA and could possibly find a smaller provider with cheaper prices, most of the times, small VPN companies can offer you personalized support while big companies outsource it, when trying to keep customer happy, nobody will treat you better than the business owner, consider that too before you sign up for any VPN service.

Visit Hide My Ass VPN homepage

Review VPN provider IPVanish

Leave a reply

IPVanish VPN provider has thousands of available IPs,their servers can be found scattered all over the world in places as exotic as Japan, Malaysia, Austria, Spain, USA, Canada and many more. Some locations have various servers, making this VPN provider one of the biggest out there, with the added benefit that there is no bandwidth limit. IPVanish prices are reasonable and their services can be used in Windows, Mac OS and Linux as well as mobile devices like the iPad/iPhone, Android (LT2P&PPTP) and dd-wrt compatible routers. The digital certificates to connect to their severs can be downloaded from within your control panel, that will allow you to use IPVanish in any Unix operating systems able to run OpenVPN, like OpenBSD, NetBSD or Solaris.

OpenVPN Windows client 

I have been with IPVanish for two weeks now, their proprietary OpenVPN Windows client is the most inadequate OpenVPN client I have ever seen. Every time you launch IPVanish VPN client you will see a popup a window that says “verifying application requirements” and it makes you wait for a few seconds, after that the client will download the list of servers and will start pinging all of them waiting for the response time. A very bad idea when you have dozens of servers, you can expect wasting a minute of your time while server pings resolve, not happy with that, in the middle of the session every certain length of time the VPN client will refresh the ping rate stopping you from changing server until it has finished. This is not even necessary, as the ping rate alone does not determine the best VPN server, you also need to know the server load which can only be found in IPVanish control panel, the software wastes your time for nothing. IPVanish VPN client preferences allow you to save your username and password, and that is about as much freedom as you will get out of the settings.

VPN provider IPVanish

VPN provider IPVanish

Once you are connected to a server it will be difficult for you to know if you remain connected and what server is the one you are using, the green/red button (see screenshot) is very tiny and there is no clear indication of what server you are using except by a cryptic server name that is meant to show the server country location.

IPVanish server speed 

Server speed was fine, tested from Europe, USA servers can get 6 to 8Mbps, Canadian servers were on 2Mbps and European servers reached around 9Mbps (my home ISP is 10Mbps), during all this time I didn’t find any noticeable slow down, just the usual Asian servers making it difficult for me to browse the Internet because I am too far from them (ping rate problem),  nothing unusual. I was able to watch online USA/Canada TV, none of IPVanish servers I used were blocked by Hulu, GlobalTV or Slacker Radio, what I did find is that some of their servers in Spain, Sweden and Malaysia are falsely reported in different locations by various websites, IPVanish claims that they escalate these issues with geolocation software vendors but it takes time for the database to update because the companies providing these services treat it as a low priority.

IPVanish support quality 

I contacted support through their forums asking how long they keep connection logs, I was told that at the moment IPVanish keeps logs for 30 days, this can be obviously changed any time they like and since the details are not included anywhere in their privacy policy you will never know for sure, maybe by next week log keeping will be 5 years or 5 days, no way of knowing other than asking daily. I also contacted support once through email, it only took them a few hours to get back to me, just unlucky that support did not paid too much attention to my message because kept asking the same questions all the time, in fairness, I noticed that there were two different people dealing with the ticket but they should be reading the messages from the beginning instead of keep asking the same all over again, in the end I got my problem solved by a third person. Altogether it felt amateurish and not professional, specially as I never got a reply to my forum question when I was told they would find out.

Conclusion IPVanish review 

IPVanish could be fine VPN for Linux users with their own distro OpenVPN software and want a provider with servers all over world and decent speeds, but if I were a Windows user I would stay away from IPVanish until they release a better VPN client, I know of small VPN companies that beat IPVanish OpenVPN client hands down, once they solve that problem this provider can compete with the big league, until then I would call IPVanish pretty average and it is a pity that what looks like a big company could not invest the necessary resources releasing a decent Windows OpenVPN client.

Visit IPVanish website

Project Byzantium, a self-reliant ad-hoc mesh network

Leave a reply

Byzantium Linux is a Slackware based live CD built on top of Porteus that can be rapidly deployed to set up an ad-hoc wireless mesh network in disaster zones or locations where the Internet has been cut off by the authorities and replace the centralized telecommunications infrastructure with the network nodes. The project started as a result of the Arab spring with the idea to reinstate the Internet cut off by the Egyptian authorities at the time, the P2P model will also bypass ISP filtering and surveillance. Any small group of low skilled people can quickly deploy a reliable Byzantium ad-hoc network that requires low maintenance and it is dynamically expandable.

Byzantium has been designed to work with old hardware and Wifi access points supporting 802.11 a/b/g/n without the need to download and install drivers, it needs 512MB of RAM to work with KDE or LXDE and even less to work from the command line without a GUI, loading the distribution on RAM memory requires 1GB of RAM. Clients communicate with each other in peer-to-peer mode any Wifi device can join the network, its ad-hoc model is different from other similar projects using Open802.11s, Optimized Link State Routing, Babel and CJDNS, the developers made an excellent presentation at HOPE (Hackers on Planet Earth), available for download at their site, comparing the different threats to different mesh communication systems and explaining why Byzantium is the best model.

Project Byzantium ad-hoc mesh network

Project Byzantium ad-hoc mesh network Linux

Running Byzantium live CD on your computer will give users access to a network wide private web chat using and IRC client optimized for mobile devices and a collaborative text editor, if one of the nodes is connected to the Internet it can become an Internet gateway for the whole mesh. The Byzantium project could also be of use to create a private mesh network in a college or convention centre that can be dynamically extend its coverage, it is free and  has no central point of failure.

Potential threats to this mesh network could come in the form of wireless signal jamming (all wireless networks are vulnerable to this threat) and adding rogue nodes to the mesh to spy on others and cause havoc since there is no central authority.

Note: Byzantium Linux is currently in development and not stable yet.

Visit Project Byzantium homepage