Hacker
Professional
- Messages
- 1,041
- Reaction score
- 852
- Points
- 113
I'll start with a review of VPN providers that do not keep connection logs, in other words, they do not record in their logbook which midshipman from which submarine connected to their destroyers and sank American combat squadrons.
CactusVPN is a VPN service from Moldova that does not keep logs at all (at least, it did a couple of years ago) and accepts bitcoin as payment. This service allows you to protect up to 3 devices simultaneously, which is quite good. It doesn't have many servers and server locations, but it does have very reliable 256-bit AES encryption. The app of this service also implements the "apps killer" function-an advanced version of the emergency disconnection function from the network.
This Romanian VPN can be safely called the most transparent of all: you can find the office address and contact details of the company's CEO on their website without any problems. Plus there is a huge list of servers and a free tariff (although its capabilities are quite limited). The software is intuitive, it is impossible not to note the presence of an emergency shutdown function from the network – for this a separate respect.
NordVPN is a Panamanian-based VPN service that few people can compete with. NordVPN especially stands out in terms of security: it provides the ability to establish both a dual VPN connection and a Tor-over-VPN connection. In addition, NordVPN rates are quite affordable (you can check the availability of discounts). Well, if you are one of those who need both the highest level of security and access to Netlflix, then NordVPN is still one step ahead with its Ultra Fast TV server. An almost infinitely long list of servers and server locations is another advantage of this VPN service!
Seychelles treats VPN services with very high favorability. It is partly for this reason that many VPNs are registered on the islands, including this one, Trust. Zone. Its client program perfectly determines the most suitable server for the user (automatically), and it also implements the function of emergency disconnection from the network. The only downside is Trust.The problem with Zone is that it has a version only for Windows computers.
Also registered in the Seychelles, VPNTunnel is a good option for anyone who wants to remain anonymous. To get started, you only need to specify your email address. The service does not record or store users personal data. However, it is worth noting that the quality of the user support service of this service is quite controversial.
About VPN protocols
It's no secret (although no, it's usually kept in the strictest confidence and sold to the curious for $) that pptp-vpn configs are very good for the stick. This is a VPN tunnel protocol that establishes a peer-to-peer connection to the server. Since p2p guarantees our sole use, the main advantage of pptp is considered to be the purity of the IP address.
But here's the problem. It turned out that the hitherto impregnable PPTP is actually insecure (even its creators at Microsoft abandoned the protocol), so its use should be avoided. While ease of installation and cross-platform compatibility are attractive, the L2TP/IPsec stack has the same advantages and is more secure.
L2TP/IPsec is certainly a good VPN solution, but not as good as OpenVPN. However, for quick VPN setup without the need to install additional software, it is still the best solution, especially for mobile devices, where OpenVPN support is still low.
OpenVPN leads the way, despite installing third-party software on all operating systems. This is a reliable, fast, and secure protocol, although it requires a little more effort to set up than other protocols. The only problem is that it is very difficult to find configs for openvpn, and everyone who recently made money with them died out at the moment and left their regular customers to scratch their turnips in proud solitude. So that you understand, configs are taken mainly from vpns raised on dediki.
SSTP offers most of the benefits of OpenVPN, but only in a Windows environment. This means that it is better integrated into the OS, but due to this, it is poorly supported by VPN providers.
Most users can use OpenVPN on their desktop computers, possibly adding L2TP/IPsec to it on their mobile devices.
Proxy Anonymity
As we know, when the client interacts with the server, the client sends some information to the server (mostly the browser transmits it, but the proxy can also add something "from itself"). This means the name and version of the operating system, the name and version of the browser, browser settings (screen resolution, color depth, java / javascript support,...), the client's IP address (if a proxy is used, it is replaced by the proxy server with the IP proxy, and your real IP follows the route in the adjacent header), and much more…
This information is passed in the form of environment variables.
I will focus only on those related to anonymity.
So, if the proxy is not used, then the environment variables look like this:
REMOTE_ADDR = Your IP ADDRESS
HTTP_VIA = not defined
HTTP_X_FORWARDED_FOR = not defined
Transparent proxies do not hide information about the real IP address:
REMOTE_ADDR = IP proxy
HTTP_VIA = IP or proxy name (proxy server is used)
HTTP_X_FORWARDED_FOR = Real IP
Anonymous proxies (anon) do not hide the fact that a proxy is used, but they change the real IP to their own:
REMOTE_ADDR = IP proxy
HTTP_VIA = IP or proxy name (proxy server is used)
HTTP_X_FORWARDED_FOR = IP proxy
Distorting proxies do not hide the fact that a proxy server is being used. However, the real IP is replaced with another one (in general, an arbitrary, random one):
REMOTE_ADDR = IP proxy
HTTP_VIA = IP or proxy name (proxy server is used)
HTTP_X_FORWARDED_FOR = random IP
Elite proxies (elite, high anon) not only change the IP address, but also hide even the fact of using a proxy server:
REMOTE_ADDR = IP proxy
HTTP_VIA = not defined
HTTP_X_FORWARDED_FOR = not defined
Therefore, headers from such a connection will not contain information about the use of proxying, which of course plays into our hands.
By the way, there are also so-called mobile proxies. The funny thing is that any anti-fraud analysis module knows which device a particular IP belongs to, moreover, it also sees the operating system from which the connection originates. This means that if your ssh belongs to a Linux-based server, and you connect to it from Windows, and with the most proud look go to paypal.com get ready to get a lapel-turn. Mobile proxies, as you might guess, are deployed on mobile devices, so they are not suitable for working with a PC, but they are just perfect for Android.
And since I have already touched on the difference within one category of the usual means of anonymity, I will also say about SSH. Have you ever wondered why Port 22 is open in some tunnels, but not a word about it in some? Here you need to turn again to the connection extraction method. If the tunnel is raised on the RDP with handles, from the command line, then this, you must admit, is a completely different calico than just a twisted server with an open ssh port.
