Today is a nice place to visit but you can't stay here for long
|
|
|
Hidemyass does not hide your ass
PRIVATE VPN SERVICE Hidemyass.com does not actually hide your communications if you are doing anything that the authorities demand to know about.
The firm was mentioned in stories about the arrest of one Lulzsec member who is alleged to have used its services and been involved in some high profile hacking incidents.
Hidemyass.com listed some things that the group has been involved in, allegedly, and in a blog post stressed that it did not want to be involved in that sort of thing. Despite its name seemingly being designed to appeal to under the radar users, that is actually not what the service is about.
The firm did notice that its name kept popping up in IRC chatlogs about private services to use, but never took that any further. Until court orders came in asking it to hand over information, that is. Which they did.
"It came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases," it writes.
"As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US). Our VPN service and VPN services in general are not designed to be used to commit illegal activity."
Users would be "naive" to believe that paying a firm called Hidemyass to hide their ass would actually involve some ass-covering, according to the blog post.
"It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences," it said, as it explained that this would be the case across the industry.
"This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers."
Hidemyass was set up to counter web censorship, according to the blog, which adds that the firm thinks that the web should not be censored in any way. It said that the prime example of this is the Egyptian revolution, where users we able to turn to its services to protest and find information. µ
Share this:
Share
I'm no master hacker by any stretch of the imagination, but wouldn't the smart thing to do to avoid tracing be to hijack someone else's wifi? These guys were from Phoenix and I don't know how it is there, but here in NYC you wouldn't even need to hijack anyone's connection. There are open wifi networks galore. So much so that you can switch locations constantly and never have to use the same one twice. They'd be able to trace you to a general area, but I'd assume that's as far as they could get.
To hide yourself on the net is pretty easy. All you need is the right degree of paranoia and the right tools. Tracing back a connection works until a single point where the chain is broken, then all is lost. Just passing through a router that doesn't log makes retracing nearly impossible. Beside this, anyway, the excuse Hidemyass used to justify their behavior is complete nonsense. "we will cooperate with law enforcement if we receive a court order": so if they were located in Lybia, no activist were supposed to be safe...
I'm surprised that any self respecting "hackers" would think that they can purchase or get anonymity from a third party. That's not how it works.
Graphical web browsers that run scripts, applets, and invoke a large amount of local and remote actions are by their very nature _never_ going to be truly anonymous.
The only way to obtain anonymity is to stop spreading information. One way is to install and learn to use Lynx (text mode web browser). Another is to hack a version of Firefox to truly _only_ do what you want it to do.
I can't say this for certain, but it seems that many/most of the "hackers" who were using their skills to further various criminal endeavors "stole" their internet connections. This took out the first vulnerability allowing them to be traced to a particular location. And as I have seen descriptions of how these individuals were tracked down, it seems that in many cases it took just a single momentary lapse in judgment that manifested itself with a personal IP address in some access log.
I'm very interested in this topic, not only from a data security perspective, but as a freedom of speech issue. I'm not convinced we have yet found a good balance between privacy requirements and government oversight, though I can't fault others for it, as I have no constructive _actionable_ suggestions to add to the discussion.
It's very difficult to hide yourself on the Net. But a tiny mistake can ruin your attempt at hiding.
A computer connection history can be tracked very easily. It leave traces wherever you connect to. For example, simply browsing will leave traces thanks to Google javascripts found everywhere on the Net. Not to mention all the GUID and all the aps running in the background phoning home. So, a computer connection history can be traced. Even if you connect to an anonymous WiFi, the FBI could trace all the places where that computer has been, including where Windows/Linux was installed (which 99% of the time is at your home).
Even if you take all the precautions, boot from an anonymous live CD, change your MAC address, do your things on a rogue WiFi connection, etc. There will always be the "unknown factor", the unsuspecting piece of software that will give you out.
There's almost NO anonymity on the web once gov't focuses on you. (Or when go_ogle and facebook mine data everywhere to track you.) Every use of the net necessarily includes your current IP address: putting those behind a VPN just doesn't work once gov't pries those open with a bit of paper or other technical means: gov'ts have literal taps that sift for specific activity.
Wonder why this technology was BETTER understood by science-fiction writers before it even existed than by today's young numbskulls who are actually using it?