Due to the innately secretive nature of the VPN market, it isn’t always an easy task to get up close and personal with a provider. Many companies tend to release only minimum amounts of information, usually obligatory, into the public domain. Quite often, potential VPN customers and people like us, who write about the industry, have to rely on this basic information published on a provider’s homepage. Undoubtedly, this is hardly a convincing proposition when it comes to subscribing to a VPN service. So this is why an opportunity to have an informal one-on-one chat with a provider a really is a breath of fresh air, and hopefully will provide a decent insight into how a VPN company works and ‘thinks’.
Today, we caught up with one of the founders of blackVPN, who spoke to us about some of the ins and outs of their privacy oriented service. He also shared with us his (or rather the company’s) views on the recent, potentially game changing, developments in the world of advocacy for privacy in this exclusive BestVPNz.com interview.
In a couple of sentences, what is blackVPN and when was the project launched?
BlackVPN is a premium VPN service for people who value their online privacy and want to use the internet without blocks or restrictions. BlackVPN was started in 2009 by a small group of privacy advocates who foresaw the worldwide government surveillance that Snowden has since exposed.
How big is the provider in terms of personell?
We are small team made up of the original founders and 3 support staff. We’re passionate about peoples privacy and as a small company we can be nimble in adapting to the changing privacy landscape. You can’t expect a big corporation with shareholders to stand up for their customers rights like Ladar Levison did with Lavabit.
Originally the VPN service started as a side-project of another project in Europe, but as BlackVPN grew and EU privacy and data retention laws became unfavourable we moved the VPN company to Hong Kong. We chose Hong Kong due to their lack of data retention laws and their lack of involvement in the NSA’s “collect it all” program.
It is usually the standard among VPN providers to collect IPs and connection timestamps. What is the blackVPN policy on connection logs – do you keep them, and if so, how long for and what for?
We now have no logs. No session logs. No connection logs. No DNS logs. We even take special steps to ensure your real IP address is never logged by any of our systems.
We used to keep connection logs of when a user connected and disconnected, but now this information is automatically deleted when a user disconnects.
How are DNS lookups handled?
We use UncensoredDNS.org as a DNS forwarder so that DNS lookups are never censored and nothing is logged.
Are these DNS servers assigned automatically or does the user have to configure them manually?
These are automatically assigned when you connect to our VPN.
How does the company deal with DMCA requests?
These are ignored on our Privacy VPNs where P2P is allowed. On our USA, UK and Singapore VPNs we actively block P2P ports to prevent DMCAs.
Many providers often state the same words “We do not log!”. From your experience in the VPN market, how can a potential VPN buyer tell the genuine difference between a serious no-log provider and a company that has a discreet history of logging traffic (even if temporarily) to identify an individual? Is this kind of information available anywhere?
Anyone looking for a truly “no logs” VPN should look for a VPN that publicly states what information it does (and does not) record, plus what steps they take to keep your real IP address out of their VPN server logs, website logs and support system logs.
We suspect that many other “no logs” VPNs are actually recording their customers real IP address during the sign-up process or even when they connect to the VPN.
This would allow law enforcement to find your real physical location from an email address or a payment record, even though the VPN has “no logs”. Some of these “no logs” VPNs even state in their TOS that they can or will record your real IP address.
Some “no logs” VPNs are even using Google Analytics on their website which logs their customers real IP address and transactions with Google. They claim this data is “anonymous” however it is only partly anonymised AFTER it is sent to Google.
All VPN providers need to deal with abuse on their servers or they will be shutdown or seized. Temporarily monitoring the traffic to the abused websites to catch the bad apple seems to be the accepted way to deal with abuse these days.
What encryption do you implement with OpenVPN? Any additional security layers in force?
We have always forced the highest level of encryption: AES-256-CBC.
We also offer SSL tunnels to hide the OpenVPN connection inside another layer of encryption, but this is more to escape Deep Packet Inspection (DPI) which can block or throttle the VPN connection.
We saw that you offer customers Viscosity client licenses together with subscription accounts, but are there any plans to launch standalone applications?
We prefer to promote the open source clients (OpenVPN GUI for Windows and Tunnelblick for OS X) because they run stably without crashing and have been verified to be malware free. Most of the features that come with custom VPN clients – like “VPN kill switches” – are unnecessary gimmicks.
Your website links to an encrypted messaging service called Read Then Burn? Tell us a bit about that – for instance, how can two people utilise it? What security measures are applied, and are there plans to integrate it with mobile platforms?
ReadThenBurn.com is a simple service for creating and reading encrypted messages – which are permanently deleted after they are read – without needing to worry about encryption keys like GPG messages. We don’t have any further plans for it at the moment.
Slightly on a tangent, you’re most probably following the recent privacy-related developments such as the passing of the USA Freedom Act and what seems to be a paradigm shift in the enforcement of mass surveillance. What do you reckon the next one or two years have in store for US citizens and, particularly, their privacy?
Citizens globally – not just in the USA but even the UK, Europe and Australia – are outraged that their governments spy agencies have been spying on their own people and sharing this private data amongst themselves. All of these programs are a violation of peoples basic right to Privacy and some spy programs have even been found to be illegal.
Rather than trusting their lawmakers and politicians who have already failed them, people are turning to encryption to regain their privacy and to keep their private information hidden from snoopers.
The next few years will bring more tools with end-to-end encryption built-in, such as encrypted email, messaging and file-sharing.
In addition to using a virtual private network, what other top three essential security precautions can you recommend our readers?
Use encryption wherever feasible. Encrypt your sensitive emails, encrypt your private IM chats and encrypt your personal files and backups.
Use separate passwords everywhere and a secure password manager to keep track of them all.
Be aware of the security limitations of each tool you use. For example did you know that their are websites that can reveal your real IP address using just your Skype ID?
Want to find out more about the service? Check out our blackVPN review. Or visit the company’s official page via the button link below: