We’re excited to announce we’re expanding our payment method offerings, enabling VyprVPN users to pay in more ways from more countries around the world! The first new payment method we’re offering is Alipay, a digital wallet most often used in China. With this update, VyprVPN users can now pay for their VyprVPN subscription with Alipay.
How to Pay with Alipay
You can select Alipay from the Payment Method options when signing up for VyprVPN. The process is the same as for other payment methods, with Alipay now appearing as an option. Please note Alipay is currently available for new VyprVPN users and existing VyprVPN Free users. Alipay will be available for existing paid users in the near future.
Since the beginning of VyprVPN, we’ve provided a great consumer VPN service to bring privacy and security to our users everywhere – from your local coffee shop to travels around the world. We work hard to own and operate the fast, secure VPN servers that are used by our customers. However, it has always been our decision where we placed the servers and what networks we used, as well as what hardware they would run. This all changes today as we excitedly introduce the beta of our newest product – VyprVPN Server!
We’re moving into a whole new world by providing you, our VyprVPN customers, with the ability to operate your own VyprVPN Server and place it wherever you want. You can place it in the cloud. You can place it in a data center. You can place it at home. You can place it, quite literally, anywhere on the Internet you want and use our easy-to-use apps to connect to your Server. We’ve worked hard to fill a gap in the cloud VPN market, and to build a cloud VPN server that’s simple, flexible and secure. VyprVPN Server was built with you in mind, and is compatible with several platforms including DigitalOcean, AWS and Virtual Box. Additional platforms, such as VMWare, are on our roadmap and will be coming soon.
Why Did We Create VyprVPN Server?
It’s simple, so the days of fighting with your VPN are over. We recognize that VPNs can often be messy, with complicated setup for IT professionals and end users alike. VyprVPN Server simplifies this process, and provides quick and easy setup so you can get up and running in minutes. The modern server interface provides a streamlined, user-friendly service, instead of the clunky user experience you are used to. Even better – this device works on mobile.
It’s flexible, so you don’t have to invest in expensive hardware. A lot of other VPNs lock you into proprietary hardware systems, forcing you to use their system and the associated programs they’ve selected. With VyprVPN Server there is no hardware investment, and you are not locked down. This means you can set up and customize your server however you want. Just spin up VyrpVPN Server in cloud just like your other apps, so it fits into your existing workflow seamlessly.
It’s secure, so you can rest assured your network and all the important connections to it are safe. Stop leaving SSH or other remote access open where the public can scan your servers! VyprVPN Server reduces the exposed entry point into your network, shielding you from many dangers. Server offers the trusted OpenVPN protocol, but also includes our proprietary Chameleon protocol so you can even take advantage of Golden Frog’s worldwide network (owned and operated by Golden Frog), which includes over 700 servers worldwide.
How to Use VyprVPN Server
We’ve wanted VyprVPN Server to meet a variety of needs. Here are a few of the ways you can use it:
Corporate Server: VyprVPN Server is a great solution for corporations looking to lock down their environments, while still providing access for employees on the go.
Personal VPN Server: Set up your own personal VPN server, and control the logging policies or IP location. Running your own VyprVPN Server in a public cloud like DigitalOcean is an excellent way to test this out with server locations in several countries.
In the Cloud: Since VyprVPN is built for the cloud, you can secure your cloud deployments so your servers aren’t exposed to the public Internet. This allows you to feel confident your cloud environment is protected.
VyprVPN Server Specs
Applications: Windows, Mac, Android, iOS
Number of Servers: Business customers – unlimited number of servers. Pro/Premier customers – one server
Minimum Server Hardware: 1 GB memory
Protocols: OpenVPN, Chameleon, IPSec
We’re still developing VyprVPN Beta, and would love your input along the way! Here’s how you can get involved:
Get exclusive access to VyprVPN Server Beta now!
Join the conversation in the VyprVPN Server forum – share your ideas, and tell us what features you want to see in VyprVPN Server
Track product development in the VyprVPN server roadmap
China seems to be changing its tune in how it recognizes the Great Firewall. Over the past few months, several events indicate that China is publicly moving towards legalizing the Great Firewall – both through their efforts to promote Internet Sovereignty and attempts to stop the use of proxies.
As New York Times article outlined, the Chinese government has been working hard to enact a concept of “Internet Sovereignty” that they believe in. They promoted this concept during a United Nations meeting in December, which was set to “define the policies and frameworks of how the Internet is governed in the future.” During the meeting China tried to assert influence and pushed hard for the word “multilateral” to be included in the frameworks (meaning each state, or country, can make the rules on Internet use):
“‘China has been very active in the negotiations at pushing for more state control over how people get online and who has access to data,” and “The inclusion of the word was largely spearheaded by China, which worked to enshrine state control over the Internet in the document.”
Most other countries were opposed to this terminology and it was left out of the final document, but China held their own World Internet Conference soon after during which time they promoted the Internet Sovereignty concept again.
It was also recently reported that China is making efforts to block “circumvention tools,” with the “help of cloud providers.” Chinese regulators are asking these middlemen, including cloud storage providers, to remove any such circumvention tools (IE proxies, VPNs) that are hosted on their servers. This effort included an email message sent to Microsoft Azure users:
“In response to recent pressure from Chinese regulatory authorities, Microsoft Azure China, which provides cloud storage for leading CDNs, issued a letter to its clients recommending that they remove all illegal circumvention, proxy and VPN services hosted on their server.”
Azure is a target because lots of virtual private servers (wall escaping proxies) are placed on Azure.
Why It’s Important
China seems to be working to publicly justify the Great Firewall – which is a big deal. In pushing so hard for Internet sovereignty they aren’t just admitting the Great Firewall exists, but also moving towards legalizing it. The email to Microsoft Azure users further illustrated this, as the phrase “illegal over the wall” sites was used. Employing this language and bringing these circumvention tools to light also shows the Chinese government is trying to regulate and legalize the Great Firewall.
This is a big change for China, who has previously even denied existence of any censorship or Great Firewall. If China legalizes the Great Firewall, they are legalizing extreme Internet censorship, which is a threat to Internet freedom for users within the country. Learn more about censorship in China here.
Ars Technica recently posted an article entitled “Why you probably shouldn’t be doing work on that in-flight Wi-Fi.” While we agree wholeheartedly that it’s dangerous to use Wi-Fi that doesn’t involve an encryption scheme, we don’t think the article is worded quite strongly enough. There are more dangers lurking in the Wi-Fi world today!
There’s no probably about it. If you work for a company, you have legal obligations to safeguard the intellectual property you come in contact with. If you have a family or are part of a community of people, you have a moral obligation to safeguard their lives. There’s no “probably” in an obligation.
The article calls to attention the fact that GoGo and Global Eagle (in-flight Wi-Fi providers) are doing questionable and nefarious things on their networks to actively undermine encryption and the privacy of connections. The article also points out that these services use an open Wi-Fi without enabling encryption between devices and the wireless access point (WAP). These two things enable ANYBODY with a laptop to TRIVIALLY run a process to record all of your unencrypted traffic — in fact, Macs come pre-loaded from Apple with a network troubleshooting tool that can do this in a handful of seconds: tcpdump.
Does this mean that you are safe to use Wi-Fi networks which require you to enter a password to connect? Are these Wi-Fi networks secure? Not really. When I go to my favorite local cafe, I connect to their Wi-Fi with their password: “pancakes.” Then, as I surf and do my work while eating my pancakes, am I protected from that strange-looking guy in the back of the room? Maybe, and not necessarily — but it is never definite. There are a variety of Wi-Fi security protocols a network operator can use, each with varying degrees of security. For most people, there’s no way for them to know or even understand how secure any given Wi-Fi network is during the sign-on process of entering “pancakes.” It’s not safe to believe that entering a password means you are secure from eavesdropping. The safest option is to believe the worst about the Wi-Fi Internet you are using and simply, ALWAYS use a VPN. Even if you are paying a fee for access to a Wi-Fi network, you should be wary of what that network operator is doing with your data and who might be snooping on you.
If you often surf the Internet, casually check your emails or browse through your social media feeds, chances are you’re being tracked in some way. Whether its advertisers logging user habits and creating a profile of you, or the government potentially snooping on your emails, we’re all at risk for being tracked online. We’ve complied the top 5 places you may be tracked on a daily basis.
Your Social Media Accounts
Social media tracking is perhaps one of the most treasured methods utilized by advertisers. Through social media, we give a detailed profile of our user habits, likes, hobbies and more. It’s a gold mine of information just waiting to be tapped into by third-party advertisers. Facebook takes this information and passes it along to Facebook advertisers, who can tailor ads to suit your interests. Facebook games are also able to track you when you sign up. The games integrate with your profile and can pull information out at any time. Twitter also became more nosy last year when they announced they would collect information on all other apps a user has downloaded onto their phone, to help improve targeted advertising. Think you’re safe on Instagram? The popular app geotags your images every time you upload a photo, even if you did not use the ‘Name this Location’ feature.
Your Search Engine
Search engines are essential for us to find what we’re looking for online, but can also be used to track our activity. Google Trends, for example, collects real-time search data to help businesses gauge consumer search behaviors over time. Google also tailors their ads to suit your interests, based on your search history. Google is constantly trying to build a consumer profile of you, and will even filter their search results for you based on your past search history. Yahoo and Bing are not much different, planting cookies in your computer to store your information and remember your location. Sure, a personalized search is a nifty. But is it worth it at the expense of your privacy?
Your Personal Email
Many free email services have been known to implement some form of tracking to serve you relevant ads. But did you know that you can be tracked by companies for simply opening an email? By merely clicking or tapping to open an email, you’re relaying to the sender not only that you opened it, but also where you were when you clicked it and on what device. This technology has been utilized by marketers, advertisers and unfortunately also fraudsters.
Your Favorite Websites
Your top visited websites may be tracking you more than you think. Cookies are commonly used by websites to store your information, alongside directing remarketing ads to you when you visit other websites. Facebook opt ins for example (ie: messages that say ‘Login with Facebook’) streamline the account creation process and minimize consumer efforts, but they are also used by countless websites to access your social media information. When we visit websites, we also share data about ourselves such as our IP address, which can reveal a user’s location.
Your Downloaded Apps
As touched on previously, the apps we install on our phones can be used to profile us on social media sites such as Twitter. Your downloaded apps may also be tracking your location without your knowledge via your phone’s GPS, so it is important to keep tabs on which apps have access to this sensitive information. Be sure to read carefully before tapping ‘yes’ to certain app permissions. Many times apps will include, in the fine print, what the app has access to, but can be hard to find when skimming long User Agreement forms.
Quick Tips to avoid being tracked:
Clear your search engine browsing cache frequently
Adjust privacy settings on your social media accounts and apps to help protect our privacy
Adjust your location services to disable GPS tracking
Be cautious of sending sensitive information over email without encryption, and beware before opening suspicious emails
Most importantly, download a reliable personal VPN, such as VyprVPN, to encrypt your data and secure your personal information. Get started today.
VyprVPN Server Features
VyprVPN Server was designed to eliminate frustrations traditionally associated with VPNs. Our flexible, highly-secure solution is easy to set up and includes the following features:
Your own dedicated server: VyprVPN Server is your own, dedicated server. This means you’re in total control of the entire stack.
Fast and easy deployment: You can get up and running in minutes. VyprVPN Server even gives you feedback while deploying, so you can stay updated on what’s happening throughout the deploy process.
Unmatched security: VyprVPN is highly secure, locking down your cloud infrastructure to protect your connections at all times.
Seamless connection to existing apps: VyprVPN Server is flexible, so you can connect to your existing apps and programs (for example Salesforce, Confluence).
The Chinese government introduced a draft law that would increase Internet censorship in the country. The proposed rules would allow the government to ban Web domains that are not approved by “local authorities.” This could include the extremely common “.com” and “.org” domains.
The regulations would allow only sites approved and supervised by the government. Providers would have to apply to the Ministry of Industry and Information Technology for approval on these before the web addresses would be allowed. This increases the government’s ability to monitor and control Chinese Internet users.
If these rules are enacted, The government will only grant access to sites on a “white list,” as opposed to their current method of blacklisting specific sites to disallow. This change would greatly increase censorship, and cause even “harmless” websites to be blocked. The new laws expand on existing regulations put into place as early 2004.
Per a quote from Japan Times, “The domain name system will work in the background for your every single click on the browser while the Great Firewall blocks outside content,” Yip said. “If this trend continues, we can predict that the Chinese network will soon become a big Intranet, totally monitored by a network ‘big brother. The authority can block all domain name servers outside of China (the Great Firewall) and allow only domestic domain name servers to serve Chinese Internet users requests.”
The government is currently seeking feedback on the laws, which can be submitted through April 25. It’s not yet clear how they’d enforce this for domains outside of the country.
China has a long history of Internet censorship, and if enacted these new rules would tighten that grip. As a company dedicated to a free and open Internet, we are strongly opposed to censorship in China and elsewhere, and hope these draft laws are not enacted. You can read more about censorship in China here. Or read the full draft of the regulation.
Update: April 7, 2016 – It’s being reported that many Chinese citizens are taking advantage of the public comment period mentioned above, and expressing frustration with the increasing blocking of websites under the Great Firewall. This is notable, as it’s coming from those who “usually avoid confrontation.” Users are upset about the law’s proposal to block domains from outside China, as well as the increasing censorship overall.
Recently in the news, Tech In Asia reported that VPN providers ExpressVPN and Astrill have been using Certificate Authority (CA) certificates generated from 1024-bit keys. As far back as 2003, 1024-bit keys were projected to be crackable by 2010, and current research estimates that 1024-bit keys can be brute-forced today by the resources available to nation-state actors. Since offering OpenVPN and IPsec VPN services in 2010, Golden Frog has always used 2048-bit keys for both its CA certificates and the keys used for encrypting VyprVPN connections. Security researchers project that 2048-bit keys will be sufficient until around 2030.
So specifically, what is wrong with the 1024-bit key being used by ExpressVPN and why should VPN customers be concerned? For encrypting the VPN connection, ExpressVPN was using 2048-bit keys, so the data was protected at a higher level. As with all things related to security, though, the answer comes down to trust.
In an OpenVPN connection, the Certificate Authority (CA) certificate allows the OpenVPN client to know that the VPN server is who it claims to be. The VPN server’s identity is signed by the CA key, and with the CA certificate, the client can verify that a third party it trusts (the certificate authority) has vouched for that. This trust is predicated on the authority having the only access to the CA key. If someone unrelated to the authority also had access to the key, they could create and sign their own server certificates – and those servers would be just as trusted as the authority’s. No one could tell the difference, so no one could trust that the server is really who it says it is.
As a result, the CA key is very important to the VPN server trust chain, and it’s just as important to anyone who wants to pretend to be that VPN server. One way for someone else to get the key is to guess it. If someone guesses all of the possible keys, one of them will be the right key. We call this a brute-force attack, and at large key sizes, brute-force attacks are computationally huge. A 1024-bit key requires 21024, or over 1e+308 (1 followed by 308 zeroes), guesses. Even for the fast computer clusters we have today, that would take longer than the current age of the universe. Algorithmic attacks can substantially reduce the number of guesses necessary, though. Researchers today estimate that, for a few hundred million dollars, someone could put together a computer system powerful enough to crack a specific 1024-bit key in a year or less. With the key guessed, that person or group could set up their own VPN servers pretending to be the real VPN servers, and then decrypt all of the traffic. Since the same CA key is usually used for all of a provider’s VPN servers, they can effectively decrypt all VPN traffic to all of the servers, without the user knowing. This is called a man-in-the-middle attack, and it’s the most efficient method for large scale surveillance of encrypted data.
So, although your data is encrypted in transit, the data may be going to a malicious third party who can decrypt the data upon arrival using a man-in-the-middle attack. Encrypting the data is worthless if the CA key can be cracked. It is the equivalent of putting all of your documents in a secure lockbox, and then mailing the lockbox to your enemy who has stolen the key.
Weak CA keys are even worse than weak encryption keys, because they control the entire kingdom. Tech In Asia rightly questions whether Chinese users of these VPN providers should be worried, because China is easily capable of performing both the brute-force computations and subsequent man-in-the-middle attacks necessary to decrypt the VPN traffic. VyprVPN is safe from this for now, and we’ll continue to update our systems and configurations to follow current best practices to stay safe in the future.