Dictatorship states and VPN's
Hello everyone. I want to clarify a few thing for myself regarding PIA's security.
I live in a dictatorship state (Belarus). The internet is being very heavily monitored. The internet's distribution is handled by one major ISP Beltelecom with smaller ISP's like ByFly or CosmosTV reselling the bandwidth they get from Beltelecom to us.
Our authorities have complete access to Beltelecom's servers/IP's they provide to us/Sub ISP's.
I am not very savvy when it comes to VPN's. I have a rather surface level understanding of how it functions. I need to know if the authorities can
figure out who i am if i am using PIA to cover my tracks. I am planning to host a political YouTube channel where i would be covering some topics that are happening here in English. My government does not tolerate dissent of any kind and free speech is essentially non existent here. The constitution and laws can be warped and bent to the will of those who want to see you behind bars for the rest of your life. I saw that happen multiple times to people who spoke up that i knew personally and now they are either in prison or in Europe.
Not only it's hard to stay hidden from your own government but a lot of the times the Russians are trying to extract information from my government about our citizens that talk shit about Russia.
I need to be sure weather or not the authorities can identify me:
If i post replies and messages on forums and sites hosted by people who can provide that information to the authorities
If i upload videos to YouTube
If they demand YouTube/Google to revel my identity via IP address i used to upload my videos
If they directly contact PIA and demand to revel my identity
If i use a localized messaging app Viber which the authorities have full access too
If the authorities will approach the major ISP\smaller ISP's to hand over information about me
If my major ISP/smaller ISP's/ authorities are approached by the Russian authorities in an attempt to extract information about my identity
This is rather serious. I really need to know
Thank you for your time
I live in a dictatorship state (Belarus). The internet is being very heavily monitored. The internet's distribution is handled by one major ISP Beltelecom with smaller ISP's like ByFly or CosmosTV reselling the bandwidth they get from Beltelecom to us.
Our authorities have complete access to Beltelecom's servers/IP's they provide to us/Sub ISP's.
I am not very savvy when it comes to VPN's. I have a rather surface level understanding of how it functions. I need to know if the authorities can
figure out who i am if i am using PIA to cover my tracks. I am planning to host a political YouTube channel where i would be covering some topics that are happening here in English. My government does not tolerate dissent of any kind and free speech is essentially non existent here. The constitution and laws can be warped and bent to the will of those who want to see you behind bars for the rest of your life. I saw that happen multiple times to people who spoke up that i knew personally and now they are either in prison or in Europe.
Not only it's hard to stay hidden from your own government but a lot of the times the Russians are trying to extract information from my government about our citizens that talk shit about Russia.
I need to be sure weather or not the authorities can identify me:
If i post replies and messages on forums and sites hosted by people who can provide that information to the authorities
If i upload videos to YouTube
If they demand YouTube/Google to revel my identity via IP address i used to upload my videos
If they directly contact PIA and demand to revel my identity
If i use a localized messaging app Viber which the authorities have full access too
If the authorities will approach the major ISP\smaller ISP's to hand over information about me
If my major ISP/smaller ISP's/ authorities are approached by the Russian authorities in an attempt to extract information about my identity
This is rather serious. I really need to know
Thank you for your time
Comments
If I were a whistleblower, dissident, etc. living in an oppressive regime I would never place my confidence in any vpn provider that didn't specifically cater to that sort of clientele. Not only do you need options for extremely high-level vpn security (e.g. OpenVPN over SSL, OpenVPN over SSH, OpenVPN over TOR, etc.) you also need to go with someone who can give you competent technical support and advice on how to avoid inadvertently giving your identity away (and there are multiple ways that can and does happen in spite of using a vpn). IOW you need to take into consideration far more than just cloaking your IP address.
There are only a handful of vpns who can get you there. PM me if you'd like specific recommendations.
Cases of people being caught that were using TOR for anonymity was because of human error; not compartmentalizing activities such as logging into a monitored twitter or email account without tor or perhaps on their phone.
As for VPN providers, if we 'assume' they don't log your activity (look at reviews, user experiences etc), and you set up your system correctly (no leaks etc), and perform some regular checks, you have good chance.
Setting up correctly is key, it takes time and effort and you can't afford mistakes. This is where a dedicated operating system like 'tails'(tor) has advantages.
You may consider combining tor and vpn. Again, adding more steps requires checks and can increase your chance of error.
Even then your isp could determine you are using either a vpn/tor, but won't know what your doing or where.
More subtle things like having unique web-browser fingerprints could be used by websites you visit to monitor your travels online, using your time-zone, os, hardware etc. Using the tor browser helps mitigate this as you will 'blend-in' with other tor browser users.
Your phone has location settings so does windows, more reasons to use a dedicated system.
Further, things like posting your question can cause unforeseen problems; searching for well known VPN providers from your 'real' IP may flag you with your isp; did you use a unique user name which could link your posts to other websites/forums; you also mentioned your country and likely isp, the way you type, your grammer weather/whether...these things can add up to profile you.
Tor would be fine for posting comments, however it is slow, not ideal for uploading media/content. A VPN would be better for this. But then your changing setups which increases the chance of human error.
Research other peoples mistakes/misfortunes.
Once your set up, then create your online identity, google/youtube etc. obviously no personal info. Don't reveal anything personal in your media content (voice, background noise, window/reflections).
Can the media files you upload contain any metadata like your system hardware, os, language, time-zone....if your life is on the line every possibility needs to be considered.
piaabo offers some excellent advice. I would add that for those of us who care deeply about our security we shouldn't ever install Chrome, let alone use it. Google's original motto was "Do no evil." Now unfortunately they ARE evil. They spy on their users and are invasive of privacy. It wouldn't surprise me if they were joined at the hip with NSA. Former Google employees have claimed they can even surreptitiously turn on your camera and microphone through Chrome (hence my strong objections to PIA when they created a vpn plugin for Chrome). As such also I wouldn't consider using gmail as it's become all but impossible to even set up a gmail account without giving up your phone number. Go with protonmail or another email service that takes privacy seriously.
It is difficult not to be overwhelmed by the possibilities and issues. My post might seem discouraging to the endeavor. The goal is to be informed, break the big picture into sections such as vpn provider, hardware/software/os, online identity/accounts, standard operating procedure. Tomeworm has offered to help you with the vpn part.
I'm not going to learn all the technical aspects and become a security/network/software expert. I could find/test/use the tools made my others technically proficient in those fields......in reality i only dip my toes.
The initial predicament of searching for and setting up a vpn account anonymously could be achieved with tor.
If you have EVER logged into your gmail account without a VPN, google will have that ip stored, and they will tell the govt agency this fact.
PIA most likely wont hand over anything, but if you have used a credit card or another traceable way to pay for your subscription, your govt WILL find out if they dedicate sufficient resources.
Same with Viber, i would NOT trust them at all in terms of privacy.
AFAIK, Threema is the only really secure messaging app that DOESNT REQUIRE a phone number to register, but its paid.
Signal is awesome, but metadata is a thing. And they know which number contacts which number. Ditto with Telegram.
My point is, what you want to do, interact and upload to youtube and google, you have to go into this KNOWING FULLY WELL A VPN IS NOT NEARLY SUFFICIENT FOR WHAT YOU WANT TO DO. You are talking about intelligence agencies from a nation state wanting to know who is uploading anti-govt material on google/youtube, YOU WILL BE FOUND, make no mistake about it. If you have to ask on this forum about VPN's, KNOW that hiding your identity is not a skill-set of yours. You WILL make mistakes, and you WILL be caught, because your opsec is just non-existent to your govt. I would urge you to rethink this whole youtube thing, if its indeed as serious as you claim, you are woefully unprepared.
I would add to this that PIA will even remind governments of any existing paper trail that leads back to their clients through third parties. They did so in US federal court when asked to provide log files in United States Of America v. Preston Alexander McWaters. PIA claimed they were unable to provide any useful log files to the FBI and then later proudly tooted their horn about it here in these forums and elsewhere. But what they failed to mention is that in their court testimony they had also assisted the FBI by offering up the following:
I find that level of helpful cooperation quite disturbing.
This information is available on our website, specifically when you subscribe and it asks for your payment method. We have since added a number of other payment methods, some anonymous and some 3rd party processors.
You have been repeatedly warning about this behaviour and you still continue to demonstrate a lack of decorum and respect.
- Keep your mouth closed.
- Don't say anything.
- SHUT UP!
I'm just as disturbed to see that pointing out that PIA dropped hints to the FBI gets a customer banned. Not cool.