User Tools

Site Tools


techquestions

Technical Questions

Do you retain IP addresses or other session logs (IP addresses, time, user names…) when using your service, and what exactly and for how long?

For Road Warrior accounts we only account for traffic. This happens without logging or storing any IP addresses. The accounting is done with a session time precision of 24 hours only, without doing session counts.

How do you make sure what is logged on your servers? Do you maintain them yourselves?

Our servers are located in secure, professional data centers and are maintained by operators working under contract with us.

Do you take further effort to ensure anonymization of your clients, for example, do all users surf under the same IP address?

We use several methods:

1.) IP addresses are used by many sessions at the same time. All IP addresses within a cascade are shared by all users on the cascade.

2.) Entry and exit gateways are usually operated by different legal entities and usually (but not in every case) are located in different jurisdictions.

3.) We multiplex connections between entry and exit gateways.

4.) We mix packets between entry and exit gateways.

5.) Internode encryption.

6.) Jurisdiction aware exit node allocation.

7.) VPN-termination never done on entry node.

Do you optionally offer either port forwarding or individual IP addresses? Are the individual IPs static between the connections? On the other hand, do you offer dynamic IP addresses, as well, if wished?

We do not offer port forwarding or client-specific IP addresses within our consumer products. Our enterprise products can optionally be equipped with incoming gateway functionality and client-specific outgoing IP addresses.

How many servers in what countries do you operate, do you maintain them yourselves?

Our Road Warrior network currently consists of over a dozen servers in multiple cascades. We also operate an undisclosed number of servers and cascades for enterprise clients. All server administration is audited by us.

Which is your base country (because of the applicable data protection law)?

Various parts of our operations are distributed over companies in various jurisdictions. Panama is the main country of network operations, USA and Switzerland are customer services and contact. We also have technical services in Germany.

Do you use server cascades, meaning that each connection is passing more than 1 server?

Yes.

Under what circumstances data would have to be revealed to authorities in your country?

It would require at least two subpoenas in two jurisdictions. It would also require the session to be still active.

What access methods do you support (OpenVPN, IPSec, PPTP/MPPE)? If OpenVPN, what operating systems do you offer pre-configured clients for?

Consumer products: OpenVPN, IPSec/L2TP

Enterprise products: OpenVPN, IPSEC/GRE, IPSec/L2TP, PPP over MIX, OpenVPN over MIX.

OpenVPN preconfigurations: Ubuntu Linux, Windows (XP,Vista), Mac OS 10.4+

What types of session logs do you keep?

For Road Warrior accounts, traffic logs include only the total amount of traffic per day per user account. No other information is stored.

For Enterprise products there are no traffic or session logs.

User names are not connected with network data, authentication keys or similar. However, email-addresses for optional incoming email service can in some cases be connected to payment data.

User data is only available to our sales companies, not to network companies. Network data is not available to sales companies. Data is not stored on the same servers.

Is your anonymization access limited to web traffic (HTTP) or other ports or services?

No.

Do you block any specific ports, such as 25 TCP?

Not by default. But we retain the right to block certain ports or route them via protocol-specific gateways. For example, SMTP traffic will always take a special route different from all other traffic.

Can your service be used without a proprietary software client?

Road Warrior: Yes.

Enterprise products: No. Requires hardware appliances that run partially proprietary software.

Do you run your own DNS server? Who has power over it?

Yes, we run our own and use direct resolving.

Do you block or plan on blocking certain DNS names for customers? By which cause and rules (for example forced by law or authorities or host)?

No. We do however redirect NXDOMAIN to blackrouted IP to prevent certain kinds of leaks over DNS.

Do you block certain requested IP-connections? If yes, why and which kinds?

None by default. Should the owner of an IP request blocking we will usually comply, such as in cases of DDoS, cracking attempts and fraud. These blocks are usually temporary.

Under certain circumstances (massive seeding) we temporarily block specific BT-trackers if we receive DMCA notices or equivalent. Currently no IP is blocked.

How long do you log DNS requests?

We don't log DNS requests.

Which way is there for customers not to use your DNS server, if wished?

We force DNS traffic to our own servers to prevent DNS leaks that can break anonymity. Users are free to use non-standard ports for DNS if they want.

How is Cryptohippie.net related to Cryptohippie.com? Who does what?

Cryptohippie.net is our network operator. It's registered and operating from Panama. Cryptohippie.com is one of two sales companies. It is responsible for customer contact, authentication, and support. Dot-.com has no influence on network operations, it only authenticates users. Dot-net has no access to customer records.

What data do you log for how long when using the product “secure e-mail account”? Is it available separately or part of RoadWarrior?

We do not log data on the secure email. However, outgoing mail through our smarthost is “tagged” by a cryptographic proof so that we can identify spammers (and shut down their accounts). It is currently NOT available as a stand-alone product.

Does Cryptohippie work via a </font> </font> satellite internet connection? Are there any latency issues?

The answer is “yes” and “no.” It strongly depends on both the type of satellite connection and the specific product you use. For Road Warrior accounts, most satellite connections will work given that they have a latency below 2 seconds (which is the case for Thurya and similar). Our CryptoRouters work much better with satellite, up to latencies of about 10 seconds and disconnects of up to 2 minutes. It is important that the connection allows full IP streams (many satellite connections are only allowing streams to their proxies).

Can individuals contract for more traffic per month if they need it?

No.

If you go over consistently, we’ll just shorten your account accordingly. (This happens very rarely and we’re not interested in ‘nickel and diming’ our customers.)

How many hops are in the Cryptohippie VPN?

2 multi-jurisdictional hops or more, depending.

What is the industry standard?

There isn't one. We’re out here on the frontier. So far as we know, all of our competitors are simple, single-hop proxies, which stopped being a secure technology ten years ago.

If the government launched a full frontal assault against Cryptohippie and seized all of their assets, would my information ever be in jeopardy?

Not really. Sessions are encrypted with ephemeral keys, so they would vanish fast, and the sessions aren’t associated with IDs or meat-space identifiers. They could, of course, grab our bank records and find out who has paid via credit card, but it would stop there – that info is not associated with use data. I suppose they could try to lock us in cages, but there really wouldn't be much that we could tell them.

They could, however, cause us to close-up. That would be the more likely attack vector.

Is there a service that does emails outside a private network like yours?

We very much like the service provided at Schipered.net However, that is a separate company and service and we do not provide support for their products. We just like the service and think highly of their security.

techquestions.txt · Last modified: 2013/07/29 00:35 by Paul