Search

Tuesday, May 19, 2020

When we first started this project, we kept asking ourselves... "How can we make this VPN different? Better? Make it have the best security possible?", well we kept coming up with ideas, tossed some out and kept others and addded them in... But one idea really stuck out.

What if we simply encrypt the entire database, every single user who makes an account, there email, username, etc.. We would just not have access to it. How is this possible you say? Well we have no reason at all to have your data, or even fetch any of your data without your request.

So what we do is your Username, Email, Key(used to track how many connections are active without using username), concurrents, and all data that could EVER be used to trace back to you will be encrypted with AES-256 with a unique IV code OR your username as such will be hashed with SHA512, and the encryption key is also unique... It will be your hashed password. Now how can we decrypt data with your hashed password? Simple the data only gets decrypted when you login, or when you make a connection. We do not see ANY of the decrypted results. Only YOU will EVER get the decrypted results. The only exception is when you verify your email and the email that is sent will be in our "sent" inbox, do not worry as ALL emails will be deleted right after being sent.

And your password will be hashed/salted in the database, so we also can't have access to your unhashed password. It only decrypts when you put in your password.

So you might ask... "How do you know my username, email, or my connections I have on the members panel?"

Well we can't check ourselves... It only checks how many connections when a user generates a file or makes a connection and decrypts it. The data gets decrypted when a user logins.

Here's how it works:

User logins with there unhashed password and unencrypted username. 

We hash the username with SHA512 (longer the username, more secure), we do this so we can still find who you are in the database when you login.

Now once the login script finds you in the database, it will fetch the encrypted data such as key, email, username. It will then make these into PHP sessions, which are also encrypted with a public key, and also the entire process is done over a SSL encryption as well.

You could also ask "Doesn't this cost more resources, or waste more time loading pages?", at high load times it could and we are looking to add more servers to combat this.... But we simply want the best security for our users, to the point where we have no idea who our users even are.

 


Wednesday, May 13, 2020

This guide will show you how to disable most of the options, and data scraping in Windows 10. Of course this guide can simply not just disable everything Windows logs, since Windows is Windows after all.

But here's a good start on how to do that.

Step #1:

Limit what windows can track.

You can do this by simply pressing "Windows key + i", then going to the "Privacy"  tab.

Now, you should be in the "General" tab... Go ahead and disable everything in General as it's just tracking stuff.

Now, here's the list of stuff we suggest disabling:

inking and typing personalization: disable

diagnostics and feedback:

Choose "Basic", then disable "Tailored experiences".

It should look like this:

 

You can also choose to view your data, and see what they are keeping. 

 

Scroll down a bit, and you should also be disabling "Feedback frequency" and setting "recommended troubleshooting" to "only fix critical problems for me" like this:

After that you should be heading over to the "activity history" tab and disable everything on this tab, then we suggest requesting to delete your acivity data on a regular basis, like this:

Now head over to the "Location" tab, and disable location tracking as seen in this image:

 

Now go over to the "Camera" tab, to either severely limit or disable.

Now, if you need to use your camera for Skype or some other video application, disable it on all other applications and enable it for only that one. Also please note this doesn't disable your camera completely, it only limits/stops legitimate apps from using it, which can include windows.

 

Now head over to the "Microphone" tab, and if you don't use your microphone a lot. Just simply disable it, or limit it to certain apps you use.

We won't upload a image on the microphone, since it about  the exact same tab as the camera tab just microphone settings.

Let's go over to the "Voice Activation" tab, now in this tab disable everything completely, since this will always be in theory "recording" or "listening" waiting for you to say something like  "Hey Cortana". Set the settings as shown in this image:

 

Now head over to "Account info", and deny apps to access your account info.


Wednesday, May 13, 2020