Answered: userid and password by mail?

secrbot

Junior Member
Hi,

I just subscribed. And what is already strange is that userid and password are given in clear through mail?!
I searched for an option to change that password but cannot find any??

If not , how tif my mailbox is hacked or whatever that would mean that for whatever reason anyone having access to the mail can read my userid/password of perfect privacy and have access to my private keys?
Why is this insecure system implemented and not the creation of the password on the site itself during account and payment creation?
You have listed many interesting features but a simple password is given like this? Do you have a solution to this?

I have subscribed to other VPN services but never had my password sent through mail like this as this a big security and privacy issue!
This does not make me confident in the name Perfect Privacy but I really wanted to try it.

Other questions:

- How do you deal with servers that have not enough users connected? I see servers as FREE 100%. That would mean that if I connected to it I would be the only one? That would directly identify me I suppose? Is there a way to see how many users are connected?
- What kind of data can you give law enforcement in case

Kind Regards
 
Solution
Hi,

first sorry for the late reply, it's been a busy day so far.

As others already mentioned you can have a new password assigned (if you want, also without it being sent via e-mail) on the account page in the member area. You also may add the PGP key for your e-mail address there and choose to only recieve encrypted e-mails from us from thereon. I still have adding a PGP key during sign up on my rather long todo list though. However the safety of the encryption used is in no way related to your username and/or password. You may not choose your password for yourself because sadly people tend to reuse passwords, and we don't want that to happen. You might have heard of huge leaked username/password lists which then are used trying to...
I recommend to use PGP so PP can send you encrypted emails only. On the other hand, your password doesn´t identify you since no logs are kept. A "hacker" could "only" abuse PP by using bandwidth without paying anything.

Regarding free servers: I asked PP about it and got the answer that usually 100 user or more are online on each server but don´t using much bandwidth. So yeah, I also think that it would be better to see how many users are actually online. I am missing this feature too.
 
As far as i know is every PP server a Tor Middle Node with very low bandwidth for this purpose. That should avoid that you are the only one on a server. I don't think that full bandwidth available indicates no User on this particular server but if you feel insecure then choose another server with bandwidth used. A feature to see number of connected user per server isn't really needed in my opinion.
 
JackCarver;n9662 said:
I don't think that full bandwidth available indicates no User on this particular server

Maybe, maybe not. But if I compare the bandwidth from eg. Erfurt with informations from other vpn providers I (my personally opinion only!) would say, that it is unlikely that more than 100 users are online without using an noticeable amount of bandwidth. I think even 30 users would use 100 MBit+ (thats what I can see if I use available informations from other vpn providers who show how many users are online and how much bandwidth is used). But just my 5 cent. Maybe an Admin can jump in and tell something about it.
 
There are only two users needed, that you don't can say who does what on the other side. Not 30 or 100, but thats the Difference between personal opinions and whats needed. As i said, if you feel insecure use a server with only 70% of bandwidth left. The next Problem is that you have to implement a function which collects data and these data is personal as i get counted, not impersonal like display Server usage. Think about it
 
JackCarver;n9665 said:
The next Problem is that you have to implement a function which collects data and these data is personal as i get counted, not impersonal like display Server usage. Think about it

You´ve got a point there.

P.S. Auf der anderen Seite gehe ich davon aus, dass man diese Statistik auch anonym erstellen kann, indem das "Logging-System" lediglich erfasst, dass X-Personen mit Server Y verbunden sind, im Ergebnis aber nicht zuordnen kann, wer konkret gerade verbunden ist bzw. diese Information sofort nach dem Trennen der Verbindung verwirft.

--> I think there is a way to use non-personal data to show how many users are connected to an specific server. But you are right, this is a form of logging. So yeah, the status-quo isn´t so bad.
 
As you say, this is a form of logging and i don't want to know what else these VPN services are logging which log such data...PP is a non logging service and that's good. And even if you get your information, you have to recognize that these information can never be real time, as it's totally overkill to scan such things in real time, contrary if you want these infos in real time, this would be the best logging service.
So what's the benefit with non real time information? How can you know that at a special point of time you are not alone on a server? The answer is simple, you can't. That's snake oil and nothing else what these VPN services are offering...
 
Hi,

first sorry for the late reply, it's been a busy day so far.

As others already mentioned you can have a new password assigned (if you want, also without it being sent via e-mail) on the account page in the member area. You also may add the PGP key for your e-mail address there and choose to only recieve encrypted e-mails from us from thereon. I still have adding a PGP key during sign up on my rather long todo list though. However the safety of the encryption used is in no way related to your username and/or password. You may not choose your password for yourself because sadly people tend to reuse passwords, and we don't want that to happen. You might have heard of huge leaked username/password lists which then are used trying to get access to various services/sites.

100% free bandwidth does almost never indicate there are no users on these servers. But sure there are servers with little active users. As mentioned, there is TOR running as a middle-node also. But there are a lot of services in use which do not eat up much bandwidth, think of loading a webpage and then looking at it for example. This creates a spike as everything is loaded by your webbrowser, followed by a phase with little or no traffic while you are reading the page. Also the traffic data shown is a snapshot made over a couple of seconds, so you see the traffic at the moment this is taken, but not the traffic that (might have) happened in between two snapshots. You may also daisy chain servers and use one with more traffic as the first one in the chain to help circumvent possible traffic correlation.

In cases where we have to comply with law enforcement agencies we can of course only hand them the data we have, but we don't collect a lot in the first place. Since we do not log user activity, this usually means nothing at all, as we can not correlate any traffic from the past to a user account. As for user data we of course would have some data such as username, e-mail address, encrypted password, and an expiration date of that account along with other settings made (such as PGP key, port forwardings (if still valid only) etc).

Currently we have no plans of showing the amount of connected users per service and server again. But it is not that easy anyway with some services. While it is easy to see how many accounts are connected to OpenVPN, the only value you can determine for a Squid proxy is the number of active sessions, which is not the same as active users (and might change rapidly as I previously mentioned). Also if a user is connected via an ssh tunnel the proxy accepts connects without login data required... so it gets even more complicated. As we run on a no logging policy, we really rather not keep track exactly of every connection being established. While it might be possible to keep track of every connection that is happening on a server in realtime... we simply do not want to know.
 
Solution
Back
Top