Frequently Asked Questions Welcome to the support center. We are here to answer all your questions. If you do not find an answer here and wish to pose your question directly to us, please don't hesitate to contact us.

Questions:

1. How does Perfect Privacy work?
2. What kind of encryption are you using? Can it be cracked?
3. What kind of anonymization are you using? How safe is it?
4. How safe are your servers? Can they be hacked?
5. Do you keep logs?
6. Why should I trust Perfect Privacy? Maybe you are a gov't setup?
7. How many servers and IP addresses will I get? And where are they located?
8. What is the speed of your servers? Will the connection be slower?
9. Are there traffic limits?
10. Can I use Perfect Privacy from any computer?
11. What protocols and data can I encrypt and anonymize with Perfect Privacy?
12. Can I get a free trial?
13. How can I pay for your services?
14. Can I chain your proxy servers?
15. How do I know that you will not steal my credit card data and bank login?
16. Do you offer a safe or encrypted email account?
17. Do you offer other VPN's but OpenVPN such as PPTP VPN or IPSec?
18. Do you offer dynamic IP's or dedicated static IP's?
19. Do you offer Remote Port Forwarding (RPF)?
20. I'm already a Perfect Privacy Member. How can I extend my account?

1. How does Perfect Privacy work?

The Internet is for the most part an open, unencrypted network, i.e. Internet servers do with some exceptions (e.g. secure order forms for the transmission of Credit Card data) usually not encrypt connections. Perfect Privacy, however, encrypts and anonymizes your existing Internet connection on your side, regardless whether the Internet server you connect to supports encryption — a mechanism that suffices to increase your privacy and anonymity.

Without Perfect Privacy, whenever you connect to the Internet, everything you read or write, transfer or receive is basically unencrypted and in plain text. The Internet is constructed in a way that data are transferred from your PC, laptop or notebook over multiple other computers to their destination which could be your friend's PC or a web server. Each computer in this chain is called a „hop,” because the data are figuratively „hopping” from one computer to the next until they reach the desired destination.

Over how many hops data are routed depends on the distance between sender and recipient and the routing setup, but connections are on average carried over about one to two dozens of hops. At each of these computers or hops, everything you send or receive — the web sites you request, your emails, your chats, the files you transfer, etc. — can be read and stored. Your transferred information could also be read and stored if somebody would wiretap the cables or connections between any of these computers, e.g. the line at your own home. The most convenient location to observe you and to store everything you do on the Internet is, of course, your ISP (Internet Service Provider), because all data you send to the Internet and receive from it have to pass through your ISP. In the last years and months, many countries passed legislation which obliges your ISP to record your connection data and to store it for several months to several years. ISP's in some countries are obliged to hand these data over to law enforcement or secret service agencies without review by an independent judge.

Here is where Perfect Privacy can help you. If you sign up for our service, you will get access to several encryption and anonymization servers located in different parts of the world. Instead of connecting directly to a web site or to your friend, the Perfect Privacy software on your computer will create a high security encrypted connection to one of our servers first. All data you choose will then automatically be encrypted by your PC and sent through this encrypted connection to our anonymization server. Our server will accept the data and in addition will strip the data from information that could personally identify you.

Data, texts, photos, emails, movies, or web site requests you send over the Internet carry for example a unique number, called IP address, which identifies you. You can compare it to a telephone number. Every computer which is connected to the Internet, including yours, has a unique IP address which identifies it. These data sometimes also contain other personal information, such as the browser you use and its version, your operating system, or software plug ins you have installed. If somebody investigates these pieces of data he knows they were transferred by your machine or sent to you.

Our anonymization server decrypts the data it received and replaces your personally identifying information (such as your IP address) with its own identity. Then it sends the data to the destination, e.g. the web site you wanted to access. The web site and all hops (computers) between it and our anonymization server will no longer know to whom the data really belong. They will think our server made the request, and the web server will thus transmit the requested content of the web site back to our server, where our server will encrypt the data again and send it to your PC.

Let's look at an example: Let's assume you are John Doe in Australia and wish to send a search term to Google in America. The traditional Internet access is unencrypted und not anonymous. You enter the Google URL into your browser, enter your search term and click on the „Search” button. Your search term and site request is sent to the Google server in America which also receives your IP address which was assigned to you by your ISP and is linked to your name John Doe which your ISP has in his database. Google replies to your request by sending the requested data back to your IP address (your PC, laptop or notebook). Consequently, your ISP knows what you are doing, Google knows what you are doing, and every computer on the route — the 20 or so „hops” — in case they would bother to look it up, would know what you are doing, too.

With Perfect Privacy, however, the situation drastically changes. Your computer first establishes an encrypted connection to one of our anonymization servers, let's say in Hong Kong. All the data, photos, emails, search terms, chats, and web site requests you want are routed from now on over this encrypted connection. Your ISP — and everyone on the route between you and our anonymization server — do no longer have a clue what you are doing and which sites you are accessing. All they know is that you have established an encrypted connection to a server somewhere in the world (Hong Kong in this case). Be aware that this is nothing suspicious or uncommon. Encrypted connections to servers are established all the time when people do online banking, online shopping, access computers remotely to maintain them, establish VPN business networks, or use SSH to exchange sensitive information securely. So contrary to what many people may think, encrypted connections are something that are established millions of times every day, and the mere fact that you have an encrypted connection to a server doesn't make you "suspicious" that you would do something illegal or would have something to hide. It's simply your right to shield yourself against unauthorized readers.

Once our anonymization server receives your request informing it you want to contact Google, it will strip your personal data — such as your IP address — from the request, replace these data with its own IP address and with some additional faked information, and will send your request to Google. Because the packets carry now the IP address of our server in Hong Kong, Google will serve the page to our server in Hong Kong. Once received, our server will encrypt the page and send it back to you. This way your ISP and everyone located before our encryption server will not see at all what you are doing, on which sites you are surfing, and what you are sending or receiving: because the data are encrypted. Google und everybody who tries to pry on you on the route after our anonymization server will see which data are transferred — but not who originally requested them, who entered the search term, who will finally receive Google's reply, for whom the data are destined and to whom they are belonging. They will only see the IP address of our anonymization server in Hong Kong and it appears as if somebody in Hong Kong had sent the request. This server is, of course, used by dozens or even hundreds of our anonymous subscribers, thus it could have been anyone who transmitted the data. There is no way that Google could find out it was you.

2. What kind of encryption are you using? Can it be cracked?
Depending on the service you are using, we are using 4096 bit OpenVPN, 4096 bit SSH-2 (Secure Shell 2), and 4096 bit SSL/TLS respectively, network and a tunneling protocols that allow data to be exchanged over a secure channel between your PC and our server. They are based on public-key cryptography to authenticate the remote computer and provides improved security through Diffie-Hellman key exchange and strong integrity checking via MACs. We are using AES-256 encryption to protect the confidentiality of the data. The cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. The algorithm has been analyzed extensively and is now used worldwide. As of 2007, no attacks that attack the underlying cipher itself have ever been found.

In June 2003, the U.S. government announced that AES my be used for classified information:

"The design and strength of all key lengths of the AES algorithm (i.e. 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths."

This marks the first time that the public has access to a cipher approved by the NSA for encryption of TOP SECRET information.


3. What kind of anonymization are you using? How safe is it?
We are using on each of our servers a Squid proxy with NCSA authorization, a SOCKS 5 proxy with identification, and a CGI web proxy with htaccess authentication. In general, all those proxy servers are configured for maximum anonymity while still guaranteeing the most reasonable usability, i.e. we are using a configuration that, while protecting your identity, still permits you to access 99.98% of the pages and services on the Internet without producing errors or rendering problems.

For example, we operate our Squid proxies not on „standard anonymity mode" but on "high anonymity mode," commonly called „elite proxy mode”, but not on „paranoia mode” either (as the latter basically permits you to view only plain text pages; you would be unable to submit forms or use web authentication.). This means in a nutshell, we remove your IP address completely, including in the „X-Forwarded-For” header; we deny the „From,” „Server,” „Referrer” and some other headers and replace your „User Agent” with an operating system that most probably will differ from the one you will be most likely using; but we leave other headers intact, as their absence from a security point of view only suppresses rather irrelevant information, while it will make you unable to browse and access many pages.

As a result, no web site receives data that personally identify you, but the web site will, for example, still be informed which content encoding your browser expects.


4. How safe are your servers? Can they be hacked?
We keep our servers, our operating system and our software regularly updated, use a hard- and software firewall, have uninstalled and deactivated all unneeded services, have disabled root login, don't grant shell access, run the necessary software chroot'ed in a jail, and have installed some system programs that assist us against intruders and infections by viruses and trojans. All servers are only used for the single purpose of offering our customers a user-friendly encryption and anonymization service. No other software is allowed to run. This makes our configuration and servers reasonably safe.

We say „reasonably” because it was proved that it is impossible to write sophisticated computer programs without bugs and, thus, without possible exploits. Only a fool or a liar would claim that his machine cannot be hacked or intruded. In fact, even high security systems of the NSA were hacked in the past. In addition, there is one important tool on which we cannot rely when it comes to tracing unauthorized intruders, and this tool are logs. For the privacy and anonymity of our customers we have disabled logging. Consequently, while we did our best to configure our machines for the maximum security achievable under the given circumstances, and while we consider server security a very important, ever ongoing effort, we cannot give a guarantee that our machine cannot ever be hacked. It would be naive or dishonest to claim this.


5. Do you keep logs?
No, plainly and simply we don't. We are not obliged by law to keep logs and we disabled logging for all our services: the VPN, the SSH daemon, the Squid proxy, the SOCKS 5 proxy, the CGI proxy, the web server, the SSL/TLS, the DNS server, etc. In addition, we disabled the disk cache wherever possible, and run regularly maintenance scripts to delete temporary data and compulsory cache files.


6. Why should I trust Perfect Privacy? Maybe you are a gov't setup?
Good question. The honest answer is that like with any company with which you start a business relationship you should carefully investigate our services, whether you trust us that we can keep our part of the deal, and whether you really want to enter into an agreement with us. Perfect Privacy targets exclusively at customers who respect the laws of the jurisdiction in which our server they currently use is situated (see Prohibited Activities) and who wish to restore their legitimate privacy. Do only what is legal in the country of the server you are using. If you are a criminal or plan to use our services for criminal activities, please stay away! You will not only create problems for yourself but also for us.

You, as an individual or businessman, however, are now granted the unique opportunity to shield yourself from observers and to pursue your Internet activities undisturbedly and without other people glancing over your shoulder. Isn't that worth to give us a chance — especially at prices as low as ours?

 

Even if our services were run by any government or secret service, you would be off no worse than by surfing without Internet encryption. The state does already record and collect your accesses, data, surfing behavior and habits at your ISP and at Internet backbones. State companies or enterprises dependent on government contracts are operating some of the big Internet service providers and give out the licenses and permits for the connectivity infrastructure. The government has access to the Internet crosspoints and can rely on legislation that forces ISP's to monitor your activity without that you would even know — and frequently without that an independent judge would have given them authorization based on credible suspicion of criminal activity. National security agencies are monitoring millions of people and have many other expensive and sophisticated means to gain information at their disposal, from state-of-the-art surveillance equipment to paid informers.

Think about it: Would they (need to) create an initiative like Perfect Privacy? By recording all the data that flows through international backbones, they receive precisely the same information about you than they would get by running a service like Perfect Privacy. Just that they can observe dozens of millions of people that way instead of a few hundreds or thousands. Thus, there is simply no purpose for them to open a service like ours, potentially encouraging copycats. They would prefer an Internet which is completely open and transparent without encrypted, anonymized niches as we create.

But don't make a mistake: our services are 100% effective against bored ISP network administrators who watch in the night which sites you surf and who read your emails how your latest romance turned out. Perfect Privacy similarly shields you against businesses that collect your data; against the automatic recording by search engines and government agencies which search terms you enter, permitting them to create a profile of your preferences and interests; and Perfect Privacy allows you to manage your hard-earned money and assets without that curious people would observe you. If you are from a country that disrespects civil rights, you will be able to create a freedom blog, reporting about the human rights violations. You will regain your privacy and anonymity and will disappear from the mass of the other hundreds of millions of Internet users who are not yet members of Perfect Privacy. But we cannot protect you if you are the public enemy #1 or on the FBI's most wanted list. That ought to be common sense for a service compensation that amounts to not much more than ¢20/day.


7. How many servers and IP addresses will I get? And where are they located?
At the moment you will get access to 14 different servers, everyone of which provides a different public IP address, i.e. 14 IP addresses in total. This is already an extremely good deal for your money. Our servers are currently located in Perth, Australia; Hong Kong, China; Teheran, Islamic Republic of Iran (12 months of membership required); Moscow, Russia; Berlin, Berlin; Frankfurt, Germany; Steinsel, Luxembourg; Amsterdam, The Netherlands; Roubaix, France; Montreal, Canada; Scranton, United States; Chicago, Illinois; Houston, Texas; and Las Vegas, Nevada.


To understand why we chose these locations and why they are important to you, it is necessary to tell you something about our philosophy and future plans.

Our idea was and is to give our customers for the price they pay access to all the servers we currently can offer, in contrast to other companies who either give you only access to one server or charge considerably more money for every server you want to add to your contract. Our medium- to long-term aim — and this depends primarily on your support — is to have a server park of at least 15 to 20 servers in different locations on all continents. We have already been negotiating with uplinks in the United Arab Emirates, Panama, Brazil, Malaysia, New Zealand, South Africa and Sealand to connect new servers to the net. When and how quick this can happen, depends solely on how many regular subscribers we have. Some of the uplinks are already waiting for us to order. If you are a member at Perfect Privacy and a new server is added to our park, you will get automatically access to it, without that you would have to pay additional money.

We do not plan or expect to earn any money with Perfect Privacy in the first two to three years. We desire to invest every available euro or dollar into new server infrastructure to serve you better. We see Perfect Privacy foremost as a community of people dedicated to privacy who wish to help to build a very safe and affordable opportunity for everyone on the Internet to regain his privacy. Consider Perfect Privacy as a second-level Internet Service Provider (ISP). While your current ISP as first-level access provider provides you with Internet connectivity and access to the Internet, Perfect Privacy is an add-on to your ISP, a second-level ISP, that provides you with encrypted Internet connectivity and anonymous access to the Internet. Many people spend €20,- to €100,-/month for their DSL, cable or satellite ISP; would it be too much demanded to invest in addition less than €10,-/month to encrypt their connection and to guarantee their anonymity and privacy?

If we wish to add more servers to our park for you, this costs money, of course. Servers in different countries have different advantages and disadvantages. In some countries, the server connectivity and bandwidth is considerably more expensive, in others the amount of transfer is very limited, and others again have advantages or disadvantages for different people from a security perspective. Take, for example, an American who uses a privacy server in Iran. The chances are close to nil that Iran would ever cooperate with the U.S. government and provide the U.S. with information about it. It is much more expensive, though, to connect a server in Iran than in countries like the Netherlands. The bandwidth in Iran is also smaller, the transfer limited, and the route relatively long and thus slower from everywhere in the world.

By choosing the servers we currently offer and can afford, we chose a compromise between the aforementioned criteria. Hong Kong is for example excellent from a security point of view, e.g. for offshore banking, while the route and ping times to it are relatively slow — in particular for Europeans. Asians, on the other hand, get a good speed. Our Hong Kong server offers unlimited transfer, too, what was another advantage that came, however, for a certain price. Russia is also quite good from a security perspective, as it is not a member state of the European Union, and it has a good route from both Europe and America. Our American server is ambivalent. If you are living in the U.S., it will be extremely fast, but will offer very little additional security. You should only use it for casual surfing but not for more sensitive transfers. It's a very good choice for people from some European or Asian countries, on the other hand, who suffer from information censorship and free speech restrictions in their local countries. Every server has its advantages and disadvantages, depending on who you are, where you live and what you currently plan to do. Before you select a server and go online, ask yourself: Is currently speed more important or security? With Perfect Privacy, you can select the server you want to use and switch servers at any time, and we believe that we chose, for starters, a good mix from a security, speed, transfer and legal point of view.

 

The availability of several servers will also guarantee that you are never without encryption, even if there should be technical problems with one or even two of them.

We hope that we will be able to add new servers soon. How fast we can make this aim happen, only depends on you. Please test our services and if you are happy with them, please sign up for the annual subscription and recommend our service to your friends. The more regular subscribers we have, the more servers we can add to our server park, and the better your security will be taken care of. Please also look out for our latest referral programs and promotional codes.


8. What is the speed of your servers? Will the connection be slower?
We currently sustain a multitude of servers with a bandwidth of 10 mbps to 1,000 mbps each. Most of our servers within Europe and North America are high-speed servers with a bandwidth of 100 mbps to 1 gbps with plenty or unlimited traffic, well capable to carry broadband traffic. If you are located in these areas and thus do have a very short latency time between 10 and 40 ms to one or more of our servers, you will hardly notice a speed difference. Our offshore servers, on the other hand, are for the most part equipped with 10 mbps ports and unlimited traffic. The latency time from Europe or North America to these servers might be, depending on your location between 200 and 500 ms, what might slow down the speed noticeably, in particular if you have a broadband connection and use them to download data from sites in Europe or North America, as the route will be noticeably longer and the data will be routed over several continents if not around the whole globe and back. The surfing speed even of those machines from European and North American access points is acceptable, though, and exceeds the speed offered by free proxy or privacy services by far.

If you do not live in these areas where our offshore servers are located, you should not use these servers in a relative futile attempt to achieve high-speed downloads, however, but should rather use them for surfing, chatting, e-mail and similar activities, giving you an additional judicial advantage and increased judicial security. If you happen to have your domicile or office nearby one of these offshore servers, they will be naturally fast, as the latency time and the corresponding route to the servers will be short.

In tests we achieved almost no or no speed difference when surfing or downloading over our high-speed servers with a 100 to 1,000 mbps port if they are located close to the region where you reside or close to the sites or files you access.

But, on average, let's be honest: as a rule of thumb, yes -- your speed will decrease somewhat, for the latency time will be longer and the transfer speed will be slower. The expected speed is roughly an equation between latency time and available bandwidth. There are some services which tell you that there will be no decrease in speed if you use them, hoping that you won't notice it — and if you live, for example, in the U.S. and they give you a server in the U.S. and you surf mostly on U.S. sites, the chances are good that you won't notice any speed difference; from a security perspective you will have gained little, however, because if the U.S. gov't monitors your ISP, it could on suspicion monitor as well the U.S. proxy, SSH or VPN server you are using.

Let's take the following example: You are an Italian and access a web server in New York. Without Perfect Privacy or another anonymization service, the data will flow from Italy to Great Britain and from there via trans-Atlantic cables to New York, where the request is answered and the data are sent back along the same route. There might be about 10 „hops” or computers on the route over which the data are transferred until the destination, the web server in New York, is reached, and the ping time from your PC in Italy to the web server in New York might be about 100ms. That means it takes about 100ms until the request reaches the web server, and if it is not busy, overloaded or has to create dynamic content, it will answer your request immediately, so that that the first data will flow into your PC in a bit more than 200ms. In total, from Italy to New York and back, about 20 „hops” were involved.

Now assume you add an anonymization server in Hong Kong in-between. What will happen then is that your data could be routed from Italy to Germany, from Germany via satellite to Hong Kong, from Hong Kong to Great Britain and from there via the trans-Atlantic cables to New York. This makes the route considerably longer. There could be about 25 „hops” involved and the ping time from your PC in Italy to the anonymization server in Hong Kong alone might be about 400ms. The data then have to be routed the same way back: from New York to Britain, from Britain to Hong Kong, from Hong Kong to Germany and from there to Italy. Under the best circumstances, it might take over 1,000ms or 1 second until you receive the first data und the data might have to go over about 50 „hops” in total.

 

 

 

So your latency time, the time until the destination server can react and you receive the data might be considerably longer. Note that this has nothing or very little to do with the encryption overhead. The encryption will make your PC's CPU and the CPU of our anonymization server work a bit harder, but modern computers are so fast that this will hardly be noticeable and factor in.

What happens now if you just rented a shiny new 4,096 kbps DSL connection and download a 50 MB file from New York? If you connect directly and in the night, you will probably download at 400-500 KB/s, as the broadband infrastructure between London and New York is very good. There is most of the time plenty of free bandwidth available. If you try to download the same file from New York through our anonymization server in Hong Kong, you might only get 100-120 KB/s, however, maybe more, maybe less. Why? Our server is well able to handle your speed, but somewhere between the 25 „hops”, most probably on the satellite connection between Hong Kong and Germany there might be a „bottleneck” that doesn't allow you to transfer with a higher speed, because there is not enough bandwidth available to serve at the same time data to you and dozens of other clients who connect from Germany to Asia with a speed of 400-500 KB/s or more each. Somebody that lives in New Mexico and downloads via our server in Honk Kong from New York, might on the other hand get 250-300 KB/s. It all depends on the network infrastructure and the traffic at the time of the day. That's why it is in general recommended to download from the destination nearest to you.

In a nutshell, if you use privacy services, including Perfect Privacy, your latency time will somewhat increase and your download speed will typically, although not always, drop noticeably. The faster your Internet connection is, the more you will notice it. Different anonymization servers might yield faster or slower results, as they establish different routes. If you surf, you will usually not notice much of a difference, however, as it is rather unimportant whether data arrive at 100 or 500 KB/s: it will take the browser more time to render the page. Similarly, if a web server produces complex dynamic content, most of the time is used to generate the content and only a fraction of the time for the transfer.


9. Are there traffic limits?
We currently do not impose strict traffic limits on our servers apart from „fair and reasonable use.” Please consult our Terms and Conditions for more details.


10. Can I use Perfect Privacy from any computer?
Yes, in fact, you can. Although our proprietary Perfect Privacy SSH Tunneling client is currently only available for the Windows operating systems, you can use open source clients on other operating systems such as Linux or Mac OS X. You are, of course, also free to use such open source software on Windows. Please find the installation instructions and usage details in the members' area.

In case you are traveling or are on a computer where you have no appropriate software installed, you can still make use of strong AES-256 encryption and anonymization by using simply a browser and one of our AES-256 encrypted CGI proxies which you can access through our members' area.




11. What protocols and data can I encrypt and anonymize with Perfect Privacy?
You can encrypt all protocols and data you can send through OpenVPN and a SSH tunnel and anonymize all protocols and data you can either send through an HTTP squid proxy, a SOCKS 5 proxy or a CGI proxy. In a nutshell, that's, with minor exceptions, everything the TCP/IP protocol can carry: HTTP, FTP, Gopher, SSL, SSH, Bit torrent, ED2K; as well as browsers, FTP clients, P2P clients, IRC, Instant Messengers, and servers of all sorts. You can also choose to encrypt and anonymize some data, only anonymize others, and leave again other data completely decrypted and unanonymized. Perfect Privacy offers you ultimate flexibility and control over which content you want to encrypt and anonymize.

It is even possible to encrypt and anonymize data produced by software that has no native proxy support. Please consult the help files in our members' area.


12. Can I get a free trial?
Perfect Privacy can count itself lucky to possess an excellent goodwill and reputation. Many of our long-term customers who tried several other SSH and VPN providers before, are telling us that our privacy service is in several aspects — from speed over our information policy to support — the best they have ever used, that they are very happy they found us and that they would never use another privacy service again. There are also several independent reviews on the net which give us the best grades.

Unfortunately, we cannot issue free trial accounts, however, because several more of Perfect Privacy's advantages are that you can pay absolutely anonymously, that we do not store any of your data — including your IP address — and that we permit the usage of any free e-mail provider in the world. This means that dishonest people could use our network and resources and waste our bandwidth and traffic forever — by signing up again and again for ever new free trial accounts with ever new free e-mail addresses. If you wish to try our services first, we would recommend you to sign up initially for a one or three months account only. It doesn't cost you more than a haircut, but will give you the chance to test our services and support extensively as a member with all rights and privileges.


13. How can I pay for your services?
We offer various payment options for your convenience: PayPal, credit cards (American Express, Discover, Master Card, Visa), eCheck, Liberty Reserve, WebMoney, PaySafeCard and cash. With WebMoney, PaySafeCard, Liberty Reserve and cash you have four possibilities to pay truly anonymously. Please get our contact and account details on our order page.


14. Can I chain your proxy servers?
Yes, you can chain all HTTP squid, SOCKS 5, and CGI proxies, thereby increasing your security. Please consult the instructions in our members' area. You can also encrypt data several times with several keys if you are super-paranoid.


15. How do I know that you will not steal my credit card data and bank login?
Because we are honest people, and even if we wanted, we couldn't see, read or access these data. Whenever you enter your bank login and password, submit your credit card data to a merchant, access financial accounts like PayPal or e-gold, or transmit any other sensitive information to a web site, those services encrypt the connection to you with SSL already. The content of the connection is unreadable for us because we do neither have your nor your partner server's private key. These keys are not transmitted, hence not even we could view the content and data exchange of such communications. All what will happen, if you use Perfect Privacy with such already encrypted communications is that your real IP is suppressed, and that an extra layer of security is added, because the already SSL encrypted transfer is once more SSL or SSH encrypted by us.


16. Do you offer a safe and encrypted email account?
No, because we specialize exclusively in the encryption and anonymization of your Internet connectivity, not in the encryption of disk space. Needless to say, with Perfect Privacy you can take any free or commercial e-mail account, regardless whether web mail, POP3, IMAP or SMTP, and encrypt your received email while accessing it, as well as your incoming and outgoing email while it is transferred. If you wish to encrypt the physical email storage space on which your email rests, create an encrypted disk volume or wish to encrypt your whole hard drive, there are other programs and solutions available.


17. Do you offer other VPN's but OpenVPN such as PPTP VPN or IPSec?
Yes, we do offer PPTP VPN on our high-speed servers.

Our PPTP VPN machines use 128-bit MPPE, a protocol that makes use of the DC4 algorithm. While PPTP VPN is far less secure than our OpenVPN, it also has a distinct advantage: on Microsoft and Mac OS machines it can be set up with a few mouse-clicks, and no additional software is needed. While there are many known attacks on PPTP and DC4, it still has its legitimate use for non-sensitive data and downloads. In particular if you just need to establish quickly a VPN connection on someone else's machine to surf securely and are pressed in time. PPTP VPN also supports NAT-Traversal, i.e. it can get through (most) devices that employ Network Address Translation (NAT).

However, we also consider it our obligation to inform you about some of the negative aspects of PPTP VPN: While Microsoft claims that PPTP has a "good level of security that is suitable for most companies," security professionals such as Bruce Schneier think otherwise. A German student managed to crack PPTP passwords in 4 hours. Asleap by Joshua Wright has been extended to crack weak PPTP passwords. The authors of the premier Open Source PPTP implementations PPTPClient and Poptop recommend themselves against using PPTP. Others have found a flaw in Microsoft's PPTP implementation. Even Microsoft now admits that "as a VPN protocol, Microsoft considers PPTP to be non-strategic". Note also that PPTP is not an official Internet standard. It is a 'de-facto industry standard' set by Microsoft. In a nutshell, PPTP VPN can give you a false sense of security. Only use it, when you deal with non-sensitive data and when you need a VPN but have at the moment no possibility to install Open VPN. While PPTP VPN offers you immediate encryption and protection from the casual observer, always be aware that security experts and trained cryptographers can crack it with comparatively little effort. Are your pieces of information valuable enough that someone will go through this effort and spend the money it costs to decrypt them?

There are other non-standard based Open Source VPN solutions such as CIPE, vtun, and tinc. None of them but OpenVPN seem to be promising. OpenVPN is based on OpenSSL, runs in user-space, is relatively lightweight, supports compression, is highly secure, being based on certificates, keys, and passwords, is simple-to-use and runs on seven different OS's including Windows, Linux, and Mac OS; but CIPE, vtun and tinc have serious security problems according to security expert Peter Gutmann. Consequently, we do not intend to offer them.

L2TP/IPSec is a different story altogether. It's a network protocol for secure communication and is an official Internet standard. People do as of yet have not much experience with it, but it looks promising. It makes use, amongst others, of IP 50 (ESP), not a port, but another Internet protocol like UDP or TCP, making it more difficult to track. It supports NAT traversal, IPX tunneling, supports virtual IP addresses, and is considered a secure VPN protocol. On the client's side, there is not much to configure, so it's fairly easy to install and to use. Its disadvantages are that it has fewer features than for example OpenVPN. AES encryption is for example only supported on some commercial clients, and AES is considerably faster than 3DES. AES is in particular not supported by Windows 2000 and Windows XP.

It requires both an IPSec and a L2TP server. Implementations are rare and not widely used on a Linux server environment. There are probably very few people using this setup at the moment, and not much information is available. The upgrade path is similarly uncertain. Vista supports new features such as AES but its IPSec client has not been updated since June 2003. The MSL2TP client is basically a buggy, experimental 1.0 client and there will be no further updates by Microsoft because the client is officially in a non-supported phase. In addition, the payload traffic gets encapsulated a couple of times (IPsec, L2TP, PPP). This requires more bandwidth, and the L2TP and PPP protocols require extra daemons on the Linux server which have to run in user mode. This means extra processing overhead, more latency, and the VPN will be slower, constituting the bottleneck itself. Needless to say, IPSec also complicates things for non-Microsoft users. NAT-Traversal is only experimental, and L2TP/IPSec still lacks „perfect forward secrecy,” as both Windows and Mac L2TP/IPsec clients do not support PFS as a security feature. Last but not least, there are patent issues involved, as Cisco has a U.S. patent claim on L2F. L2TP is essentially Cisco's L2F and Microsoft's PPTP merged into one. Cisco has a patent on L2TP as well.

As you can see, there are a lot of good reasons to wait to offer L2TP/IPSec as a VPN solution on our servers, as it would, besides everything said, also need much extra time to install, secure and maintain it on all our machines. The question is whether this is reasonable if it has for the user not more security and features to offer than OpenVPN — but rather less. So far, there has never been an interest in IPSec, with the exception of one inquiry, which we herewith answer in this F.A.Q. If its development continues, it becomes more wide-spread, and demand increases, we might implement it and perhaps IKEv2, too. At the moment, such a decision would be premature due to lack of demand and the lack of sufficient security analysis of available software implementations by cryptographic experts.


18. Do you offer dynamic IP's or dedicated static IP's?
No, we offer neither, as this would decrease the security, anonymity and safety of you and our customers enormously. We assign each and everyone of our customers who connects to a particular server via NAT (network address translation) the same external IP address all other customers use. This has the advantage that your incoming and outgoing traffic can ex post never clearly and unambiguously be assigned or attributed to you. If you had a dynamic IP or a dedicated static IP which only you use, the situation would look entirely different. But as long as dozens if not hundreds of our customers who are connected to a server at a certain time span use the same external IP address, it is impossible to say who transferred which data.

Let's expand this thought for example to the situation that the Directive 2006/24/EC of the European Union obliging Internet access providers to log certain information would be extended to privacy providers, too, as Germany plans already to do beginning with January 1, 2009. If the German proposal is not declared unconstitutional by the German Constitutional Court (a constitutional appeal whose chances are considered very good is pending), we would, starting with January 1, 2009, have to log which IP addresses are initiating connections to our German servers, when the connection takes place, when it is terminated and which IP address we assigned to an incoming IP address whose packets we forward. We would not be obliged to store on which sites you surf, which files you download, which ports you use, to which servers or IP addresses you connect, to whom you send e-mails or from whom you receive them, and so forth. We would have to keep the above-mentioned connection data for 6 months and would be obliged to delete them within at least a month thereafter. Needless to say, we would delete them exactly after 6 months, 0 days, 0 hours and 0 minutes (in case the logs would not have never been stored or would not have been lost earlier due to a hardware or software failure, a misconfiguration, hacking or human error).

As we assign all our dozens or hundreds of members who are connected to our German servers at the same time the very same outgoing IP address, it is, however, nonetheless impossible to say ex post which incoming IP address accessed which sites, communicated with which IP addresses or transferred which data. It could have been any of the persons connected at a certain time, since all of them used the same outgoing IP address. Assigning everybody the same IP address increases thus your security enormously. If we were to assign you a dedicated dynamic or static IP address, as some other "privacy" providers do, your traffic and what you do or did, could be traced or reconstructed and attributed to you at any point in time.


19. Do you offer Remote Port Forwarding (RPF)?
Yes, we offer Remote Port Forwarding with Open VPN for long-term customers of good standing. Let us briefly explain what RPF is. Assume you are connected directly to the Internet without router, firewall, VPN or privacy provider. If a program or application you use wants to open a port on your machine in order that another computer can establish a connection to exchange data with your machine, it will simply work.

If you are a member of a VPN, however, the situation is entirely different: while you are able to connect to other servers (e.g. web sites) through the VPN server which forwards your data to their IP addresses, other servers or computers on the Internet cannot "see" your machine at all and don't know that it exists. All they can see and are aware of is the VPN server and its IP. If they now would try to establish a connection to a port of our VPN server in order to exchange data with your machine, the attempt would fail utterly, because, firstly, our VPN servers' configuration doesn't permit your programs to open ports on it, and secondly, the VPN server would have no clue to which of the dozens or hundreds of our customers' machines which are at this point in time connected to it, it should forward the data. As a consequence, the data which another computer sends to our VPN server in an attempt to reach your machine would be dropped and would never arrive at your computer.

The solution to this problem is called Remote Port Forwarding or, for short, RPF. It means that we reserve and open a couple of ports on our VPN server and if another computer or server wants to establish a connection to these ports or sends data to one of these ports our VPN server forwards the request or the data to the corresponding port of your machine. This happens completely hidden and in the background. Your real IP will not be exposed: the computer thinks it establishes e.g. a connection to port 50046 of the IP of our VPN server, but our VPN server forwards the data secretly and clandestinely to port 50046 of your computer where the connection or data can be accepted and processed by the program you are running.

You need RPF for example to get a High ID on Emule while you anonymize and encrypt your traffic with Open VPN, to avoid the "NAT errors" or "Firewall errors" on Bittorrent clients, or to administer your machine remotely through the VPN. These would be some legitimate applications of RPF. Note also that you do not need RPF in order to use P2P protocols such as Bittorrent, e2dk, or Gnutella, but it might help you to find more sources quicker in particular if files are rare.

Unfortunately, Remote Port Forwarding also carries a lot of abuse potential. As we do not log but do permit completely anonymous sign-ups, people could for example run a web server with illegal files behind a port we forward (e.g. on an address like http://hongkong.perfect-privacy.com:50046) and it would look to any observer, as if these files would be hosted by and physically located on our machine. This is a strong argument against offering RPF at all.

On the other hand, we do not want to deprive our loyal, long-term, law-abiding customers of the opportunity to utilize RPF for legitimate purposes either. We thus made a compromise and decided to offer RPF only to customers of good standing who fulfill certain requirements and who accept our RPF Terms of Service (RPF ToS). Please read more about the RPF's requirements, prices, permissible use and how to order Remote Port Forwarding here.

 

20. I'm already a Perfect Privacy Member. How can I extend my account?
Simply use our order form and select the desired length of your membership and your desired payment method as usual. In the field "4. Additional Message:" simply enter the term "Extension," followed by your Perfect Privacy customer number as well as your Perfect Privacy username.

 

Sign-up Now and encrypt your Internet.

Need assistance? Email us.