I have been using Private Internet Access VPN for three years, and I recently moved to WindScribe, now that I have used both companies I can make a fair comparison, I don´t use AI anywhere in this blog.
Both companies PIA and WindScribe have strong no logs privacy policies and are based in countries involved with mass surveillance, The Five Eyes, this does not put me off if you trust their no logs claims but it concerns me that the UK free speech laws are some of the most limited in the Western world, the UK is know to arrest people posting nationalist British views in social media, this is the main reason why I moved to WindScribe but since I moved I also discovered that WindScribe not using virtual servers considerably reduced the number of captchas and wrong IP locations I get. It is also noteworthy that WindScribe engages with the community in Reddit, something PIA does not despite having an official subreddit too, and WindScribe does not have any affiliate program that could buy them good reviews like PIA VPN does.
Even though WindScribe is more expensive than PIA, this is to be expected when you only use real servers and I decided to keep WindScribe as my VPN provider, but avoiding what I consider unsafe locations like India and Hong Kong (China), countries where unregistered VPNs are not legal or demand them to keep logs, that is the only regard where PIA VPN has done better by refusing to do business in those countries instead of renting a server and hoping for the best. On the other hand if you need a real VPN server in Russia, WindScribe is one of the few VPN providers able to provide it, what I consider a handicap could be a blessing for others, overall, so far I am really happy with WindScribe.
PIA VPN
WindScribe
Strengths
Very cheap if you pay yearly
Audited no logs
They only use physical servers
They engage with the community in Reddit
They don´t own any other VPN company and are transparent about ownership
They have real servers in exotic locations
They have no affiliate program to pay VPN top lists and influencers
Free generous plan to try the VPN without payment
Drawbacks
Owned by Kate Technologies with headquarters in the UK
Parent company owns other big VPN companies like ExpressVPN and CyberGhostVPN
Parent company owns VPN review site VPNMentor where they recommend their own VPN (conflict of interests)
They have many virtual locations and it is difficult to find out where the real physical server is located
There is no community engagement in Reddit or any other place
There are lots of fake reviews in VPN top lists due to their affiliate program
Headquarters in Canada
Non serious marketing communications full of jokes for children
They have servers in countries where no logs VPNs are not legal like India and Hong Kong (China)
Today I sideloaded TubiTV to my Smasung smartTV, if you live in a country where TubiTV is available you don´t need to do any of this, the instructions are only for people being geoblocked by TubiTV, as a side note, this should work for many other apps like LiveOne.
I will describe my hardaware because depending on hardware things might change, I am using a Samsung smartTV with an Android TV box, brand “Strong”, based in Austria but owned by a Chinese conglomerate, they are not one of the cheapest Android set up boxes out there but you know it won´t come loaded with malware as it is a well known brand within the Android set up boxes community, and more important, it runs Android 11, which makes it harder to install unauthorized software.
You will need an Android phone too, these are the instructions to sideload TubiTV to your smart TV.
Download the app SendFilesToTV from the official Google play store to your smartphone and to your smartTV, the app must be installed in both devices.
With your phone go to the alternative Google playstore UpToDown and download any app, for example TubiTV, this will be a .apk file.
In your smartphone click on the Send Files To TV app, click the button that says “Send” browse your .apk file downloaded from UpToDown and select sending it to your set up Android box which will show up in the destination if you are in the same Wi-fi network, this only works if your smartphone and the Android set up box are both in the same network.
Go to your smart TV open the Send Files to TV app, click on Receive and you will see the .apk file, click on it and pick install, you will be prompted to change one security setting to be able to install it, the instructions are very clear, read the screen and change the setting UpToDown tells you, after this you will have UpToDown installed in your smartTV.
Open the alternative Google PlayStore you just installed in your smartTV, go to media and you will find TubiTV and thousands of other apps, now you can pick any app you want and install it without having to use any work around.
For security uninstall SendFilesToTV after leaving a review to the developer if everything has worked for you, the app is free at the very least you could leave a review right? You can use other alternative Google play stores like ApkMirror, a Chinese company but my favourite store is UpToDown for no other reason that I don´t trust the Chinese government when it comes to privacy and security.
Needless to say that you will still need a VPN to watch TubiTV, you can try WindScribe for free without payment asked and see if it works for you, they support streaming, or pick your own VPN. English speaking countries where TubiTV is known to work: United States, Canada, Australia, United Kingdom.
One of the most private email communication systems consists in using Tor or a VPN to connect to a free webmail service and encrypt the messages yourself with PGP, this method gives you privacy and anonymity. Thunderbird+Enigmail, or GPG4Win can do that and it won’t cost you a cent, the problem is the time and learning curbe it takes to do this.
Encryption built-into the webmail service might not as secure as doing it yourself but if the company claims are true, encryption secure and their privacy policy trustworthy, it is a really easy way to secure your email messages.
Atomic Mail: Free encrypted email service with aliases, zero access encryption and no advertising. Atomic Mail is a new privacy email service based in Estonia compliant with European GDRP privacy laws. You can use it to send password protected emails to people using an insecure email providers, when you send a password protected email only the link to the message hosted in a secure server is sent and not the content.
Proton Mail: Company keeps minimum logs and can not read your data as the inbox is encrypted. Servers are based in Switzerland. Communicating with other Protonmail users is end to end encrypted, and emailing other email providers is done in plain text, to make the best of this service your friends should ideally be using too. the company itself can’t read your data.
Tuta Email: Email privacy service based in Germany, messages are encrypted in your browser and nobody can access the encryption keys, Tuta staff has no decryption keys, they keep no login IPs and have no way to identify customers or decrypt data. They also publish transparency reports showing how many court orders they had and what it was done about it, like, handing over encrypted data.
Tuta free privacy email service
VFEmail: With support for PGP encrypted webmail using the interface and anonymous sign up using Tor, this service has a Tor hidden node from where you can access your account. Metadata is scrubbed from emails and your computer IP removed from the headers.
Mailfence: Email service hosted in Belgium that supports sending OpenPGP encrypted messages and two factor authentication. Seamless keystore integration. All encryption happens in the browser. Service includes a calendar and cloud document storage with paid for accounts giving you access to Android and iPhone apps to access your email using a portable device.
NOTICE: List only includes services with free option. If you are willing to pay for a privacy email service other companies you should look at are Posteo (Germany), Countermail (Sweden), StartMail (Netherlands), CodaMail (USA) and KolabNow (Switzerland).
Webmail services hiding your IP
The following email services do not encrypt your messages but hide your computer IP in the headers. I tested all of them and the sender’s IP is replaced with a neutral IANA (Internet Assigned Numbers Authority) private IP address, a range of IP addresses not linked to any country or person reserved for use in private networks, the only way to find out who sent the email is to contact the company and ask them.
Yandex: Russian email provider offering Email accounts in multiple languages, with huge storage space (10GB), beautiful interface of interchangeable themes, spam and virus filter and free storage for files and documents. Yandex strips your email from the headers but this is not a privacy service they keep internal logs of the real IP in case of abuse.
GMX Mail: Free German email provider with PGP encryption, large attachments, filter rules and mail collector as well as 10 free aliases to be able to compartmentalize different online identities. GMX finances the free email service with advertising being displayed on their page.
NOTE: Some email services will only strip your computer IP from the headers for webmail and include the computer IP in messages sent using SMTP.
LibertyVPS is a hosting provider that has been in business four years and they specialise in free speech. Their servers are located in the Netherlands, so your content will have to be compliant with Dutch law, the company provides hosting for those facing censorship but they also warn in their terms and conditions that they will work with law enforcement to prevent illicit activity.
I asked them if I could host pharmacy related products like Viagra or vitamin supplements and I was given a link to their terms and conditions where the only listed content restrictions are child porn, spam, malware and human and animal pain sites, the bottom line is that LibertyVPS doesn’t allow any activity which is illegal but will happily host whistle blowers and sites exposing government and corporations malpractice and abuse.
LibertyVPS control panel free speech hosting
Prices are reasonable, I did not feel I was being charged extra for privacy, but if you are after unlimited bandwidth you have to upgrade to a VPS, which can be set to CentOS, Ubuntu, Fedora, Debian or OpenSUSE, even if you pick one distribution you will not be stuck with it for ever, you can reinstall the VPS with a new distribution using the control panel.
For shared hosting LibertyVPS is using a standard cPanel that most people will be familiar with and you can back up your own site using it. They also offer Windows VPS which I did not test.
Uptime was fine, I have not been with them for long but so far all good and the backbone is provided by Dutch company Ecatel, with up to 1 Gigabit line speed. Support is only via ticket, LibertyVPS replied to the three tickets I opened in under 24 hours.
Overall I think that this company fills in a much needed niche, free speech hosting on a budget, reliable, with good support, standard industry hosting software and payment in Bitcoins. I can´t think of too many improvements for this company and even if you don´t need a free speech host, given their average prices, I would also recommend them for hosting mainstream content outside the US.
Posteo is a paid privacy email provider based in Germany. I signed up with them after a recent Fastmail price increase and my concern about Fastmail being an Australian company with servers in the USA.
I briefly considered Yandex, a free Russian email service with interface in English, but it does no good to me to trade NSA illegal spying for Russian Federal Security Service (FSB) illegal spying.
I came to the conclusion that all countries spy and the only way I was going to protect myself from that is by using an email service that is transparent about logs, has encrypted storage with the email provider locked out of them, with no access to the keys, and end to end encryption. What is known in the privacy industry as zero knowledge, and if the company is based out of the Five Eyes wiretapping alliance (UK,US,CA,AUS and NZ) even better.
Posteo fulfilled all the requirements I had in mind and I also liked that they do not have a Facebook page, it shows they really care about customers privacy.
How to open a Posteo account
Opening an account with Posteo took me around one minute, the company does not want to know your name, address, back up email or phone number.
You only need three things to sign up for a Posteo account:
Pick a username
Pick a password
Pay with cash, Paypal, wiring, credit card or voucher (payment methods are anonymised)
Posteo payment
I used Paypal to buy the account, I know Paypal stores all transactions for years and the NSA probably has a direct feed to them but the transaction does not show your Posteo email address, the only available record in Paypal is the date and amount of money you sent to Posteo, your inbox or username is never printed anywhere in the receipt.
Posteo Paypal payment (5 years prepaid)
Futhermore, Posteo payment system automatically assigns a code to the inbox so that usernames can never be linked by the company with a payment. Tax laws compel Posteo to keep payment information for 10 years, this includes your name if you used bank transfer o Paypal to buy the account, but it never includes what your email address is and if the company was asked for this they are unable to provide the information, there is no law forcing Posteo to keep that data.
Specific details on how your payment is anonymized is very well explained with screenshots within Posteo’s FAQ.
One of my favourite things from this company is that their help pages disclose in plain English (German&French) the security measures they take to protect customers from illegal spying by government agencies, what logs Posteo keep, how long for and what happens if they receive a subpoena, as well as some background information about Germany privacy laws.
There are no trial Posteo accounts, payment is taken from day one, but if you are not happy with the service you have the right to revoke it within 14 days and credit will be refunded.
If I had to criticise anything from the payment system is that they do not accept Bitcoins.
Posteo email basics
You can access your email via web, IMAP or POP3, attachments are a generous 50MB and the initial inbox is 2GB with a couple of aliases, all of this can be increased according to needs.
Posteo has a single basic email package that is prepaid, if you feel like you need more storage space or more email aliases you can go to account settings and move a slider bar to add extras, as you do this the screen shows you how much more this will cost you, for example, an alias currently costs €0.10 a month, if you need four email aliases that is €0.40 more a month, if you no longer need them next month, you delete it and monthly price comes down again.
The way Posteo pricing is set up you don’t have to pay for things you don’t need, you customize it to your needs, it works out cheaper than paying for an oversized email package that subsidizes heavy or business email users.
The account includes a decent online calendar, that can be optionally be shared with a public URL, address book and notes, all of which can be encrypted, in which case sharing is no longer be possible.
Posteo email calendar
Consider carefully if you need your inbox encrypted, after you enable it some functions like email searching will no longer work and if you lose your password Posteo support can reset your account but you will not be able to read your old email messages without your old password as Posteo has no way to decrypt them.
For example, because I only plan on using Posteo in the browser I activated the additional email account protection that eliminates IMAP access, and this stopped notes from autosaving so I had to reactivate it. Next to each encryption setting you will see a box that tells you what features stop working if you choose security over functionality.
Posteo email security
There are a ton of security measures, and nearly all of them can be configured, Posteo is ideal for advanced privacy email users that like to have control and spend time tinkering with their security settings. It took me a good couple of hours of reading understanding all that Posteo had to offer.
This company is one of the first email providers to implementing DANE, a DNS based authentication method that checks the digital certificate fingerprints of other email providers, this detects bogus certificates replaced by sophisticated hackers, state sponsored operatives have been known to do this trick in the past.
For DANE to work other email providers must support it too, when sending an email to somebody a small green check box in Posteo let’s you know if the server you are communicating with is DANE compliant. Tutanota supports it and Protonmail has plans to have DANE this year, but the big NSA back doored email providers, like Gmail, Yahoo and Outlook, have no DANE support.
Encrypted email provider Posteo
Another setting activates a TLS-sending guarantee, with the checkbox ticked your messages will not be delivered to any TLS insecure email server, if Posteo comes across one you get a warning and have the option of sending the message without proper encryption in transit or not sending it.
To use PGP you need to install MailVelope addon browser, after that a new button that says “Compose&Encrypt” magically appears in the webmail interface.
You can add your public encryption key to Posteo keyserver and activate “encrypt all incoming email“, this means that all messages you receive will be automatically encrypted with your own PGP key at the door, on top of the encrypted inbox.
You might want to do this if you don’t trust Posteo’s own encryption, you add an extra layer with your own keys, however if you lose your private keys you will not be able to read the messages again and every time you click on an email in your inbox you are required to to enter the decryption password in MailVelope.
I found incoming encryption too burdensome, I would only propose it to the most paranoid kind not concerned with quick email access.
Posteo PGP encryption Mailvelope
Hat tip to Posteo for automatically bouncing my public encryption key back to my inbox with a warning that it did not conform to security.
During key generation I made the mistake of adding my first name to the public encryption key and Posteo very rightly rejected it in their keyserver as the name can be used to track down your identity, I was only able to add the key to the server after changing the name field with a non descriptive text, like my email address.
Two factor authentication is possible too, Posteo works with any open standard TOTP app, like Google Authenticator, but the company recommends FreeOTP because it is open source (developed by Fedora), or if you own a Yubikey you can use it for two factor authentication, the help pages come with clear instructions and screenshots about how to set it up.
Posteo downsides
It put me off Posteo that they don’t own the .com of their email address, I had people in the past sending me messages to a .com version of my address, it is a common mistake many people do. I find it very short sighted that a company like Posteo, offering a choice of 30 different domain names for your email aliases, does not have a single neutral .com that you can pick for an email address. You can have a @posteo.af address, country code from Afghanistan, and a @posteo.jp country code from Japan, but .com is not an option.
I would have appreciated a non descriptive .com domain which URL does not resolve to Posteo homepage that can be used as an alias.
Another downside for me is that Posteo does not have a Spam folder and you can not have one. Posteo drops all spam silently and you must trust they do it correctly.
My experience with email providers so far has been that no spam filter is 100% perfect and I have no way of finding out if a message is not getting to my inbox because it was flagged as spam by mistake or because it was never sent.
You can whitelist addresses in the filter but there is no way of whitelisting something you don’t know about.
Posteo advantages
Posteo comes with Mailvelope preconfigured, after installing the addon in my browser a new encryption button appears in the webmail interface and this gives me the ability to communicate with other PGP users holding my own encryption keys instead of Posteo doing that.
The encrypted email inbox and being able to encrypt all incoming messages with my own private encryption keys is a huge perk too.
Posteo message filtering
It takes time time to encrypt messages yourself, entering passwords, selecting the right keys, etc, if you are tight on time and security is not that important for you it might be best that your email provider does all of that, but if you want to err on the cautious side and trust nobody with your encryption keys, owning your own keys is they right way to do it.
I also liked the email filtering, being able to file messages into folders as they arrive, according to subject, sender, etc.
Posteo support
Support is not suited for businesses, but I think that an individual will be ok waiting one or two days for a reply. You can contact Posteo by email during German working hours.
I sent Posteo support an email to ask a question about my settings and it took 24 hours to get a reply that solved my question.There is no ticketing system, this might unnerve some people, because you keep wondering if the email was ever received, but not having a ticketing system is advantageous for those who value privacy and a very good idea
The company barely keeping records of anything means that the information can not be lost or stolen and you can always check the “sent receipt” box if you email support, this way you will know they have received your inquiry.
Posteo vs Protonmail
I like Protonmail design and them forcing two different passwords to access the encrypted inbox. The main reason why I did not buy a Protonmail premium account is that their paid accounts cost five times more than Posteo. Protonmail has a bigger inbox but I wasn’t going to use it.
It also put me off a bit knowing that in 2015 Protonmail had paid ransom to some cybercriminals DDoS their servers, it shakes my trust on how much of a fight the company is willing to put up for what it is right when I see Protonmail selecting the easy way and pay up to avoid problems.
Posteo vs Tutanota
I was really close to buying a Tutanota premium account, they offer more aliases than Posteo, both companies are based in Germany, and cost the same, plus I like a couple of features Tutanota not found in Posteo, like being able to send links to password protected messages.
I finally went for Posteo because of their Mailvelope pre-configuration and because I wanted a company that will not go bust. Posteo has been around for more years than Tutanota and they do not offer loss making free accounts which makes it more likely that they will survive.
Posteo review conclusion
If you are comfortable managing your own PGP encryption keys, want an email service with an encrypted inbox that does not keep logs or records your identity and it comes with lots of features at a cheap price, I think that Posteo is unbeatable, far cheaper than other paid providers (€12/year).
You should also pick Posteo for an email provider with calendar, notes and aliases that will respect your privacy and if you need a mailing list provider, this is still in beta but it should be rolled out soon.
But if you rather have your email provider do to all PGP encryption for you at the back end don’t pick Posteo and if you wish to pay with Bitcoins Posteo should be out of limits for you too.
Psiphon is free open source application from a Canadian company helping out millions of people from all over the world bypass Internet filtering. The software acts like a proxy and hides your computer IP from websites you visit but it was not built to make people anonymous on the Internet, the reason for Psiphon’s existance is to bypass filtering in countries which Internet Service Providers block websites.
The software can only be used in Android and Windows, if you are an Apple user this is not for you, the lack of iOS support perhaps is because Psiphon is targeted at users in the Middle East where few iPhones and Mac computers are sold.
Psiphon anonymous Internet browsing
Although my ISP does not have filtering I was thinking of using Psiphon in my smartphone because it is free and my current VPN charges me extra if I add a mobile phone device to the package, I also liked that registration and configuration are not necessary and there are multiple proxy locations. I don’t use my smartphone for banking or shopping of any kind hence even low security is enough for what I want to do, stop marketers tracking me online.
Psiphon for Android comes with its own browser, built-in adblocker and set to a homepage that can not be changed. The homepage contains a small ad banner, that is how the company makes money, I did not find it too intrusive, the are no adverts while you surf the Internet, I was only shown them when I launched the browser and if it really bothers you, a paid for Psiphon Pro version gets rid of all advertising. But since my main reason for using Psiphon was price, i.e. free, I would never pay for the Pro version, anybody willing to do that will be better off with a specialised VPN provider.
What Psiphon is good for
Access georestricted content
Bypass ISP filters and unblock Facebook and Twitter
Protect your data in public Wifi access points
What Psiphon is not recommended for
Hide from the NSA or law enforcement
Filesharing or bandwidth intensive activities
Wishleblowing and other high security needs
The app has four easy to navigate tabs, my favourite, the Stats tab, displays how much data is being sent and received. If you are on a tight data metered plan you might want to download Psiphon for this feature alone. Another tab displays connection logs, another one has settings and the Home tab lets you stop and start Psiphon. Everything nicely organised.
The main problem I had with Psiphon is that most websites I visited using the Psiphon browser did not identify I was on a mobile device and they showed me the desktop version of the site which made it very hard to read. The way to solve this is going into options tick the “tunnel the whole device” box, and use your own smartphone browser e.g. Brave, Firefox, etc instead of the one that comes with Psiphon.
I also felt the speed was low and pages were taking a bit too long to load. Because of this I have decided to uninstall Psiphon, I would recommend this application if you are inside a country that blocks access to websites but otherwise, I believe it might be better a free VPN, I specially did not like the embedded Psiphon browser, I like to use my own.
I was looking at the server logs when I detected multiple visitors coming from the HM Customs And Excise HQ Network, the UK government agency in charge of collecting custom duties at the border. I became mistrustful of so many visits from the same government department, using IPs 163.172.209.46, 163.172.145.100, 163.175.5.218 and others in the same range.
The first thing I did was a traceroute and I found out that 163.172.209.46 was in fact not located in the UK but in France, I then looked at the host name, as you can see in the picture it reads watchme.tor-exit.network, at the URL there is a message displayed saying that they are Tor Exit Router.
Additionaly I reaserched open data with DuckDuckGo and I uncovered a customer of a VPN company complaining in a blog that his OpenVPN French node was being identified on the Internet as belonging to UK Customs and Excise. Futhermore, I have discovered numerous warez and porn websites like Yellowasians identifying themselves as being hosted by Her Majesty Customs and Excise HQ.
Fake ISP Customs And Excise UK
What happened here? I suspect the network administraror entered as an IP owner HM Customs and Excise HQ when in reality their hosting company is Online.net, a subsidiary of the Iliad Group, a French company renting dedicated servers in France, also being marketed as Dedibox.
Likely they are doing this to avoid being blocked, many data centers out there block Tor exit nodes and this way it makes them harder to spot, the hostname is not always labelled you would need a traceroute to know this is not a UK IP, another benefit is that with this French IP you should be able to watch online TV restricted to UK viewers like the BBC iPlayer, but malicious bots can also use the craft to gather information before a hacking attack or spam.
I don’t know if it is legal impersonating a government agency in the IP, that is for lawyers to say and it will likely differ from country to country. I am only posting the information to help out other webmasters seeing multiple visits from a UK government to their site, no, they are not monitoring you, it is a fake ID.
