Jan 8, 17 / Aqu 08, 01 05:17 UTC

official VPN is pearlVPN?  

there's a block of "Recommended VPN provider " blue font on the government tab of navigation, is it official VPN? clicking it redirects to pearlvpn, someone have used this VPN? how fast? thanks ^_^

Jan 8, 17 / Aqu 08, 01 11:40 UTC

I'm also unable to locate such a link.

For a casual glance at the service mentioned:

As a provider, the head offices being in the located in the US commonly isn't a good sign for anything concerned with privacy. The perant company seems to specialise in "marketing and advertising" which makes VPN an interesting diversification. They claim not to be logging any traffic, however. Interestingly, they say they'll have no problems delivering user details and traffic logs to LEA on determination of illegal activities or abuse, which raises questions of the collection claims. As the parent company will almost assuredly be selling any data the users generate, I take that as they're charging you for that service twice. They don't see to detail precisely how they intend to secure your privacy, no mentions of implimentation of protocols, ciphers employed, to what complexity etc but do offer two methods of connecting that haven't been proven vulnerable. The client software doesn't appear to be open source, either. As to the speeds, being hosted in datacenters then connecting to a relatively local node should be able to provide speeds far in excess of most residential services, and thusly move as fast as your host network - unless they are overselling the service.

Jan 9, 17 / Aqu 09, 01 04:52 UTC

Thank you for instant reply, so sweet, if i am the only one who saw this, can't upload screenshot or paste html here i'll recheck my lan. thanks a lot, sorry for bother

  Last edited by:  Ezra Lew (Asgardian)  on Jan 9, 17 / Aqu 09, 01 04:55 UTC, Total number of edits: 3 times

Jan 9, 17 / Aqu 09, 01 04:55 UTC

Hi bHvTio-20001!

You are very welcome. Your question did have a few of us Moderators working at the time investigating this one!

Thanks for your kind words!

Jan 9, 17 / Aqu 09, 01 05:27 UTC

thanks Mr Moderator, good job ^_^ , I would apply to delete my silly post at first, but EyeR's nice reply will help others, so it's up to u

Jan 9, 17 / Aqu 09, 01 05:32 UTC

Hi bHvTio-20001,

Rest assured your post was not silly. You had a valid question. We are glad we were able to assist as best as we could.

Please do not hesitate to post any questions you may have!

Jan 11, 17 / Aqu 11, 01 10:37 UTC

It is definitely concerning you appear to be the only one to occur this - for a MiTM attack to take place(Some hostile node between you and the server adjusting contents on the way past) then there's two conditions that should require to be satisfied. The hostile node needs to be "enroute" and the hostile node needs to be edit the traffic.

Enroute is easy, there's plenty of ways to get that one, the editing the traffic however shouldn't be so trivial. The HTTPS should mean that any node between you and the sever just sees gibberish, thusly it wouldn't know where to put the button. Further, if it tried to, the entire page wouldn't decrypt when it comes to display it.

If you'd connected to a hostile node, instead of Asgardia, and accepted a certificate it passed you then it could fetch contents from Asgardia and adjust them on the way past - but the certificate mismatch should be obvious - almost all browsers warn of self-signed certs, not matching the domain it's set for etc. This condition being true would then raise questions of how you came to be connected to that node, instead of your intended destination. This condition being true would also mean the act of logging in to start this thread gave your authentication details to third parties, and should be adjusted ASAP. Preferably sooner.

Another option is that your browser is infected, and consequently inserting adverts earning the criminals money from your views/clicks.

Pasting HTML might be sanitised in the forum, but you could of used a service like dpaste.com to hold the bulk of the text and return a link. For screenshot somewhere like imgur could of worked. Is this something you are still able to replicate? if so can evidence?

By far, I find the most concerning part "official" - That implies that it's targeted specifically at our users...

  Updated  on Jan 11, 17 / Aqu 11, 01 10:41 UTC, Total number of edits: 1 time
Reason: Additional data

Jan 12, 17 / Aqu 12, 01 05:31 UTC

Thank u for expertized analysis, EyeR, sometime imagine u r magnificent AI supporting ppl 24hr/7 with high spirit, joking, i'm really grateful of your advice. the blue fonts "VPN" was skillfully placed on the top navigation which make me take it 4 "official"--really bad habit, traceroute, rechecking the locale router config found nothing special, it's the browser proxy setting which played the trick. it's silly of me to login any account on other's PC, it's lucky asgardia hasn't issued official currency which can be put into account, hohoho. Thanks a lot EyeR, btw, r u an expert or teacher in web security?

Jan 13, 17 / Aqu 13, 01 15:54 UTC

I think you may simply have an adware on your computer/browser which displays ads in some webpages and you believe it was a content from the forum.

If you're worried about it, you should run AdwCleaner, which is the most efficient tool for removing viruses, adwares and malwares: https://www.malwarebytes.com/adwcleaner/

I very doubt this was somehow targeting Asgardians, and since you're the only one to have experienced this, I believe it comes from your device.

Jan 14, 17 / Aqu 14, 01 03:16 UTC

dear Vador, that's scaring, i saw no sign of it on my device, it's from a PC my friend using 3w.proxysite.com, try & c urself ^_^

Jan 15, 17 / Aqu 15, 01 01:26 UTC

So how would that "proxy" be able to edit inline TLS encrypted content? Minimally you require to adjust your authentication details to anyhting you've managed to compromise thorugh this action, preferably adjust your usage habits to include avoiding untrustable services.

I'm unable to find a registrar for 3w.proxysite.com - did you possibly mean www.proxysite.com, which is a subdivision of regale media - the folks that own that VPN advert - and part of their shady data hoovering operation.

Jan 16, 17 / Aqu 16, 01 07:05 UTC

right, www.proxysite.com, 3w=www, shorthand habit, sorry the ad link is not embeded in asgardia site, if u try access through the proxy, asgardia seems loaded in iframe, the ad link is "outsite" of asgardia's html, my friend's school just allow access to sites included in list, she use that proxy to unblock ^_^

Jan 16, 17 / Aqu 16, 01 13:50 UTC

thank for your kind word, Rainbow, i know u Moderators r very busy, terribly sorry for the nasty post wasting your time, should have checked it first , i'll be careful next time ^^