Search found 133 matches

by cryptostorm_support
Mon Feb 03, 2020 3:41 pm
Forum: member support & tech assistance
Topic: Cryptostorm network - news
Replies: 25
Views: 35375

Cryptostorm network - news

Df, founder and principal Cryptostorm administrator will not be available until at least August 25th.
We can assure you that his absence isn't related to Cryptostorm and that we are in close contact with df. We will not make any further disclosures on the reason of his absence.
We will do everything within our possibilities to keep this network up and running. Efforts will be made to rebuild cryptostorm.nu in order to have a functional token database again.
Please monitor our warrant canary and ... take care out there.
by cryptostorm_support
Sun Nov 27, 2016 12:10 am
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 76183

Re: Serious Drops and packet loss South node

@Parityboy

Thanks for your help/input in this. if we can find out what is causing:
[server] Inactivity timeout (--ping-restart), restarting
all subsequent actions causing the trouble will not have to take place.
Adding persist-remote-ip would also help in preventing:
RESOLVE: Cannot resolve host address:
I have sessions on 4 different exit nodes: DE, CH, PT, DK which are stable for days weeks in a row.

@NOYB and others:
We will have a look into this.

/fermi
by cryptostorm_support
Wed May 11, 2016 11:20 am
Forum: member support & tech assistance
Topic: Same old problem - no answers to emails
Replies: 1
Views: 4500

Re: Same old problem - no answers to emails

Taz,

Apologies for that!
I'll walk though the mailbox today, to see if we might have missed something.

Could you please send us a gentle reminder?

Regards,

Cryptostorm support
by cryptostorm_support
Thu Mar 17, 2016 12:20 am
Forum: member support & tech assistance
Topic: ISP throttling VPN or other issue?
Replies: 6
Views: 14214

Re: ISP throttling VPN or other issue?

Tealc,

I followed your comments on IRC.
Apparently your situation is:
- connected using widget: DNS OK
- connected using OpenVPN, block-outside-dns activated: DNS not OK

I've upgraded my OpenVPN on W7 and used the block-outside-dns directive: DNS is working.

I don't know if you are using dnscrypt in combination with block-outside-dns. As block-outside-dns only allows DNS on TAP interfaces it could be that the DNS queries to localhost are being blocked.

Addition: Just talked to df. Df indicates this should work (and has been tested) as localhost doesn't make use of a physical adapter.

/fermi
by cryptostorm_support
Fri Mar 11, 2016 3:53 am
Forum: independent cryptostorm token resellers, & tokens 101
Topic: [Unofficial] CryptoStorm Token Resellers Wall
Replies: 4
Views: 30267

Re: [Unofficial] CryptoStorm Token Resellers Wall

Important note:

We have seen several transactions related to people selling one or more aleph or other tokens. In the majority of the cases this is legit. But recently we've seen some transactions in which tokens are offered at prices that are sub par. We are not going to expose our forensics we did on this, but we would like to stress that attractive offers are sometimes not what they promise to be.

So we would like to advise you to buy your tokens from our valued resellers or directly from us.
If there's an offer for a long running token from someone outside this circuit please don't hesitate to contact us to further discuss.

Keep safe ... ;)

Cryptostorm
by cryptostorm_support
Mon Feb 22, 2016 12:32 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Can't connect to your favorite node? look here
Replies: 14
Views: 35502

Re: Can't connect to your favorite node? look here

Current status:

Chisinau (Moldova) is up and running again. The following nodes are unavailable:
linux-balancer.cstorm.pw:
London (UK)
Canada
Frankfurt (Germany)

windows-balancer.cstorm.pw
London (UK)
We have some servers that are unavailable at the moment due to different reasons: abuse and DCMA.
DCMA we all know, abuse can have different forms like DDOS, SQL injection attacks/scans etc.

We are in the process of negotiating with the data centers to bring these 'abuse' nodes up.
In order for them to release these nodes again, we need to indicate how we will prevent this kind of abuse in the future.
As we stick to our principles, we will not start to log or take other actions that would be intrusive for the privacy of our customers,
instead we will use techniques like iptables/IDS to prevent this. This means that the nodes will be marginally less traffic neutral.
Normally this shouldn't be noticeable for the users that are not into this type of abuse (quoting df: noisy as hell hack attempts).

Further updates will follow ...
by cryptostorm_support
Wed Aug 05, 2015 1:00 am
Forum: member support & tech assistance
Topic: SCAM!
Replies: 5
Views: 10019

Re: SCAM!

The issue with the OP was that their return address was quite long and bitmessage was truncating the address we were to sent to. Tokenbot was sending tokens to these truncated addresses successfully, but they were obviously incorrect. Further, in the alternative channels mentioned above, we requested the address that the tokens were supposed to be sent to, but never got a reply.

As for rwilcher, his tokens have since been delivered, but his issue is a bit more cryptic. Tokens get sent successfully, but they never make it to their recipient. In other testing, it appears that we can only successfully communicate via email when we reply to a thread that he starts (nothing is received if it's a whole new message started by us), so I think there's some spam blocking going on there.

In most cases, we get an automated message back stating that our messages are being blocked because they think it's spam, but with theirs (and only a couple others) we get no such message so it at least APPEARS to have gone through when in reality it's being blocked somewhere.
by cryptostorm_support
Sat May 02, 2015 7:40 pm
Forum: member support & tech assistance
Topic: Paypal purchase. No email + confusion.
Replies: 10
Views: 15248

Re: Paypal purchase. No email + confusion.

Bah! Sorry I missed this, but the token delivery has been resolved via email channels.
by cryptostorm_support
Sat May 02, 2015 7:36 pm
Forum: member support & tech assistance
Topic: Can't resolve global random
Replies: 2
Views: 6550

Re: Can't resolve global random

Not sure if it was you whose email I replied to, but I'll paste what was said here in case others might be seeing the same thing:
I passed your issue on to our client developers, and they're requesting a bit more information. "Cannot resolve Global Random" means that your computer can't resolve our balancer server addresses (usually meaning you're offline). They've experienced similar behavior during testing with certain antivirus and firewall combinations, so they were requesting information on what software in those categories you're running, and also if you have any other VPN software installed.

They also would like you to try restarting your machine (if you haven't already) and see if that helps at all.
by cryptostorm_support
Mon Apr 20, 2015 1:44 am
Forum: member support & tech assistance
Topic: Sorry if this is really stupid: where is my token meant to be???
Replies: 3
Views: 6862

Re: Sorry if this is really stupid: where is my token meant to be???

First have a look through your spam folder as we've seen our token delivery emails getting shoved there a good bit lately. If you're not seeing it there, send us an email to support@cryptostorm.is and specify the email address on your receipt if it's different from the one you'll be sending from
by cryptostorm_support
Sat Apr 18, 2015 12:47 am
Forum: member support & tech assistance
Topic: Frankfurt node times out [resolved]
Replies: 6
Views: 8078

Re: Frankfurt node times out [resolved]

^ no worries. I got it for ya :)
by cryptostorm_support
Wed Apr 08, 2015 11:54 pm
Forum: member support & tech assistance
Topic: Connections get slow, sometimes cut out and somtimes i cant even connect in the beggining
Replies: 3
Views: 5598

Re: Connections get slow, sometimes cut out and somtimes i cant even connect in the beggining

Is this still an issue for you guys? Is this behavior isolated to a particular node, or does it appear to be more widespread?
by cryptostorm_support
Wed Apr 08, 2015 11:52 pm
Forum: member support & tech assistance
Topic: "Stale" Sessions
Replies: 4
Views: 7778

Re: "Stale" Sessions

I haven't heard of this issue from anyone else, but I'll push it forward to the rest of the team. How recently has this started occurring?
by cryptostorm_support
Sat Apr 04, 2015 10:59 am
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: Mac/OSX connects via Viscosity
Replies: 0
Views: 29449

HOWTO: Mac/OSX connects via Viscosity

 ! Message from: df
The current Tunnelblick/Viscosity tutorial is at https://cryptostorm.is/macintosh
by cryptostorm_support
Sat Mar 14, 2015 4:34 am
Forum: member support & tech assistance
Topic: I paid but where / when / how do i obtain the token?
Replies: 3
Views: 5544

confirming token receipt

I think we've carried this over to email and it's resolved... but I wanted to post here just in case that's not the case, so that we can get things settled right away.

Thanks,

~ cryptostorm support
by cryptostorm_support
Sat Mar 14, 2015 4:32 am
Forum: member support & tech assistance
Topic: Bitcoin purchase - no email
Replies: 2
Views: 4622

token waiting for it's new home! :-)

wb -

We'd had a couple of dropped email addresses today, and have been hoping to hear from folks who had been waiting - because of course we have no way to contact them, without any contact info!

We did post on twitter to ask if anyone was missing the token, but not everyone sits around on twitter, so that's only limited success.

Can you email us via support@cryptostorm.is, and we'll get your token over to you right away!

Thanks,

~ cryptostorm_support
by cryptostorm_support
Sat Feb 28, 2015 10:30 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Replies to recent interviews
Replies: 3
Views: 25003

Re: Replies to a recent interview ~ additional replies

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?
  • {see above}

2. Under what jurisdiction(s) does your company operate?
  • {see above}

3. What tools are used to monitor and mitigate abuse of your service?
  • {see above}

4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users?
  • This is an excellent question, and the answer is no. All such correspondence is self-hosted (with the obvious exception of bitmessage-based communications, of course).

5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?
  • Our choice is to reply to any such messages that are not obviously generated by automated (and quite likely illegal) spambots. In our replies, we ask for sufficient forensic data to ascertain whether the allegation has enough merit to warrant any further consideration. We have yet to receive such forensic data in response to such queries, despite many hundreds of such replies over the years.

    Silence speaks loudly.

6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened?
  • {see above}

7. Does your company have a warrant canary or a similar solution to alert customers to gag orders?
  • We have been involved in the technical and theoretical work of developing the concept and implementation of warrant canaries since prior to their currently-seen popularity as a marketing tool. Indeed, we coined the term "privacy seppuku" itself, which is a closely related subject.

    Unfortunately, many implementations of "warrant canaries" we see recently are terribly flawed both in conceptual foundation and in real-world application. This topic is perhaps a bit long for an interview reply, but we can say that doing a flawed warrant canary is worse than doing nothing at all, as it provides mere "security theatre" and encourages false confidence.

    Legitimate canaries are based on robust cryptographic signing systems, dead-man style "inaction is action" triggers, and blockchain-based writes to ensure corruption of process is not trivially easy for an attacker to accomplish. These systems are not terribly complex to implement and maintain, but doing so requires a substantive understanding of the theory behind canaries, as there are (as yet) no pre-packaged tools to do so available.

    We are currently in development of a blockchain-based identity, code, and project integrity validator system that has as one component what can be described as a canary-style capability. Initial steps on that can be seen in both our keybase.io and onename.io identity validators, which together provide dual-blockchain (BTC & namecoin forks, respectively) redundancy authenticating our relatime control over website, domain, and DNS resources across multiple online assets.

    We further authenticate all distributed binaries via multi-algorithm hash 'fingerprint' postings in multiple redundant channels, to mitigate the real-world threat of corrupted binary distribution. Next steps for this include so-called 'reproducible build' recipes to supplement our published code on github, and thereby ensure integrity of compile is matched to integrity of binaries. Our next step here is 'chain-based write-outs of code signatures for distributed binaries, as well; the utterly useless state of conventional, CA-validated code signing mechanisms is obvious enough that we feel we need not explain why we don't bother with it, meanwhile.

    Down the road, we're looking to do so-called Merkle Root signatures of our node OS fingerprints, written out to the two respective 'chains. The work keybase has done in that area is inspiring, and we are relatively confident we can enable forms of independent verifiability via remote process without endangering node integrity. That's an ongoing project for us, but one we feel strongly about supporting.

8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?
  • {see above}

9. Which payment systems do you use and how are these linked to individual user accounts?
  • {see above}

10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as "kill switches" if a connection drops and DNS leak protection?
  • We only support one cipher suite on-net, per reply above. Offering "musical chairs" style cipher suite roulette is bad opsec, bad cryptography, and bad administrative practice. There is no need to support deprecated, weak, or known-broken suites in these network security models; unlike browser-based https/tls, there are no legacy client-side software suites that must be supported. As such, any excuse for deploying weak cipher suites is untenable.

    Everyone on cryptostorm receives equal and full security attention.

    There are no "kill switch" tools available today that actually work. We have tested them, and until we have developed tools that pass intensive forensic scrutiny at the packetized/NIC level, we will not claim to have such. Several in-house projects are in the works, but none are ready yet for public testing.

    We take standard steps to encourage client-side computing environments to route DNS queries through our sessions when connected. However, we cannot control things such as router-based DNS queries, Teredo-based queries that slip out via IP6, or unscrupulous application-layer queries to DNS resolvers that, while sent in-tunnel, nevertheless may be using arbitrary resolver addressing. Once again, we're working on tools to mitigate these risks, but no currently tools or frameworks are 100% effective in doing so. We are saddened to see others who claim they have such "magical" tools; getting a "pass" from a handful of "DNS leak" websites is not the same as protecting all DNS query traffic. Those who fail to understand that are in need of remedial work on network architecture.

    As we run our own mesh-based system of DNS resolvers, "deepDNS," we have full and arbitrary control over all levels of DNS resolution presentation to third parties. Indeed, on-cstorm visitors to "DNS leak" websites see a message directly from cryptostorm, embedded in the results presented... this is the level of expertise we are employing as we work towards improved member security.

11. Do you use your own DNS servers? (if not, which servers do you use?)
  • We have constructed a mesh-topology system of redundant, self-administered secure DNS resolvers which has been collected under the label of deepDNS. Rather than simply forwarding DNS resolution queries on to other outside layers for reply, deepDNS is a fully in-house mechanism that keeps all query data (and metadata) within cryptostorm exclusively.

    Further, deepDNS fully implements the namecoin-based DNSchain resolver architecture for openNIC-housed TLDs including .bit - which allows us to provide full name resolution functionality entirely independently of the (badly broken, in security terms) conventional DNS system. These replies happen transparently for anyone on-cstorm.

    Additionally, deepDNS fully implements Dr. Bernstein's DNScurve resolver security framework, itself leveraging c25519 ECC to robustly encrypt and authenticate all upstream DNS query data. This provides strong protections against many forms of cache poisoning and "Kaminsky-style" attacks on DNS query integrity.

    Additionally, we provide native, transparent on-cstorm access to Tor hidden services-based .onion URLs in any browser... as well as full, native, transparent transit of all Tor traffic for on-cstorm members: any Tor resources are visible and addressable to anyone who is on cryptostorm. This provides an interesting and useful additional mechanism to protect against well-known traffic correlation attack models that have allowed for somewhat widespread access to de-anonymisation of Tor network traffic (given certain conditions are met).

    Finally, we provide native, transparent access to .i2p-based websites ("eepsites") via inproxy/outproxy functionality enabled by our deepDNS mesh. Thus, anyone on-cstorm can visit any .i2p URL in-browser with no additional tools, installations, or configuration changes required.

    We are at the moment enabling fully-secured .bit resolver access to pre-session "geoprofile" coordinates for anyone who prefers to use this rather than conventional DNS queries to do their session connection negotiations. This should be published and available to all cryptostorm members by the end of this weekend.

12. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? What countries are your servers located?
  • The putative security benefits of "bunker-based" hosting have been widely debunked, and we do not engage in such shenanigans.

    Rather, we deploy nodes in commodity datacentres that are themselves stripped of all customer data and thus disposable in the face of confirmed attacks on their kernel integrity. We have in the past "downed" such nodes based on alert from onboard systems and offsite, independently maintained kernel logs that confirmed a kernel-level violation was taking place. It is important to note that such "downing" does not explicitly require us to even have physical (or root) control of the machine in question: we push nameserver updates, via our HAF (Hostname Assignment Framework) out via redundant, parallel channels to all connected members and by doing so we can "offline" any node on the network within less than 10 minutes of initial commit.

    This represents tangible security benefits for our members, against several known attack models that have been well-documented by security forensics specialists in recent years.

    Our currently-deployed geoclusters are listed in the previous post.

Best regards,

~ cryptostorm
by cryptostorm_support
Sat Feb 28, 2015 9:35 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Replies to recent interviews
Replies: 3
Views: 25003

Replies to recent interviews

{direct link: cryptostorm.ch/interviews}


From time to time, we are asked to reply to questions in the form of "interviews" submitted to our team. Here's some of our replies, which may be interesting reading in a standalone format...


What VPN encryption do you offer for your users?
  • auth SHA512
    # data channel HMAC generation; substantial improvement over default digest-generation algorithm.

    cipher AES-256-CBC
    # data channel stream cipher methodology; not currently known to be formally vulnerable to any theoretical or practical attacks.

    replay-window 128 30
    # settings which determine when to throw out UDP datagrams that are out of order, either temporally or via sequence number; this is a test configuration parameter not yet put into production.

    tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
    # full PFS via selection of ephemeral Diffie Hellman key regeneration & exchange for use in asymmetric control channel renegotiation.
    # for details on this discrete logarithm-based alternative to elliptical-curve DHE key generation/synchronisation, see vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html .
    # We're still experimenting with ECC-based PFS, but until we develop a deeper confidence in the mechanism for choosing & implementing curves within standard ECC frameworks, we're not deploying
    # see this resource for full details: cryptostorm.ch/viewtopic.php?f=37&p=5156#p5156 .

How many connections are allowed per user?
  • We don't do "user"-based network authentication; we make use of network access tokens to manage this process, and as such one token enables one concurrent network session. We have not become comfortable with the MiTM risks of multiple concurrent sessions in a security-intensive framework such as this.

Do you have a bandwidth usage limit?
  • Nope.

What amount of uptime can you guarantee your users?
  • Anybody who "guarantees" certain uptime levels is either a liar or a fool. We are neither. Additionally, our HAF-based cluster framework ensures that single points of failure ("servers") are never uniquely mapped to "--remote" directives within our session parameters as pushed to connected network members. Thus, if a node goes down, that session will immediately reconnect to either another node in the cluster, or in the case of folks using our network-wide balancers (smoothed or dynamic), or another node selected non-deterministically from any available in the network at the time.

    Our cluster-based system status is reported via a status page - cryptostorm.is/uptime - powered by pingdom: we don't make up fake "stats" as do so many "VPN companies." Instead, our data are independently collected, tracked, and reported by pingdom.

In which countries do you have servers?
  • We structure our network based on clusters, not "servers." Currently we've clusters in the following geo-locales:
    • Canada-East
      US-West
      US-Central
      Lisbon (Portugal)
      London (England)
      Frankfurt (Germany)
      Paris (France)
      Reyjavik (Iceland)
      Moscow (Russia)
      Singapore (Singapore)
    Every machine in our network is a dedicated, from-the-metal server we adminiser ourselves - we never use insecure VPS "servers" in production context. Each of our nodes is running a grsec-upgraded Debian kernel. We self-compile all core cryptographic libraries from currently-pushed SRC.

What kinds of logs do you keep on users and their activity? How long are these logs stored in your system?
  • None. Details: logs.cryptostorm.ch

    We also don't have purchasing/financial information connected in any way to real-life identity of our network members; our token-based authentication system removes this systemic connection, and thus obviates any temptation to "squeeze" us for private data about network membership. We quite simply know nothing about anyone using our network... save for the fact that they have a non-expired (SHA512 version of) token when they connect.

    Indeed, with our speed-capped cryptofree version, there's not even any tokens.

In which country is your business located? How does the law in that country affect user information?
  • We're a decentralised project, with intentional separation of loosely-integrated project components. Much of our financial processing runs through a payments-focussed sibling entity based on First-Nations sovereign territory geographically located within the province of Québec, itself loosely encased within the federal confines of the country of Canada. We own no intellectual property, patents, trademarks, or other such things that would require a corporate entity in which ownership could be enforced by the implied threat of State-backed violence; all our code is published and licensed opensource.

    However, we've concurrency in financial operations and make use of parallel payment processes under distinct organisational control in two other jurisdicational locations: France and Iceland. Thus, we can walk away from 2 of the 3 simultaneously with no impact to ongoing financial operations for the network.

    As we hold no member information - no "customer database," no payment data (all actual card-processing is done via gateway'd third-party service providers; we never run, see, store, process, or have any interactions with creditcard payment details for any of our members, ever), and nothing else relating to our membership, there's no corporation that "owns" our customers. Which sounds really creepy anyway, to be honest.

    There's alot of shameless bullshit when it comes to "jurisdictional jiggery" in the "VPN industry" in recent years. Pretending to be based in the Seychelles when you're actually a couple of guys living in Austin, Texas isn't going to fool an adversary who has even a small fragment of a clue at their disposal. That kind of thing is intended only to dupe customers with lies and false promised of magical security... we don't play that game.

    We have a core team of actual human beings that do the work behind the project (as well as a broad, loosely-connected group of supporters and colleagues worldwide who pitch in to make the project what it is today). They live physically in places around the world. It's likely the big Intel agencies know exactly where and who we all are - that's just a reasonable assumption. We're not involved in any illegal activity as a team or as individuals, and we're not posturing as if we're major items of interest in the international national security apparatus. That said, we don't broadcast our identities or locations, as human beings, because that simply increases attack surface exposure for less-resourced adversaries of the project itself.

If you are presented with a court order to identify an active user, what steps are taken to identify them?
  • We can't identify "users," as we've no idea who they are. So that's not been an issue - we've never received such an order, and really don't expect to get too many in the future as they're unlikely to result in any actionable data being made available. One might as well subpoena some random person walking down the street to demand they identify Satoshi Nakamoto. Useless.

If you receive a DMCA notice, what procedures do you have in place to deal with that issue?

How do you determine if a user is abusing your service? What happens once an abusive user is identified?
  • Um, never happened. Not sure what "abuse" would actually involve, and as we don't have "users" we'd not have any way to block someone's network access in functional terms. Here's our Terms of Service.

How is file sharing treated? Is it allowed? Why or why not?
  • We are port-, protocol-, application-, and location- (geographical & logical/topological) neutral in our routing of packet data.

What payment methods do you accept?
  • Pretty much every cryptocoin (bitcoins, litecoins, namecoins, darkcoins, zetacoins, feathercoins, etc.). All creditcards. We can do cash-mailed payments & have done them before. Currently deploying interfaces with Google Wallet, Amazon Payments, GoPay, and TeliPass. We've custom-engineered about every imaginable payment mechanism, if needed, in the past.

    Oh also we've a bunch of token resellers who have their own payment capabilities, etc.
by cryptostorm_support
Sat Feb 07, 2015 10:12 am
Forum: member support & tech assistance
Topic: Youtube can't run smoothly
Replies: 16
Views: 17081

Re: Youtube can't run smoothly

ntldr wrote:I got some youtube video issues as well.

Does it happen when connected to any particular node?
by cryptostorm_support
Sat Feb 07, 2015 10:06 am
Forum: member support & tech assistance
Topic: Repeated updates with warnings.
Replies: 19
Views: 26389

Re: Repeated updates with warnings.

The screenshot you've attached isn't working for me at the time I'm viewing this. Just to be clear though is this warning being thrown by your antivirus, or something else?
by cryptostorm_support
Fri Feb 06, 2015 3:00 pm
Forum: member support & tech assistance
Topic: Still being charged after cancel
Replies: 1
Views: 3666

PayPal assistance

guest wrote:After I canceled my authorization with Paypal I was charged for another token.

How do I get a refund?
Hi, sorry to hear that's happened!

Normally since PayPal is the company that does the purchase process, it's really unusual to see them make charges to an account after someone has already cancelled an automatic token delivery setup with them. But we can look into it with them - maybe they just got behind in their work, or something, and didn't remember to stop charging you even after you cancelled..?

I'll check in the support queue and see if there's anything we can do from our end. I don't know we've ever had such a bug report before - so if it's in there, it'll be easy to find :-)

Thanks!

cryptostorm support
by cryptostorm_support
Wed Feb 04, 2015 6:10 pm
Forum: guides, HOWTOs & tutorials
Topic: [Discussion thread] HOW TO: connect when using Windows
Replies: 7
Views: 25338

Re: [Discussion thread] HOW TO: connect when using Windows

It's difficult to tell for sure with that small log segment, but I'm guessing that you've run into the "Zombie TAP driver" issue we sometimes see upon first install in an OS. The easiest fix is usually to run the dedicated TAP driver installer from here but we've just released v2.2 of our widget so I would definitely give that a try first :)
by cryptostorm_support
Sun Feb 01, 2015 9:53 pm
Forum: general chat, suggestions, industry news
Topic: Cryptostorm and The Great Firewall of China
Replies: 1
Views: 7765

Cryptostorm and The Great Firewall of China

We've seen a marked upswing in the number of requests sent to us for effective GFoC circumvention, especially from those tired of the impotent promises and technological buzzwords offered by some other providers. It is something we've been working on and something we absolutely want to have released as soon as we're satisfied with the results. This thread, however, is not an announcement of those features, but we want to provide a place for relevant articles for those interested and also provide some thoughts and/or commentary on our approach.
Forbes wrote: China Attacks VPNs, Cutting Business Off From Internet

Early last week, Beijing censors disrupted Virtual Private Networks, thereby preventing Internet users in China from accessing websites blocked by censors. Global Times, a Communist Party-run newspaper, confirmed that Chinese authorities caused the disruptions and justified the moves. The increased blockage of foreign sites appears related to ongoing infighting in senior political circles.

On Tuesday, users in China noticed that VPNs, as the services are known, were not generally working. As a result, Facebook and Twitter were mostly unavailable. Especially hard hit was Google’s Gmail on Apple’s mobile devices. Also unavailable, or severely disrupted, were less sensitive sites such as NFL.com, maintained by the popular American sports league.

VPN software, by encryption and rerouting, prevents censors from learning which foreign sites are being accessed. VPN users, therefore, can circumvent what is informally known as the Great Firewall, Beijing’s comprehensive and sophisticated set of controls on the Internet.

Last week, Chinese censors, with an “upgrade” to the Great Firewall, targeted three widely used VPNs: Astrill, StrongVPN, and Golden Frog. China’s countermeasures, wrote Golden Frog’s president Sunday Yokubaitis, were “more sophisticated than what we’ve seen in the past.”

In the past, censors have attacked VPNs, such as in 2013, but have for the most part left such services alone. The mostly permissive approach has allowed those in the foreign business and academic communities wide access to the Web.

In China, VPNs have become essential to small- and mid-sized businesses, which have become dependent on Gmail. Larger companies often operate dedicated lines (but must install filters demanded by the Chinese government).

Recently, however, Beijing changed its posture. “Authorities apparently cannot ignore those services as they affect our cyberspace sovereignty,” Qin An of the China Institute for Innovation and Development Strategy told the English-language edition of the Global Times on Thursday. “For instance, a shortcut has to be blocked since it could be used for some ulterior purposes although it might affect others who use it in a right way.”

“Ulterior” looks like code for “political.” Political concerns are now so great in Beijing that Chinese leaders are evidently willing to undermine the normal functioning of business by cutting off general access to the Web. “We all know that China is in the middle of a very ferocious power struggle or political cleansing under the name of an anti-corruption campaign,” said Xiao Qiang of Berkeley’s School of Information to the New York Times. “That to me is a very clearly related fact with the amount of political rumors and information related to China’s high politics showing up in websites outside of China.”

Most China watchers believe Xi Jinping, China’s ruler since November 2012, quickly consolidated political control, yet there have been too many rumors of late to believe the general narrative is accurate. The most remarkable news to come out of China last week is that the country’s vice president, Li Yuanchao, denied being the subject of a corruption investigation.

Li’s denial comes at the same time as the Politburo, the 25-member body running the Communist Party, demanded a “constant strengthening of a sense of peril” and warned, in the words of the official Xinhua News Agency, of “unprecedented security risks.” Call it, with apologies to historian Richard Hofstadter, “the paranoid style of Chinese politics.”

What is the next step for China’s increasingly paranoid leaders? That would be to abandon the “black list” approach of blocking access to certain sites and go to a “white list,” in other words, allowing Internet users to view only approved sites. That would take China a long way to abandoning the Internet and adopting a nationwide intranet.

A Chinese intranet sounds absurd, but the Ministry of Industry and Information Technology in December 2009 in fact announced rules that, if enforced as issued, would have adopted a white-list system. A white list was never implemented, but Beijing-based Robert Blohm, in Friday’s Nelson Report, essentially indicated that China was heading in that direction.

Whether or not the oft-quoted Blohm is correct, China’s leaders have evidently decided that ongoing events warrant extraordinary measures and so are now erecting even more barriers to, among other things, the conduct of business. As Astrill noted last week, the new blocking of VPNs “is just a way for China to say ‘we don’t want you here.’ ”

And as Emily Rauhala, Time’s Beijing correspondent, tweeted on Friday, “Who needs the Internet anyway? Oh wait . . .”
by cryptostorm_support
Mon Jan 26, 2015 12:23 am
Forum: member support & tech assistance
Topic: Been unable to connect for a week or so. (Screenshot)
Replies: 2
Views: 4766

Re: Been unable to connect for a week or so. (Screenshot)

^ What Fermi said.

Also make sure you periodically click the update button next to the server list dropdown menu as well, just to make sure you have the latest server config info
by cryptostorm_support
Mon Jan 12, 2015 10:08 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: bestvpn + buffered.com... hmmm?
Replies: 3
Views: 27249

Re: Tried a "recommended" VPN service. Somethings not right

I've alerted the team to your concerns expressed here and they will have a look shortly. Unfortunately we've a bit of a backlog of weirdness, and dubious claims from other services to investigate so it may take some time.
by cryptostorm_support
Sat Jan 10, 2015 7:26 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: How to connect with IPad Ios8.1
Replies: 3
Views: 23920

Re: How to connect with IPad Ios8.1

A proper iOS connection guide is something we have on our to-do list, but there's a bit of a dearth of iOS devices amongst the team at the moment :oops:

In the meantime, your best bet to get started is to refer to severide's iOS tutorial for cryptofree which works great as-is if you want to connect via cryptofree, but if you have purchased a token, you might instead want to use this config I whipped up for another user with a similar question
This will allow you to skip step #1 in his list. #2 is the same, but #3 is a little different: The username you need to supply will be your hashed token, which can be obtained by pasting your token into the form here, though care must be taken to ensure the "Token:" field it cleared completely before pasting or typing in your token. Any errant spaces or other characters will generate a different hash that will be incorrect and cause the connection to fail.

So, provide hash output as your username, and the password can be anything, but most clients will complain if it's left blank, so just put in something random.

Hope that helps, and hopefully we can get our hands on more iOS devices to put together something a bit more visual and with a bit more detail to help getting people started :)

EDIT:

Here's a couple more configs requested by one of our users
by cryptostorm_support
Wed Jan 07, 2015 8:45 pm
Forum: general chat, suggestions, industry news
Topic: [DesuStrike's Thread Collection]
Replies: 4
Views: 11016

Re: [DesuStrike's Thread Collection]

One of the things we've been discussing lately is the need to update many of the tutorials with a "clean slate" as a lot of them have a lot of comments discussing issues from back in the early days of the VPN that may no longer be relevant, and we've had comments telling us that level of technical discussion is intimidating.

So, to that end we're trying to redo some of the tutorials to make them as simple as we can (and possibly as visual as we can) while removing many of the old comments that may be confusing people. Any tutorials we've updated have been in new topics, and the old ones have been retired, as they may still be worth referring to for anyone interested.

I have some screenshots for a new viscosity tutorial ready, so it's just a matter of writing it up
by cryptostorm_support
Tue Jan 06, 2015 11:07 pm
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: beta testing of new, in-house DNS resolvers | DNSchain
Replies: 33
Views: 63528

Re: beta testing of new, in-house DNS resolvers | DNSchain

Guest wrote:I run dd-wrt as well.
I just bought a aleph token- would greatly apreciate any attention admin here could give to the dd-wrt setup thread, it's a bit of an outdated mess.
To be perfectly honest, more than a couple tutorials suffer from the same affliction and we're working to fix that. We've already updated a couple, but I'll make sure the dd-wrt gets added to the queue.
by cryptostorm_support
Sun Jan 04, 2015 9:46 pm
Forum: member support & tech assistance
Topic: When is a "Warning" a big deal?
Replies: 3
Views: 5901

Re: When is a "Warning" a big deal?

Very well said, Fermi
by cryptostorm_support
Fri Jan 02, 2015 7:50 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Portuguese cluster - teething pains [RESOLVED]
Replies: 49
Views: 96874

Re: Portuguese cluster - teething pains [status update]

Just received word from our gaggle of supergeeks that the authentication issue with tagus should be fixed, so give it a go and let us know if you continue to have problems or if anything different pops up :)
by cryptostorm_support
Fri Jan 02, 2015 4:35 am
Forum: member support & tech assistance
Topic: Qestions Qestions Qestions
Replies: 15
Views: 15964

Re: Qestions Qestions Qestions

For number 1, we do not keep ANY logs dealing with the VPN service, and it's been a substantial effort to make sure this is actually so, and it extends beyond the logs that would be generated by OpenVPN. Making sure you've disabled all log generation is difficult but absolutely vital, and any service that would have you to believe this task is easy is either lying, not doing so themselves, or both.

4. We get DMCA requests constantly, and our response is typically to request proof that isn't bot-generated and to inform them that we do not keep any logs, and have nothing that would help them track down anyone so they're wasting their time

5. We have no logs to give, but we have the seppuku pledge where we vow to pull the plug and kill our whole network if we're ever forced to spy on a user and give up their personal info.

As for questions 2 and 3, I will defer to others better able to articulate a response, and I will see if I can prod them into replying to those questions
by cryptostorm_support
Sat Dec 27, 2014 3:51 pm
Forum: general chat, suggestions, industry news
Topic: 1.4 config files: bugtracking, feedback, discussion, questions, etc.
Replies: 24
Views: 31560

Re: 1.4 config files (draft versions posted here)

loop wrote:On the uscenteral node the address linux-uscentral.cryptostorm.nu routes to wrong address.
I've just checked the resolution from several machines in the network, and it appears to resolve to the intended instance (linux-mishigami1 | 167.88.9.27)l; are you seeing the same results, or is that instance not behaving as expected.

Thanks,

cryptostorm support
by cryptostorm_support
Thu Dec 25, 2014 1:43 pm
Forum: member support & tech assistance
Topic: LinuxMint connection Certificate issues
Replies: 9
Views: 8179

Re: LinuxMint connection Certificate issues

Could you copy/paste into a reply the exact certificate materials that are included in the configuration file you are using to connect? I strongly suspect that there's a problem relating to the pre- versus post-heartbleed certificate matching that's going on here. For details and likely a quick solution as well, here's the post with the cert information.

Let us know if that doesn't get a solution straightaway, in which case we'll work with you to get to the bottom of things!

Thanks,

cryptostorm_support
by cryptostorm_support
Tue Dec 23, 2014 7:29 pm
Forum: independent cryptostorm token resellers, & tokens 101
Topic: 12 Month Token by BTC via BM
Replies: 4
Views: 24140

Re: 12 Month Token by BTC via BM

Greetings.

If you like, you can contact us through the BM address in my signature and work out payment that way, or if you would rather go through one of our resellers that's totally cool too.
by cryptostorm_support
Mon Dec 22, 2014 9:24 pm
Forum: independent cryptostorm token resellers, & tokens 101
Topic: I'm Back!!! @Moolah accepting Doge/Litecoin/Bitcoin
Replies: 6
Views: 28054

Re: I'm Back!!! @Moolah accepting Doge/Litecoin/Bitcoin

^ yep. We get spambots that post others' comments occasionally. *prepares orbital spambot nuke*
by cryptostorm_support
Tue Dec 16, 2014 8:57 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Icelandic power outage: 15 Dec 2014
Replies: 4
Views: 22166

Re: Icelandic power outage: 15 Dec 2014

That's a pretty good suggestion, parityboy. I'll definitely be bringing that up during our next staff dorkfest... I mean, "meeting" :P
by cryptostorm_support
Mon Dec 15, 2014 6:34 pm
Forum: member support & tech assistance
Topic: Certificate issue on tunnelblick.cryptostorm.ch
Replies: 3
Views: 7090

Re: Certificate issue on tunnelblick.cryptostorm.ch

I just did a couple tests myself and can't seem to replicate the issue. I'll pass your tip on to our techs so they can have a look as well. Thanks :)
by cryptostorm_support
Mon Dec 08, 2014 1:59 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Status of Official Widget (for Mac)
Replies: 5
Views: 15259

Re: Status of Official Widget (for Mac)

It's been put on the back-burner for a little while since other projects got shoved to the forefront, and development will be resumed once they have been taken care of. While that goes on, we've completely redone our connection tutorial for tunnelblick to make it as easy as possible to get a working connection going, and a cleanup of Viscosity's is coming shortly.

A widget across all possible platforms is something we definitely want to see and is absolutely still firmly on our "to do" list, but management of resources has diverted our attention momentarily. It'll come back though :)
by cryptostorm_support
Sat Dec 06, 2014 1:46 am
Forum: member support & tech assistance
Topic: Can't register on board
Replies: 5
Views: 6514

Re: Can't register on board

That's very strange. I'll have the admin get your account taken care of shortly

EDIT: Your account has been reactivated, and you have a userpage again :)

Hopefully all is good again, but if you experience any email verification shenanigans, just let us know and we'll take care of it
by cryptostorm_support
Thu Dec 04, 2014 2:57 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm.org: how to use it, discussion, etc.
Replies: 20
Views: 49395

torstorm.org: how to use it, discussion, etc.

Please do read the how torstorm works post first, before deciding to use torstorm. It has alot of important reminders about torstorm's status as a beta/in-public-testing service, and you need to know that before you decide you want to use it at all, and doubly so for security-intensive applications.

Once you have done that, only two steps are required:

1. Connect to cryptostorm, via any nodes or clusters, using either full-capacity token-based service or capped cryptofree.me free service. You must be connected to cryptostorm (or cryptofree) in order to make use of torstorm, and to receive the full security of the service itself.

2. Enter into your browser's address bar the .onion site you want to visit, with the following format:
That's it. If you see any bugs or unexpected responses, please do let us know!

Thanks,

cryptostorm_support
by cryptostorm_support
Sun Nov 30, 2014 10:58 am
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: Mac/OSX connects via Tunnelblick
Replies: 0
Views: 46817

HOWTO: Mac/OSX connects via Tunnelblick

 ! Message from: df
The current Tunnelblick/Viscosity tutorial is at https://cryptostorm.is/macintosh
by cryptostorm_support
Fri Nov 28, 2014 11:49 am
Forum: member support & tech assistance
Topic: DNS Leak Test
Replies: 1
Views: 3510

Re: DNS Leak Test

Hi, pc -

There is a separate thread that is digging into this question, which you can read here if you are interested. From what I have heard (and I think this is getting posted to that thread shortly), the "no results" indefinite load issue on that specific site is related to the absence of IP6 resolvers available to the browser. Which is, basically, a "non-leak" result - even though it's somewhat weird to see the page simply hang.

There are a couple other threads here that talk more about DNS questions, and DNS leaks. If you would like to read up on them, let me know and I will pull those links together for you!
by cryptostorm_support
Thu Nov 27, 2014 5:40 am
Forum: general chat, suggestions, industry news
Topic: mullvad.net
Replies: 17
Views: 32615

Re: mullvad.net

shitstorm-flyer.jpg
by cryptostorm_support
Fri Oct 31, 2014 2:39 am
Forum: member support & tech assistance
Topic: Token
Replies: 5
Views: 5952

current widget?

It sounds like this has resolved, but a reminder to be sure to use the most current widget release! This is always available at widget.cryptostorm.is and, so long as you approve the "check for updates" option in your own widget install, it will automatically check for new versions every time you launch and let you know if one should be installed.

There was a bug a version of the widget earlier this month that related to one version of the Tap driver running on some versions of Windows 8.x. So in addition to performance improvements, being sure the most current widget is running on your machine is also best security practice :-)

If this issue you report above is still occurring, let us know and we will get directly in contact with you to resolve.

Thanks!

  • ~ cryptostorm_support
by cryptostorm_support
Wed Oct 29, 2014 4:51 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Optimising Windows-based cstorm sessions: community advice?
Replies: 10
Views: 31379

Q: getting best Windows widget cryptostorm performance?

Guest wrote:I'm not exactly sure which details about me do you need to troubleshoot properly, so if I leave something out, please ask. And thanks to your customer support for being awesome!

Windows 7 x64, fully updated
Network card used is built in in ASUS M5A97 R2.0
Using Cryptostorm widget
40/10mbit fiber connection, no idea about the router model, but it's Huawei
Default Windows firewall/Microsoft Security Essentials running
Hi guest, I wanted to make sure this request for assistance doesn't get lost amidst the related discussions in this thread, so I'm likely going to split it off from this thread and pin it up in the support subforum, so it's easier for you (and others) to find, as it develops. If that's not ok, let me know and I can bring it back into the original windows performance thread. :!:

Just to be sure, which version of the widget are you using? I know there's been some tuning in recent bugfix releases, which have come pretty frequently in the last couple months - if you're a step behind the most current version, it will be good to jump up to the most recent build (always available at widget.cryptostorm.ch).

And, next, I know the tech ops team is currently doing a big overhaul of the core "conf" files - which is set to be 1.4 for the Linux connections, and will have a parallel version that sits underneath widget (Windows) sessions, as well. They are working in particularly on fine-tuning the Windows-specific instances, in terms of network performance. I don't have more details than that, except that there's plans for some intensive work by that team this weekend. Is there a way they can contact you, so they can perhaps do some realtime testing of parameters and settings as they go about that process? I know that's always helpful, to have more testers - and with your strong local bandwidth, it'd be ideal for this kind of task.

Thanks for your help!

  • ~ cryptostorm_support
by cryptostorm_support
Mon Oct 20, 2014 12:13 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Portuguese cluster - teething pains [RESOLVED]
Replies: 49
Views: 96874

Re: Portuguese cluster - teething pains [status update]

It does appear to be down again. I know there was some discussion yesterday concerning the ongoing issues with Brisa, but I'll reach out and see if I can get something official on the current situation

EDIT: So the outages with Brisa we've been seeing have been hardware related, and shortly we're going to be going ahead with getting that hardware replaced and Brisa should be happy again. I don't have an exact ETA for when this is to be completed though.
by cryptostorm_support
Sun Oct 19, 2014 8:14 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Optimising Windows-based cstorm sessions: community advice?
Replies: 10
Views: 31379

Optimising Windows-based cstorm sessions: community advice?

One of the most common questions we get on the support team is how to get the best speed out of cryptostorm network sessions on Windows-based machines. Sometimes these questions come in when a member runs things like speedtest.net and concludes that their on-network connection is slow. Other times, they might see a drop in performance of a specific application that they remember being faster pre-cryptostorm. Whatever the case, it's a common question!

When we send this over to the widget developers, they generally check to make sure nothing's wrong with the code or the way the widget is running... which, in most cases, checks out fine.

When we send it to the network folks - admins and architects and that crew - they tend to check server-side to ensure we don't have a bottleneck in a given node or cluster. Sometimes a bottleneck is identified and resolved; more often, support gets back a reply that "the network is running great - no problems here."

Which then leaves a network member frustrated, when he still feels he's getting laggy performance from his cryptostorm session and we don't really have anything to tell him. For Linux members, some of our tech team can provide concrete recommendations on how to optimize their local machine's network settings to ensure good performance with cryptostorm - and we see examples of really, really fast cryptostorm connections when they get done! But we really don't have anyone on the team with Windows network tuning expertise... and so we're reaching out.

Are there any good resources, whether that's howto guides or specific tools or standalone applications or whatever, that are useful in understanding how Windows network performance can be optimized, controlled, and better understood? Or are there any specific pieces of advice members have, in terms of working with their own Windows-based cryptostorm connections to get the best performance?

Some of us on the support side of things have done basic googling for information... but probably our members know more about this than google, so we're asking here instead! :mrgreen:

Thanks for anything you have to share and we'll pass it along to lots of people if it helps things go nice and fast.

~ cyptostorm_support
by cryptostorm_support
Thu Oct 16, 2014 5:23 am
Forum: member support & tech assistance
Topic: Can't connect
Replies: 13
Views: 10151

Re: Can't connect

Hi, I'm sorry this is being difficult for you.

I suspect that the problem relates to the split between pre- and post-heartbleed certificates embedded in the configuration file you are using, and the instances with which you are seeking to connect. What specific config file are you using? Once we know that, we can make sure it's the correct one for the network!

There is currently a push to get all of our client-side configuration files updated to a consistent version (1.4); currently, they are a little bit desynchronised and that is causing frustration. It is something we are working hard to get cleaned up, asap!

Also if it is easier, you can always email our support team via support@cryptostorm.is - that account is staffed pretty close to 24/7, and in some cases we can reply quicker to emails because there is good coverage of the account from multiple team members!

Thanks again,

~ cryptostorm_support
by cryptostorm_support
Mon Oct 06, 2014 7:41 am
Forum: member support & tech assistance
Topic: Trouble Connecting To Portugal
Replies: 14
Views: 14352

Re: Trouble Connecting To Portugal

Just a quick update for you guys. We're still working with oneprovider on getting this all resolved, and currently remote login is being prevented due to an ssh bug. In talking with some of our server guys, it like we're going to be wiping and reinstalling. Sorry for the delay and inconvenience, and we're working to get brisa resurrected ASAP.
by cryptostorm_support
Sun Sep 28, 2014 5:56 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm exitnode clusters: listing+requests+roadmap
Replies: 89
Views: 123393

Re: poll: where to add new exitnode clusters?

Tested and working on my mac, my config looks like this:

Code: Select all

remote-random

<connection>
remote raw-brisa.cryptostorm.net 443 udp
</connection>

<connection>
remote raw-brisa.cryptostorm.ch 443 udp
</connection>

<connection>
remote raw-brisa.cryptostorm.nu 443 udp
</connection>


by cryptostorm_support
Sun Sep 28, 2014 8:34 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm exitnode clusters: listing+requests+roadmap
Replies: 89
Views: 123393

Re: poll: where to add new exitnode clusters?

Portugal exit node - "brisa" - should now be ready to accept connections :)
by cryptostorm_support
Wed Sep 24, 2014 6:16 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm exitnode clusters: listing+requests+roadmap
Replies: 89
Views: 123393

Re: poll: where to add new exitnode clusters?

Privangle: A portugal exit node should be coming online shortly, and we still desperately want an asian node as well. That'll likely be next.
by cryptostorm_support
Wed Sep 24, 2014 6:14 am
Forum: member support & tech assistance
Topic: Suddenly getting "errors" when logging on
Replies: 2
Views: 4964

Re: Suddenly getting "errors" when logging on

No worries :)

If your one machine continues to give you grief, send along a copy of the offending logs to our support email channel at support@cryptostorm.is and we can give you more direct feedback
by cryptostorm_support
Sun Sep 07, 2014 8:20 pm
Forum: member support & tech assistance
Topic: Cannot Authenticate On Frankfurt Node
Replies: 13
Views: 11151

Re: Cannot Authenticate On Frankfurt Node

Interesting ideas. I think I like #2 the best (with the slight modification that the report be sent to us to deal with) as - ideally - there should be few reports generated, and we could check to see which node is the correct one. In the event of a slight desync between nodes, the node that expires first could actually be the correct one (especially if replication between nodes isn't working correctly, for whatever reason). The load burden from increasing db queries is also something that needs to be considered, but I don't know how much of an affect it might have.

This is, however, just me spitballing off of your idea, and I think there could be some benefit to putting something like that in place, so I'll pass it around to the devs :)
by cryptostorm_support
Sun Sep 07, 2014 6:40 am
Forum: member support & tech assistance
Topic: Cannot Authenticate On Frankfurt Node
Replies: 13
Views: 11151

Re: Cannot Authenticate On Frankfurt Node

Can I get you to send along some logs again to support@cryptostorm.is? Thanks.

Also, anyone else reading this also having any issues with the frankfurt node?
by cryptostorm_support
Sat Sep 06, 2014 9:02 am
Forum: member support & tech assistance
Topic: Need help from tech support.
Replies: 7
Views: 10163

Re: Need help from tech support.

I'm not sure I understand exactly what you want to do here. If I understand you correctly, you want to add a number of exit nodes to one config file, but I'm not sure how you intend to select which you want.

You could have a randomly selected exit node using something like

Code: Select all

remote-random
# randomizes selection of connection profile from list below, for redundancy against...
# DNS blacklisting-based session blocking attacks
 
 
# frankfurt cluster
<connection>
remote raw-cantus-2.cryptostorm.net 443 udp
</connection>
 
# montreal cluster
<connection>
remote raw-maple.cryptostorm.net 443 udp
</connection>
 
<connection>
remote raw-maple.cryptostorm.ch 443 udp
</connection>
 
<connection>
remote raw-maple.cstorm.pw 443 udp
</connection>
where you can define what exit nodes are possible results but that's the extent of your control over what exit node gets selected
by cryptostorm_support
Sat Sep 06, 2014 8:55 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Status of Official Widget (for Mac)
Replies: 5
Views: 15259

Re: Status of Official Widget (for Mac)

The Mac Widget is definitely still coming, but I do not have any current info on an ETA. I'll poke s few devs to see how it is coming along
by cryptostorm_support
Thu Aug 14, 2014 11:17 pm
Forum: member support & tech assistance
Topic: RESOLVED? | Unstable connection in Iceland or am I doing ...
Replies: 73
Views: 71154

Re: RESOLVED? | Unstable connection in Iceland or am I doing

Anyone still having some issues with cantus? I'm having someone take a look right now, and will report back with updates if it's warranted
by cryptostorm_support
Mon Aug 11, 2014 11:12 am
Forum: independent cryptostorm token resellers, & tokens 101
Topic: cryptostorm: All Tomorrow's Tokens... or, auth done right
Replies: 33
Views: 292238

Re: cryptostorm: All Tomorrow's Tokens... or, auth done righ

Greetings, odb.

Could I get you to send a support email to support@cryptostorm.is with a description of your issue and a copy of your logs? If you'd rather send me a PM with the same information that would work too :)

Thanks.
by cryptostorm_support
Mon Aug 11, 2014 11:02 am
Forum: general chat, suggestions, industry news
Topic: Split Tunneling
Replies: 27
Views: 55300

Re: Split Tunneling

I'll talk to our devs about that, but I would have to wager that's a fairly non-trivial feature to implement to ensure security doesn't needlessly get compromised. I would expect that would be something for a major release, but I will defer to their boundless wisdom
by cryptostorm_support
Mon Aug 11, 2014 10:56 am
Forum: member support & tech assistance
Topic: Bruno/Shadow Gone?
Replies: 3
Views: 5129

Re: Bruno/Shadow Gone?

We've been in the process of decommissioning Bruno for some time and there should be official word on that coming very soon. I'll grab a stick and poke some bodies around here to make sure said official word doesn't get shoved on the backburner

EDIT: Eeep! Apparently said official message was posted while I was (largely) afk for a couple days. Anyone interested can find it here
by cryptostorm_support
Wed Jul 23, 2014 10:58 pm
Forum: member support & tech assistance
Topic: RESOLVED? | Unstable connection in Iceland or am I doing ...
Replies: 73
Views: 71154

Re: RESOLVED? | Unstable connection in Iceland or am I doing

Progress! Science! and all that.

I glad to see that some of you are back to seeing stable connections, and I have made sure our nerds behind the curtain have been made aware of all the information you all have provided. I'll dispense the updates here as I get them. Thanks so much for your continued patience and all the help everyone has provided in helping us get this issue tracked down.
by cryptostorm_support
Fri Jul 18, 2014 11:36 am
Forum: general chat, suggestions, industry news
Topic: optimising torrenting performance on cryptostorm: discussion
Replies: 68
Views: 191016

Re: optimising torrenting performance on cryptostorm: discus

Thank you, marzametal. The VPN market is getting ever more crowded and if you want to sacrifice security for torrent performance, I have no doubt that there are plenty of people who would gladly take your money and sell you out at the first inkling of pressure.

CS' mission is to provide a broad VPN service with security as our ultimate concern. Those are our terms. Of our list of priorities, you might find torrent functionality on there somewhere, but I can assure you it's not near the top and it'll get shoved to the bottom if we feel it may compromise the security we've worked hard toward, and that our customers expect.
by cryptostorm_support
Thu Jul 17, 2014 12:54 am
Forum: member support & tech assistance
Topic: RESOLVED? | Unstable connection in Iceland or am I doing ...
Replies: 73
Views: 71154

Re: Unstable connection in Iceland or am I doing something w

We're seeing a number of people with this issue, and unfortunately we do not have a fix just yet. We're noticing a high number of people having issues are running some flavour of Linux or using viscosity on OSX. Is that the case with everyone here?
by cryptostorm_support
Wed Jul 16, 2014 12:18 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm exitnode clusters: listing+requests+roadmap
Replies: 89
Views: 123393

Re: cryptostorm exitnode clusters: listing+requests+roadmap

lol, no, no bribes are necessary *extends hand with a wink* (jk, obviously :P )

There was a lot of talk a little while ago about getting an asian exit node going, but I think it may have been subtly pushed a couple places back in the mental queue as other things came up. I've poked a couple people here for their current thoughts on that situation, and as always, input from folks familiar with that (rather large) region is always appreciated and will be considered before making a final decision on location.
by cryptostorm_support
Wed Jul 16, 2014 12:12 am
Forum: member support & tech assistance
Topic: RESOLVED? | Unstable connection in Iceland or am I doing ...
Replies: 73
Views: 71154

Re: Unstable connection in Iceland or am I doing something w

I haven't personally experienced any flakiness on iceland, but I've passed this on to team here to investigate
by cryptostorm_support
Tue Jun 24, 2014 9:21 pm
Forum: general chat, suggestions, industry news
Topic: Openssl = sh!t ??
Replies: 7
Views: 8034

Re: Openssl = sh!t ??

Had a talk with a couple of the guys here and they said they have looked at some of the other options but still prefer openssl despite its lack of perfection. The nature of this field is staying on your toes and getting ahead where you can, and reacting quickly where you can't. As others have said, there's a real cost to port to other technologies, but if its worth it, its worth it, and we've got people here keeping an eye out and prepared to make that call when the time comes
by cryptostorm_support
Tue Jun 24, 2014 9:10 pm
Forum: member support & tech assistance
Topic: pre-1.21 widget feedback (mostly closed, now...)
Replies: 21
Views: 21280

Re: widget v1.0 official release

Just had a quick chat with our lead dev about this issue, and he's currently working on cranking out widget 1.1 where some additional thread optimizations were made, but it probably won't remedy the issue 100% just yet. From him:
" i'm still working on 1.1 and i think i did find a couple more threading issues that are fixed now, but the nature of windows + perl threading + Tkx will always have some kinda cpu issues. Tho 50% is a bit much"
So yeah, optimizations are ongoing, and it's something we'll try to get as low as we can
by cryptostorm_support
Tue Jun 24, 2014 1:49 am
Forum: member support & tech assistance
Topic: version control: non-widget Windows conf's, most current?
Replies: 22
Views: 20950

Re: version control: non-widget Windows conf's, most current

wax24 wrote: I'm happy to use OpenVPN for now but, please keep some thread somewhere (this one perhaps) updated with the latest DNS entries to use for the various exit nodes please so i can update my manual conf files as needed when there are changes. Thank you.

While we would like everyone to be able to use the widget, we realize that that may not yet be viable in every case, so your idea of maintaining a list of of DNS entries for the exit nodes is a good one. This is actually where the widget looks to grab its own updated list. We'll post this elsewhere shortly so that it can get a bit more visibility for those that need it
by cryptostorm_support
Tue Jun 17, 2014 9:59 pm
Forum: member support & tech assistance
Topic: Cannot Authenticate On Frankfurt Node
Replies: 13
Views: 11151

Re: Cannot Authenticate On Frankfurt Node

Could you try to connect again and send the logs to our support email? I'll talk to the guys regardless, but just in case there's something useful in logs that will help