Wednesday, July 31, 2013

What is Web Browser - MasterVPN

A web browser is a software application for retrieving, presenting, and traversing information
resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier (URI) and may be a web page, image, video, or other piece of content. Hyperlinks present in resources enable users easily to navigate their browsers to related resources.
The major web browsers are Internet Explorer, Firefox, Google Chrome, Apple Safari, and Opera.

Contents

List of web-browsers

The mainly known web-browsers are:
Microsoft Internet Explorer, Mozilla Firefox, Seamonkey, Google Chrome, Safari, Netscape Navigator, Konqueror, Opera, AOL Explorer
But there are numerous others:
Maxthon, Amaya, Epiphany, Camino, Arachne, K-Meleon, Shiira, Sputnik, iCab, Galeon, Links, Phoenix, OmniWeb, Avant, and many many more;
For iOS (iPhone, iPad, etc.) see a list of available browsers here: http://ipod.about.com/od/bestiphoneapps/tp/Top-Iphone-Web-Browser-Apps.htm

Comparison of web-browsers

The mostly-recommended browser is certainly Mozilla Firefox. It's open source and free, platform-independent and easy to extend.
For a more detailed comparison of web-browsers see the Wikipedia article: Comparison of web-browsers -> http://en.wikipedia.org/wiki/Comparison_of_web_browsers

Pro / Contra

Privacy:
Google Chrome logs your online activity and send's it to Google. Big minus!
Internet Explorer is from Microsoft, no trust there, but it seems to not spy as Chrome does.
Firefox is open-source, spyware-free and trusted.
Speed:
Google Chrome and Internet Explorer are faster than Firefox
Firefox needs the most system resources
Extensions:
Firefox is very easy to extend and has thousands of extensions.
Google Chrome tries too, but will probably never do as well as Firefox does, regarding add-ons and extensions.
Internet Explorer offers no extensions, only useless spyware toolbars

Recommendation

At the end, we'll certainly recommend Mozilla Firefox because of the following reasons:
  • free
  • open source
  • easy to extend
  • not from Microsoft (that's a plus!)
  • not from Google (that's also a plus!)
When coming to points of speed and system performance, Mozilla Firefox could be better. It's not as fast as Internet Explorer or Google Chrome. But it's free, open-source, and easy to extend.
It's regularly updated and has a big community which helps developing further versions of Firefox. There are countless add-ons.

What is HMA VPN Privacy Policy?

Hidemyass.com ("our Site") and the services available through it are operated by Privax Limited (referred to as "we", "us" and "our"). We are a company registered in England under company number 07207304 and have our registered office at 7 Moor Street, London, W1D 5NB, UK.
We are a leading provider of web privacy and anonymity tools and therefore we are deeply committed to protecting and respecting your privacy. This Privacy Policy (together with any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we, as data controller of your personal data that you provide to us, will treat it.

Section 3 below explains how we use cookies to operate our site.
Please also review our Frequently Asked Questions.

If you have any questions regarding these terms, you can contact by email (info@hidemyass.com). Our privacy policy (referred to from now on as the "Privacy Policy") applies when you use our Site. Please read the Privacy Policy carefully before you start to use our Site. By using our Site, you indicate that you accept the Privacy Policy and that you agree to abide by it. If you do not agree to our Privacy Policy, please refrain from using our Site.

2. INFORMATION WE MAY COLLECT FROM YOU, WHY WE NEED IT AND HOW WE USE IT

We may collect and process the following data about you:
On registration:
  • What data we collect: When you register we will collect your username, email address, password (encrypted) and IP address.
  • Why we need this data: We will need your username and password in order to provide you with access to the web based control panel and to our downloadable VPN software. We will need your email address in case you forget your password or wish to receive email newsletters. Your IP address is logged by us so that we can prevent any spam, fraud or abuse of our Site and our services. We may store this data for up to two years, unless we are required, for legal reasons or under exceptional circumstances, to retain this data for an extended period.
  • How we use this data: we use this data to provide our services to you, prevention of fraud and abuse. From time to time we may email you news, updates and sales offers which you can easily opt out of receiving by clicking "unsubscribe" in the relevant email.

When you contact us or submit comments on our Site:

If you submit comments on our Site or contact us for any reason we may store these communications for up to two years, unless we are required, for legal reasons or under exceptional circumstances, to retain this information for an extended period.
Payments:
  • If you opt to pay for use of our services, we will direct you to make payment through a third party payment processor. We currently use the following third party payment providers: PayPal (view policy), 2Checkout (view policy), DalPay (view policy), Cleverbridge (view policy) Google Checkout (view policy); Plimus (view policy) is only available for customers with automatically renewing payments commenced before February 2012.
  • What data we collect: The third party site will provide us with, and we will then store, the date on which you made the payment and the date that your account will expire, along with a generic number (your "Order ID Number"). We do not store your name, home address, payment details (e.g. credit card details) but this data may be stored by the third party payment provider handling the transaction and may be accessible by us.
  • Why we need this data: We store this information as it enables us to know when your account will expire and to prevent and detect fraud. We need your Order ID Number so that we can link your order to your account. We will store this information for up to two years, unless we are required, for legal reasons and under exceptional circumstances, to retain this information for an extended period.
We are not responsible for any third party payment provider handling your transaction and you should refer to the third party payment provider's privacy policy to see how they use your data.

Web Proxy service:

  • What data we collect: This is a free service and the only data we store are website logs. This log details your IP address, the address of the website you visit, date, time and the files/sites you viewed via the webproxy.
  • Why we need this data: The website logs are needed to tell us what websites and files you have accessed via our network.
  • VPN service:

    • What data we collect: We will store a time stamp and IP address when you connect and disconnect to our VPN service together with the IP address of the individual VPN server used by you. We do not store details of, or monitor, the websites you connect to when using our VPN service.
    • Why we need this data: We do this so that we can monitor the performance of our Site, for example it enables us to sort server nodes by the amount of Users connected, to limit your account to one concurrent IP address per VPN connection (to prevent shared accounts), resource analytics (to carry out usage analysis for administrative purposes) and to prevent abuse. This data is stored on our system for no more than two years unless we are required, for legal reasons or under exceptional circumstances, to retain this data for an extended period.

    Anonymous email service:

    • What data we collect: We store the date and time of registration for the anonymous email service, your IP address, password, your actual email address (optional), and of course the actual emails themselves. You can delete your account and emails at any time but your registration details are stored permanently to be used as an identifier in case of any potential legal issues.
    • Why we need this data: We need this data so that you can receive emails (although please note that you can't send emails). You can use this anonymous email service as a temporary email inbox for when websites you do not necessarily trust require an email address.

    IP:PORT premium service:

    • What data we collect: We store the date and time of order for the IP:Port Proxy List premium service, and the email address provided to us for receipt of the proxy list emails. You can delete your account at any time but your email address will be stored by us for no more than 2 years after you have deleted your account.
    • Why we need this data: We need this data so that we can send you emails containing the proxy lists.
    We will not share any of your data with anyone except in the circumstances referred to in section (Disclosure of Your Information).

    3. cookies

    We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. Cookies help us to improve our Site and are essential for our Site to operate. By accepting this Privacy Policy, you agree that we may place cookies on your computer. For more information about cookies, please visit aboutcookies.org.
    We use the following cookies:
    • Google Analytics cookies: __utma, __utmb, __utmc, __utmz. These cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site, using a service provided by Google Analytics. For more information please visit: http://www.google.com/analytics/learn/privacy.html
    • Affiliate cookies: aff_tag, ruid. These cookies allow us to identify if you have been referred to us by an affiliate, so we can pay commission to that affiliate.
    • Login cookies: PHPSESSID, CAKEPHP, be. We use these cookies so you remain logged in when you are using your account.

    4. WHERE WE STORE YOUR PERSONAL DATA

    • 4.1 All information you provide to us is stored on our secure servers. The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
    • 4.2 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
    • 4.3 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

    5. DISCLOSURE OF YOUR INFORMATION

    • 5.1 In the event that Privax Limited becomes part of a group of companies, we may disclose your data to any member of such group, which means any subsidiaries of Privax, or its ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
    • 5.2 We may disclose your personal information to third parties:
      • 5.2.1 In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
      • 5.2.2 If Privax Limited is, or substantially all of its assets are, acquired by a third party, in which case personal data held by it about its users will be one of the transferred assets; or
      • 5.2.3 If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of service and other agreements; or to protect the rights, property, or our safety, our users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

    6. ACCESS TO INFORMATION

    The UK Data Protection Act 1998 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Act. Any access request may be subject to a fee of 10GBP to meet our costs in providing you with details of the information we hold about you. To make an access request please email: info@hidemyass.com

What do you mean by Internet Encryption?

What kind of encryption does HMA Pro VPN use?

HideMyAss currently offers the maximum of security you can get nowadays - your internet traffic will be safe when using HMA! Pro VPN. Should someone intercept your traffic, it would be useless for him. He doesn't know the key and therefore can't decrypt the data.
Before connecting to the VPN, you can choose which protocol you would like to use, OpenVPN or PPTP.
OpenVPN connections: For encryption the cipher in use is CBC mode of Blowfish with encryption strength of 128bit, hash algorithm is 160bit SHA1, and the control channel is same TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA.
PPTP connections: For encryption PPTP uses MPPE (Microsoft Point-to-Point-Encryption) 128bit cipher with compression and MS-CHAPv2 authentication.
L2TP: Our L2TP Protocol is being tunnelled with IPSec, which supports multiple encryption protocols which are negotiated upon connection. The ones our servers support are:
TWOFISH_CBC, SERPENT_CBC, AES_CBC, BLOWFISH_CBC
Generally you can say that OpenVPN is safer than PPTP. But for normal purposes it shouldn't make a difference, so take the one which is the fastest for you.

Example of encryption

One example: When using Blowfish, the encryption works with a key that is needed to encrypt and decrypt data.
When we're using the string "This is a blowfish key!" for our key, and we want to encrypt the string "www.hidemyass.com", the result is:
EFBFE3763805B5A814C1221D87891D25E7263A06CF5A809A (hexadecimal)
5.878642217350418e+57 (decimal)
You can't decrypt this without knowing the key "This is a blowfish key!"

Microsoft Point-to-Point Encryption

Microsoft Point-to-Point Encryption (MPPE) is a protocol for encrypting data across Point-to-Point Protocol (PPP) and virtual private network (VPN) links. It uses the RSA RC4 encryption algorithm. MPPE supports 40-bit, 56-bit and 128-bit session keys, which are changed frequently to improve security. The exact frequency that the keys are changed is negotiated, but may be as frequent as every packet.

MPPE alone does not compress or expand data, but the protocol is often used in conjunction with Microsoft Point-to-Point Compression which compresses data across PPP or VPN links.
Negotiation of MPPE happens within the Compression Control Protocol (CCP), a subprotocol of PPP. This can lead to incorrect belief that it is a compression protocol.

What is SSL VPN?

SSL or Secure Sockets Layer is a security protocol created by Netscape that has become an
international standard on the Internet for exchanging sensitive information between a website and the computer communicating with it, referred to as the client.
SSL technology is embedded in all popular browsers and engages automatically when the user connects to a web server that is SSL-enabled. It's easy to tell when a server is using SSL security because the address in the URL window of your browser will start with https. The "s" indicates a secure connection.

When your browser connects to an SSL server, it automatically asks the server for a digital Certificate of Authority (CA). This digital certificate positively authenticates the server's identity to ensure you will not be sending sensitive data to a hacker or imposter site. The browser also makes sure the domain name matches the name on the CA, and that the CA has been generated by a trusted authority and bears a valid digital signature. If all goes well you will not even be aware this handshake has taken place.

However, if there is a glitch with the CA, even if it is simply out of date, your browser will pop up a window to inform you of the exact problem it encountered, allowing you to end the session or continue at your own risk.

Once the handshake is completed, your browser will automatically encrypt all information that you send to the site, before it leaves your computer. Encrypted information is unreadable en route. Once the information arrives at the secure server, it is decrypted using a secret key. If the server sends information back to you, that information is also encrypted at the server's end before being sent. Your browser will decrypt it for you automatically upon arrival, then display it as it normally does.
For those running a secure server it is also possible to authenticate the client connecting to the server to ensure, for example, that the person is not pretending to be someone who has been granted restricted access. Another feature of SSL technology is the ability to authenticate data so that an interceder cannot substitute another transmission for the actual transmission without being detected.

Though SSL makes exchanging sensitive information online secure, it cannot guarantee that the information will continue to be kept secure once it arrives safely at the server. For assurance that sensitive information is handled properly once it has been received, you must read the site's privacy policy. It does little good to trust your personal data to SSL, if the people who ultimately have it will be sharing it with third parties, or keeping it on servers that are not bound by restricted access and other security protocols. Therefore it is always wise to read any site's privacy policy, which includes security measures, before volunteering your personal information online.

What is Internet Speed?

With Pro VPN the speeds of your internet connection should usually not be much less than normally.
Of course this depends on several factors like server load, distance to server, speeds of your ISP, etc.
Should your speeds be lower than expected, there are several things you can try to max out your speed:
  • Change protocol (OpenVPN <> PPTP <> L2TP) and test again
  • Switch server (nearest does not necessarily mean fastest!)
  • Try using OpenVPN-UDP with our alternative clients - it's much faster than PPTP or usual OpenVPN. -> UDP
  • Tweak your network settings as explained below.


Speedtest

To test your connection speed before and after tweaking anything, you can use e.g. 

Network tweaking

There are numerous ways to tweak your network-, TCP- and browser-settings.
All tools you will need are linked below.


Deactivate Halfopen-Limit (Windows)

First you should deactivate the limit for halfopen connections windows has. This archive (download) includes several tools for that: TCP-Z, Universal TCP/IP Patch, EvID (LvlLord Patch), TCP Patch.
Goal is to set the limit to 255 or deactivate it completely, depending on your operating system.


Network tweaking with TCP-Optimizer (Windows)

TCP-Optimizer is the best freeware tool for optimizing, tweaking and tuning network settings normal users don't have access to or know of.
It replaces all known Net-Tweak-Apps due its complexity. By using the presets (Windows Default, Current, Optimal, Custom) you can easily tweak all settings with one click.


Use the fastest DNS server (all operating systems)

With Tools like NameBench or browsermob-dns-perf you can test which is the fastest DNS server for you.
For most people it is Googles Public DNS (8.8.8.8 + 8.8.4.4) but they log your DNS queries.
There are others which are also fast and not from Google.


Tweaking MacOSX

Unfortunately MacOSX does not have as many possible tweaks and networking related settings as Windows does, but still there are some things you can try:

TCP tweaks
  • Start up a terminal window and run the following commands:
    sudo sysctl -w net.inet.tcp.rfc1323=1
    sudo sysctl -w kern.ipc.maxsockbuf=16777216
    sudo sysctl -w net.inet.tcp.sendspace=1048576
    sudo sysctl -w net.inet.tcp.recvspace=1048576

Apple broadband tuner:

Additional:
  • If you have a WLAN connection, change your routers channel and other WLAN related settings to see if you can get a better signal.
    Also, consider using a wired network setup instead of WLAN. It's more secure and always faster.
  • Temporarily disable your firewall to see if this has a significant effect on your connection performance. If it does, check your firewalls settings,
    remove unnecessary rules or consider using a different firewall software.

Tweaking Linux

Please note that any of the following suggested modifications may improve performance and stability as well as make it worse.
To know if a setting has a positive, negative or any effect at all, it's a good idea to keep doing speedtests before and after each change.

  • Modify TCP settings in sysctl.conf:
    Changing TCP settings on Linux is done by adding the corresponding lines at the end of the file /etc/sysctl.conf and then running "sysctl -p" to apply the changes.
    You should make a backup of the file (e.g. run "cp /etc/sysctl.conf /etc/sysctl.backup")

    net.core.rmem_max = 16777216
    net.core.wmem_max = 16777216
    net.ipv4.tcp_rmem = 4096 87380 16777216
    net.ipv4.tcp_wmem = 4096 65536 16777216
    net.ipv4.tcp_no_metrics_save = 1
    net.ipv4.tcp_congestion_control=htcp
  • To increase TCP throughput, run this (replace eth0 with your network device identifier if different, e.g. wlan0):
    ifconfig eth0 txqueuelen 1000

  • Disable auto-tuning to prevent unwanted behavior:
    sysctl -w net.ipv4.route.flush=1

  • Modify TCP congestion control
    The sysctl variable net.ipv4.tcp_congestion_control is set to "reno" by default. You can set it to one of the following options:   

    reno: Traditional TCP used by almost all other OSes. (default)   
    bic: BIC-TCP   
    highspeed: HighSpeed TCP: Sally Floyd's suggested algorithm   
    htcp: Hamilton TCP   
    hybla: For satellite links   
    scalable: Scalable TCP 
    vegas: TCP Vegas  
    westwood: optimized for lossy networks

    E.g. run this:
    sysctl -w net.ipv4.tcp_congestion_control=htcp

  • Disable segmentation offload, decreases performance but increases stability:
    ethtool -K eth0 tso off




Additional (all operating systems)

  • Always make sure you have the latest available device drivers for your computer; Router firmware, ethernet-adapter and motherboard drivers, BIOS update, etc.
    If you have a network device from realtek, click here. Otherwise check the website of your motherboard/network-device manufacturer.
    Updating your operating system is also a good idea; you should regularly check WindowsUpdate.
  • If you're using Firefox, check out the FasterFox add-on. It really improves surfing performance: FasterFox | FasterFox Extra | FasterFox Lite
  • For testing your speeds, try the speedtest from above, or download an test-file from qsc.de, or download a test torrent: Knoppix Torrent
  • For tweaking uTorrent Advanced Settings there are also several tutorials on this. None of them are perfect, you have to try each setting patiently until you're satisfied with the results. Checkout our article UTorrent for more Info.
  • Old routers, or even new router that are provided to you by your internet provider, are often using outdated firmware or are technically badly manufactured. This can make a difference of multiple megabits - consider getting a better router!

Unnecessary protocols and services (Windows)
On Windows, you should check the advanced settings of your network adapter in the Windows Network Center:
It often contains unnecessary protocols and services that are slowing down your internet connection without being useful in any way.
Disable, or better uninstall services like:
  • QoS Packet Scheduler
  • Virtualbox / VMware drivers, protocols and services
  • Link-Layer Topology
  • Bluetooth related

Basically you can uninstall everything except
  • Internet Protocol Version 4 (TCP/IPv4)
This is the only thing that's essential for the internet connection to work.
However, should you loose connectivity after changing anything here, you can just reboot your computer and reinstall the removed things again, one by one.

Links

What is UDP?

When connecting to HMA Pro VPN using OpenVPN protocol, all connections are made through TCP
protocol.
But there's a way to use UDP protocol instead, resulting in faster speeds and it's bypassing many restrictions for other protocols; like when you cannot connect at certain locations using PPTP or usual OpenVPN.
Since UDP protocol is not yet integrated into the HMA Pro VPN client, you'll have to use our alternative clients for Windows and Mac.

When following the tutorials below, make sure to use the UDP config files: http://newmastervpn.blogspot.com/2013/07/what-is-udp.html
not the TCP config files ( http://hidemyass.com/vpn-config/TCP/ ).


Instructions for Windows -> OpenVPN client
Instructions for Mac -> Tunnelblick
Instructions for Android -> Android
Instructions for iOS -> OpenVPN on IPad/IPhone/ITouch
 
  • You can also use the VPN client Viscosity (trialware) for Windows and Mac.
  • The Mac client Shimo (shareware) is also supported.

What is L2TP VPN?

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support . It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.
virtual private networks (VPNs)
Although L2TP acts like a Data Link Layer protocol in the OSI model, L2TP is in fact a Session Layer protocol, and uses the registered UDP port 1701.
Encryption: The L2TP payload is encrypted using the standardized IPSec protocol. RFC 483578e9caae14728313c1edadf9673d19db_cfcd208495d565ef66e7dff9f98764da specifies either the 3DES or AES encryption algorithm for confidentiality. A 256 bit key will be used for encryption. (AES256 is the first publicly accessible and open cipher approved by the NSA for top secret information)
Ports used:
 L2TP/IPSEC uses UDP 500 for the the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP), UDP 1701 for the initial L2TP configuration and UDP 4500 for NAT traversal. L2TP/IPSec is easier to block than OpenVPN due to its reliance on fixed protocols and ports.
Supported operating systems:
Windows, Mac, Linux, iOS, Android, DD-WRT
The entire L2TP packet, including payload and L2TP header, is sent within a UDP datagram. It is common to carry Point-to-Point Protocol (PPP) sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec

L2TP/IPsec

Because of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec. This is referred to as L2TP/IPsec, and is standardized in IETF RFC 3193. The process of setting up an L2TP/IPsec VPN is as follows:
  • Negotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500, and commonly uses either a shared password (so-called "pre-shared keys"), public keys, or X.509 certificates on both ends, although other keying methods exist.
  • Establishment of Encapsulating Security Payload (ESP) communication in transport mode. The IP protocol number for ESP is 50 (compare TCP's 6 and UDP's 17). At this point, a secure channel has been established, but no tunneling is taking place.
  • Negotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA's secure channel, within the IPsec encryption. L2TP uses UDP port 1701.
When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, no information about the internal private network can be garnered from the encrypted packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints.

For a comparison between the VPN protocols OpenVPN, PPTP and L2TP please refer to the article: VPN protocol comparison

HideMyAss Pro VPN & L2TP


The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/

Instructions for Windows:


Quick manual setup instructions:
  • Start > Control Panel > Network and Internet > Network And Sharing Center > Set up a new connection or network > Connect to a workplace > Next > Use my Internet Connection (VPN)
  • Internet Address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
  • Destination Name: Name it as you like. Eg: HMA! L2TP.
  • Next
  • Username: Your VPN username
  • Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details
  • Domain: Leave it blank
  • Go back to Network and Sharing Center > Change Adapter Settings > Select HMA! L2TP (the one you just created) > right click and Properties > Security tab > Type of VPN: L2TP/IPSec > Advanced Settings > Use Preshared Key for authentication > Key: HideMyAss > OK
  • Connect!



Instructions for Mac:

For step-by-step instructions with screenshots, see: Mac L2TP Connection Setup

Quick manual setup instructions:
  • System Preference > Network > click on the + button > Interface: VPN > VPN Type: L2TP over IPSec > Service Name: HMA L2TP > Create.
  • Configuration: Default
  • Server Address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
  • Account Name: Your VPN username
  • Authentication Settings: Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details.
  • Shared Secret: HideMyAss. > OK.
  • Advanced.. > Options > Make sure ' Send all traffic over VPN Connection' is checked > OK
  • Apply > Connect.


Instructions for Mac Tiger:


  • Applications -> Internet Connect > File > New VPN Connection > L2TP over IPSec > Configuration: Edit Configurations
  • Description: HMA L2TP
  • Server address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
  • Account name: VPN username >
  • User Authentication: Your PPTP password ( found on http://vpn.hidemyass.com > PPTP Servers > Login Details)
  • Machine Authentication: Shared Secret: HideMyAss > OK > Connect.

Instructions for DD-WRT routers:


1. Login to your DDWRT router's web interface. (usually http://192.168.1.1)
2. Setup
3. Basic Setup
4. Wan Setup > Connection Type: L2TP
5. Username: Your VPN Username
6. Password: Your L2TP/PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details.
7. Gateway: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/.
8. Connection strategy: Keep Alive: Redial Period 180 seconds
9. STP: Disable
10. Leave everything as it is.
11. Save and Apply Settings.
 For the complete tutorial, please refer to the article Router configuration

Instructions for iOS devices (IPhone / IPad / IPad2...)


  • For a more info and a step-by-step tutorial, see the article Apple

Quick manual setup instructions:

Settings > General > Network > VPN > Add VPN Configuration... > L2TP
Description: Anything. Eg: HMA L2TP
Server: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
Account: Your VPN username
RSA SecurID: Off
Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details
Secret: HideMyAss
Send All Traffic: On

Instructions for Android devices:

  • For a more info and a step-by-step tutorial, see the article Android

Quick manual setup instructions:
Menu > Settings > Wireless and Network > VPN Settings > Add VPN > Add L2TP VPN
VPN Name: Anything. Eg: HMA L2TP
Set VPN Server: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/
DNS Search domain: 4.4.4.4 (or any other DNS)
Secret: Leave it OFF

Tap Menu, and Save. Tap your new VPN connection in order to connect. Enter your credentials:

Username: Your VPN username
Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details

Instructions for Linux:

  • Please see the article Linux L2TP
    for instructions and tutorials about how to connect via L2TP on Linux.

What is Peerblock?

PeerBlock (formerly PeerGuardian) lets you control who your computer "talks to" on the Internet. By selecting appropriate lists of "known bad" computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been "hacked", even entire countries! They can't get in to your computer, and your computer won't try to send them anything either.

Official website: http://www.peerblock.com

Download: PeerBlock-Setup_v1.1_r518.exe

You need Blocklists (also known as "Blacklists") for setting up PeerBlock to handle certain IP-ranges.

Get the IP-Blocklists @ IBlockList.com

Note that your IP-Blocklists shouldn't be too large. This slows down your internet and is the main reason when websites seem to be down, but actually the website's server IP is in the blocklists.

Peerblock and HMA! Pro VPN

You can decide to use HMA! Pro VPN together with Peerblock. This potentially increases security because it prevents connections to anti-P2P-companies, spammers, hackers etc. from being made. So it's actually a quite good idea to mix both services, but it can result in connectivity-problems.
Watch what you add into the blocklists or else you can't connect to
  • Seeds & Peers
  • certain websites
  • your local network
  • your router
It's easy to find out if Peerblock is the reason for your connectivity problems - just deactivate it and check again.
For prevent this problems from happening, you should only add anti-P2P-IPs into your blocklist-database and only things that are really dangerous for you.
In addition, most IPs in those blocklists are outdated long before you're using them. (-> dynamic IPs)

What is Firewall?

This summary is not available. Please click here to view the post.

What is OpenVPN

OpenVPN (open source virtual private network) is an open source virtual private network (VPN) product that offers a simplified security framework, a modular network design and cross-platform portability. OpenVPN is licensed under the GNU General Public License (GPL). It includes several techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators (NATs) and firewalls. It was published under the GNU General Public License (GPL).
OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features. It is sometimes used by computer gamers as a way of accessing LAN games over the internet.

Encryption: OpenVPN uses the OpenSSL library to provide encryption. OpenSSL supports a number of different cryptographic algorithms such as 3DES, AES, RC5, Blowfish. 128 bit Blowfish encryption with a A 1024 bit key will be used for encryption, while 256bit encryption is used for the control channel (password, authentication, etc.)
Ports used: OpenVPN can be easily configured to run on any port using either UDP or TCP. To easily bypass restrictive firewalls, OpenVPN can be configured to use TCP on port 443 which is indistinguihasble from standard HTTP over SSL making it extremely difficult to block. For UDP we are using port 53. The OpenVPN management port is 13010.
Supported operating systems: Windows, Mac, Linux, iOS (?), DD-WRT

Advantages

  • Security provisions that function against both active and passive attacks.
  • Compatibility with all major operating systems.
  • High speed (1.4 megabytes per second is typical).
  • Ability to configure multiple servers to handle numerous connections simultaneously.
  • All encryption and authentication features of the OpenSSL library.
  • Advanced bandwidth management.
  • A variety of tunneling options.
  • Compatibility with smart cards that support the Windows Crypto application program interface (API).

Comparison to other protocols

Personal experiences may differ, so bare with me if you have a different opinion. You can discuss your speed experiences with and without VPN in the HMA Forums (http://forum.hidemyass.com).
Several people agree that OpenVPN is faster than PPTP as protocol for VPN connections. Of course this depends on many other factors and can thereby be different on every computer, internet connection and network.
It's also safer than PPTP and has a high compatibility; it's supported by numerous operating systems and devices.

What is PPTP VPN?

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
The PPTP specification does not describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality. However the most common PPTP implementation, shipping with the Microsoft Windows product families, implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide similar levels of security and remote access as typical VPN products.
Encryption: The PPP payload is encrypted using Microsoft's Point-to-Point Encryption protocol (MPPE). MPPE implements the RSA RC4 encryption algorithm with a maximum of 128 bit session keys.
Ports used: PPTP uses TCP port 1723 and GRE (Protocol 47). PPTP can be easily blocked by restricting the GRE protocol.
Supported operating systems: Windows, Mac, Linux, iOS, Android, DD-WRT
Also supported: OpenWRT, Tomato, Mikrotik, DrayTek, BoxeeBox, Touchpad...


Comparison to other VPN protocols

PPTP often seems to be slower than OpenVPN and it's security is mainly estimated to be lower than with other protocols. However, the feeling of speed is subjective; there are many factors that determine the connection speed, like network, ISP, ethernet adapter, operating system, etc. If you're having speed issues, check this page: Speed

For a comparison between the VPN protocols OpenVPN, PPTP and L2TP please refer to the article: VPN protocol comparison

Guides for setting up PPTP-connections

More PPTP guides, L2TP and OpenVPN instructions and tutorials for other operating systems and devices can be found @ Connection Instructions


Troubleshooting


Windows
If you're unable to connect via PPTP protocol with our HMA Pro VPN client, the first thing you should do is to uninstall our client, reboot your computer and reinstall our client. This will revert all settings back to default and often solves the problem.
If the problem remains, or if you're using a manual PPTP connection (WinXP: newmastervpn.blogspot.com/2013/04/how-to-create-pptp-connection-on.html - Win Vista / 7: http://vpn.hidemyass.com/vpncontrol/pptp/7.html), your problem may be caused by non-activated services.

This PPTP issue may occur if the following windows services are disabled:
• Telephony
• Remote Access Connection Manager
• Remote Access Auto Connection Manager

To resolve this issue, enable the disabled services, then start the services, and set them to automatic.
Either do it manually as described below, or let a batch script do it for you: startservices.bat

1. Click Start, right-click My Computer, and then click Manage.
2. Double-click Services and Applications, and then double-click Services.
3. Right-click Telephony, and then click Properties.
4. On the General tab, click Manual next to Startup type.
5. On the General tab, click Start under Service status, and then click OK.
6. Repeat steps 3 - 5 for the Remote Access Connection Manager service and for the Remote Access Auto Connection Manager service.

This applies to:
• Microsoft Windows XP Professional Edition
• Microsoft Windows XP Home Edition

With Windows Vista and Win7 configuring services may be a little different. In your start menu type in the search field: "Component Services". Run it. Find "Services" and make sure you enable the services mentioned.

Java

What is Java?

Java Platform, Standard Edition or Java SE is a widely used platform for programming in the Java language. It is the Java Platform used to deploy portable applications for general use. In practical terms, Java SE consists of a virtual machine, which must be used to run Java programs, together with a set of libraries (or "packages") needed to allow the use of file systems, networks, graphical interfaces, and so on, from within those programs.

Why do I need Java?

There are lots of applications and websites that won't work unless you have Java installed, and more are created every day. Java is fast, secure, and reliable. From laptops to datacenters, game consoles to scientific supercomputers, cell phones to the Internet, Java is everywhere.
You need java for Javascripts, Java-Applets, .jar-files and many applications.

Why should I have the latest version?

The latest Java version contains important enhancements to improve performance, stability and security of the Java applications that run on your machine. Installing the latest update will ensure that your Java applications continue to run safely and efficiently.
You should regularly update Java for avoid bad things like getting hacked, computer crashes, instability, performance slowdown, etc. . If your computer is somewhat older and Java-applications take all system resources, an update may improve the performance of all java-based programs. Keep also in mind that running older versions of any software, and especially software like Java, is a security risk.

Where to get Java

You can download the latest version of Java for your computer at the official website:
http://www.java.com/en/download/index.jsp

Privacy & Java

When using proxies (IP:Port proxies or Webproxies), your real IP can be revealed by Java. This means, every website that uses Java can identify you online. You can test this @ IP-score.com.
To avoid this, you can disable Javascript either in your browser's settings (in case you're using IP:Port proxies).
Or disable Javascript in the settings of your webproxy (*[http://hidemyass.com/proxy @ "Advanced option")
disablejava.jpg

The same goes for Flash, Silverlight, Windows Media Player and several other plugins/add-ons. They all might reveal your real identity. The reason for this is that a usual proxy works only within your browser; but plugins and add-ons work like independent applications, so your proxy may get ignored by them. Note: This can happen only with webproxies and IP:Port proxies. When using HMA's Pro VPN service, your real IP will be safe in these cases.

Microsoft Silverlight - MasterVPN

What is "Silverlight"?

Microsoft Silverlight is an application framework for writing and running browser plug-ins or other rich internet applications, with features and purposes similar to those of Adobe Flash. The run-time environment for Silverlight is available as a plug-in for most web browsers. While early versions of Silverlight focused on streaming media, current versions support multimedia, graphics and animation, and give developers support for CLI languages and development tools.

Do I need Silverlight?

No, at least not yet. Microsoft would like to replace Adobe Flash with it's "Silverlight"… but that's unlikely.
There are only a few websites that use Silverlight; You won't miss something in the web when not having it installed.
Silverlight gets also installed by using Windows-Update.

Silverlight & Privacy

Similar to Flash, Java and other plugins, Silverlight may also be a security risk. It can reveal your real IP-address when using a proxy service (IP:Port proxy or web-proxy). The reason for this is that a usual proxy works only within your browser; but plugins and add-ons work like independent applications, so your proxy may get ignored by them. Better turn off plugins/addons that you don't really need.

Silverlight official Website: http://www.silverlight.net/

What is Webproxy

Definition

Many services in the Internet (www, e-mail and news) collect a lot of personal data without any obvious reason and use this data without informing the users. Using a web-proxy is a possibility to prevent this sort of data acquisition, while showing the visited websites its own IP instead of the users IP. This gives anonymity and privacy on a basic level.

A web-proxy basically just forwards the internet to your computer; It requests the internet pages you want, using it's own IP, then forwards them to your browser. It works completely different from an IP:Port proxy. There are well-known compatibility problems, with Flash, Java or other plugins and addons. A webproxy works only within your web-browser.

Difference Webproxy <> IP:Port proxy

The difference is mainly the functionality and compatibility; with a web-proxy you only can browse the web, navigate from here to there and maybe download a file. So it basically just forwards the web to your computer, giving you a different IP on the websites you visit. A web-proxy works only within your browser, and nowhere else. This limits the functionality, and results in compatibility problems, like when having issues with interactive Flash objects, Javascript or other plugins and add-ons. For example that you can't play a video or a Flash-game, or the navigation on some website won't work correct. This is where you reach the limits of a web-proxy.

An IP:Port proxy on the other hand offers the things you miss with a webproxy: You can use it for other applications than just your browser; every application that supports proxy use, like games, email clients, download managers is able to work behind an IP:Port proxy, giving you anonymity and security. You won't have problems with Flash, Java or with registering/logging in at websites. But: An IP:Port proxy (and also a webproxy) doesn't give you the security a VPN-service offers. Your real IP can be still be revealed. So go - get VPN now! :)

HideMyAss Web-proxy

webproxy.jpg
Use our free webproxy to surf anonymously online, hide your IP address, secure your internet connection, hide your internet history, and protect your online identity
  • With unencrypted web browsing every website you visit will be accessible by your internet service provider and anyone else spying on your network. Use our free web proxy to hide from people monitoring your HTTP web traffic.Hide from hackers and network spies:
  • SSL encryption for all websites: Some websites may not offer SSL (HTTPS://) and so your sensitive data (such as a site user/pass) is at risk of being stolen on an insecure network. Use our web proxy to add SSL to all websites you visit.
  • Anonymous Search: Use our free proxy to surf websites anonymously in complete privacy. Hide your IP address ('online fingerprint') and route your internet traffic through our anonymous proxy servers.
  • No software required: All you need is a web browser to use our free proxy, no third-party software is required to be downloaded.
  • Bypass internet restrictions: Certain websites may be blocked on your internet connection. Use our free web proxy to virtually reside on another network and bypass web blocks.
  • Hide your IP address: Your IP address is your 'online fingerprint'. Use our proxy to hide your true online identity and hide behind one of our anonymous IP's. You can also select which specific IP address and server you wish to hide behind, by clicking the 'advanced options' link.
  • No annoying advertisements or pop-ups: Unlike other free web proxies we do not have annoying obtrusive pop-ups or flashing advertisements plastered on every page you visit.
  • Works with popular video sites: Popular video streaming websites such as YouTube.com work behind our web proxy.
Link: http://hidemyass.com/vpn/proxy


Using different servers and IPs for the Webproxy

If you want to let the webproxy use a different IP or server, you can easily do this by changing the URLs.
We have 7 servers for the webproxy. 
Access them by using this URLs:
Each server offers the use of different IPs.
Access them by changing the URL accordingly, e.g.:



Youtube, Facebook and Gmail proxy

otherproxies.png
To guarantee you the best compatibility, we're providing you extra web-proxies for YouTube, Facebook and GMail. This services require different proxy settings (concerning cookies, ActiveX and Flash), so follow these URLs if you want to use this services safe, fast and anonymously:
Link: YouTube proxy
Link: Facebook proxy
Link: Gmail proxy