Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Indeed!

From time to time, I need to lease VPN services, VPS and so on. And I choose to do so pseudonymously, paying with Bitcoin. But bizarrely, sometimes providers want contact information. I need valid information, of course. And I do provide a working email address. But it's rare that a telephone number will be used. Sometimes I have setup VoIP. But mostly I just need a telephone number that won't raise alarm, if called. So I tend to pick restaurants that have recently failed, business hotels or hostels.

Sometimes I need a valid return address for mailing cash. In that case, I pick a homeless shelter or other charity. That way, if the letter is returned for whatever reason, the money goes to a good cause.



Valid address, why? I've used preloaded cards in the past and have never had issues making up addresses.


Maybe I'm just paranoid :)

If I were building a system that required addresses, I would validate them. Why bother asking, otherwise?

I'm guessing that OP's system is designed for systems that require validated addresses.

Edit: Once or twice, using gift cards, it's been necessary to speak with customer service before they'd accept the payment. That required a VoIP account. I only did that because I needed a VPS in a particular IP range.


> But bizarrely, sometimes providers want contact information.

And you trust those providers?


If you need to trust the provider, you're probably hosed already. (Depending,of course, on who your adversary is. Random untrustworthy VPN services are probably OK if you're just trying to protect against corporate network snooping or WiFi Pineapples at Starbucks. I'd be a little less sure about whether they'd protect you against a determined MPAA rights holder lawyer. If your adversary is a nation state, you need better advice about opsec than you'll get from a random like me on a website...)


I write a lot about this issue! Compartmentalization is a key aspect of good OPSEC. Trust partitioning, for example.

Consider Tor. Each circuit involves three relays aka ORs aka nodes: entry guard, middle relay and exit relay. An adversary could deanonymize a user by combining information obtained from the three relays used by one of their circuits to some honeypot.

One cannot trust any particular Tor relay to refrain from logging and cooperating with adversaries. However, the Tor design mitigates those risks by using three relays in a chain. An adversary would need logs from all three relays in a circuit.

One can also use nested chains of VPN services. That's far less anonymous than Tor, for many reasons. Tor creates circuits more-or-less randomly, and by default they change at ten-minute intervals. VPN chains, conversely, are typically static. But the bandwidth is much greater.

And then one can use Tor via VPN chains, and route VPNs through Tor. Also, although routing Tor through Tor doesn't work well or do much good, one can proxy through remote desktops on VPS. Latency sucks, but you get used to it.


I don't trust any provider :)

But yes, I tend to trust those providers less.

It seems odd to accept Bitcoins, and yet want contact information. And some of these providers actually emphasize that they're privacy friendly! But I suspect that it's just that they're using stock software that needs contact information to create accounts. Also, Bitcoin is just one payment option, and credit/debit card payments do require contact information.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: