Monday, September 26th 2011

HideMyAss.com... Doesn't

UK-based www.hidemyass.com bills itself as a service offering complete online privacy, for a fee. However, that soon evaporates when the law comes knocking... just when you need them most. This is how alleged LulzSec member Cody Andrew Kretsinger, 23, of Phoenix, Arizona is now facing potential time in court over accusations of hacking using the service. However, HideMyAss claim on their home page:
In this day and age of hackers, censorship, online identity theft, people spying and monitoring your online activities, your online privacy has never been so important. Our aim is to provide easy to use services that help protect your online identity and privacy. Our free web proxy is a secure service that allows you to surf anonymously online in complete privacy. For more advanced features our Pro VPN service adds increased security and anonymity on to your existing internet connection.
Which can be taken as considerably misleading by some, as it gives no hint of a clause in their contract that means this bold claim is actually not strictly true.

However, the company defends their actions in a blog post:
It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed about various VPN services they use, and it became apparent that some members were using our service. No action was taken, after all there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using. At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).

Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences. This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers.
Twitter accounts affiliated with Anonymous were unsurprisingly vociferous in their criticism of HideMyAss's business practices and assistance of a federal investigation, dubbing the service SellMyAss, and arguing that HideMyAss users are less likely to trust it and more likely to look for alternatives. "Question @HideMyAssCom: Was it worth to rat out one guy who allegedly hacked #PSN in exchange for all your business? You will find out soon," AnonymousIRC said.

So why aren't all those Egyptians who used the service recently to evade their country's censorship blocks being handed on a plate to the authorities?
We follow UK law, there isn’t a law that prohibits the use of Egyptians gaining access to blocked websites such as Twitter, even if there is one in Egypt. If a request for information is sent to us from overseas, we will not accept this request unless it is sent through the appropriate UK channels and a UK judge warrants a court order or a court summons that forces us to provide this information. We are not intimidated by the US government as some are claiming, we are simply complying with our countries legal system to avoid being potentially shut down and prosecuted ourselves.

Regarding censorship bypassing, some have stated it is hypocritical for us to claim we do not allow illegal activity, and then claim our service is used in some countries to bypass censorship illegally. Again we follow UK law, there isn’t a law that prohibits the use of Egyptians gaining access to blocked websites such as Twitter, even if there is one in Egypt ... though there are certainly laws regarding the hacking of government and corporate systems.
What this boils down to is that someone would have to be very naive to register with a credit card, thereby positively identifying themselves and expect the company not to keep track of their IP addresses and full logs of their activity to prevent themselves getting shut down by law enforcement. The only way the company can protect themselves is by sacrificing their paying customers, as they see fit. Not quite such an anonymous service is it? Seems that some LulzSec members are not so clever after all and should have read the terms and conditions...

Sources: The Register | TG Daily | HideMyAss blog
Add your own comment

47 Comments on HideMyAss.com... Doesn't

#1
WarraWarra
LMAO what was these kids thinking.

You have flash and java that spills all your info to any clown older than 3 years old, the webcam and Vista + win7 is built by NSA so go figure it is like placing a microphone in your bedroom while making whoopi and streaming it over youtube or something.

IPV6 to IPV4 leaks your data DUH. Never mind the mine field called iPhone / Android phone.
It is like playing hopscotch on zee mine filed in 1943 Germany.

Surely they know that even Tor.eff.org states it can annoy the preacher coming to visit and trying to find dirt on you but it does not stop anything from being exposed just makes it less easy.

Even with a proxy going through tor and then using hidemyass there is still info and some stupid idiots login into their personal accounts / emails and such so 1 moment you login from your normal home ISP to gmail, next you do it from a 3 layer proxy = ??? or farcebook or twitter, this must be the same guy so lets get him = compromised.

This is the USA we are guilt until proven innocent and all yes all your data is and always will be public knowledge even the brand of condom you bought 20 years ago on your debit card will be used against you in a court of law for profiling. Try going to court and you end up defending yourself for trying to put a criminal in jail as the criminal is innocent but you as a good citizen is always guilty for trying to do the right thing.
USD$450m per year Texas lawsuit. :banghead:

There is not, nor was there any internet security in the last 5 years and anything that passes on any of the NSA MS Windows or NSA networks 4.2.2.1/6 or enters the USA will be used against you in a court of law guilt or innocent.

Everyone knows that, the fact that the clowns in charge can not process the data if too large amount is well obvious but they would eventually get there.

That is why I was pushing for the HCDCS Hive Cluster Distributed Cloud System "on demand" to process this and other data as well as other systems I suggested to try and catch the 3 truck supposedly dangerous people that got USA visas or passports who knows what the embassy messed up again, close to a recent anniversary or at least attempt to catch up to them once this system is implemented.

Surely Anonymous knew this once they started with their shenanigans. :banghead:
Posted on Reply
#2
AsRock
TPU addict
1Kurgan1 said:
All I got to say is dumbass. I loved how all the messages from Lulsec were extremely cocky like no one would ever catch up with them. Wonder what this guy is thinking now, 23 years old, how much jail time is he facing, just going to waste the best years of his life away to be a smartass on the internet.
Maybe he will of grown up by time he gets out lol.
Posted on Reply
#3
Live OR Die
No sure about this site but there are a few you can use to activate Russian steam games were ever you are comes in handy.
Posted on Reply
#4
AphexDreamer
The best way to get all the naughty asses in one place is to offer them a place to hide their asses. Only later to expose them all....

Genius.
Posted on Reply
#5
laszlo
if you want do to something without been caught 1st you don't use your daily pc/laptop ;buy a laptop (not new) and with free wireless you can be caught;but never connect that one to your home internet...
Posted on Reply
#6
MilkyWay
laszlo said:
if you want do to something without been caught 1st you don't use your daily pc/laptop ;buy a laptop (not new) and with free wireless you can be caught;but never connect that one to your home internet...
Should have used Mc Donalds free wifi the smart arse.
Posted on Reply
#7
mdm-adph
MilkyWay said:
Should have used Mc Donalds free wifi the smart arse.
Wouldn't help -- they'd just log the date/time that the attack happened, find the McDonald's that it originated from, and then check the CC cameras to find the guy who was sitting by himself, surreptitiously hunched over a laptop, looking up whenever someone walks behind him.
Posted on Reply
#8
Salsoolo
The real question here is why would anyone use a service based in a country with some of the most sophisticated spying technologies, and police state laws.


you guys arent naive enough to think we're living in a democracy! :D
Posted on Reply
#9
treehouse
i would just like to add my piece, if someone wants to remain totally anonymous on the internet then it is very much possible (although very inconvenient).

all you do is buy a prepaid 3G dongle from a shop using CASH, buy a laptop/netbook from a shop using CASH and then head to a field with a nice view and then use your favored proxy/anonymizer and then your good to go, destroy and throw away the devices once done.

impossible to be traced, no matter how illegal the thing you just did was ;)

now i know this is way too much effort/cost, but for those that are adamant that the internet is not anonymous, it can be with alot of effort. PM me for other ways aswel.
Posted on Reply
#10
laszlo
treehouse said:
i would just like to add my piece, if someone wants to remain totally anonymous on the internet then it is very much possible (although very inconvenient).

all you do is buy a prepaid 3G dongle from a shop using CASH, buy a laptop/netbook from a shop using CASH and then head to a field with a nice view and then use your favored proxy/anonymizer and then your good to go, destroy and throw away the devices once done.

impossible to be traced, no matter how illegal the thing you just did was ;)

now i know this is way too much effort/cost, but for those that are adamant that the internet is not anonymous, it can be with alot of effort. PM me for other ways aswel.
but when you connect that to your home internet you're busted;even when you use that piece for ex.check mail you're busted;point is to use that machine only for that purpose (no matter what)!

every pc/laptop have a unique hardware id which can be traced if once used on internet so be careful...
Posted on Reply
#11
LordJummy
laszlo said:
but when you connect that to your home internet you're busted;even when you use that piece for ex.check mail you're busted;point is to use that machine only for that purpose (no matter what)!

every pc/laptop have a unique hardware id which can be traced if once used on internet so be careful...
Did you not notice that he said throw it away/destroy it when you are done?
Posted on Reply
#12
laszlo
LordJummy said:
Did you not notice that he said throw it away/destroy it when you are done?
you afford to destroy a 2-300 worthy laptop lets say every month ?
Posted on Reply
#13
LordJummy
laszlo said:
you afford to destroy a 2-300 worthy laptop lets say every month ?
It's not about whether or not I can afford a 200$ netbook every month (which I could if I needed to), but whether it's worth it to someone who is trying to accomplish a specific goal and needs complete anonymity.

We are talking hypothetically here.

SO, yes I can technically afford to do that, BUT I would not as it's silly. There are much more practical methods of becoming anonymous or decreasing chances of being found.
Posted on Reply
#14
treehouse
LordJummy said:
It's not about whether or not I can afford a 200$ netbook every month (which I could if I needed to), but whether it's worth it to someone who is trying to accomplish a specific goal and needs complete anonymity.

We are talking hypothetically here.

SO, yes I can technically afford to do that, BUT I would not as it's silly. There are much more practical methods of becoming anonymous or decreasing chances of being found.
spot on. the method i mentioned would only be suitable for lets say... erm.. if someone wanted to hack the BLOODY CIA WEBSITE! which is what this donk head got caught doing.

the point is, if someone wants to remain anonymous on the internet (a guaranteed method) then its possible, as long as you are willing to spend
Posted on Reply
#15
tigger
I'm the only one
I would go to my friends house, wait till he goes to work, break in and do my illegal activity on his connection then go home. Then marry his sexy missus when he gets ten years under the anti terroism act.
Posted on Reply
#16
LordJummy
tigger said:
I would go to my friends house, wait till he goes to work, break in and do my illegal activity on his connection then go home. Then marry his sexy missus when he gets ten years under the anti terroism act.
...and then get murdered by your "friend".
Posted on Reply
#17
Wile E
Power User
Easy Rhino said:
maybe not on this site, but it is certainly making the rounds on slashdot and others.
That's actually what I meant. No offense to qubit intended. I still appreciate his posting, but this just doesn't seem like TPU news material to me.
Posted on Reply
#18
qubit
Overclocked quantum bit
Easy, Wile E:

I agree it's a bit indirect and I did think about this before I posted. The connection is that PC enthusiasts are also more likely to be hackers than your average PC user and might well use such a service, simply because they're much more computer literate and skills cross over much more readily between the two activities.

Besides, I figured it would make a really interesting read and it seems I wasn't wrong. :)
Posted on Reply
#19
Wile E
Power User
I agree it's interesting. By saying it's not TPU news worthy, I'm not saying it's a bad post or anything. I just think it's misplaced is all.

Not really a big deal. Just giving my opinion.
Posted on Reply
#20
qubit
Overclocked quantum bit
Wile E said:
I agree it's interesting. By saying it's not TPU news worthy, I'm not saying it's a bad post or anything. I just think it's misplaced is all.

Not really a big deal. Just giving my opinion.
No problem, I agree this one was a bit left field - feel free to keep us news posters on our toes. :toast:
Posted on Reply
#21
Easy Rhino
Linux Advocate
prolly should launch a site, hidemyballs.com but i think a porn company probably already took it.
Posted on Reply
#22
Athlonite
:laugh: well he'll soon be learning how to hide his ass in jail :eek:
Posted on Reply
Add your own comment