This was posted 9 years 7 months 17 days ago, and might be an out-dated deal.

Related
  • expired

Free PrivacyToggle VPN for 3 Months ($24 Value)

101
OZBARGAIN

With metadata retention passed and torrenting laws coming, a VPN is more useful than ever. PrivacyToggle is offering 3 months free for OzBargainers. Not a trial - no CC required. We have AU/US/UK/EU servers, and we don't keep logs or cap bandwidth.

3 months of premium is normally $23.97 USD. You can make up to 5 concurrent connections - keep all of your devices connected or share it with friends & family.

We're not sure how much demand there will be for this promo, so if there's high demand our servers might be a bit slow initially. We'll bring up new servers to cope with the demand. Hope you enjoy!

Related Stores

PrivacyToggle
PrivacyToggle

closed Comments

  • +1

    Based in Australia and no Corporate Seppuku Pledge? Call me a cynic, but this may very well be a honeypot.

    • +1

      Call me a cynic

      your a cynic… happy?
      but you may well have a point. im not sure i would trust a VPN with my security specially considering the current (world wide?) government trends….

      http://privacytoggle.com.cutestat.com/

      privacytoggle.com is 3 weeks 5 days old.

      not a good sign really but imho claims of honeypot at a little far fetched (tho not outside the realm of possibilities just 99% of claims of honeypots are misguided)

      and googling finds pretty much zero info on this service.

      • +2

        and a quick look at the site does not inspire confidence really….

        the contact button 404's https://privacytoggle.com/support

        and https://privacytoggle.com/security-privacy

        We don't keep track of your IP address, even.

        say what? :| grammar is almost as bad as mine…

        • Sorry about that, fixed :)

      • +3

        It's true, you can never be too cynical or paranoid. We're a new service and everyone has to start somewhere. Part of our motivation for offering this deal is exactly because we're a new service - we'd like to get feedback and reviews.

        We're not some random guys somewhere, we are an incorporated company. We can't just say "no logging" and do something else without getting us into personal liability (and losing business).

        Regarding Corporate Seppuku Pledge, I'm looking into it but I'm not exactly sure how that proves it is not a honeypot? A honeypot would absolutely claim those pledges, etc, they're honeypots! It's like asking "Are you an undercover cop?". I do remember LavaBit and we're truly concerned about privacy, and we will shut down the service if we are forced to compromise on our values.

        Finally, I understand that you might be hesitant to trust us, but there's no need to. You can use Tails and connect to PrivacyToggle after connecting to the Tor network. It'll be slow due to Tor, but we won't have any way of identifying you.

  • Do they keep logs?

    • taken from the deal description

      we don't keep logs or cap bandwidth.

      but as i have said above how much do you trust a service which has only been running for a matter of weeks?

  • +1

    Bypass monitoring, spying, blocking, and censorship. Free, forever.

    How do I sign up for the free forever plan?

    • That was a misprint, we were playing around with a permanently free plan but that would have involved speed throttling. We decided against going with that, but while fixing another link on the homepage we accidentally pushed the old version up. Sorry :( but thank you for bringing it to our attention.

      • +1

        You probably should have postponed this deal until you had someone proofread the information on the site and check that all the links are actually working.

        Doesn't exactly inspire confidence in your ability to protect my information when menial things like this are proving too difficult :P

        • +1

          True, it's our bad. We spent a lot more time testing the technical side of things. For example, we use AES encryption instead of the OpenVPN default of Blowfish. Our VPN passes the DNS leak test (https://www.dnsleaktest.com/) and doesn't leak to WebRTC STUN either.

          I'm personally more of a technical guy, and it shows around the seams.. thank you for pointing it out however. :)

  • VPNs are almost next to useless for torrenting. Simple thing is people, if you value your privacy DO NOT TORRENT. Read up / watch youtube vids of how to use usenet and then you can enjoy SSL enrypted downloads, almost anonymously anyways. Heck, most premium (I pay $96 USD a YEAR for unlimited usenet access) usenet providers also provide their own VPN connection anyways, for the those really wanting to be sure they have a secure connection (hint. also use the premium usenet company's usenet indexer and then your local ISP / metadata searchers also have no idea what you're even searching for).

    • Thanks for the enlghtenment.. I was not aware of this at all.. Juts read this OLD OLD article and I think no more VPN for me.. http://gizmodo.com/5343260/how-to-kick-your-torrent-addictio…

    • Well.. Looking at this, doesnt look like thisis very secure either without VPN… http://lifehacker.com/five-best-usenet-providers-1611239789..
      so… well.. can it get any more confusing?

      … Use Usenet because its better than VPN.. Use VPN to use UseNet cause they are happy to hand it out to Govs in 'legal context'..

      • if the usenet provider is keeping logs of your usage, then even a VPN connection isn't going to help.. you would need to use an anonymiser service as well as have preferably a pre-paid credit card or some other anonymous payment ability.

        however, for a usenet provider to hand over your SPECIFIC records there would need to be a court order (in the USA), there is no 'hand over to the authorities and private companies' like it is planned to do in Australia (and will be interesting to see how that goes in practice.. I expect lawsuits regarding privacy to be happening).

    • Usenet doesn't have anywhere close to the selection of material that public or private torrent trackers will offer.

      • hahahaa ok, that made me lol. With the US based premium usenet provider I have they have 2454 days retention.. ie: ANYTHING shared on usenet over the past (almost) 7 years is available to download, at full speed. No worries about needing seeds, or the seeder having a dial up connection etc.etc.

        If the specific thing you're after isn't available, there are plenty of usenet indexers and forums where you can request and someone may repost the files for you.

        I switched from torrents about 3-4 years ago due to:
        a) torrents are easy to track and 'police' (ie: they're anonymous)
        b) slow download speeds for non-popular torrents
        c) difficulty with finding older shows / movies / games

        usenet took some reading and trial and error to get it working, but since then I've stuck with the windows usenet client (altbinz) as well as set up sabnzb on my NAS (lower power than my desktop, so good for 24/7 downloading of series / queuing lots of files).

    • Interested in your comment that "VPNs are almost next to useless for torrenting". Not wanting to get into a debate about Usenet vs Torrents because I don't disagree with what you've said about Usenet - but why do you think VPNs are useless for torrenting?

  • .__. how do u set this up on mac. i've been stuck for 1 hour.

    Logs in TunnelBlick give:
    Could not start OpenVPN (openvpnstart returned with status #251)

                                        Options error: --auth-user-pass fails with 'privacytoggle_auth': No such file or directory
                                        Options error: Please correct these errors.
                                        Use --help for more information.
    

    Contents of the openvpnstart log:
    *Tunnelblick: openvpnstart log:
    OpenVPN returned with status 1, errno = 13:
    Permission denied

     Command used to start OpenVPN (one argument per displayed line):
    
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
          --daemon
          --log
          /Library/Application Support/Tunnelblick/Logs/-SUsers-SThomas-SLibrary-SApplication Support-STunnelblick-SConfigurations-SPrivacyToggle--AU.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16688.1337.openvpn.log
          --cd
          /Library/Application Support/Tunnelblick/Users/Thomas/PrivacyToggle-AU.tblk/Contents/Resources
          --config
          /Library/Application Support/Tunnelblick/Users/Thomas/PrivacyToggle-AU.tblk/Contents/Resources/config.ovpn
          --cd
          /Library/Application Support/Tunnelblick/Users/Thomas/PrivacyToggle-AU.tblk/Contents/Resources
          --management
          127.0.0.1
          1337
          --management-query-passwords
          --management-hold
          --script-security
          2
          --up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
    
     Contents of the OpenVPN log:
    
          Options error: --auth-user-pass fails with 'privacytoggle_auth': No such file or directory
          Options error: Please correct these errors.
          Use --help for more information.
    
     More details may be in the Console Log's "All Messages"
    

    2015-05-05 20:48:57 *Tunnelblick: openvpnstart starting OpenVPN

    Sorry for this long piece of copy and paste guys.

    • I'm sorry you're having issues! We are investigating an issue with Tunnelblick not reading the 'privacytoggle_auth' file.

      For now, please download the bundle that does not integrate your credentials: http://privacytoggle.com/platform/clientfiles/bundle-noauth.…

      When connecting, use your email as your username, and use your PrivacyToggle password. You can save this in Keychain. Let me know if this works.

      • YAAY works now!

        • Sorry for this long piece of copy and paste guys.

          holy pastebin batman!!!!!!

        • For those of us who are hesitant it would be great if you could give us some feedback in a few days time, now that you've got it up and running :)

  • +1

    "We don't keep logs or cap bandwidth"

    But you reserve the right to, from the TOS:

    "Fair Use
    Our services are intended for residential and home use only. We reserve the right to limit accounts that consumes an excessive amount of bandwidth and/or places an unreasonable burden on our operations of the service."

    • Of course. We don't limit accounts as an ordinary course of action, however if there is truly excessive use that causes it to be malicious (think using enough bandwidth that costs us hundreds of dollars a month for a $5.99/mo account) then we will take action to preserve our business.

      • +1

        How will you know how much a user is using if you don't keep logs?

        • +1

          This is explained in our privacy policy. We don't keep connection logs — we don't record when you connect, where you connect from, and where you connect to. We have an aggregate tally of your bytes sent and received. Example:

          user4292 - 14.4 GB dl this month, 3.2 GB ul this month, 1 currently active connection.

          This information is required for operational purposes, but they cannot be used to identify any connections. If we get a subpoena for who was using server X at time Y, we won't be able to produce any information as we don't have it.

      • This is a reasonable position.

        You could provide some guidance, such as the volume of data which you consider excessive, given the cost from your providers?

        How are users to understand what usage would be considered malicious otherwise? Especially if they are funnelling all of their data through the VPN service.

  • +1

    Can you post up a list of which servers you currently have?? EU is a pretty broad term.

    • We only have 1 EU server at the moment, being in the Netherlands. We're adding more soon (Germany and France).

  • +1

    Thanks for offer. can you clarify

    1. Do you use static key or TLS authenticatio
    2. Do you encrypt 64,128,256 or 4096 bits
    3. Connection from PrivacyToggle -> External is shared IP or 1 to 1 IP.

    In other words, Is your setup as below

    user 1(Static IP) -> VPN Server (Static IP) -> Internet (User1 IP)
    user 2(Static IP) -> VPN Server (Static IP) -> Internet (User2 IP)

    OR

    user 1(Static IP) -> VPN Server (Static IP) -> Internet (Random User1 IP)
    user 2(Static IP) -> VPN Server (Static IP) -> Internet (Random User2 IP)

    OR

    user 1(Static IP) -> VPN Server (Static IP) -> Internet (Shared IP)
    user 2(Static IP) -> VPN Server (Static IP) -> Internet (Shared IP)

    1. Your privacy policy states
      "After your connection ends, we store the aggregate number of bytes sent and received as per our fair usage policy."

    Can you direct me to Fiar Usage Policy page?

    1. Conflicting information:

    https://privacytoggle.com/security-privacy
    "When we say privacy, we mean it. We keep no logs. That means no record of your traffic, and no connection logs either. We don't even store your IP address."

    https://privacytoggle.com/privacy
    "When you connect to our VPN service, we maintain a count of your active connections in order to limit the max number of concurrent connections according to your plan. After your connection ends, we store the aggregate number of bytes sent and received as per our fair usage policy."

      1. We use TLS auth. There is really no excuse for using preshared keys in 2015.

      2. We use AES128 in CBC mode. AES is a symmetric cipher, you would only use 4096 bits with RSA.

      3. Shared IP. If User1 and User2 are connected to the same server, they will have the same IP.

      4. Please see our terms, specifically "Our services are intended for residential and home use only. We reserve the right to limit accounts that consumes an excessive amount of bandwidth and/or places an unreasonable burden on our operations of the service."
        We will not limit your account for heavy usage, we would only limit your account for very excessive usage — we're talking about reselling one PrivacyToggle account and selling it to 20 different users with a proxy for example.

      5. We don't keep connection logs — we don't record when you connect, where you connect from, and where you connect to. We have an aggregate tally of your bytes sent and received. Example:

      user4292 - 14.4 GB dl this month, 3.2 GB ul this month, 1 currently active connection.

  • +2

    Hi all,

    For those that's having issues with getting it to connect using the .OVPN file, then you can use these ones that I've adjusted.

    It will prompt you for your username and password if you're using it with OPENVPN Connect on IOS.
    Tested and works. Ran DNSTESTLEAK and works. Have not tested the speed.

    http://www.mediafire.com/download/m7jx7fsm9p7azh6/PrivacyTog…
    (Note: Only file that I've removed is the privacy_toggle_auth which contains my username and pass)

    Can't see why this wouldn't work with Tunnelblick as it'll prompt for your VPN(Privacy Toggle) username and password.

    Not on the Mac at the moment so can't test this out.
    Edit: Missed my morning coffee so I didn't see one of the OPs post with the link to the config file without the authentication script.

    Feel free to ignore my useless post haha

  • +1

    Your systems don't seem to be well designed. For one - you send your users their password in their EMAIL. And even though you have the page on "Change Email" screen to change password, it doesn't seem to work.

    So anyone listening in on your users' email addresses now have access to your users' data if they want it.

    • Thanks for your comments.

      1. Many services send passwords (when they are not sensitive) via email. For example, OzBargain itself sends passwords in plaintext via email… Most VPN providers (including the most popular ones) also do it, because your password isn't really sensitive.

      For example: http://pastebin.com/vU0CgvX1 (expired)

      1. If someone has access to your email address, they can reset the password for practically any account, including PT. So the attack vector you described isn't a /new/ attack vector.

      2. What is the user data you are referring to? The only information you can find out from this password email is that someone is using PrivacyToggle, and if you sign in then you'll see their plans / if their sub is active. We don't log your vpn data, there isn't anything sensitive that won't already be exposed via email (we send billing receipts when we bill, and an attacker can deduce plans based on that).

      3. Thank you for pointing out the change password issue, we fixed the bug. It should be working now.

      In light of these points, I'd like to ask you to reconsider the negative rating. If there's anything I missed, please let me know, but as mentioned I do think it's a bit hypocritical since OzBargain itself sends passwords over email (which, as I described in point 2, is not a security risk as someone with access to your email can reset your password anyway).

      • You don't collect much user data so to be fair there isn't much data to be stolen but still. If a company that is all about privacy/security doesn't follow basic security practices regarding passwords, what confidence can I have in them in having configured the rest of the service in a secure way?

        Regarding your point about Ozbargain, it doesn't advertise itself as a security service.

        Since you are able to Email me a password tells me that your passwords are probably not one-way hashed in your database - unless you are doing this just upon generation and before hashing.

        • We are not unaware of 'basic security practices'. Rather, we have weighed the costs and benefits of emailing the user password, and have concluded that there is precisely zero (or almost zero) cost to this when an attacker with access to the email account can reset it themselves.

          The benefits are that we essentially require email verification without having to set up a one-time email verification system. The less complex a system is, the easier it is to secure it. I'd argue that this system is more secure.

          Perhaps we're missing something, what additional security risk does emailing the user password on sign-up create?

          There is a difference between a service provider being unaware of this security tradeoff, and a service provider analysing and finding out that such security tradeoff is actually a net positive.

          Security is not about blindly following what someone else has parroted, but rather about truly understanding your system, the attack vectors, and analysing the risks. Our VPN uses TLS certs with a properly generated and secured (ie: kept offline) CA cert, using AES-128-CBC encryption. It is configured to not log (log level 0), and we flush syslog every hour with a cron script. We also anonymise the IPs and useragents of our nginx access.log.

          While PrivacyToggle is a security service, your access credentials to a VPN is not that sensitive - because you cannot obtain any information about your VPN usage using such credentials. Sending user passwords via email is very commonplace in the VPN industry. Just take a look at PIA, Mullvad, etc etc.

  • Who hosts your servers ? Do they log ?
    Should I be concerned about the Chrome details on the site connection. "Your connection to privacytoggle.com.au is encrypted with obsolete cryptogrophy"
    Are you using Ozbargain to beta test your service ?

  • Bleh…give up getting this one to work…

  • Just signed up but the envinronment that I'm in doesn't allow UDP as a permitted transport protocol out to the internet. Do you guys offer an alternative option using TCP as the transport protocol (can be any port)? If you don't currently support this, it might be worth having as an option.

  • "no CC required" broken promise within a minute of clicking on "go to deal" button

    first page of signup "Credit card required" LOL

    • This deal was supposed to expire today actually, sorry for the confusion. We're new to OzBargain and didn't know setting the expiry to today still makes it show up as valid for today?

      However, please PM me with your email and I'll set up a 3 months account for you :)

      • If you set the expiry date as 12th of May then it will expire at the end of that day, as in 11:59PM on the 12th of May for example. Just so you know for next time.

Login or Join to leave a comment