VitaNetworks PremLINK, VNL/PremLINK, is a network infrastructure where user privacy is at the highest priority at whatever the price it might come. Security isn't a high priority on the other hand, though, it comes as a side effect of keeping privacy guarded. In the case of publicly-accesible areas of the network, potentially incriminatory misuse is a something that has to be looked after by means of tightening access controls to certain domains, but the fact is that guarding privacy, already does that so there's not much difference but any guest on it.

- Device

A device is traditionally a mechanical or electronic object made or adapted for a purpose. On VNL this almost always will mean a network-connected device.

- Person

A person is a person. The plural however, would usually be an Organization, rather than persons or people. This is trickier because Organization is also thought as a building.

- User y Guest

A user is almost always an identified person (they can log in) on a system/network whereas guest and anonymous user are more like levels of an unidentified user. On a directory service such as Active Directory there are two special groups that match these, Identified Users and Everybody, where the latter is what corresponds to anonymous user.

- Client

A client, also know as User Agent is a network-connected entity that accesses a service.

- Server

A server is a network-connected entity that serves a service.

- Service

A service is a set of tasks, functions assistance and, in general, work offered to be done for, and in the name of a client by one or more servers that form that service. In IT terms, a server is the literal servant of a client.

DNS is the service that makes the Internet possible. It's in charge of translating domain names, also called "[textual or canonical] Internet addresses" easy for humans to memorize like wikipedia.org into IP addresses computers use to communicate. It does other stuff but for the time being that's all you need to go on.

DNS servers are everywhere, starting at home with the one built-in in the wireless router you ISP loans you. It's very low power but so are even the biggest DNS servers on the backbone of the Internet, relatively speaking, of course. Another crucial network server/service built into the same device is DHCP; it handles handing out IP addresses to devices that join the network as well as reclaiming them when they are freed. When it hands out an address it also informs a joining device about the IP address through which it can reach the outside of the network which would be itself and the address of DNS servers it can use to translate addresses. Like DNS, DHCP also does more than just handing out addresses but that's all for now.

Now you know how your devices works in a network, but what is a DNS firewall though?

Traditionally stateful inspection firewalls filter traffic according to rule sets. The prevent traffic from coming into the network in the most basic form, and they allow traffic going out of the network. But a server has to respond to a client back, right? If the firewall is preventing traffic coming in, how does this happen? The key is in the "Stateful Inspection" part of their name. It basically mean that the firewall keeps tabs on the connections to match them to earlier outgoing connections thus granting them a return path.

That's nice at all but it's almost meaningless and very dangerous in today's networks. For starters, every single commercial and ISP-provided firewall by default allows all traffic from the intranet, the internal network, to exit freely because the food "guys are inside". That couldn't be further from the truth; the fact is that all network compromises, even when somebody brute forces the way from the outside, they'll start always the connection from the inside. In the case of the one that got it they'd maybe "sleep" for a while to throw potential detection off their scent.

Then the trusting firewall will blindly accept all traffic including that of the trojan contacting its Command & Control servers to get its payload.

Another crucial aspect of a traditional firewall is that they work at the third and fourth layers of the networking protocols 7-layer model, meaning they deal with IP addresses and port numbers, there's not enough information to make filtering decisions at those layers.. Web traffic and DNS go at the 7th layer where a DNS Firewall can intercept those requests and return bogus answers so devices don't even attempt to connect at all.

Filtering on DNS allows more precision and allowing functionality like removing ads network-wide without installing adblockers on every system, or preventing Windows to send Microsoft information of everything you do on your computer, like it does when it's allowed to connect to the Internet while you still can connect to what you want to connect on not to whats programmed in an app to connect behind your back.

These filters are updated automatically, several times a day. In order for them to work, the netowrk has strict controls, for instance a device cannot directly contact a external DNS servers. In fact, if you poke around you'll soon learn that the full range of ports outside of TCP ports 80 and 433, the ports needed for the web, are locked down. And it is not because you're a guest on the network, the same goes for network administrators. When we say we take privacy seriously, it's not like every company that start they're privacy statement "at X we value your privacy so now we're going to twist words in this long document that proves we don't…" on VNL we mean it. Or at least we value our own enough to know that if any user gets compromised, it's an opportunity for all to be affected.

What is blocked?

Filtering is done per categories, nobody is watch

El firewall DNS filtra algunos servicios de compañías grandes considerados perjudiciales para el usuario, como actualizaciones de sistemas de Apple, Microsoft, Google y Adobe, entre otros. Anuncios, trackers, malware, redes sociales comerciales. Esto puede hacer que algunas apps móviles no funcionen or el reporte de red "sin Internet" en Android ya que los servidores contactados para hacer la verificación registran la conexión. El monitoreo de conexiones externas es automatizado, de otra forma VitaNetworks no guarda o hace monitoreo personal de conexiones, por lo contrario, ofrecemos varios servicios y servidores para reenforzar el uso anónimo de internet pero lamentablemente esta es una red de prueba donde se puede acceder sólo si conoce la dirección. No podemos guiarle.

The DNS firewall filters resolution of services from big companies that are considered harmful or in hindrance to the user, among these are Apple, Microsoft, Google and Adobe, as well as filtering other content more tradicionally accepted as harmful, such as advertising networks, malware, trackers and algorithmically-driven social networks. These filters can result in apps misbehaving or refusing

El firewall DNS filtra algunos servicios de Apple, Microsoft, Google, Adobe; además de publicidad/anuncios, malware, redes sociales, y otros contentinos perjudiciales. Esto puede resultar en falla de conexión al las App Stores, el reporde de red "sin internet" en dispositivos Android. Pero sí hay navegación y la mayoría de las apps moviles deberán de funcionar normalmente.

Use sólo para config manual | Normally not required, use if needed
DNS: 10.11.11.16, 10.11.11.17, 2001:570:8085:b00::10, 2001:570:8085:b00::11
IPv4 subnet: 10.6.0.0/24
IPv6 subnet: 2001:470:8085:600::/120

Terms of Use

By accessing the wireless network, you acknowledge that you're of legal age, you have read and understood and agree to be bound this agreement.

You agree not to use the wireless network for any purpose that is unlawful and take full responsibility of your acts.

The wireless network is provided "as is" without warranties of any kind, either expressed or implied.

VitaNetworks PremLINK, VNL/PremLINK, es una red donde la prioridad más alta es la privacidad del usuario al costo que sea necesario. La seguridad del usuario no es una prioridad principal pero también es protegida como efecto secundario. En el caso de las redes públicas también se tiene proteger la red misma de maluso que pueda ser incriminatorio, pero la protección de los puntos anteriores practicamente resulta en el mismo efecto.

En terminos organización-usuario, empresa-consumidor, un cliente es una herramiente de recabación de datos de los usuarios miembros de un servicio que dicha organización convierte en el producto que le vende a los anunciantes. Por ejemplo:

Facebook es un servicio que obtiene información de sus clientes instalados, la aplicación de Facebook, con acceso a un sinfín de información personal de sus usuarios, que luego cruza referencias con otros usuarios cuando un usuario es engañado por una sugerencia aparentemente útil de encontrar a sus amigos cargando los contactos de sus dispositivos a los servidores. Junto con otras herramientas como botones con emoji de aspecto inocente que permiten transmitir información de emoción, crea perfirles psicológicos entra muchas otras métricas que le permiten a la empresa dirigir espacio de venta para publicidad manipulatoria altamente eficaz. El producto de Facebook son sus usuarios. Comercialmente el cliente de Facebook son los anunciantes, el servicio es el acceso a estos perfiles para presentarles publicidad, por ejemplo de antidepresivo de una empresa farmacéutica a un usuario al que Facebook mismo le está fomentando y/o amplificando dicha depresión con más de sus sugerencias inocentes.