It seems like every VPN's relies on me relying on them telling the truth which to me defeats the purpose. Am I missing something?<p>Any security researchers have any recommendations if I am?
VPN providers trade a local threat actor who is probably ignoring you for a foreign one who is probably watching and analyzing everything. Best advice on this thread was doing a VPN back to your home router.<p>Typically, you'd use one for default internet browsing on public wifi, with the expectation that your endpoint ends up on the list of a foreign intelligence agency who ostensibly doesn't care about you or what you are interested in.<p>The other best advice used to be, "don't be a terrorist," but these days, it's more, "don't be a political actor," given whatever you type will be found and used as leverage if you achieve any prominence. I'd posit that security tech is sufficient for business, but not for politics.<p>See: <a href="https://en.wikipedia.org/wiki/Kompromat" rel="nofollow">https://en.wikipedia.org/wiki/Kompromat</a>
My personal go-to is Mullvad, but yes, it still relies on trust.<p>It should be possible and even probably usable to chain multiple Wireguard connections together, and therefore no VPN provider would have both your identity and knowledge of your traffic, provided you pay with properly clean cryptocurrency. But if you are paranoid that all VPN providers are bugged, you’ll need even more defenses, such as never using your own internet connection and, on the more nefarious side, using compromised servers as relays.<p>That said, a VPN plus DNS over HTTPS plus HTTPS everywhere should be good enough for dealing with threats when your adversary isn’t a nation-state.
I think it's worth keeping in mind that there are multiple different reasons that people use VPNs, and that different solutions are appropriate for those purposes.<p>Some want security, they want to be sure that the local network operator/ISP/government isn't monitoring their traffic. Those people should run their own VPN at a trusted location.<p>Some want to evade geoblocking or use P2P services without fear of copyright letters. This is what commercial VPN providers are for IMO.<p>Some want anonymity. Normal VPN services can't really provide this, but Tor and the like can.<p>---<p>Personally my focus is on the security side of things. I have a VPN endpoint at home for personal use and a similar setup for my company. If I'm going somewhere particularly untrusted I'll set up a temporary VPS with a trusted provider just for use while I'm there and trash it afterward.
You can run your own VPN with a little know how and determination. I have two servers which cost $20 / month ($10 each). Each running openVPN, then I share the keys to my laptop and desktop. Haven’t done mobile, but I could probably figure that out.<p>The real trick, is VPNs need a lot of bandwidth and compute. Get a bare metal server with unlimited bandwidth.<p>I switch between the servers to limit how much data each provider can collect. Not perfect, but I also have ProtonVPN and use Tor periodically. This means I have at least 4 ways my traffic goes out. It’s just about the best I can do
Another vote for hosting your own. I used to roll my own VPN server but switched to Algo since it is easy to roll out and supports most major VPS providers.<p><a href="https://github.com/trailofbits/algo" rel="nofollow">https://github.com/trailofbits/algo</a>
VPNs are the perfect vehicle for selling something warm and fuzzy to the masses with minimal deliverables. I place them right up there with military grade encryption.
Host your own. The only way to be sure.<p>That said, what exactly is your threat model? Protecting yourself against literally every possible threat is a pointless effort...
I consider my threats to be my wifi connection and my ISP. I have a VPS, which I trust as my "starting point", that caps only bandwidth so there's no overages. I use OpenSSH as SOCKS5 proxy because I already use ssh and DNS goes over the proxy. I think ssh may limit the number of open connections because I sometimes need to close tabs to continue surfing.<p>My set up looks like this:<p><pre><code> ssh -fCND 1080 proxy-server
socks5://127.0.0.1:1080
export SOCKS_SERVER=127.0.0.1:1080
</code></pre>
When I'm connected to a device that doesn't give me a routable address, I'll use a ssh jump.<p><pre><code> ssh -fCND 1080 -J jump-server proxy-server
</code></pre>
This isn't a VPN but it's equivalent for my usage. I'm waiting for Wireguard to mature in Chromebook / Android. I want to try it out.
Yes they do suck even if they totally truly respect your privacy and spill blood maintaining their systems, it's simply not possible to know if that's true or false and thus using a VPN service is NOT a sound method to increase your security.<p>Now, there are few cases that could be useful like evading those pesky private CYBER detectives that companies hire to track torrents. Also it could be used to bypass region restrictions. That's just that, i would never trust a single byte of private info to go through a VPN.<p>There are few services who do not try to evade the (big) question of trust and they tell you that you could use Tor through their VPN, but at that point we have already taken a first class sit to the "security theater".
With Wireguard [0], setting up your own VPN [1] somewhere like DigitalOcean is an afternoon project, and is often cheaper than most VPN subscriptions.<p>[0] <a href="https://www.wireguard.com/" rel="nofollow">https://www.wireguard.com/</a>
[1] <a href="https://www.digitalocean.com/community/tutorials/how-to-create-a-point-to-point-vpn-with-wireguard-on-ubuntu-16-04" rel="nofollow">https://www.digitalocean.com/community/tutorials/how-to-crea...</a>
Using your own VPN vs using a VPN provider is not a 1:1 comparison. VPN providers give you access to multiple servers running on different countries. You cannot setup 250 servers all over the world just to emulate a VPN's offering. There are shared and private IP addresses etc.<p>If all you want to do is hide your traffic from a state level actor, then tor is a much better solution.
Here is a good list of VPN services: <a href="https://www.privacytools.io/providers/vpn/" rel="nofollow">https://www.privacytools.io/providers/vpn/</a>
I'm surprised no one has suggested Outline:
<a href="https://www.getoutline.org/en/home" rel="nofollow">https://www.getoutline.org/en/home</a>
You’d be hard pressed to find a better recommendation than Troy Hunt. [0]<p>TLDR; Freedome VPN is really good and located in a country with strong privacy laws.<p>[0]<a href="https://www.troyhunt.com/the-importance-of-trust-and-integrity-in-a-vpn-provider-and-how-mysafevpn-blew-it/" rel="nofollow">https://www.troyhunt.com/the-importance-of-trust-and-integri...</a>
tor doesn’t depend on it. although it’s quite difficult to safely use tor. anonymity is easy (enough) to expose. some of the same flaws apply to vpn as well.
It's a war-- the VPN companies against the tyrannical evil do'ers. Be thankful folks are trying to keep free speech, democracy, a spotlight on heinous, corrupt, morally absent regimes, and the truth alive.