
Why You Should Start Using a VPN - iProject
http://lifehacker.com/5940565/why-you-should-start-using-a-vpn-and-how-to-choose-the-best-one-for-your-needs
======
furyg3
I posted this on another thread
(<http://news.ycombinator.com/item?id=3913985>), but I think it's relevant
here...

I feel pretty double about VPN as a solution for masking my online activities.
My reasons for using a VPN break down into these (related) categories:

1\. Security. I don't trust this network at all, such as unsecured wifi in
coffeeshop.

2\. Access. This network has draconian restrictions I need to get around, such
as corporate proxy servers or country firewalls.

3\. Privacy. It's none of this network's business what I'm doing.

4\. Legal. I don't want to get in trouble here. Especially when traveling
where I don't know the laws, but increasingly in my own country. Hell, the
courts in NL haven't figured out if TPB is legal, how should I know?

VPN can solve many of these problems most of the time... but always using a
VPN means that I have a single point of failure for all four of these.

If my VPN provider is compromised, shady, or coerced to turn over my data, I'm
sunk. In that way using various internet connections at
home/work/coffeeshop/mobile may be better.

~~~
corford
Valid point but there's nothing stopping you setting up your own VPN (either
on a small VM from someone like Linode or, if you're paranoid enough, a cheap
1U server bought off ebay and placed in a colo facility).

For the single point of failure issue (which is also valid)... just setup two
or more VPNs :) And, in an emergency, you can always fall back to the
underlying connection.

~~~
snowwrestler
Setting up your own VPN does not solve the traceability problem, unless you
happen to find a colo facility that does business in face-to-face cash
transactions only.

If you use Linode to set up a VPN, Linode knows your personal and Linode IP,
knows when you access their network, and knows your name and billing info. If
compelling by warrant they will turn that over to law enforcement.

~~~
shell0x
I setup an own VPN on a dedicated server, payed it prepaid and faked the
customer data. This should be really hard to trace back to me.

~~~
ricardobeat
If your hosting company hasn't saved your access logs for the purchase.
Otherwise you just added one step to the process.

~~~
shell0x
Well, they probably log, but maybe you find an open or public wifi to join ;)

~~~
tripzilch
also they probably just log URLs and IPs, but not the POST requests.

------
drtse4
I can't recommend enough the use of sshuttle:
<https://github.com/apenwarr/sshuttle>

Way better than a SSH tunnel (check the readme) and you don't need to have a
VPN server on the remote server, just ssh access. Supports both Linux/OSX,
been using it for nearly one year without issues.

~~~
ch0wn
Really great tool and dead-simple to set up. However, the last time I checked,
there was no DNS and UDP support. Do you know if that changed?

~~~
drtse4
Yes, it supports dns now using the --dns option. UDP is not supported though.

~~~
pyre
The --dns option routes all DNS requests over the VPN connection. This means
that you can't connect to a work VPN and (e.g.) browser porn on your lunch
break. A cool option would be to route specific DNS requests over the
connection (e.g. just requests for an internal DNS domain).

------
pilif
> "VPNs are the only way to stay safe when using something like BitTorrent"

very wrong. It's not really much. It's probably just limiting your possible
bandwidth.

If somebody wants to catch you, it's just one additional step to get to you
(via the VPN provider).

~~~
icebraining
It certainly doesn't make you safe, but if the threat is a fishing expedition
trying to get a few hundred or thousand Torrenters, the fact that they'd need
a court order from a different country/jurisdiction might be enough to get
them to leave you alone.

~~~
w1ntermute
And a seedbox would work just as well for this purpose, and will result in
much higher upload/download speeds and, in the case of private trackers, save
you the costs of owning/running a PC on 24/7 to seed back your downloads.

~~~
meritt
mmm. amazon micro free tier and rtorrent.

~~~
voltagex_
Wouldn't Amazon stomp on you pretty quickly for this?

~~~
TheAmazingIdiot
They didn't the last time I did that.

I had some dodgy stuff going on over at an amazon free tier, including; socks
proxy, ping tunnel, Metasploit, semi hidden tor end-node, ctorrent, and a few
other things. I also linked a 25$ visa card from a convenience store, so very
limited traceability.

All they did was bill me for the bandwidth.

------
michaelt
It's all very well saying a VPN services keep your communications secure,
encrypted and away from the prying eyes of your ISP - but why would you trust
a VPN provider more than an ISP?

These consumer-oriented VPN services marketing to bittorrent users seem kind
of sketchy to me.

~~~
rotation1
This is my big problem with wanting to use a VPN.

The VPN account is directly tied to you by your payment details. Also most VPN
services that claim to "not keep any logs whatsoever" are just a 3 page
website with not much information. Maybe that's safer since they are low
profile, or maybe it isn't? I honestly have no idea and I wish I did.

It feels like your just trusting some random person to not mess with you.

~~~
muyuu
Simple, pay with bitcoin.

<https://en.bitcoin.it/wiki/Trade#Connectivity>

~~~
moe
Sounds like you have never tried.

Buying bitcoins anonymously is very difficult due to money laundering laws.
_Spending_ them anonymously is not "simple" either.

Your best bet would be to mine them yourself and then pay over a public wifi
with a throw-away laptop.

But really, cash in an envelope is less error-prone. Just don't leave your
DNA-sample on it.

~~~
muyuu
I use it daily.

\- I mine

\- you can buy them to your name, and then after a few transfers/transactions
it would take the collaboration of an army of disparate users worldwide to
determine where did the coins come from

\- #bitcoin-otc in freenode

Although I do agree that's not easy to grasp for outsiders. It takes some time
to get familiar with the best options. There's no way in hell they can connect
your id with your coins (or a subset of it you keep for stuff like this) if
you are moderately careful. Even satoshi-dice does the trick.

~~~
Firehed
> you can buy them to your name, and then after a few transfers/transactions
> it would take the collaboration of an army of disparate users worldwide to
> determine where did the coins come from

Sounds exactly like money laundering to me, even if there isn't malicious
intent. I'm genuinely surprised the government hasn't done much to try killing
off bitcoin, even with it being (relatively speaking) a tiny fringe movement.

~~~
ramblerman
Money laundering is used to get the books to add up, it's more to do with
accounting. The actual medium of cash is irrelevant.

What muyuu is talking about is akin to wiping your dollar notes, to remove any
dna evidence that you ever touched them

------
gizzlon
Just me, or is this _very_ misleading:

 _[..] all of your internet communication is encrypted and secured from
eavesdropping._

 _The most important thing you need to know about a VPN: It secures your
computer's internet connection to guarantee that all of the data you're
sending and receiving is encrypted and secured from prying eyes._

Eh.. No? It secures the data from you to the VPN provider. After that, it's
just as open and unencrypted as it would otherwise be.

Sure, it probably helps protect your data from the local network & your ISP,
and gives you extra anonymity. But after leaving the provider, the traffic
would be in the clear, and if you use the same connection to log-in to your
facebook, the anonymity will go out the window.

~~~
PlanetFunk
^ This. VPN is not a magic bullet. It stops your ISP from snooping and adds
another hoop to jump through when tracing you. If the sites you visit (nodes
you hit) are monitored you are still at risk.

[Edit] not protected/still at risk.

------
nikcub
'VPN' is becoming synonymous with 'anonymous online' but it is far from the
truth. for eg. if you use the same web browser in non-VPN sessions as with VPN
sessions the cookies being sent are the same and each website just linked your
real session with your anon session.

It really needs to be VPN, plus separate browser, plus separate browser
fingerprint, plus proper failover.

But that is much harder to sell/explain to users than something you just pay
$6 a month for and forget about

~~~
qq66
Best way to do this is a separate virtual machine.

------
belorn
The What Makes for a Good VPN section lacks one major and important aspect.
Ping times (latency).

If you play games online, you want a VPN that is either close to you, or close
to the game servers, or which traffic is highly prioritized. If you are lucky,
you might increase your latency going through a vpn than if you went without.
It sound illogical, but routing is not equal for all, and traffic might be
boosted if your VPN's network has higher priority than your ISP.

Going from europe to US, I found that different AS had latency up to 200-300
MS in difference, and this does not take into account the stability of it. One
net had a average of 80ms which only differentiated with 50m over time (the
Swedish national university ISP). The Swedish ISP's that offer services to the
public almost all uses a other backbone network than the university ISP, and
that has an average of 250 ms to US, and which latency goes up and down
between 150-800ms.

------
jcr
It's sad to see the reasoning for using VPN's being so deeply mixed with
bittorrent and similar things "worth hiding" according to some. There are
actually many good reasons to use various forms of secure tunneling.

Many ISP's serve requested pages from massive caches. Although provider
caching can improve performance in some cases as well as reduce bandwidth
costs for the ISP, it can often result in stale information being passed to
the client (you!).

Another common speed/cost improvement for ISP's is serving degraded images
from their cache -- by recompressing images (jpg) at a higher compression
ratio, the file size is reduced at the expense of degrading the image quality.
This is extremely common on mobile networks, but it is becoming more common
with land-based providers. In most cases, you'll never notice, since you'll
just assume it's a crappy image from the original server. On the other hand,
if you do any work with images, then you could be stuffed by the modified
images being delivered to you.

Having a consistent endpoint provided by a VPN provider can also be a real
advantage. For example, if you're doing checking, testing or trouble shooting,
against a system on the `net, then knowing what traffic is yours in the logs
can be real helpful. With dynamic IP addressing, your endpoint (public IP)
always changes. When you're using a VPN and helping out a friend with
something as trivial as reporting bugs, you can tell them that the funky
traffic from xxx.example.com is just you running some tests. Even if the site
owner isn't your best friend or anyone you really know, it's great when
reporting bugs to say, "Hey pg, my traffic is always coming from
la.tunnelr.com" so it's easier for them to find it in their logs.

If you need to do your own pen testing across the `net and your ISP does deep
packet inspection (DPI) and egress filtering, then once again, you're stuffed
without a VPN or unfiltered remote host. Of course, you need to be on good
terms with your VPN provider and let them know in advance that you'll be
sending some dodgy traffic over their network, but that's not a big deal most
of the time.

If you participated in the recent Stripe.com Capture The Flag contest without
using a VPN or staged connection (ssh), then you really didn't put very much
thought into what could happen if some malicious person rooted the game server
and attacked the game participants. Sure, the Stripe folks are fantastic, and
they keep an eye on things, but no person has sub-microsecond response times.
;)

Also, some ISP's have bandwidth caps and automated thresholds for reducing
connection performance, but they usually have a stipulation in their contract
excluding VPN bandwidth from the cap/limit accounting. The reason is simple;
business customers would use another ISP if the caps/limits interfered with
doing work, and most (sane) businesses provide a company VPN to their
employees for remote work.

I use <http://www.tunnelr.com> almost all of the time simply because it makes
my mobile (EVDO VerizonWireless) connection a lot more consistent and reliable
on UNIX (OpenBSD). A lot of mobile ISP's don't support UNIX at all, and they
expect you to run inane and unaudited software ("VZAccess" which is actually
just rebranded stuff from SmithMicro). Having a SSH connection present
prevents some of the (intentional) oddities of mobile connections (e.g.
"pausing" the link/connection).

There are plenty of good reasons to use a VPN that don't involve bittorrent or
similar. The best reason of all is if your ISP does not provide all of the
exact details of their filtering and caching methods --of course, none do.

~~~
DanBC
> Another common speed/cost improvement for ISP's is serving degraded images
> from their cache -- by recompressing images (jpg) at a higher compression
> ratio, the file size is reduced at the expense of degrading the image
> quality. This is extremely common on mobile networks, but it is becoming
> more common with land-based providers. In most cases, you'll never notice,
> since you'll just assume it's a crappy image from the original server. On
> the other hand, if you do any work with images, then you could be stuffed by
> the modified images being delivered to you.

T-Mobile in the UK does this. They also re-write the HTML. This line is added
after the first <html> \- <script src="<http://1.2.3.8/bmi-int-js/bmi.js>
language="javascript">

Images come from <img src="<http://1.2.3.11/bmi/ycombinator.com/images/s.gif>

And they add an alt message to tell you how to update the images to the
original images. Which is annoying if the alt originally contained useful
information. (The original alt comes back if you update the images.)

I'm in the UK. Having images served from 1.2.3.x is suboptimal.

~~~
jcr
Dan, are you being cautious and making up those IP addresses, or those
_actual_ IP addresses?

I ask since 1.0.0.0/8 is APNIC and 1.2.3.0/24 is the APNIC "Debogon" project.
For notes, a "bogon" is an supposedly unroutable address, or more accurately,
an address that you shouldn't see in use.

~~~
DanBC
I'm not making them up! It's what I see on the Chrome "status bar" (or
whatever it's called now) and in the html.

1.2.3.8, 1.2.3.13, etc. I'm in a coffee shop at the moment, but when I get
back I'll try and get a list of the IPs that are used. (The last digit is
always quite small though.)

~~~
jcr
I wasn't entirely clear in my description of a "bogon" since the definition is
a bit hazy. Some define it as unallocated address, and others define it as an
address you shouldn't see in use. For example, if you get a packet supposedly
from 192.168.1.1 (in private address space) on your _public_ interface (i.e.
has a public IP address), then some consider it a bogon.

Address space that hasn't been allocated by any of the RIR's (Regional
Internet Registries like APNIC, RIPE, ...) are sometimes used without
permission, and usually for nefarious purposes. These are also considered
bogons since you should never see those addresses in use.

When you see a bogon, something is definitely wrong. It could be your service
provider is misusing address space that hasn't been allocated to it, or it
could be something far worse (malware, compromised network routers, ...).

The "Debogon Projects" and "Bogon Monitoring" are run by the various RIR's to
find those who are squatting on misued address space, and also to get firewall
sysadmins to no longer block the unused ranges. Usually, following the
allocation lists of the RIR's is sufficient, but some folks don't update their
firewall rules as often as they should.

<http://www.ris.ripe.net/debogon/>

<http://www.ripe.net/ripe/docs/ripe-351>

~~~
maxerickson
I see 1.2.3.4 all the time. It is clearly Sprint (in the U.S., mobile
connection) doing it.

The urls have the same 'bmi' stuff mentioned above, apparently they are using
a similar implementation.

~~~
jcr
I did a bit of searching and it seems a few different mobile carriers are
doing this with the 1.2.3.0/24 range, but the important thing is they should
_not_ be doing it at all. It would break the Internet if everyone just used
whatever address they felt like using.

~~~
ChuckMcM
Well if they are doing a mixed private/public net then it wouldn't be like the
addresses are routable outside of their network. I've seen a number of clients
which were essentially 'natted' behind the ISPs infrastructure. At its core
the ISP gets all packets landing at their router and if they want to advertise
an 'inside' route to 1.2.3.4 (or 10.0.0.1) that is something they could do
successfully.

~~~
jcr
Yep, you're right; a net with mixed public/private addresses can certainly
work well when done correctly. Unfortunately, it can also _seem_ to work for
some period of time when done incorrectly. The trouble is, most people don't
grasp the ramifications of doing it wrong. I'm sure you understand the
ramifications at least as well as I do, and probably a whole lot better, but
for the sake of everyone else in the room...

When a network/ISP misuses unallocated address space by routing the traffic to
something internal, this prevents the inside of the network/ISP from reaching
those addresses normally. Unallocated address space can be allocated by the
RIR's at any time, so misuse of unallocated address space results in parts of
the Internet unreachable.

If some huge networks/ISP's (Comcast, Verizon, Sprint, ...) decided to misuse
the address block allocated to you for some internal purpose, you'd be
rightfully upset since it would prevent all users of those ISP's from reaching
your service/servers. Now let's assume you're a new company and just got a new
allocation of addresses from the RIR only to find out the users of major ISP's
can't reach your service because the ISP's have already misused _your_ address
block for something internal on their networks. Yep, you'd be livid, and livid
with good reason.

If you put a lot of work into your misuse of unallocated address space, all
that effort could turn out to be wasted a few hours later when the block you
misused gets allocated. To reach the newly allocated block, you'd need to redo
all that work over again, correctly.

------
BryanB55
I may be wrong but it was my understanding that a VPN will slow down your
internet connection. Is this not true anymore? For those that use a VPN do you
keep it connected on your own secured wifi connection the entire day while
working with no added lag?

I remember using hotspotshield and torproject.org in the past but they always
made things so slow it wasn't worth using. Maybe those were just the
free/cheap services.

~~~
lobster45
It all depends on the service being used. tor is especially slow because your
traffic is routed through many points online. Hotspotshield is slow because of
the bandwidth limits for the free service. If you pay for a legitimate vpn
service, you will get what you pay for, a fast connection

------
alokm
Steps to configure your own vpn
[http://library.linode.com/networking/openvpn/debian-6-squeez...](http://library.linode.com/networking/openvpn/debian-6-squeeze).
Used it my self.

~~~
wlk
Nice :) It would have been so much easier for me if I known this link since I
configured my own server as VPN for me

------
racbart
How about setting up your own VPN server on EC2 micro instance for $15/mo +
bandwidth (or $127/y using reserved instance)?

~~~
cabacon
I bet that works. Based on advice in an older HN thread about VPSes, I looked
on lowendbox.com and found a Chicago VPS provider for $20/year for a 128M/5G
VPS with 200GB/mo. of bandwidth. It seems to run OpenVPN just fine for when
I've wanted to use it; I'm just using it when I'm on untrusted wifi, or to
route around a network block.

I installed TunnelBlick on my mac to be the VPN client; it was a nice
interface to setup for the client side, and handles things like DNS flushing
automatically.

I'm also going to setup ssh servers on 80 and 443 for times when access to
ports is restricted by the wifi provider.

~~~
TheAmazingIdiot
I did similar as well.

The local community college blocks all sorts of websites with nannyware on the
gateway. I tried changing DNS to googles: no change. I tried a few other
things as well, no change. Looked for open proxies: "PROXY search prohibited".

What they didnt stop was looking for VPSes. I found one for 20$ a year as
well. Loaded up immediately upon payment into a ubuntu 12.04 (rh, slackware,
ubuntu, or debian: i dont care). I got a socks proxy running on its localhost,
and then ssh tunnelled to the proxy. And there I went.

------
XERQ
I run SSD Nodes (<http://www.ssdnodes.com>), which you can use to set up an
OpenVPN/PPTP/SSH-Tunnel server for secure, private access. I've seen users in
other countries using our cloud servers for VPN purposes because they got
better, lower latency routes to most other providers (due to the optimized
transit/peering connections at SoftLayer Infomart in Dallas, TX). [/plug]

~~~
im3w1l
How did you see that?

~~~
XERQ
One of the companies on our platform actually built an entire business around
selling proxies for people in other countries to have better latency to gaming
servers in the US. At one point they had all their proxy/VPN endpoints on our
platform. Unfortunately they aren't in business any more.

Their current site: <http://flashping.com/en/>

Website archive:
[http://web.archive.org/web/20100108103341/http://www.flashpi...](http://web.archive.org/web/20100108103341/http://www.flashping.com/)

------
MattRogish
I always use a VPN when on an un-trusted network, even if it's secured
(someone could always be listening on the wired portion of the network).

Personally, I find "Cloak" (<https://www.getcloak.com/>) to be a fantastic app
that works on my Mac and iOS devices. It's super-simple to get setup and
running, and very cheap, too.

------
lucb1e
Anyone else missed the "why" part and only read about "what" and "how"? I read
most of the article, but the only thing it says on the matter is that it
encrypts your internet connection. This might be true, but what use is that?
Why would I want to do that? That question is not answered. Or whynot use Tor
instead?

~~~
petitmiam
It's explained under the section "Why You Need a VPN, or How You Can Benefit
from Using One", which has dot points for different types of users.

------
olalonde
Shameless plug: I've just spent the last few days figuring out how to
correctly configure OpenVPN and pptpd on my Ubuntu servers + Android & OS X
clients (it's a real pain in the ass). I'd be happy to install and configure
those on your own server(s) for 5 BTC per install (I'm kind of short on money
right now :().

If you want to give it a try by yourself, I recommend the following articles
(doesn't seem that complicated but trust me, you can be stuck on a bug for
hours!):
[http://library.linode.com/networking/openvpn/ubuntu-10.10-ma...](http://library.linode.com/networking/openvpn/ubuntu-10.10-maverick)
<http://blog.riobard.com/2011/11/12/pptp-vpn-on-ubuntu>. I can help with minor
problems on Skype as well (o-lalonde).

~~~
joethompson
It should be noted that PPTP does have some serious vulnerabilities
([http://en.wikipedia.org/wiki/Point-to-
Point_Tunneling_Protoc...](http://en.wikipedia.org/wiki/Point-to-
Point_Tunneling_Protocol#Security)) and should probably be avoided if security
is your primary concern.

~~~
olalonde
True but it's much easier to set up on server side as well as client side. I
mainly use VPN to get around firewall of China so security isn't really an
issue for me.

~~~
MikeCapone
Wouldn't getting around China's firewall mean that security is more, not less,
important? I know that if I was in a country where the government could
imprison me for what I read or write, I'd make double-certain my security is
up to par.

------
SnaKeZ
I have a WRT54GL Router with Tomato "Victek" firmware so I can connect with
Open VPN. Cheap and secure solution.

------
robotmay
I'm starting to consider this pretty seriously due to a flurry of incoming
snooping laws in the UK. I normally do a bit of SSH tunneling out to a VPS if
I need a proxy; is SSH my best option/most secure option? What do others
recommend?

~~~
eckyptang
Likewise. General options:

1\. Don't do anything the state considers naughty. I suggest you kill yourslf
now if you consider this viable.

2\. Steal someone else's WiFi and deal with the moral consequences. You can do
this by finding a "VendorA7E4B4" lookalike SSID (default configuration) and
using the password calculator here:
<http://www.nickkusters.com/Services/SpeedTouch/Lookup> \- I only know of this
as I had to lock my router down due to unauthorised access.

3\. Use a VPN and risk being logged or falling foul of RIPA.

4\. Use a dead drop <http://deaddrops.com/> and risk being bagged at site.

5\. Use SSH tunnels + proxy and risk misconfiguration + logging and RIPA.

6\. Use paper or sneaker net and risk stop+search and RIPA.

Welcome to the machine.

~~~
ibotty
7\. use tor (and the tor browser bundle)

~~~
eckyptang
I excluded that as not everything is HTTP.

~~~
ibotty
right. (but it does solve the problem for http (depending on bandwidth
needs).)

------
Karunamon
So on that note, are there any VPN providers that HN would recommend?
Something preferably not based in the USA or any countries exceedingly
friendly with the USA (so the UK, Sweden, etc are out)

~~~
propercoil
mullvad, nuff said

~~~
unhammer
Well, Mullvad is based in Sweden, which the asker didn't seem to like[1].
However, they do have exit nodes in the Netherlands too, if you prefer, and
allow payment with bitcoin.

[1] Although I can't think of any suitable alternative countries – I mean,
most countries are either fairly friendly with the US, or fairly corrupt, or
both (or even fairly corrupt and fairly unfriendly with the US and currently
surrounded by big US military bases on all sides). Perhaps the Principality of
Sealand?

------
pavs
another recommendation would be to setup your own vpn server and change
servers often instead of going for a vpn provider.

[http://www.slashgeek.net/2012/06/15/how-to-be-completely-
ano...](http://www.slashgeek.net/2012/06/15/how-to-be-completely-anonymous-
online/)

------
biomechanica
A VPN will help keep you semi-private for surfing the web. However, when it
comes to something like Torrents, someone with a decent amount of knowledge
and paycheck would probably not be stopped from finding out who you are.

For using bit torrent or other file sharing in a private, anonymous session, I
would use I2P. In fact, they welcome it.

I'm not sure why a lot people put VPN's up on a pedestal. VPN's are useful for
other things but I wouldn't rely on them for 100% or even 90% privacy against
a foe that _really_ wants to know who you are.

I2P, my friends.

------
davedx
Are most VPN providers fine with you using your VPN as a server (e.g. web) of
some kind? Or is that frowned upon / against TOS usually?

~~~
wladimir
VPN providers simply give you the VPN endpoint to use with e.g. OpenVPN
configuration. They don't give you login information for a server (unlike
VPS).

You could maybe run a server behind the VPN, but many don't give you a
dedicated IP but use NAT. It could be that you're allowed to open ports and
redirect them to you, but whether this is possible differs per provider. It's
not usually part of the normal package.

------
calgaryeng
Is <http://www.tunnelr.com/> the same as any of these external VPN's? I'm not
clear on the differences between OpenVPN type stuff and OpenSSH. Is this going
to mask my identity online?

------
debacle
What is the benefit of using a VPN over something like SSH tunneling?

~~~
sliverstorm
VPN is much more complete, and generally easy to use. 'ssh -L' sets up a
single mapping. 'ssh -D' sets up a proxy on a port, and client software must
be configured to use that proxy.

With a VPN, you simply connect, and you can access any services on any ports.
Additionally, I think UDP is supported, which is a bit tricky with ssh
tunneling.

------
nextstep
Which option would be the fastest? Anyone have a recommendation for all of my
traffic that won't severely slow my 50mpbs connection?

------
alexchamberlain
If I bought a VPS in the UK and US and connect them via a VPN, is it possible
to route traffic geographically?

------
paltman
Also, check out <https://www.vpnod.com>

------
pasbesoin
"The first rule of..."

Sigh.

