
How to find a trustworthy VPN service - sr2
https://protonmail.com/blog/trusted-vpn/
======
nthcolumn
Define 'trustworthy'. Protonmail are now offering ProtonVPN free tier and paid
subscriptions for higher speeds. Under Swiss law they are now required to
store logs.

The only trustworthy solution is your own OpenVPN server on some cloud
provider (not difficult to setup). Even then it is debatable whether it would
remain private long. Probably draw attention if anything but you won't get
your logs sold to Target.

It's hilarious how many 'VPN providers' don't even encrypt the traffic.

~~~
Ajedi32
> Under Swiss law they are now required to store logs.

Source? Their website [claims][1] they don't store logs.

> ProtonVPN is a no logs VPN service. We do not track or record your internet
> activity, and therefore, we are unable to disclose this information to third
> parties.

[1]: [https://protonvpn.com/](https://protonvpn.com/)

~~~
marcopol
Yes, they don't. Check their statement on the new Swiss law here:

[https://protonmail.com/blog/swiss-surveillance-
law/](https://protonmail.com/blog/swiss-surveillance-law/)

~~~
nthcolumn
They are definitely storing logs now. Where does it say in their statement
that they won't be storing logs? This is about secure email.

------
hprotagonist
I've been pretty impressed with
[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo) so
far.

~~~
problems
Algo and self-hosted VPN in general is only good for some applications though.

\- IPSec will be blocked on many places where port 443/TCP isn't and OpenVPN
or similar could work. So it's not ideal for free wifi, enterprise or school
networks.

\- You will still get DMCA takedowns from your datacenter or cloud provider if
you don't choose one carefully

\- You're limited to a single IP so if you're using it for a scraper and get
blocked, you have no option of just clicking next IP.

Commercial VPN providers are often able to hit all these points.

------
atentaten
This article makes Mysterium Network's upcoming decentralized,zero-knowledge,
trustless VPN service more interesting:
[https://mysterium.network/](https://mysterium.network/)

------
johnpython
VPNs are for privacy, not anonymity. Confuse the two are your own peril - the
Grugq

The only trustworthy VPN service is one that you operate yourself. There are
plenty of Github projects that will deploy a personal VPN for you:

[https://github.com/jlund/streisand](https://github.com/jlund/streisand)

[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

~~~
bjt2n3904
What's to stop digital ocean / AWS from enumerating small servers that are
listening on VPN ports and nothing else, then doing the same thing Comcast and
Verizon are doing?

Further more, what makes you think they aren't?

~~~
sr2
What's to stop someone renting an offshore VPS, like say, in somewhere like
Hong Kong[0], and that isn't part of the 'fourteen eyes' spying alliance?

[0]
[https://privacytoolsio.github.io/privacytools.io/#vpn](https://privacytoolsio.github.io/privacytools.io/#vpn)

Also what's to stop someone stacking anonymously-bought VPNs on top of each
other (proxy chaining) similar to how onion routing works, and creating their
own homebrew Tor? If the VPN provider is peeking at the logs (which it
shouldn't be doing), then all they see is another VPN IP. VPNception!

(Something like the SHALON[1] technique is useful for this, for example):

\------------

> _Abstract—In this paper, we introduce a novel lightweight anonymization
> technique called Shalon. It is based on onion routing, aims to reduce
> complexity, and delivers high bandwidth. We have, compared to the widely
> known approach Tor, slightly reduced the level of security in favor for
> greatly increased performance._

> _The most significant advantage compared to other approaches is that Shalon
> is fully based on standardized protocols, which makes our approach highly
> efficient and easy to deploy. It also makes Shalon easier to understand for
> normal users, eases protocol reviews, and increases the chance of having
> several implementations of Shalon available. In this work, we provide a
> description of the design and implementation of Shalon, a performance and
> anonymity analysis, and a discussion on the scalability properties._

[1]
[https://pdfs.semanticscholar.org/6f30/f14ff4972ddd787bf7e859...](https://pdfs.semanticscholar.org/6f30/f14ff4972ddd787bf7e8590bfcdaf8df3414.pdf)

------
wakkaflokka
I'm not super knowledgeable in this field, so maybe somebody can set me
straight regarding VPNs.

I have always assumed that VPN services like PIA, AirVPN, etc. are useful for,
among other things:

1\. To make the content you are viewing private from your ISP, employer,
public WiFi, etc.

2\. To make it more difficult for some remote host/website/actor to link your
activity on their site with you.

Isn't point (2) negated if you host your own VPN on AWS? In the sense that if
you're in a country with a nefarious government, wouldn't it be easier for
them to subpoena AWS than to get info from some VPN service over in ________
country that doesn't store logs, and has a million other users using the same
IP?

An example situation might be the RIAA notices that an IP is downloading Janet
Jackson MP3s, and all they need to do is subpoena AWS if you're hosting your
own VPN which has a unique IP, versus tracking down some Caribbean company who
has given you an IP that's shared among thousands of users and has a public
reputation for trustworthiness to hold?

~~~
sr2
There's a useful guide[0] if you're going to use a VPN and you should take it
seriously. Personally I think a VPN is only ever useful for routing traffic
over hostile networks (like at shady cafe wifi) and spoofing your geolocation
to access geo blocked content.

[0]
[https://gist.github.com/joepie91/5a9909939e6ce7d09e29](https://gist.github.com/joepie91/5a9909939e6ce7d09e29)

------
sharjeelsayed
This creates an Auto closing SSH Tunnel (Tunnel will close if Chrome exits) to
a remote ssh server and redirect to localhost on port 7070 and launch Chrome
Portable using local port 7070 as socks 5 proxy

The following command is for cygwin on Windows.Can be customised for Mac OS or
Linux

ssh -o StrictHostKeyChecking=no -C -f -q -D 7070 username@servername sleep 10
; "/cygdrive/c/PortableApps/GoogleChromePortable/GoogleChromePortable.exe"
\--proxy-server="socks5://localhost:7070" &

------
Magnets
Whenever I see any article discussing which is the best VPN provider it's
usually written by someone who is benefiting from the recommendation of a
particular company.

This article is no different

------
duozerk
There's a pretty good (and, in contrast to most such lists, independent from
any provider) comparison of VPN services here:
[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

~~~
davepeck
It's good if you're savvy, perhaps. But I also think it can lead people
astray. I wrote more about it on my blog:
[https://davepeck.org/2017/04/16/why-its-hard-to-choose-a-
vpn...](https://davepeck.org/2017/04/16/why-its-hard-to-choose-a-vpn-
provider/)

------
goodroot
I currently use cryptostorm. It's "more difficult" to use than most, but it
seems trust worthy. ProtoVPN, their service, looks interesting. Perhaps worth
checking out, but it would need a solid flock of regions in order for me to
consider it.

~~~
nthcolumn
On the free tier there are about 8 udp and tcp ovpn I think with different EU
endpoints.

------
candu
My current solution: ssh -v -C -D 1080 {server_i_own}, then set application
proxy settings to localhost:1080.

(I’m aware this isn’t _really_ the same as a VPN, but for my current purposes
it’s Good Enough.)

------
josho
The only use case I know of for a vpn service is to hide illegal torrenting
from your isp. Why else do people route all of their traffic to a third party?

~~~
smhenderson
I want to use one so my ISP can't sell my, and the rest of my family's,
browsing history. Nothing to do with torrenting.

~~~
problems
Yeah, now your VPN provider can instead. So much better.

~~~
smhenderson
The whole point of the article is that you need to do your research and choose
someone that won't do that to you.

~~~
problems
There's no way for them to guarantee that to you. It's just 100% marketing
wank. If you want privacy use Tor or similar.

~~~
vorpalhex
Unless you just setup your own VPN? Or maybe trust external auditors? Or
otherwise spend time actually looking into service providers before giving
them your money?

~~~
problems
Setting up your own is better for doing it privately - takes out an
unnecessary extra party at least. Still not perfect of course, the data center
and ISPs can still see your traffic and connections on both sides, so still
cannot be considered truly private.

Interesting that you say "external auditors" though - have any commercial VPN
providers offered anything like that? Of course, it'd only be worth something
if they'd put their money where their mouths are in a form of insurance payout
if they were wrong.

