I'm a little unclear why I would trust that there is no logging. With root access to the VPS, I'd be able to determine that the OpenVPN service on the VPS is not logging the connection between my device and the VPS, but I obviously don't have any access to the infrastructure beyond the VPS. My ISP might not be able to see my traffic, but the ISP of the VPS would, and I'd be just as identifiable if there are logs matching my dedicated IP to my account.
I don't have control what goes on outside the VPS, but root access is my proof to my customers that I am not logging. Certainly no VPS is the magic pill to internet security or anonymity.
This is what makes this no better than any other VPN service. I still need to completely trust that the provider is not watching me. Even with full hardware access, there could be an invisible sandbox or hardware DMA to some chip I can't see. There is no easy scalable solution to avoid this in a technical level. But you can be one anonymous user in a sea of many others and hope for the best, which is why I'd advise to go to a trusted mainstream VPN provider.
Yep. I have heard stories of people that setup a Streisand VPN on a digital ocean droplet, and then got sent DMCA letters for torrenting. Digital Ocean turned over their identity and banned their account.
If you're just doing it for privacy, then cool. If you're doing it to mask potentially illegal activity, don't. Use PIA or something like that.
I think it depends on threat model. If you’re looking to do anything illegal, probably no VPN is a good idea.
But if you care about privacy in general, a VPN is always a clear win. No VPN will ever be perfect. But for a VPN, this is pretty good with regards to security.
All depends on what you're doing and threat model.
Some may just be avoiding local isp surveillance. Some are just getting a vpn to access a site blocked on their country.
For what you said,it really matters what country it's in and who is hosting it. For example, switzerland and finland means no dmca cooperation (not easily at least). If the owner is publicly known and had a lot to lose outside of the vpn business in the event of a reputaional loss, that would be even more preferable (for me it's freedome or protonvpn due to the risk they take by associating it with f-secure and protonmail respectively)
Isn't one of the main selling points of VPN that you can't be tracked by IP adress when multiple people are using the same VPN server as you? GhostiFi can't provide that as far as I can tell.
It would be kinda cool to build something like this on top of https://github.com/Nyr/openvpn-install. It's a single script that generates the .ovpn client side files.
It's not just a VPS with OpenVPN installed, the main reason why I built it was to be able to click a button and migrate the server to a new location/IP address on demand. Since then I also added "Invisibility Mode" which tunnels VPN over HTTPS bypassing restrictive firewalls, and next I am working on adding pi-hole support to it :)
> tunnels VPN over HTTPS bypassing restrictive firewalls
That is what I do at https://wormhole.network But I don't offer internet access through the VPN, it's purely a virtual network to interconnect your machines in a shared LAN space (100.64.0.0/24 for now).
"which tunnels VPN over HTTPS bypassing restrictive firewalls,"
That's one of the reasons I recommend HTTPS-based approaches over things like Tor for anonymity. Makes things look like all the bland, harmless traffic out there. Smart move. :)
Tor supports pluggable transports, one of the most popular of which is meek - which makes your traffic look like Google or Azure CDN traffic over HTTPS[0]
Thanks for telling me about meek. I'll warn this might not block visibility at least for domestic TLA's. If they record metadata, they can just work backwards from exit nodes or known relays to whoever is connecting to them. That would map out most likely users of Tor. Then, they can apply whatever passive or active attacks they have. Most probably aren't running OpenBSD, HardenedBSD, QubesOS, etc. ;)
Still good for the many, many, other threats out there.
