1. It should work with OpenVPN
2. It should support SOCKS5 (Proxy)
PIA, Nord, Mullvad, ZorroVPN, ProtonVPN look promising. On the other hand, SigaVPN is based on a not-for-profit model so I was not sure about it. What is your personal preference?
Why do I choose them? Besides the ease of use over multiple platforms, they are the only VPN (I am aware of) that has held up in court that they do not store any logs when asked to handover personal information.
Their clients are also messy memoryleaky electron apps with outdated chromium embedded.
You can dial PIA with a openvpn app of your choice
Would you mind addressing the other one, particularly who from PIA this is?
Interestingly one of the comments seems to allege that's you. Hm.
Reddit mods had to close some threads because the people copypasting PIAs (mostly baseless) allegations under every comment even slightly positive about either ProtonVPN or NordVPN were getting out of hand.
Here's the account that has done nothing but attack ProtonVPN https://www.reddit.com/user/common_sense7
Has a hint of Mafia to it.
With OpenVPN you will bottleneck at ~300Mbit\s. With IPSec and Wireguard I have had no issues getting ~900Mbit\s to my own server.
Any idea where the bottleneck was there? CPU use? Protocol latency? I'd be interested to see some test results around that if you know of any that have been published.
A little anecdotal information: some years ago I did a CPU-load test with OpenVPN on a diminutive Atom-based netbook as the client, and it maxed out at around 95mbit/s on a 100mbit/s network (actually a gbit network, but the netbook only had a 100mbit NIC itself) while just doing simple bulk transfers.
>It is easily possible to saturate a 100 Mbps network using an OpenVPN tunnel. The throughput of the tunnel will be very close to the throughput of regular network interface. On gigabit networks and faster this is not so easy to achieve. This page explains how to increase the throughput of a VPN tunnel to near-linespeed for a 1 Gbps network.
I think the protocol just wasn't designed for such high speeds.
It certainly doesn't use multiple cores for a single connection, though I've never tested (or reviewed the code) to see if it does manage to spread the computational load of multiple connections over more CPU resource.
I've not read the above linked article in detail (no time ATM) but there seems to be mention of offloading AES calculations to compatible hardware, so the bottleneck would appear to be CPU use.
PS. And you don’t need to submit/receive packets to NIC one by one, either; those things support DMA scatter/gather.
A Juniper SRX 320 that I have can only can reach about 500mbps.
I often play online multiplayer games, my main issue with using a vpn full time would be the performance impact here.
I'm also curious if PIA has a way where if I launch certain apps, it would pause itself while that application is running? Or some way to automate on/off state of the VPN.
Sure in theory you'd see a slow down, but given that most of the sites and service you use aren't able to deliver 1Gbps to you directly, the decrease in speed is most likely lower than you'd think.
You would be surprised how wrong this statement is.
Especially if you are a gamer, almost any platform can max out a Gbit connection easily.
Besides at those speeds you start seeing all kinds of issues (like OpenVPN implementation being very inefficient).
I generally strongly recommend against using VPN providers on false advertisement grounds -- VPNs fundamentally cannot provide strong anonymity properties, but that doesn't stop many providers from listing anonymity as a selling point. In terms of the property VPNs can provide (privacy), you're better off maintaining as much control as possible over the service: you don't want to be tied to someone else's weak cipher or insecure protocol choices.
FD: I work for the company that made Algo, but have nothing to do with its development.
Takes less than 10 minutes to setup a VPN with algo on DO and I just shut it down after my task was done. Cost me $0.02. The support for Wireguard + OSX Wireguard App is perfect and super easy.
Please tell your coworkers, thank you!
Does not require any software installed on the server, and the whole setup should be quicker then configuring VPN server and client.
Also, an HTTP proxy is a couple steps more to setup, but will allow you to use command line tools on the client, not just the browser. The majority of command line tools support http_proxy and https_proxy environment variables.
An easy and pretty secure way to setup an HTTP proxy is:
1. Install tinyproxy.
2. Configure it to listen only on localhost and start it.
3. SSH port forward localhost:8888 from your server. For example to the same port on your client.
4. Configure your clients to use localhost:8888 as a proxy.
That's not part of the threat model for 99.999999% of VPN users though.
Tracing back the usage of the VPN to them is their main worry and what they have to fight against.
You're right, and that's why it's not my primary objection. At the end of the day, the majority of VPN providers are still advertising themselves as anonymity services. This is patently false and dangerous to consumers.
I'd love to know more about this.
* OpenVPN's user experience isn't as good as IPSec's or (more recently) Wireguard's.
* OpenVPN uses TLS and specifically OpenSSL, meaning that it inherits substantial design and implementation flaws.
* OpenVPN's security track record is poor, both on the client and server sides.
Edited to add link:
I recently wrote a full review on my blog (so I won't repeat it all here): https://unop.uk/protonmail-review/
Also, Bridge is receiving a lot of attention internally. Your v1.1.1 experience will continue to improve.
Appreciate your feedback.
Your connection is not secure
The owner of protonvpn.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Doesn't inspire confidence.
So.. IT that manages the certs and the gateway, use a MIMT 'attack' to decrypt all your traffic, scan/read it, and then encrypt it again to send it out to the wilderness of the Internet. This is what the browser is messaging. Notifying you that "something is wrong with the connection. Browser is not sure what exactly, thus pointing the finger on the certificate.
Perhaps someone can explain the above with more technical terms, but in a nutshell, our companies, on our corporate desktops/laptops sniff through each and every bit and byte that goes in and out of our machines.
A commom workardound "permanent accept this exception" (or similar wording) makes the browser to stop complaining about this breach of privacy.
1. I don't like to encourage this kind of behavior (I only use this for "good")
2. The certutil tool needs to be recompiled from the mozzila sources for new firefox.
Yup, typically referred to as "SSL Inspection" by the companies that produce products to monitor SSL traffic. Normally this is accompanied by controlling the clients and pushing a cert into their browser to avoid the warning messages.
*disclaimer, I also work for ProtonMail so my use of ProtonVPN is more of a company perk, but one I enjoy.
I trust the (more than not at all) regulated space of ISPs in my country more than I do the unregulated space of people running VPNs out of their basements. It's important to be clear: you're just moving trust from one entity (your ISP) to another (the company / human who runs the VPN). It's not clear to me why the VPN people are more trustworthy than ISPs.
In my country, the UK, ISPs are legally required to retain logs of customer activity for 12 months. A VPN has no such legal requirement.
So while I can't be 100% sure that my VPN is monitoring me, I can be 100% sure my ISP is. Additionally, my VPN has a financial incentive not to log customer data, or at the very least, not to be caught doing it.
(I'm currently using IVPN (https://www.ivpn.net/). It's on the more expensive side, though that isn't necessarily a bad thing, and it supports multihop over OpenVPN, and the experimental Wireguard protocol.)
Surely it's because it is their business model.
ISP's have been proven to snoop and inject into traffic. They sell your data to those that have money. This is a breach of your privacy.
On the other hand if a VPN provider were caught doing that, it would be abandoned by it's customers overnight. It is the primary risk to the business.
With VPN services I have a choice, but with an ISP they hold most of the cards (I can leave them once my contract is up). ISP's take your trust and abuse it, VPN's have to earn it.
I don't neccesarily trust them, but they haven't done anything "evil" or questionable yet.
My opinion is not that ISPs are correctly regulated, or even well regulated, but that they have more than zero amounts of regulation applied to them. They also tend to be larger and slower to do things like collapse and rename themselves. This leads them, in my mind, to be better than a VPN company by default.
By default, mind: certain people may have certain use cases that propel a VPN over an ISP. For example, I am friends with people who live in countries that need VPNs to bypass ISPs controlled by dictatorships / corrupt regimes (I'm being intentionally vague here). However, that is not most people, and IMO VPNs being more private than the average ISP is an illusion.
PS: By "interesting" I did not mean "paid shill", like you seemed to assume.
Both are five eyes countries: https://en.wikipedia.org/wiki/Five_Eyes#Domestic_espionage_s...
You're ignoring continents worth of countries and billions of people to get there though.
That's got nothing to do with privacy particularly, which is the direction my opinion is coming from (rightly or wrongly).
Because I believe many people newer ask this question and have some vague idea about "it somehow improves security and/or privacy". In most situations this likely isn't true. You add an additional attack vector and you centralize your communication to a single point.
Real reasons I can see to use a VPN service
1) You want your traffic to reliably egress in that country. i.e. I live in New Zealand but to access some Australian TV on demand, I need to "appear" in Australia.
2) Errr, I can't think of any others.
If you are really trying to hide your traffic from your ISP:
1) Change ISP
2) If that's not possible, buy a cheap VPS and run OpenVPN/Wireguard on it and egress your traffic via it. Disable all logging etc.
i.e. Unless you need traffic to egress via a particular place and you don't care about someone you don't know seeing your traffic, buy a VPN service. If you DO care about your privacy really, buy a VPS service in the country you want it to egress.
In that case, a few bucks per month is a pretty good deal - it won't protect me if the NSA or any of their FVEYs friends get curious about me specifically, but it _will_ protect me against all my internet metadata getting bulk collected by my ISP and handed over to "national security" relevant agencies, such as local councils, dog catchers, and the taxi commission (yes, those agencies really do request and gain access to ISP metadata!)
I can and have run my own VPN (and VPN-like) endpoints on cheapo vpses, but it's worth my while/time to pay FSecure/Freedome, to do that for me.
Not that this is a high point in Australian politics with the game of musical chairs that is going on.
I’ve just never heard someone living there be so down on it.
I do understand your point, which is (correct me if i'm wrong) that you trust FSecure/Freedome to be taking care of your privacy correctly and not just reselling your metadata back to your country of origin etc.
Perhaps I am being a pedantic, grumpy old man though. Because now I think about it, even if we all run our own VPSes there's no way to vet the VPS provider doesn't just tap your egress traffic too.
From my perspective, my ISP is untrustworthy because it's legally required to be where I live. At least FSecure are not subject to that law, and are business-wise and give me a choice of endpoints that are outside of the jurisdiction of that law. They _might_ be collecting and on-selling that metadata, but I believe they are not. I 100% _know_ my ISP (and all my alternative choices for an ISP) are. So using them is a win.
Even if FSecure turn out to be evil - they'll be doing it for different reasons to my ISP (profit motive vs being compelled by local Australian laws), so the nature of my exposure there is different - and so far as I can see, smaller.
I strongly suspect the NSA _are_ tapping the egress of every commercial VPN provider and every commercial VPS provider. But if my adversary ever becomes the NSA I'm fucked, and I accept that.
If the local taxi commission or dog catcher go asking my ISP for my metadata records - even though I don't own a dog or a taxi license, I feel happier knowing my ISP can only tell them "Don't know, sorry. Here's a bunch of encrypted connections to various VPN endpoints around the globe."
seething with jealousy, I am
There is no comparison for ISP with TOS saying they can and will sell your data and VPN company which explicitly advertises privacy.
First it is false advertising and second with GDPR such company would be wiped out after somebody figures it out.
I suspect my data leaking through profit motive from a VPN company specifically selected to be in a far away country is much less likely to fall into the hands of an internet troll or griefer, a disgruntled ex employee or partner, or a vindictive neighbour - than the trove of ISP metadata that can quite likely be readily accessed by bribing or blackmailing some random low-level government employee locally...
1) Protect against logging and data retention laws
2) Avoid ISP legal universal blocking regimes
3) Shop for and compare cheaper prices: many places implement what we call the 'australia' tax, artificially inflate the prices when they see we're shopping from an Australian location. This is independent of actual tax collection issues.
4) Torrent: Australian's frequently access shows via torrenting still because our licensing/supply regime gives us a vastly sub-standard catalogue, and you can't access individual shows without signing up to full carrier packages, and we can't sign up to the international carrier's catalogue
5) Avoid data-shaping/non-net-neutral policies
6) Easy International and Geo-IP Testing
7) Logging onto services in public places via public wifi or access points
8) Accessing services during international travel
9) Accessing media explicitly geo-blocked in our country
Your solution (i believe) additionally doesn't meet the criteria of being able to egress from multiple countries/sources, nor does it cover the users who don't want the extra step of setting up the VPS.
I haven't checked, but i'm guessing a VPS comes at a far higher price for less (out of the box VPN specific features) than a specialised VPN provider.
Please stop propagating this VPS nonsense. If a VPN provider is not save, neither is your VPS.
Or if you want to keep your life simple just use a VPN service.
I don't know if I get the whole privacy thing - if you're just browsing HN etc like me why bother and if you want to do criminal stuff I gather it's better to use a completely separate machine with no personal info on. Or someone said Tails OS.
Streisand (https://github.com/StreisandEffect/streisand) is another option. It has the benefit of running on your own VPS (or bare metal if you want) and it is extremely user-friendly to set up and use.
My home network is not exposed to the internet, but can be accessed remotely when VPN'd in.
If a VPN get's caught doing any of that, even if they're remotley suspected, switching is less painful than switching any other online service I can think of. Their motives are as clear as can be with an internet service.
I'd even say in many cases switching is possible. It isn't always possible to switch your ISP. Or in my case I can, but all other providers cap at 20Mbps in my town (which is fairly common).
I've previously used AirVPN, which was great except for not having any servers near me, and ExpressVPN, which was great except for not having such a good interface for port forwarding (and also it's the most expensive of the ones I like).
PIA failed to answer a question that I sent in using their web support form (they didn't even say that they'd received it but couldn't answer it).
As for personal applications, in-kernel wireguard-dkms is my default VPN solution day and night.
I thought wireguard was all cli based for now and no good UI (I use Linux desktop and Android phones)
Wireguard from the Mac App Store works successfully with Little Snitch (per-app firewall) and comes with a menubar icon that shows connectivity and allows quick switching. With the commandline-based version of Wireguard (installed from homebrew or wherever), Little Snitch sees all traffic as originating from the wireguard-go process. This is because the App Store version makes use of MacOS’s new network extension API, and Apple has only made that available to apps distributed through the App Store.
Wireguard also does not do any of the logging claimed by that article by default. I know this because I maintain Wireguard VPN instances on baremetal and public cloud. This strikes me as a misunderstanding of what Jason wrote on the mailing list about Blind Operator Mode.
I stopped reading that article after I saw these two (glaring) inaccuracies. Either someone has a vendetta against Wireguard or they seriously misunderstand the protocol's security and default behavior.
It might not do the logging, but it still maintains state about which IP has connected using which key, and when the client last sent a handshake.
I have no idea how persistent this information is, but i can see from my Ubnt router, running WireGuard, that clients that haven't connected in weeks are still present in the Wg command status.
It's not an issue for me, but if you were trying to hide information, that information is a pretty bit smoking gun. It directly ties your IP to the VPN IP.
Assuming the rest of the VPN network is using shared IP addresses, and still maintains no logging, it might not be enough to prove that you're the one behind whatever they are searching for.
Then again, not all countries care that much about the "innocent until proven guilty" principle.
I also like AirVPN, Mullvad and PIA a lot. I don't know anyone there personally, but they're all strong privacy advocates.
I'm concerned about relationships between Tesonet and NordVPN and ProtonVPN. So I wouldn't use them.
Can you elaborate on the problem with the relationship between Tesonet, NordVPN and ProtonVPN. Also does your problem with ProtonVPN extend to protonmail? Should I be considering switching to a new email?
The PIA CEO basically claimed that Tesonet operated ProtonVPN for the ProtonMail team. And then additional articles appeared, detailing the connections. And adding NordVPN to the mix.
But many of their HN posts were deleted. And much of the other online coverage disappeared, presumably because of pressure from NordVPN and/or ProtonVPN. But I found caches for three of them.[0,1,2]
Maybe it's all bullshit. But it leaves me suspicious. And I gotta say that ProtonVPN's responses seemed evasive.
0) VPNscam.com: NordVPN, ProtonVPN, ProtonMail, Owned by Tesonet CEO Darius Bereika https://keybase.pub/mirimir/NordVPN%2C%20ProtonVPN%2C%20Prot...
1) best10vpn.com: Proof that NordVPN is Owned by Data Mining Company Tesonet https://keybase.pub/mirimir/Proof%20that%20NordVPN%20is%20Ow...
2) airvpn.com: Why You Can’t Trust NordVPN https://keybase.pub/mirimir/Why%20You%20Can%E2%80%99t%20Trus...
Edit: Also FYI
Lawsuit names NordVPN, Tesonet in proxy data extraction scheme https://news.ycombinator.com/item?id=17873164
HolaVPN (luminati) is suing NordVPN (Tesonet) for stealing p2p proxy patents https://drive.google.com/open?id=1_AlNxNN-fiIVW64-605c_OJO0C...
But on the other hand, I gather that Mozilla has picked ProtonVPN for its integrated VPN testing. And they seem competent and privacy-friendly.
Also, whatever they did with ProtonVPN, there's no reason to believe that there's anything wrong with ProtonMail. That's arguably their core competency. And they arguably brought in Tesonet because VPNs were not part of their core competency.
But they do seem more privacy-friendly than most.
 I use migadu.com but fastmail.com seems to be very popular with the HN crowd.
NordVPN is always advertising their massive server network, but I was always getting booted off and having connection problems. I rarely have these problems with IVPN.
(2) Then read this about VPN services and deceptive ratings:
(3) REFERENCE -- look up any VPN you're considering here before using it (there are mistakes in this table, e.g., encrypt.me was named cloak but the specs don’t match).
Note: products are listed by product name instead of by manufacture, e.g., F-Secure's VPN is listed as "Freedome," not "F-Secure."
Remember: NEVER USE FREE VPN.
It's insanely easy to set up a new box (I use linode right now but it works with a bunch of cloud providers) and it works well for my mobile devices too.
I like the fact that it's my own server and I am the only person with a copy of the encryption keys.
Also, I have a buddy who is in a middle-eastern country where using a VPN is illegal who was unable to use any other VPN service but had no issue connecting to and using my Streisand box.
They have a large commercial business that would get seriously Kaperskied if it turned out they were knowingly doing anything wrong, and I've decided that that's the kind of incentive I want in a VPN provider.
The US government made it clear they thought Kaspersky software was a security risk, as they were a little too close to the Kremlin. True or otherwise, it'd be an almighty brave Western CIO who bought Kaspersky software moving forward.
It’s similar in concept to Algo, in that you deploy your own VPN server on a VPS rather than use a hosted service. However, it provides a polished desktop app for deploying the server, and walks you through creating a VPS on DigitalOcean very easily.
This is incredibly helpful, because most folks I’ve helped with VPN setups are not comfortable aren’t handy with a CLI, and I’ve been able to walk more than one person through setting Outline up very easily.
I think easy-to-manage platforms like Outline will probably be the future, but I'm not convinced that shadowsocks is the right foundation.
To comply with these regulations, ISPs deploy appliance/boxes that can do packet inspection and blocking. It used to be IP blocking and DNS blocking.
As silicon became faster, these boxes have become more powerful. They can operate at multiple 100Gbps+ packet header scale and not just L3/L4, but also L7 packet headers (a.k.a deep packet inspection). Both of my ISPs (home and mobile) do this.
These same appliance companies sell data monetisation solutions to collect and sell metadata – usually done indirectly by a sister entity.
These boxes can also inject ads directly into plain http pages and manipulate DNS responses to do the same nefarious thing. In fact this clickjacking injection is the thing that turned me towards VPNs.
While the VPN solves the clickjacking injection problem, I’m fully aware of the fact that my VPS provider’s ISP maybe logging and selling all the metadata.
Even with https or TLS connections the domain name is revealed in plain text during connection setup. ESNI solves this problem, but no browser supports it by default yet. Other metadata collected usually includes – time, location, connection protocol fingerprinting to uniquely identify devices (TV, phones, laptops etc) behind customer IP address, frequency of access, bytes transferred per connection etc.
The real danger is this – as adtech evolves the lines are blurred between plain advertisement vs personalised experiences and targeted digital brainwashing.
Election manipulations, shifting the sentiments (distributed lobbying) in favor of desired outcomes, addictive spending - these become just natural evolution/extensions of this ad tech. With ISPs data mining and selling to invisible companies we won't be cognizant of this manipulation.
Also, it would be really cool if there was a P2P exchange for services like this. With Netflix et al blocking IPs from VPNs and VPSs there must be a large market for VPNs egressing from residential IPs.
ExpressVPN has been great to me and I continue to fail finding bad news about them. They dont offer any discounts tho and Im on $99/year plan but I was tempted to get NordVPN for half thatprice. I gave up on setting up their stone-age designed router software and came back to Express. Express has amazing software for N7000 router series and it allows me to exclude iPad that I use to watch Netflix while rest of network continues to be secure. So with their router software and $99/year you have unlimited amount of devices covered. Speed is amazing too and number of servers avail is very hight. Honestly I feel its worth double the proce I would pay for Nord, as I put it in my company costs anyways ;)
I could not recommend them high enough.
the speeds are not great, but it just maybe because i’m in china, i couldnt watch hbo go or stream netflix at the time, i use it generally for programming.
Edit: I am also testing out AzireVPN as they have WireGuard support.
You may ask “how is this different than just running my own vps”, and the answer is the ability to redeploy to another region with no downtime and push of a button. I love that feature and use it often.
Because you’re on your own VPS, so far in my experience, I’ve never even noticed I’m connected to a VPN. It’s blazing fast. I cancelled my PIA account and moved over entirely.
One day I woke up and realised I do not know who runs those companies. For example, Nord is registered in Panama, a country where declaring company ownership is not mandatory. Why should I trust them with my data?
After a little digging I found that Proton is the only VPN provider whose owners have put their names and reputations on the the line. The only one.
It doesn't mean I trust them 100%. But if someone is willing to put their face on their website, I'd say it gives them an extra incentive to do their job right.
I'm definitely switching back when my 2 year subscription to NordVPN runs out.
I also have a self-hosted OpenVPN-server running at home, which I occasionally use for open Wi-Fi networks or getting around content blocking on some networks.
For day-to-day usage, I don't use a VPN. I place some trust on my ISP (both mobile and wired) to carry my traffic.
It accomplishes 99% of what I used a VPN for (privacy on the go) and leaves only one point of trust (my ISP provider).
I use it pretty much exclusively to tunnel my traffic when using a public and/or open WiFi with my phone or laptop.
I was looking for a reasonably priced VPN not based in the 5 eyes territory, and I came to iVPN as the best solution for my criteria and at $110 per year.
- Wireguard in Switzerland
- IPv6 /64 subnet
- No bandwidth penalty
Now they can only fill the last point, if they ever get all three they'll get a lifelong customer out of me.
What I now have is Mullvad for IPv4 for their Swiss servers and good bandwidth, AzireVPN for their /64 IPv6 subnet. Both are running on my router, but I'd be happy to have only one provider.
Personally I use it for privacy (I don't trust any ISP in the country and especially local government). I host my own VPN on a virtual node outside country (even outside continent). It makes the connection a bit slower, than without any tunnels, but I got used to it. Also I have to pay extra efforts to maintain it, but that's the privacy cost.
Moreover, with own server it's possible to achieve things which are usually unavailable with paid VPN services. E.g. run openvpn through ssl/ssh tunnel or something similar. Or use just ssh tunnel or anything like that. It helps to mask the traffic and ease your life in case of question from some people.
Depending on your country popular services might be simply unavailable and you'd need at least couple of them at the same time to ensure connection redundancy. Also (depending on what you're doing and local laws) you might have a hard time explaining your country secret agency why you're paying vpn proxy company, while explanation for hosting service might save a lot of time for you (and avoid additional questions). But that's (hopefully) extreme cases.
Also you receive static IP in case with hosting. But you might rotate it as often as you want by just recreating the machine.
But also keep in mind, that some services ban popular hosting (and VPN) providers IP ranges.
Providers I went through before settling on AirVPN: vpn.ht, IPVanish, PIA, Astrill and PureVPN.
I highly recommend running your own VPN endpoint on at least a VPS/cloud instance somewhere. Such address blocks are used by tons of other users at immense traffic levels, and as such your traffic is much less likely to be intercepted by the provider itself.
I was a customer when they were called Cloak & were just 3 guys writing some of the best Mac & iPhone software. They had the best customer service I've ever experienced (Dave spent a lot of time helping me with some weird networking issues related to MacPostFactor on an outdated Mac), and with my business clients we used to talk about Cloak as the kind of company we aspired to work with - genuine, trustworthy & talented people.
The founders have since sold the company (hence the rename to Encrypt.Me), and it now has Windows & Android versions. But as they've grown & the founders left, it's lost a bit of that small indie / Jerry Maguire feel where you knew all the developers & customer support team by name. It's still good, just feels like your favorite underground band has gone mainstream.
I use them for hotel/cafe WiFi protection & testing how my website looks from overseas. They're not a service for seeding torrents etc. I'm glad they try to keep their network clean, makes it better & more reliable for legit business users like myself.
I also setup OpenVPN access on my mum's laptop, so she can access things in the UK when she's traveling...
Bandwidth costs and blocking of known IP blocks makes a VPS-based solution not so attractive to me. I do have a couple of 'lifetime' accounts with random VPN providers as a backup. I also have the OpenVPN client running in a docker container on my PC with a SOCKS server in front of it, for flexibility.
The person running it provided a number of detailed comparisons of various VPN providers here .
I travel a lot in Asia which is why I need it as some countries block websites I need.
Had issues with it in China but put ExpressVPN on my phone which seemed to work fine 70% of the time.
I use VPN for torrenting, which is blocked in my country, use a leecher like seedr & get direct download link. for this proton is enough
One thing that's often missed is making sure you configure your local firewall to disallow all non-VPN traffic, such as startup/network initialization info.
Anyone know what I'm talking about? It would compensate for instance censored web sites, or routing table errors at the ISP, and route/tunnel the traffic through one of your peers in the project. Damn, I don't think I dreamed this up.
One of the benefits of WG is that it's extremely performant and I can set my own DNS within the config (a Pi-Hole hosted at DigitalOcean for adblocking).
As WG isn't available for Windows just yet, I use OpenVPN's native binary on my Windows machine; Mullvad offers .ovpn files in the same way as they offer .conf files for WG.
Mullvad also requires no PII when signing up, so ensure that you securely store your account number.
Would a VPN help with this? I’ve tried using Tor (through Brave), but I run into tons of captchas and many sites won’t load at all.
There are many other ways of tracking though, first of all browser cookies and cache, but also browser fingerprinting.
So, with these methods, you can even be tracked/uniquely identified while using a VPN.
I also have another smaller VPN called CrypticVPN. They have a lifetime plan and a small amount of servers, but they also allow port forwarding.
I also made a openVPN server with a cheap VPS, and I'm just toying with it really.
the only thing I like is how they aren't actually associated with Tor in any way... lol...
Incidentally, I posted on HN yesterday volunteering to setup free VPN. - https://news.ycombinator.com/item?id=19241382 . Happy to set one up for you, or anyone in this forum.
That said I just use a free one that didn't ask for a signup - https://www.vpnbook.com/
I tried a server of a certain free VPN via OpenVPN and since it did not support tunneling traffic through their own servers for IPv6 requests, my friend told me to disable IPv6 on my adapter's settings. Now ipleak.net doesn't detect my location. Was it a smart thing to do?
Or at least, it is if your ISP provides IPv6 service. If it does, and the VPN both routes IPv6 and doesn't push its own IPv6 address, IPv6-capable websites will see a global IPv6 address that's owned by your ISP.
https://test-ipv6.com/ is a good test site.
I've simply setup OpenVPN on a little server I have sitting in my house. It's been very reliable and simple to manage and has covered my needs.
Also, if you pay your AWS bills using an Amazon Prime credit card, you get 5% back. (just checked on my cc)
1. IKEv2 and OPENVPN both supported
2. I did not find many VPN's that actually have Linux app (they do)
3. Good price
4. NOT a US based company
5. Very fast updates - I keep receiving new updates weekly