Hacker News new | past | comments | ask | show | jobs | submit login

WHat's stopping the host of your VPN (or any of its upstream providers) from logging your traffic like your ISP might? I'm personally not entirely convinced that using a VPN provides much privacy benefit.

Nothing stops them. However, some VPN services do actually seem to protect their users' privacy. PIA, for example, has been subpoenaed a couple times in US courts. And they've just said "sorry, we don't log". And that's that, because VPNs aren't legally required to log in the US. But of course, that's not necessarily the case elsewhere.

Looking at it from the VPN provider's perspective, it's actually simpler not to log. Logs are like radioactive waste. They aren't necessary for management. You can do that in real time, and log nothing. All they can do is implicate you in legal bullshit, which hurts users and damages your reputation.

And even if there's a legal requirement to log, you can just ignore it. At least, if you have no legal presence in the country, beyond running a VPN server.

But more generally, users can use nested VPN chains to distribute trust among providers. That is, connect to VPN A. Then connect to VPN B through VPN A. Then connect to VPN C through VPN B. And so on. I do that using virtual networks of pfSense VMs. But you could do it in one machine, using routing and iptables.

It's the same strategy that Tor uses, routing circuits through multiple relays. With three nodes in a nested chain, no one node knows both who you are, and what you're doing. So adversaries would need to obtain data from multiple nodes.

Good point. I'm not a VPN/ networking expert, but this does make me wary of 3rd party VPN services.

In my case, I'm my own host. I'm using the Wireguard protocol, running on a Digital Ocean droplet I own. The Streisand project does the heavy lifting of creating/ configuring the server, then I can easing tunnel into it using my computers or mobile phone.

Streisand also support OpenVPN & other common flavors of VPN, you can even run you own Tor bridge relay if you into that.

https://github.com/StreisandEffect/streisand https://www.wireguard.com/

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact