Why Your VPN May Not Be As Secure As It Claims
- Thread starter Condobloke
- Start date
Thats not what the article is about, but yes. You of course have to trust the VPN provider. You can pay non-bollocks providers like mullvad.net with crypto.
Or just use tor.
The problem in the article can be avoided by using what mullvad.net refers to as a kill switch, which are iptables/nftables rules that prevent traffic from going anywhere except to the VPN server.
You can also configure your dhcp client to just not accept everything and a broken kitchen sink from your DHCP server. This is espeically useful if you use your own (untrustworthy) ISP router 99% of the time.
I don't rely on any paid VPN to be 'secure'. It's just a tool to access stuff I'd not normally be able to access.
If I want a secure VPN, I can spin up a VPS and set it up myself.
If I want a secure VPN, I can spin up a VPS and set it up myself.
OP
Condobloke
Well-Known Member
@KGIII , Will you do a tutorial/article on the "how to" of a vps ?
Last edited:
Well a VPN also makes you "pseudo"nymous, because lots of other people use it.
You can setup a VPN with wireguard rather easily and host it for as little as 4 euros per month with something like a hetzner cloud server.
But then you have to keep it secure yourself. I don't think thats worth the hassle.
Most likely your browser has a unique fingerprint, so the VPN doesn't really make you anonymous (enough). At the end it just helps against spy-i ISPs as well as watching netflix in other countries and getting around ISP restrictions in restrictive countries.
done.
VPS = Virtual Private Server, or what is now referred to as cloud.
Do you guys want a blogpost on howto setup a simple VPN for one person? That I could do.
You can setup a VPN with wireguard rather easily and host it for as little as 4 euros per month with something like a hetzner cloud server.
But then you have to keep it secure yourself. I don't think thats worth the hassle.
Most likely your browser has a unique fingerprint, so the VPN doesn't really make you anonymous (enough). At the end it just helps against spy-i ISPs as well as watching netflix in other countries and getting around ISP restrictions in restrictive countries.
- go to hetzner
- click on cloud
- click a server
- ssh root@<ip>
done.
VPS = Virtual Private Server, or what is now referred to as cloud.
Do you guys want a blogpost on howto setup a simple VPN for one person? That I could do.
Aristarchus
Member
so, I understand that ssh should be avoided too as it had a security hole not patched for several years... 
The whole point of using VPN is either secure intra company traffic or anonymity where one selects a server with maximum number of users sharing same dynamic IP address.
When one chains VPN, then user discovery is really low.
VPS for single user works only for encrypting traffic (which is encrypted anyway when using https). It does not increase user anonymity.
Its is again one of those: 100% security with disconnected box where ssh or VPN or IPv6 or whatever network protocol vulnerabilities do not matter.
Finally, taking advantage of this vulnerability is possible only if the client to site VPN network is compromised.
The conclusions are pretty obvious n'est-ce pas?
The whole point of using VPN is either secure intra company traffic or anonymity where one selects a server with maximum number of users sharing same dynamic IP address.
When one chains VPN, then user discovery is really low.
VPS for single user works only for encrypting traffic (which is encrypted anyway when using https). It does not increase user anonymity.
Its is again one of those: 100% security with disconnected box where ssh or VPN or IPv6 or whatever network protocol vulnerabilities do not matter.
Finally, taking advantage of this vulnerability is possible only if the client to site VPN network is compromised.
The conclusions are pretty obvious n'est-ce pas?
Last edited:
1. Find a provider that meets your requirements.
2. Give them money.
That's pretty much it. From there, you'll have an admin control panel. You can install a distro of your choosing, among other things. Some may have entire images, like a LAMP stack, that can be installed with a click. Other times, you can upload an image of your choice so that you can install any Linux OS on it you want.
With the VPS you can do anything you want. It's like a step up after shared web hosting and a step below a dedicated server. It's a Virtual Private Server, meaning one server can host more than one client. You want to find a company that doesn't oversell. After that, features are fairly similar.
There are sone free VPS offerings for hobbyists to use.
so, I understand that ssh should be avoided too as it had a security hole not patched for several years...
buy a typewriter then. There are ways to determine from the sound of it what you are typing. Don't use computers
Everything has security flaws, we just don't know it yet. Open Source is still the right approach to minimizing those.If you refer to xz that wasn't in there for years. The guy who put it in went the "correct way" of becoming a member of the community before placing the flaw piece by piece. Thats the common / correct approach for a (gov funded) hacker.
VPS = Virtual Private Server, VPN = Virtual Private Network. You can install a VPN server on a VPS.
why IPv6?
If you only want to quickly spoof your IP, protect your anonymity, or increase your privacy online using a lightweight, web-based, and often free option, a proxy server may be a valid alternative to a VPN
That depends, there are vpn providers that have proven they are secure.
Mullvad's no-log policy proven after police raid
No customer data was compromised, the provider said
Pricing
Mullvad is a VPN service that helps keep your online activity, identity, and location private. Only €5/month - We accept Bitcoin, cash, bank wire, credit card, PayPal, and Swish.
Is there a email provider like this? That is designed to not store emails (or at least not plain text) as well as logs?
I understand that IMAP doesn't work this way (pop3 does), but as pretty much all large providers store mails for only one person and not groups of people (read: companies that share [email protected]), this might be an approach.
You cant have your mails synced to all your devices ofc. Or you would have to build a client that does that syncing peer to peer.
I understand that IMAP doesn't work this way (pop3 does), but as pretty much all large providers store mails for only one person and not groups of people (read: companies that share [email protected]), this might be an approach.
You cant have your mails synced to all your devices ofc. Or you would have to build a client that does that syncing peer to peer.
Maybe these ones? I have no experience with them though, so can't really say much else.
Tuta Mail: Create a secure, private & encrypted email account for free
Tuta is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.
tuta.com
Proton Mail: Get a private, secure, and encrypted email account | Proton
Proton Mail is the world’s largest secure email service with over 100 million users. Available on Web, iOS, Android, and desktop. Protected by Swiss privacy law.
proton.me
The idea should also be that the provider does not want to keep those emails. If I have the mails on a server this isn't good. The mails should be on the server until the client downloads them, and then they should be gone.
OP
Condobloke
Well-Known Member
@f33dm3bits, Tuta looks interesting
Tuta was tutanota, now abbreviated to the shorter name. As a former free subscriber, I found it quite secure for my purposes. It could send ordinary mail, or if the user chooses, encrypted + passworded mail such that the mail recipient doesn't receive the mail, but just a message that mail for them exists, for which they need a password to fetch it from a secure server elsewhere. After 6 months of not using the the tuta service, it deletes the user's accounts for security reasons ... I guess they allow hackers only 6 months to try and get into their systems
. Unfortunately, tuta has been banned in several countries, which I guess is a risk one takes with any specialised software that rubs some entities up the wrong way.
OP
Condobloke
Well-Known Member
Have you seen/read any detail of exactly why they were banned ?
