Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will VPNs Protect Your Privacy? It's Complicated

Posted by msmash on from the how-about-that dept.

From a CNET report: A VPN redirects your internet traffic, disguising where your computer, phone or other device is when it makes contact with websites. It also encrypts information you send across the internet, making it unreadable to anyone who intercepts your traffic. That includes your internet service provider. Ha! Problem solved -- right? Well, sort of. The big catch is, now the VPN has your internet traffic and browsing history, instead of your ISP. What's to stop the VPN from selling your information to the highest bidder? Of course, there are reputable VPN services out there, but it's incumbent on you the user to "do your homework," Ajay Arora, CEO of cybersecurity company Vera said. In addition to making sure the VPN will actually keep your data private, you'll want to make sure there's nothing shady in the terms and conditions. Shady how? Well, in 2015, a group of security-minded coders discovered that free VPN service Hola was selling its users' bandwidth to the paying customers of its Luminati service. That meant some random person could have been using your internet connection to do something illegal. So, shady like that. "I would recommend you do some cursory level research in terms of reputation [and] how long they've been around," Arora said, "And when you sign up, read the fine print." From a report on Wired: Christian Haschek, an Austria-based security researcher, wrote a script that analyzed 443 open proxies, which route web traffic through an alternate, often pseudo-anonymous, computer network. The script tested the proxies to see if they modified site content or allowed users to browse sites while using encryption. According to Haschek's research, just 21 percent of the tested proxies weren't "shady." Haschek found that the other 79 percent of surveyed proxy services forbid secure, HTTPS traffic.

72 of 141 comments (clear)

  1. "analyzed 443 open proxies" by Anonymous Coward · · Score: 1

    You are aware March has got 31 days, not 30?

    1. Re:"analyzed 443 open proxies" by Anonymous Coward · · Score: 2, Funny

      Dude, Donald Trump is president. April 1st started more than 2 months ago.

    2. Re:"analyzed 443 open proxies" by suso · · Score: 1

      You are aware March has got 31 days, not 30?

      There is a bill going through Congress right now to change that.

  2. Because you can choose your VPN... by ctilsie242 · · Score: 5, Insightful

    With ISPs, you can't really choose who gives you the pipe to your home or school. You may have a telco, and a cable company, if that.

    With VPNs, if one is found to be selling data, you can switch in a heartbeat.

    Then, there are the privacy policies. A VPN having a privacy policy of not handing your traffic over will get in a lot more trouble if they sell that data than an ISP that has a privacy policy of "if it goes through our fiber, we can do what we please with it."

    VPNs are not perfect... but they do help significantly. It is sad that things have come down to this, as it makes police work a lot harder once the bad guys "go dark", but people are tired of having their data sold, or advertising IDs added to non-encrypted traffic.

    1. Re:Because you can choose your VPN... by ctilsie242 · · Score: 1

      Very true. However, for a lot of items, that isn't a big issue. I'm not running P2P clients, but oftentimes doing web browsing and such, where it doesn't take that much bandwidth.

      There is always the option of creating a VPN server on AWS, but I'd just rather use a known good service which can be cheaper.

    2. Re:Because you can choose your VPN... by Anonymous Coward · · Score: 1

      True, but there aren't a ton of sites that will stream data to you faster than what a VPN allows. If you're mass torrenting, yeah, it might slow you down, but if the most strenuous thing you do is watch videos on website, it'll be fine.

    3. Re:Because you can choose your VPN... by DuckDodgers · · Score: 1

      This is my concern. There are six people living at my house, we use between 600-900GB of data per month (mostly on Youtube and Netflix). It does no good for me to get a VPN if we can't use it.

    4. Re:Because you can choose your VPN... by amxcoder · · Score: 1

      Depends on how much bandwidth you have natively. I have 240Mb/s when testing just through my router. However, if startup a VPN, and try another speedtest (same day, similar time frame, trying to see side by side comparisons), I get at best less than 1/2 that, and many times way less than that. Granted, you can still do quite a lot with 50Mb/s but it isn't even consistent, because it depends on what node you connect to, and where they are located. One time you connect and you might get 50, another time, 10, and another location 2-3.

      Also, it can add a ton of latency, so for some things like gaming and probably SIP/VoIP and any other latency dependent usages, it can have a really negative effect. It can often feel like you're using a cellular data connection.

      Don't get me wrong, I have a VPN subcription for use when I need privacy or P2P/etc. But I don't see running one all the time 100% feasible. I debated for a while having my router connect to VPN so everything on my home network would be protected automatically, but after some testing, I decided not to do it at this point. I may have to relook into that option again with this new ISP rule though.

  3. Why Not by Anonymous Coward · · Score: 1

    Just spin up your own VPN server on one of the cloud providers? The cost of a low resource machine is negligible, even better, you can spin up a new machine (with a new external facing IP) each time you need to use it.

    1. Re:Why Not by MightyYar · · Score: 3, Insightful

      Can one pay for a cloud service anonymously?

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    2. Re:Why Not by JoeMerchant · · Score: 2

      One can "borrow" a credit card to sign up for the free tier service, theoretically.

    3. Re:Why Not by mridoni · · Score: 1

      No, and BTW they can possibly seize your server, but we are not talking about perfect anonymity, just improving privacy, and a "home-made" VPN goes a long(er) way towards that.

    4. Re:Why Not by whoever57 · · Score: 2

      You can pay for services with pre-paid credit cards (AKA gift cards).

      --
      The real "Libtards" are the Libertarians!
    5. Re:Why Not by MightyYar · · Score: 1

      I'll borrow my wife's.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    6. Re:Why Not by dmt0 · · Score: 2

      Some VPNs accept Bitcoin as payment

    7. Re:Why Not by Anonymous Coward · · Score: 1

      Bitcoin isn't anonymous.

    8. Re: Why Not by MightyYar · · Score: 1

      That looks like just a VPN service.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  4. Proxies vs. VPN by 110010001000 · · Score: 3, Insightful

    What does a VPN have to do with web proxies? I'm so confused by this website.

    1. Re:Proxies vs. VPN by b0bby · · Score: 2

      That was my thought too. And the "free VPN service Hola" turns out not to be a peer-to-peer "VPN" service, routing users' connections through each other's devices.

      In other words, if you actually get a VPN (which means you'll have to pay for it), from a provider who will not sell your information, then yes, it will protect your privacy.

    2. Re:Proxies vs. VPN by sexconker · · Score: 1

      A VPN is a type of proxy.

    3. Re:Proxies vs. VPN by parkinglot777 · · Score: 1

      If you only think about connecting your computer to a remote server, then their functionality is the same. However, there are differences...

    4. Re:Proxies vs. VPN by 110010001000 · · Score: 1

      It isn't a type of web proxy, which is the confusion. It really isn't a proxy either.

  5. Competition by Fire_Wraith · · Score: 5, Insightful

    Sure, a VPN proxy could monitor my traffic as much as my ISP can. Using https they might see where I'm going, but not the contents. The thing is, I can easily switch VPNs if I don't like the service, whereas in the US, I don't have that choice so much with my ISP, short of physically moving to another location. If I'm lucky, I might live in an area with two viable choices. In my current case, I can choose between Verizon and Comcast, which is like being asked to choose between gonorrhea and syphilis.*

    And now thanks to the f*ckwit Republicans in control of Congress, my ISP can now sell everything it knows about me to anyone they like, without any recourse on my part, short of using some sort of proxy. At least with VPN proxies, there's no real barrier to entry, save for bandwidth capacity, and I can choose from any number of options, that I'm going to now have to start looking at.

    *Apologies to gonorrhea and syphilis for comparing them to the likes of Verizon and Comcast.

    1. Re:Competition by turp182 · · Score: 1

      You could get both Verizon and Comcast at the same time.

      I did this with Charter and AT&T when my wife worked from home.

      Of course, with regards to your analogy, this doesn't sound like a comfortable solution.

      --
      BlameBillCosby.com
    2. Re:Competition by sexconker · · Score: 2

      Oh look, the binary guy being wrong again.

      They can't see the content unless:

      A: They're providing fake certs for the domains you're accessing and you trust those certs for some reason.

      B: The client you use injects legit certs for the proxy into your OS's or browser's cert store for every site you visit. Many corporate network management systems do this. They inject bullshit certs into your machine as trusted for everything. You're fucked unless yo do something the client isn't aware of (like cert pinning, using tunnel to somewhere else with a pre-shared key, a self-signed cert, etc.).

      C: They've broken the encryption algorithm or key exchange protocol negotiated by you and the site.

    3. Re:Competition by Tablizer · · Score: 1

      I can easily switch VPNs if I don't like the service

      AFTER the damage is done.

      --
      Table-ized A.I.
    4. Re:Competition by interkin3tic · · Score: 1

      My head hurts at your comment. Privacy is not like life. If you die, the damage is done. If you lose your online privacy, you can be private again the next day by switching. Furthermore, the exact same thing is true of ISPs, except again, you can't switch quite as easily.

    5. Re:Competition by 110010001000 · · Score: 1

      You are wrong of course. But everyone knows that except apparently you.

    6. Re:Competition by david_thornley · · Score: 1

      Privacy isn't easy to regain nowadays. If someone publishes your connections to midget furry porn sites, that information is almost impossible to remove, and everyone from then on will be able to find out about your midget furry porn fetish. Your browsing history can hurt you even if it's all legal.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  6. shady by fluffernutter · · Score: 1, Insightful

    So he analyzed free proxies and some were shady? Is it a revelation that there are shady things on the internet?

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  7. $10/month VM + SOCKS5 by Anonymous Coward · · Score: 1

    n/t

  8. Seems like it's somewhat worse than that... by lazlo · · Score: 5, Insightful

    If you don't use a VPN, your data is vulnerable to your ISP. If you do use a VPN, your data is vulnerable to your VPN provider *and* to *their* ISP.

    Maybe they've got a better (in terms of privacy) ISP than you do. But be aware that that is also a concern.

    --
    Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?
    1. Re:Seems like it's somewhat worse than that... by ctilsie242 · · Score: 1

      How would the data be vulnerable to the VPN provider's ISP? The ISP I am using, their ISP, and everyone in between the endpoints sees a stream of encrypted traffic on port 1194. The ISPs can throttle or delay the traffic, but they can't really do much else.

    2. Re:Seems like it's somewhat worse than that... by Asgard · · Score: 5, Insightful

      If you don't use a VPN, *your* ISP can correlate all your traffic to your billing information (which is necessarily very detailed as they often have a physical cable to your location). If use a VPN, *their* ISP can only correlate that traffic to the VPN's billing info and not your own. Of course, the VPN provider can make this correlation but there are more options for VPN providers than ISPs in a given location.

    3. Re:Seems like it's somewhat worse than that... by Asgard · · Score: 1

      Responding to legal requests is significantly different than treating the data as a good to be sold though.

    4. Re:Seems like it's somewhat worse than that... by sexconker · · Score: 4, Interesting

      Once the traffic reaches the endpoint (the other end of your VPN tunnel) its decrypted. The VPN provider and their bandwidth suppliers (The VPN providers ISP)can then see all your traffic :-)

      The VPN encapsulation layer is decrypted. If you've got HTTPS inside there it's still HTTPS.
      Further, you typically have many users connecting to one VPN. The VPN's ISP will have a harder time tracking any individual, and will not be able to associate traffic with a user at an address, a user of a certain age or sex, etc. The VPN provider could track in more detail, however, as they manage the individual connections, know who's paying for service (unless you're using fake info when signing up, paying with pre-paid gift card you bought for cash and NOT from a retailer, etc.).

    5. Re:Seems like it's somewhat worse than that... by thegarbz · · Score: 1

      Maybe they've got a better (in terms of privacy) ISP than you do. But be aware that that is also a concern.

      Their ISP would see the occasional packet of yours mixed in with a sea of other stuff pouring through continuously at high rates. Sure they may be able to identify the occasional packet of yours but tying it back to you would be incredibly difficult to you.

      Your own ISP on the other hand sees "lazlo visits fetlife.com 10 times per week, mostly on Saturday at 6:50pm"

  9. They can, but they likely won't by Anonymous Coward · · Score: 1

    You want a VPN service that totally respects and protects your privacy? Find the one that charges the most money and use them, because everything is about money now, and selling your paying customers like so much chattel to the highest bidders, so how can you trust anyone anymore? I don't even trust companies to live up to their printed agreements, because they know they can't be effectively sued by individuals.

    Stop using the Internet for everything you can, and encourage others to do the same. When nobody is making any money from internet-related businesses anymore, it'll either die off or things will change. Money seems to be the only thing these bastards care about, so that's the only weapon you really have against them.

    1. Re:They can, but they likely won't by DuckDodgers · · Score: 1

      Nice thinking, but the most expensive VPN service might still be selling your data. They could just be the most greedy.

  10. My VPN has no information. by snarfies · · Score: 4, Interesting

    What's to stop the VPN from selling your information to the highest bidder? The fact that my VPN of choice, Mullvad, collects no information.

    You click "create account," they give you an account number, and that's the end. They don't ask for your name, address, phone number, or anything. I pay via Bitcoin, so they don't even have my credit card info.

    1. Re:My VPN has no information. by Anonymous Coward · · Score: 1

      The fact that my VPN of choice, Mullvad, collects no information.

      all your browsing history and times, your IP address

      I pay via Bitcoin, so they don't even have my credit card info.

      oh look, extra value for this one. they can sell your data to curious state agencies

    2. Re:My VPN has no information. by amiga3D · · Score: 4, Informative

      You know, nothing is perfect. You do the best you can. If you're actively breaking the law I'd suggest not doing it over the internet.

    3. Re:My VPN has no information. by thomn8r · · Score: 1

      The fact that my VPN of choice, Mullvad, collects no information.

      That you know of. And you don't. All you have to back this up is their ephemeral TOS, which they may or may not adhere to, and could change at a moment's notice.

    4. Re:My VPN has no information. by myrdos2 · · Score: 1

      I wonder... they have your IP address, and could possibly have your browsing history. So your ISP analyzes your history, and sees a bunch of connections to Mullvad and not much else. And they ring up Mullvad and say, we'd like the browsing history for IP XXX.XXX.XXX.XXX. Where is the guarantee of privacy here?

  11. Has that ever happened, even once? by raymorris · · Score: 1

    > A VPN having a privacy policy of not handing your traffic over will get in a lot more trouble if they sell that data

    I'm not so sure. Has ANY VPN provider EVER been busted for that, or anything like it? Can and do the owners of the VPN services hide their identity? It seems to me the big ISPs are very slightly more accountable - they are regulated and we all know exactly who they are.

    1. Re:Has that ever happened, even once? by EndlessNameless · · Score: 2

      they are regulated and we all know exactly who they are.

      Except Congress just voted to eliminate privacy protections, and corporate officers aren't liable for business decisions anyway.

      So the company just writes another check (and probably for less than what they gave to the Congressmen).

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
    2. Re:Has that ever happened, even once? by bheerssen · · Score: 1

      Eh, Congressweasels can be bought for shockingly little. Even a slap on the wrist fine is likely to be much larger than what the ISPs pay in political contributions.

      --
      (Score: -1, Stupid)
    3. Re:Has that ever happened, even once? by Altrag · · Score: 1

      There's not really anyone who would "bust" them. That would be essentially a breach of contract which is a civil matter and their customers would have to bring the suit -- the same customers who are concerned about people knowing what they do online.

      Of course if any VPN provider was caught selling data, the media would likely be all over it. The bad PR would probably be worse than any fine given that the entire reason people use them is to avoid exactly things like that.

      That said, if VPNs do end up going mainstream over this or whatever else in the future, it won't take long for lawmakers to start forcing VPN providers to keep detailed logs and crap like the ISPs have to now. What they'll come up with to deal with the fact that you can use a VPN from another country is anyone's guess, but its not like the US is unknown for sicking its nose in other countries' business at the best of times. Or force US ISPs to filter known foreign VPNs or something equally goofy that won't really work but will mask over the problem enough to appease the media lobbyists and police agencies.

  12. Check the log policy by evolutionary · · Score: 3, Informative

    Many VPN services have a no log policy. Always review the policies of a VPN when you join. Here is a fairly good list to start from: I'm rather fond of VPN services in Sweden and Italy myself. https://torrentfreak.com/anony...

    --
    "Imagination is more important than knowledge" - Einstein
  13. Google doesn't care about VPN by yuvcifjt · · Score: 5, Interesting

    VPN's may only protect you from your own ISP, but what about the biggest spyware organisations, such as Google/Facebook?
    They all rely on browser fingerprinting more than anything else these days, and subtly transmitting information back in an encoded form, including mouse movement patterns to learn about the individual.

    Cookies/HTML5 storage are so last decade, as I've seen a growing number of companies (Cyberfend / iovation / iesnare / "cformanalytics", browser.id (navigator.io), etc) provide services specialising in tracking and individually identifying users - even surprisingly across devices, somehow.

    As far as I can tell, only Mozilla is attempting to reduce/fight this with their browser, especially as they recently removed the Battery status API, added disconnect.me to blacklist known trackers in v43, Font fingerprinting, etc.

    Sure, you can use addons like adblockplus, noscript, decentraleyes, etc to some degree, but many times they break websites as more and more sites are utilising javascript exclusively for a website to function, including third-party scripts, such as GoogleTagManager, etc.
    Just recently discovered that the popular London travel website TfL also contains a third-party tracker, without which their journey planner doesn't work, thus the website doesn't work with Firefox's disconnect.me privacy list.

    1. Re:Google doesn't care about VPN by thegarbz · · Score: 1

      If you're searching for a site using Google, or going to a site that has embedded Facebook shit chances are you're not trying to hide something.

      In any case the privacy aspects of Google and Facebook are different again. It's one thing to be lumped in with Google's anonymised analytics and sold to a third party, or Facebook's "here's a list of everyone who lives in {insert here} and is gay", but it's quite another to be identified as "Firstname, Lastname, SSN, living in address {insert address}, spent all last night browsing fetlife.com"

      The ISP thing scares me far more than Google does, even if Google are better at it.

    2. Re:Google doesn't care about VPN by chihowa · · Score: 2

      If you're searching for a site using Google, or going to a site that has embedded Facebook shit chances are you're not trying to hide something.

      Tired old, "if you have nothing to hide" line coupled with "Google/Facebook are the good guys" bootlicking.

      In any case the privacy aspects of Google and Facebook are different again. It's one thing to be lumped in with Google's anonymised analytics and sold to a third party, or Facebook's "here's a list of everyone who lives in {insert here} and is gay", but it's quite another to be identified as "Firstname, Lastname, SSN, living in address {insert address}, spent all last night browsing fetlife.com"

      The ISP thing scares me far more than Google does, even if Google are better at it.

      Google's and Facebook's dossier on you is certainly not anonymized and what they sell to third parties is limited only by what they decide to sell to third parties. If they change their catalog of what's for sale, they won't suddenly forget everything they know about you.

      You may trust and admire Google and Facebook, but that is not a universally held opinion. The typical ISP may be scummier in character, but they are also limited in reach.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    3. Re:Google doesn't care about VPN by Beezlebub33 · · Score: 1

      Try the TrackMeNot plugin: https://cs.nyu.edu/trackmenot/ and source at: https://github.com/vtoubiana/T...

      It doesn't hide anything that you are doing, so the signal is still there, but it sure puts up a lot of noise. If you are technically minded, please consider improving the software / forking and trying different things.

      --
      The more people I meet, the better I like my dog.
    4. Re:Google doesn't care about VPN by yuvcifjt · · Score: 1

      Thanks, good reply :)

      By the way, try using the <quote> tag next time when quoting the parent ;)

    5. Re:Google doesn't care about VPN by thegarbz · · Score: 1

      Tired old, "if you have nothing to hide" line coupled with "Google/Facebook are the good guys" bootlicking.

      Then you misread what I was saying. I didn't say "if you have nothing to hide then you don't have to worry" like you instantly assumed.

      I said : "If you're searching for a site using Google, or going to a site that has embedded Facebook shit chances are you're not trying to hide something."

      Or to paraphrase: The vast majority of tracking performed by Google and Facebook is on innocuous websites or basic commerce sites which are of little concern to people in general. Quite a bit different in scope to the ISP "gobble up ALL your traffic even if you avoid Google and Facebook"

  14. Independent VPN Comparison by Foresto · · Score: 5, Informative

    ThatOnePrivacyGuy on /r/privacy manages That One Privacy Site, including a handy VPN section. Unlike the vast majority of VPN provider reviews you'll find in web searches, this one encourages community discussion and appears to be impartial. Next time I need a new VPN provider, I expect I'll be turning to that site.

  15. Guarantees. by Anonymous Coward · · Score: 1

    There are none.

    "Log policies" are about as meaningless as "uptime guarantees" and "we do backups". How, exactly, do you verify this?

    Chances are, you'll be fine. But only a fool is going to be shocked when the shit hits the fan with some random VPN provider.

    1. Re:Guarantees. by DuckDodgers · · Score: 1

      Seconded. VPN providers can write whatever they want in their public policy, but unless you work for the provider you have no way to know if they're telling the truth. And even if they're being honest today, a shady executive or a national security letter from Uncle Sam can change their policy tomorrow.

      And further, as others discussed earlier there is the risk that the VPN provider's ISP is collecting the information. Traffic from your home IP goes to the VPN, and then the VPN ISP logs all traffic from there. They can trace the traffic patterns. ("Hey look, IP 1.2.3.4 hit the VPN node, and then the VPN node sent a request to that Craigslist URL for cleaning services, then Craigslist responded to the VPN node, then the VPN sent a message the same size as the Craigslist response to 1.2.3.4. We can now sell anyone that cares evidence that the homeowner at 1.2.3.4 is shopping for cleaning services!")

    2. Re:Guarantees. by DuckDodgers · · Score: 1

      I admit, this kind of thing is outside my expertise. I'm sure some fancy Cisco, Juniper, or maybe SuckPoint gadget might handle 10,000 simultaneous connections for one IP address. That makes tracking difficult.

      But if I was going to run a VPN service out of my house, I'd just pick a cheap VPS provider, rent VMs with fast network connections but low resources otherwise, assign maybe 5-10 customers per VM, and run OpenSSL on the VMs. Nowhere near as cost-efficient as the "enterprise" route, but the initial investment to start the business is substantially smaller. That's cheap and efficient for the owner of the VPN business, but it makes end user tracking by their VPS provider or their VPS provider's ISP substantially easier than using heavy iron networking gear.

  16. Regular Use of VPN by WillRobinson · · Score: 1

    Using a self setup vpn in a data server that does not gather you data is what I am doing. Its not that I care that the government gets it, its I don't need Comcast, Verizon, Tmobile or other service provider that I am SURE will sell my browser data. I do quite a bit of research on our products, and even at work they use comcast! I do not know if management realizes the trove of data that comes from this. Maybe someday they will wake up.

    I also use my server for transferring large files to my customers using opencloud. Do not want dropbox getting access to things they have no business seeing. But sales uses Dropbox on a regular basis. Sigh...

    Am I just getting old and err.. paranoid?

  17. Eh. by Dupedupeshakur · · Score: 1

    It's worth the price of admission just to give me ISP the middle finger. You're won't profit from pilfering all my data. Sure, others do, but I as an informed consumer opt in to those services, knowingly.

  18. Opera browser VPN by mspohr · · Score: 2

    I've installed Opera browser on my computers which has a free VPN provided by SurfEasy which is a Canadian company they own.
    Privacy Policy includes "no logs"
    https://www.surfeasy.com/priva...
    https://www.opera.com/privacy
    This should give good protection from my local ISP. Hopefully I will be able to trust SurfEasy and Opera to adhere to their policy.
    (BTW, the browser seems much faster than Chrome or Firefox on my old MacBook.)

    --
    I don't read your sig. Why are you reading mine?
    1. Re: Opera browser VPN by cunina · · Score: 1

      How does that "free VPN" make money? Or even just cover their costs? I'd be suspicious of them.

    2. Re:Opera browser VPN by Beezlebub33 · · Score: 1

      I'm sorry to have to worry about this, but the fact that a chinese security firm bought Opera sets off lots of red flags to me. What, if anything, is it sending back to the mothership?

      --
      The more people I meet, the better I like my dog.
  19. VPNs kinda sorta ... they will help, a little. by m.dillon · · Score: 4, Informative

    I've been running an openvpn link from my home to our colo for years. I also have it set up on all my devices so I can use it while traveling. Some of our DFly devs also use it when they are traveling. Here's my cumulative wisdom on the matter:

    Generally speaking it works quite well. I use a medium-numbered port but I also have a server running on port 443 because the many weird networks one runs through when traveling often block most parts, but usually leave the https port open.

    * Use UDP for the transport when running openvpn over a broadband link. This provides the most consistent experience.

    * Use TCP for the transport for connections from mobile devices. This provides the most consistent experience. There are several reasons for this not the least of which being that the telco infrastructure seems to devalue UDP by a lot verses other traffic. TCP is also a lot easier to run on the server-side if you potentially have many devices connecting in, because you can run one server instance.

    * Configure a smaller mss, I use 1300, so the encapsulation doesn't get fragmented by the transport. This is very important.

    * Configure a relatively frequent keepalive in openvpn over a WAN link (I use 1sec/10sec), but a less frequent one over mobile (I use 20sec/120sec). This is particularly important on mobile because cell tower switches can cause long disruptions. You don't want to drop the VPN link in such circumstances if you can help it. DO NOT DISABLE THE KEEPALIVE. Always have an openvpn keepalive setup, particularly over TCP, because the TCP connection backoff can prevent your sessions from recovering or cause them to take a long time to recover if one or the other direction is not actively sending data (such as with most web connections, downloads, streaming, etc).

    I personally like 'OpenVPN Connect' on IOS (which I use to connect to our project colo). And of course I run openvpn on all the DragonFly boxes including my laptop.

    --

    Reliability of the VPN depends entirely on the path between your location and the VPN server. The packet must travel this path in addition to the path from the VPN server to the nominal destination, and even in the best of circumstances it will double the chances of something going wrong.

    I've had a number outages at home where my cable link is still operational but the cable company's path to the VPN server is having problems. Also, recovery times are longer because not only does the dead network have to revive, but the openvpn setup has to reconnect and renegotiate.

    --

    Commercial services are going to be hit or miss. VPN'ing your broadband link might be problematic and you have no real visibility into what the commercial service is doing with your data. That said, they are probably going to be a lot better than trusting your data to the telco and wifi hot-spots you connect from when you are mobile.

    Netflix and other video streaming providers will often block-out commercial VPN IPs from the service. Generally speaking, using a commercial service for high-bandwidth connections is really hit-or-miss. You are using their bandwidth as well as your own.

    When using a VPN, you are bypassing any special deals your broadband provider has made with the likes of YouTube, Netflix, etc. Remember that if the cell bandwidth is supposed to be free, because it won't be over the VPN.

    --

    In terms of security, its a mixed bag. The VPN will secure your traffic from your immediately ISP/Telco (aka Comcast, AT&T), and that's actually very important. However, you are not anonymous and once your traffic reaches the egress point its up for grabs by any network it flows through and, in particular, the target web page or whatever might be doing its own data collection.

    But the telco data collection is MUCH more valuable to third parties than target data collection, and the VPN link at least protects you from that.

    The VPN will not do a whole lot for your internal network security. If someone bre

  20. The good old public library by TheStickBoy · · Score: 1

    Me?
    I'm going to go back to the good old days.....head over to the public library for an anonymous connection :)

  21. Re:What's wrong by DuckDodgers · · Score: 1

    I've been trying to figure out the cheapest VPS provider that has the bandwidth I want for VPNs. I want to use a US VPN provider because we might have problems with my kids' multiplayer gaming if we're bouncing our traffic across continents. Our biggest month for data is 900GB, so unrestricted bandwidth or very high bandwidth caps are essential.

    So the US requirement eliminates Scaleway (dammit). I'm looking at OVH, Kaiju Hosting https://kaijuhosting.com/vps.p..., DigitalOcean, Linode, Codero. Any good options I'm missing?

  22. Unfortunately VPNs are likely only a temporary fix by ubrgeek · · Score: 1

    I'm amazed ISPs don't have acceptable use language against using VPNs, under some BS guise of claiming they can negatively affect the network. Regardless, next up will be legislation saying that using a VPN robs ISPs of potential revenue and so are no longer legal. Oh, and the children. Somethingsomethingsomething VPN's and children.

    --
    Bark less. Wag more.
  23. Re: What's wrong by DuckDodgers · · Score: 1

    Thanks! I'll check it out.

  24. Re: It's very simple by Anonymous Coward · · Score: 1

    He's somewhat on the right track... most EU countries have extensive data privacy laws and a responsible regulatory body. The USA has mostly nothing and places the "burden" of privacy on the consumer, hence it is generally lacking. However, it's not clear cut as some EU CL countries are moving toward excessive data retention.

  25. Re:What's wrong by david_thornley · · Score: 1

    I could run a VPN service on AWS, true. At that point, Amazon is effectively my endpoint ISP, and they can observe my web traffic out of my EC2 instance and tie it in with my billing information. I don't see how this is a win.

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  26. Much ado over nothing again. by ebvwfbw · · Score: 2

    This is so stupid. Does anyone really think this even matters? The vast majority of people use cookies, other tech so they know who we all are, our credit cards, etc. Google/bing/duck duck go, etc... all keep track of the searches. How you search, what you search. What you buy.

    As Scott McNealy said years ago - you have no privacy. Get over it.