As usual, when it's free....
.... you are the turkey
Many popular free VPN apps are sketchy Chinese operations with dubious privacy policies, according to research. Metric Labs' Top10VPN conducted a rare investigation into the ownership structure and responsiveness of top VPN providers who distributed their services on iOS and through Google's Play Store. 86 per cent are deemed …
"Just like what you get with Linux."
Linux is not a service. You don't sign up for it, and you don't send your data through somebody else's server in order to use Linux.
(@MMR, voted you up, but I just had to go and at least explain the key difference, in case other don't get it.)
Is to become the VPN supplier by default.
I'm not sure what Migliano wants to do here. Has he ever run, or have good knowledge of, the circuitry involved in protecting all of the networks involved.
I do think that the eventual path of personal privacy along with stuff like VPNs will be to entrust our souls to the suppliers and governments.
Perhaps that's what they want?
The problem is, Apple and Google are victims of their own success. They never designed their approval systems to consider actually vetting apps, other than a quick code scan to ensure they don't do anything bad on the phone (which, mostly, works). None of these systems actually seems to check the background of the companies writing the apps or the web services behind the apps.
That would require time and effort and, due to the scale that has built up, it would be next to impossible to start now. You would have to implement this sort of checking when the system was introduced and scale it up with demand. But that would mean hundreds of extra employees who do nothing but background check companies applying to be app developers and auditing their backend services on a regular basis.
That would then impact their profits, so users are screwed.
VPNs gain full access to a user's browsing history.
Do these apps get permission on iOS/Android to access browsing history? Is that something available without user agreement? Or do the apps actually operate as a browser?
I ask because, in this day and age, most major websites are secured and therefore while the browser knows where you have been, the network operator and any middle men should know only the root of the site. For example my ISP knows I visited forums.theregister.co.uk but can't see that I visited this page (at least not without trying to correlate the timestamp for this submission to that displayed by the post).
If you're visiting an insecure site, assume everyone and their grandmother knows where you went and what you did while you were there.
It depends on the VPN. Anything clear-text can be snooped on or tampered with to inject ads. Any DNS look-ups for host names will be visible. Some VPNs offer a free browser that may collect your browsing history.
The VPN app could install a root certificate and MITM your SSL/TLS connections, if the websites you browse aren't mitigating that.
We've tweaked the sentence to clarify it.
They don't need to act as browsers or gain any extra access rights on the phone, all traffic goes through them, so they know where the traffic is routed and what you have been looking at.
The same as ISPs and mobile operators, if you aren't using a VPN. The traffic goes through their network and they can log where you are going and what you are doing - to a greater or lesser degree; if the traffic is encrypted, they only know where you have been, if it is unencrypted they can see what you are doing.
That is why responsible VPN providers don't keep logs or delete them after a few hours, if they don't have network problems which need investigating.
but the more people who use Tor, the more accommodating they will become.
Err, I THINK you will find that the more people that use TOR that the whole edifice will start to crumble as stupidity arrives in spades, just because a user has found TOR is NO indication they have any idea of WTF they are actually doing, and so they will whinge and whine, and eventually it will all be as easy as it is now outside TOR ffs :o( and not in a good way
Tor is helpful, but not perfect. Despite rumors to the contrary, Tor is hacked regularly. Tor was hacked last month, October 2018. Then again, OpenVPN and IPSEC are hacked regularly as well. Use caution no matter the service. Research is required for maximum safety. Don't open yourself to surveillance through personal ignorance or laziness that could have been avoided.
Accept that, according to various sources, most Tor nodes are compromised now by government spooks.
Whether that is true or not I'm not sure.
Best solution is a Tor through VPN. I use Airvpn and they have such a feature. Not that I really use that bit much, I just know it's there. Airvpn have been good since I started using them. Very useful when on YouTube and you get "Channel 4 has blocked this video in your country". What? The UK? The very fucking country where Channel 4 is. I'd use your app but it's shit. It has a piss poor habit of playing adverts, then getting to the documentry/show and crapping out. But, magically, the adverts successfully play every fucking time, but the actual show you want to watch, doesn't.
):o( rant over.
There are many cases where hostile sites block Tor exit nodes, and shopping through one subjects you to much more extensive 2fa, but the more people who use Tor, the more accommodating they will become.
With respect, I disagree. I have as yet to see a single instance of someone originating from a Tor node actually reading or using the sites I manage. Every single one of the Tor-originated visits was about running some sort of attempt to breach the site or use hacks that may have been installed already.
Ergo, from a risk management perspective I am about to lock out people that use Tor (source: paid-for Maxmind). The stats show it will not lose any business, but it sure improves business-to-hacking attempts ratio in the logfiles.
.. free VPN be it Opera or more dubious not really to be trusted. Might be OK to access region locked content e.g. US media from UK (big regional release date differences on film / TV - silly (IMHO) as it encourages the keenest fans (who must see it ASAP) to pirate)
Dont ever do anything that involves exposing "proper" credentials with them, just use if as a region block unlock and ensure you run it in a VM in case it tries any nasties.
.Finding a VPN you can trust is non trivial (there's always the set up a box in a different country and roll your own VPN for the truly paranoid)
Opera VPN does have its uses (if you want to download gigabytes of porn / cat videos, and you don't want to show your private taste to Ms May's minions, AND if you're not in a hurry. But google search routinely shows you the middle finger, and endless (literally) capchas. But it's a useful stopgap, or just for fun, if you enjoy pissing in the tracking industry's piss-resistant circuits. For serious privacy I would pay for a VPN, though there are only a few which appear (APPEAR) FAIRLY secure (cash payments, no logs, RELATIVELY pressure-resistent legal system (yeah, unlike the UK ;)
That said, it's quite possible that those hiding behind proper VPNs are flagged as worthy particular interest so, ironically, you might be subject to more detailed scrutiny.
I suggest you research the difference between an actual VPN and a mere proxy node. They are by no means equivalent. You are NOT solving the surveillance dangers by simply exiting onto the Internet at a different IP address. Your DNS lookups remain UNencrypted. Your data transfers back and forth remain UNencrypted. That's bad.
Also, my understanding is that Opera is dropping their proxy node service.
A family member was having trouble with internet connection over wifi at home, mobile internet was fine, so I had a look.
He had the Opera security/helper app installed (whatever it is called), which amongst other things enabled a VPN (might have been a proxy, it called it a VPN, I didn't waste time investigating further) which had a terrible throughput. It _may_ have been useful against a dodgy "public" wifi point, but not being able to white-list home wifi?
nixing that thing was the best solution.
I don't think the claims are right....
Most free VPNs are coming from China because Chinese have those need, and some Chinese people have resources that are willing to share to others.
If you claim that the free VPNs are sending datas to China's President, I could say that U.S. based VPNs are sending datas to CIA or FBI....(although they normally don't)
If a VPN service is operated in China, it DOES NOT mean it's powered by Chinese Government, because those softwares are used to bypass Chinese firewall, and Chinese Government does not allow such act (actually it's a crime in China to develop / use such kind of service to bypass the firewall)
It's true VPNs are useful in China, which is why there's such an interest over there.
However, that doesn't excuse crap security. If you're using a stranger's VPN, you're placing an enormous amount of trust in that provider to not screw you over. With near-zero transparency, scrutiny or oversight, free VPNs are a privacy nightmare.
Edit: Oh yeah, don't forget all VPN providers must register with the Chinese government (see below, Google, etc), which is not... great.
I buy all three arguments, i.e. that having so many VPN providers in China is suspicious, that having them in China is not suspicious, because of demand/supply, and having them have crap terms of privacy is suspicious / inexcusable. However, to add to the stack, it might be that their privacy is crap, because privacy in China is crap in general, as much as other issues, such as general "customer service". Though you would think that if somebody offers you a a privacy tool, the key element of the service would be actual privacy. OK, suspicious.
But then... FREE, so perhaps the reason is just to "monetize" a relatively new and growing trend of "privacy" (hey, did you hear about PRIVACY stuff yet?! Click HERE to find out!), like there's been a new trend in "cargo" cloths, courtesy of Ryanair (fuck you Ryanair, fuckyouverymuch)
And you know exactly what that means. The totalitarian Chinese government (inexplicably still considered 'socialist' or 'communist') demands ALL data on citizen behavior be available to them at ALL times. Period. Don't fool yourself otherwise. China is a full bore surveillance state. Rumors to the contrary are plain ignorance. That includes Hong Kong as well.
>The totalitarian Chinese government (inexplicably still considered 'socialist' or 'communist')
That is just like all the People's Free Democratic Republic of Wherever is neither free nor democratic, and is not much for the people either. What remains is the wherever part. Still, they like to think people fall for the name.
"For what it's worth, we recommend setting one up yourself using OpenVPN, Algo, or Outline, for example, if you know what you're doing."
This has always struck me as a bizarre recommendation for what's probably the major reason for using a VPN: making it look like you're somewhere else. After all, most people in the UK who want to look like they're connecting from the US probably don't own a house in the US they can stick a VPN server in. Or even have the means to run one out of a US-based colo or something. (Ditto Chinese people wanting to look like they're almost anywhere else, etc etc). Surely it's more practical to recommend a vaguely reputable paid provider for this case.
"After all, most people in the UK who want to look like they're connecting from the US"
Why on earth would I want to appear to be from the US? My use case is to appear to be from the UK when I am abroad so that iPlayer works and I can be confident that I am not being MitMd.
My OpenVPN relies on *my* CA trust working and if it refuses to connect then I reach for Wireshark to find out why not. If the "free" wifi is being naughty and doling out certs and intercepting TLS it soon becomes obvious.
Note that with VPN, as with TOR, countries trying to protect their individual copyrighted media (because we humans are so incredibly uncooperative between countries) go out of their way to SEEK and BLOCK exit nodes onto their country's Internet from outside their country. It is entirely common, for example, for the UK's BBC to identify active VPN or TOR exit nodes with a lot of variable traffic of a questionable nature. They then BLOCK that VPN from accessing their service. In turn, a good VPN will then establish a new exit node in that country to provide to their users. Or, TOR users within the country will volunteer their own exit nodes (at their personal peril I must note) for others outside the country to use.
I'll also note that these days the BBC require those accessing their media to have an BBC account with a listed physical UK mailing address. VPNs can't help with that wrinkle.
It's called Cat and Mouse.
"Note that with VPN, as with TOR, countries trying to protect their individual copyrighted media (because we humans are so incredibly uncooperative between countries) go out of their way to SEEK and BLOCK exit nodes onto their country's Internet from outside their country. It is entirely common, for example, for the UK's BBC to identify active VPN or TOR exit nodes with a lot of variable traffic of a questionable nature."
I tried viewing El Regs site over Tor the other day.
I tried viewing El Regs site over Tor the other day.
El Reg really does need to dispense with clodfool. It drove me away for a while, though it seems better now.
There's always something like Whonix (think that's the name) which will let you run that JS BS in a VPN that can only connect to the internet via another VPN that acts as a TOR gateway. Not necessarily absolutely perfectly secure, but more than enough to keep you safe from clodfool's harrassment while you're innocently browsing El Reg.
(As if there was any innocence around here! Naivety maybe, but innocence?????)
this is peculiar, because when I went to the registration page, they wanted ridiculous amount of personal information, starting with your address / postcode, and your age, and your full name, if I remember correctly. Of course, you can fake all / some of these, but even if the system bites, would it be legal? Probably similar to "stealing" your neighbours' tv signal ;)
Actually, this is an interesting legal poser: am I breaking the (UK) law downloading bbc content I am entitled to (supposedly), but from, er... "other sources"?
> I'll also note that these days the BBC require those accessing
> their media to have an BBC account with a listed physical UK
> mailing address. VPNs can't help with that wrinkle.
No they don't. I have no BBC account but downloaded some Iplayer programmes just yesterday.
I'll also note that these days the BBC require those accessing their media to have an BBC account with a listed physical UK mailing address. VPNs can't help with that wrinkle.
That's not too hard to work around. Same way you can get stuff where you must have a delivery address in a certain country. Just be on good terms with someone over there :)
You can even do a VPN-swap if you can handle the hit on your data. You set up one there and give me a log in, and I set up one here and give you a log in (no, not offering sorry, my bandwidth is too limited for any more users!)
"My use case is to appear to be from the UK when I am abroad so that iPlayer works and I can be confident that I am not being MitMd."
Most people would use VPN to pretend to be someone else than the registered, named, aged and postcoded iPlayer user, whose information is shared by the beeb with all those beeb offspring and God-knows-how-many carefully selected business partners, never mind government agencies.
There are really good reasons to have a VPN that for instance exits in the US. Buying things like fight tickets get really way cheaper when they do not see one is European.
On-line shopping can be way cheaper, and indeed ones on-line habits are not logged on countless places.
Creating a personal VPN could go like this:
1. Purchase a raspberry pi as home VPN server, configure OpenVPN.
2. Rent a simple t.micro Linux system at AWS in an AWS datacenter located in Virginia.
3. Configure squid on the AWS system.
4. Configure OpenVPN on the AWS server to connect with the pi.
5. Configure AWS linux system as a proxy on the browser.
6. Fix ip-routing on the PC so that the route to the proxy (squid) server points to the pi.
There are costs, like around $ 15,- per month for the AWS server.
This could be more convenient than TOR. With tor ones ip-address exits in random countries, services like gmail and yahoo mail really get nervous about this, and are not accessible anymore.
Creating a personal VPN could go like this: (list)
I found buying an upmarket Netgear router is the simplest way forward, although it's time they upgrade their code to the latest standards (some of what they use is being phased out so applications like Tunnelblick immediately give you a heads up when you install the settings).
I have an Netgear Orbi pair in my place as the walls are annoyingly WiFi opaque that acts as the main router (on a static IP address), and getting a VPN going on that was a matter of a few mouse clicks - it even generates all the required certs/ovpn files.
It's quite handy in that I can lock down all admin interfaces to my home IP address (my Internet provider has, so far, been reasonably stable, but I also have cert-protected SSH access so I can always open it back up - I believe in resilience :) ).
good points you made here, especially the ways of using vpn, I can agree with that, but I don't see a point of making your own vpn. Especially when there are such a good ones like Nordvpn for a few dollars a month, they are well developed, if you lucky enough you can get it very cheap. And it still will get u some more advantages than what you can build at home. Just make sure it is not a free vpn, because it does not go in one sentence with privacy.
good points you made here, especially the ways of using vpn, I can agree with that, but I don't see a point of making your own vpn. Especially when there are such a good ones like Nordvpn for a few dollars a month, they are well developed, if you lucky enough you can get it very cheap. And it still will get u some more advantages than what you can build at home.
My own VPN started life as an instance of OpenVPN + PiHole on a Media Centre box that was on 24/7 (collecting the 'necessary data' for the next series or a few movies we wanted to watch ;) ). The machine was on already, so all I needed was a few minutes to install the software and configure the software and a bit of port forwarding on the router. It is effectively free, as the bandwidth is 'unlimited' and the power is already being used. (FTR it now resides on my own cloud server).
Just make sure it is not a free vpn, because it does not go in one sentence with privacy.
I often watch a vid or two on YT before I go to sleep, using a tablet propped up against a pillow (it turns itself off after the video stops if I don't start another one). On Saturday I visited NordVPN for the first time, with JS off by default. Among the 4 lots of JS their site wants 2 are their own, one is discuss, and the last is google tag manager. Last night (Monday), I again went to watch a vid and what do I see in my list? Lots and lots of stuff about VPNS.
On my desktop maching and my tablet I have OpenVPN set up, but my VPN is not at my home now. I don't have OpenVPN on this laptop, so when I looked up NordVPN I did it from the same IP the tablet uses, however for this discussion I am coming from a different IP. Since the videos appeared in YT just after I visited Nord, and I haven't previously looked up any vids on YT nor do I use google to search for stuff, a reasonable conclusion is that google got a record of my visit to NordVPN from them, and from there got the idea that I am interested in that product. If Nord fed that data to google then they're hardly respecting my privacy, and as they use google products in their web site I think it's a fair bet that they don't truly respect your privacy. I have advised them that until I am satisfied such things are not going to occur in future (including the removal of all google js bs from their site) I will tell people to not be keen to trust them. I'm sure with the dozen or so people I might be able to add to their customer base of millions, they'll hop to it right away and perform a complete redesign of their systems to make sure google is as excluded as possible..... :)
Besides that, I'm not exactly sure where Nord operates from. They could well be subject to a court order which whilst I do not trust1 any online service I don't myself control, I still would not be happy with anyone trying to track anything I am doing.
1 There are degrees of 'trust'. I do not trust that the information I post to El Reg will make it's way to their servers without someone attempting to look at it, but I do not care because it is for publication. I do not trust that my emails will get through various ISP's without being looked at (pretty sure google et al mine your emails for stuff of interest to them), so I either don't send anything confidential or I encrypt it.
Agreed! The statement is too vague, leaving out the only actual reason to create your own VPN: Access to an encrypted connection directly to your own computer. That may well be exactly what you need to deal with wide open, unencrypted WiFi hotspots. It means you're effectively (if somewhat more slowly) connecting to the Internet via your own home connection.
Meanwhile, actual full VPN services offer FAR more than any personal home VPN can provide. Check out my 5 point VPN advice in the thread for some of those added services.
Agreed! The statement is too vague, leaving out the only actual reason to create your own VPN: Access to an encrypted connection directly to your own computer. That may well be exactly what you need to deal with wide open, unencrypted WiFi hotspots.
That's why I run it as well. Plus it allows me SSH as if I'm on my own network whilst not actually leaving the SSH ports open to the public. I now have the port my VPN is on, and the ports for web and email servers.
I can trust any connection because the VPN is encrypted end-end, and it uses cert-based authentication to connect.
Not at all. That's just one reason, and maybe one of the major use for a personal perspective when you have specific needs, but VPN were created to build a secure communication channel between two endpoints over an insecure one.
You would create a site-to-site VPN between company sites to join networks. You would create a VPN to a remote location to work as if you were connected locally.
Actually, using a VPN to "appear" somewhere else is just a side effect which can be useful in some circumstances - usually to bypass restrictions or avoid to be tracked, not really a broad need... hope it won't become.
"After all, most people in the UK who want to look like they're connecting from the US probably don't own a house in the US they can stick a VPN server in. Or even have the means to run one out of a US-based colo or something"
You can get a virtual server for $2.50 a month with http://www.vultr.com/
When you buikd your server, you can load one of the various install ISOs, or one of your own, or even install a 'pre-installed' openvpn ISO.. It's virtually point-and-click to get running, but yet it's your own machine with it's own ip, and root access etc.
Generally faster than using a more expensive 'paid vpn' service.
(I'm not involved with them - I'm just a happy customer of some of their other services)
Setting up your own VPN might look like a great solution but it is not as clear cut. For a start you probably end up renting a "machine" somewhere for always-on connectivity and a fixed IP address which will cost more and/or also have the question of who has physical access to it.
Then you have the privacy issue that if its your own machine you have no plausible deniablity, whereas a shared VPN provider has many customers with the same apparent IP address. Finally you have the other reason that many folk use a VPN - to avoid geoblocking etc, and if you want the same you might need to set up hosted machines in a few countries at some cost and, again, the issue of trust in those.
So while you are putting a lot of trust in your VPN supplier you might still be better with a third party providing you take a bit of effort to select one that suits your use-case and are willing to pay for it as somehow every service has to be paid for...in money or in privacy.
There is a good case for using the home adsl with its changing dynamic IP if you want to have a randomish network presence.
.. as long as you know that dyndns is going to charge for its services now, and your router needs to be offline for quite some minutes to pick up a new DHCP lease on reboot. I used to have it on a timer so it would reboot at night after 15 minutes downtime.
"Setting up your own VPN might look like a great solution but it is not as clear cut. For a start you probably end up renting a "machine" somewhere for always-on connectivity and a fixed IP address which will cost more and/or also have the question of who has physical access to it."
For starters you may already have a router capable of being a VPN concentrator already. If not then DD-WRT, Tomato, pfSense, Netgear, Draytek and many others can. You do not need a static IP either - there are loads of dynamic DNS operators available. Most routers will have a built in client for DDNS as well.
So, no: don't think you should rent a machine in the cloud unless you know what you are doing. Subscribe to /r/homenetworking on Reddit or the pfSense forums or whatever and find out how to get your home network in shape first. The only reason I can think of to not host your own VPN at home is if your ISP blocks all inbound access.
1) Lots of ISP's (at least over these ways) do static IPs, or ones that don't tend to change, without charge (or with a nominal charge). I don't recall when my ADSL IP last changed but it has been more than 2 years.
2) If you don't use it for nasty behaviour, you don't need 'plausible deniability'.
2a) Can be aided by letting others use it if you're on Fibre. Unless you can pay your VPN provider in cash, there is potentially a paper trail. And if enough of a VPN's customers are acting nefariously, they may get a 'purchase order' from a government department knowing for buying rubber hose by the kilometre.
3) Vulture (that someone else mentioned in this thread) charge $2.5(us?)/month per instance, and you can set them up in a number of different countries if you wish - just from looking at their page for a few minutes.
So I can leave the following video running in an endless loop to annoy them.
(It's the Monty Python "I like Chinese" clip just in case it's blocked by your particular VPN exit node.)
I tried piping various porn clips instead but Google got kinda pissed that they were getting a few extra petabytes of traffic from a single (VPN) source. Bastards!
Having worked with various VPNs for years, here are some critical tips:
1) Investigate any/all VPNs you're considering before using them or buying into their service. It doesn't matter if they're free or paid. They may be brilliant, or they may be outright criminals.
[I bought into one VPN that was part of a 'bundle' of software and services that turned out to be a 100% fraud. They were great and sprucing up their website to look professional, but their service was literally non-existent. It never, ever worked for anyone. I was kindly given my money back by the bundle provider.]
2) Make certain that the VPN service logs nothing. Nothing. Any logging at all for any period of time, no matter how brief, means your activities on the Internet can and will be handed over to any interested authority or marketing organization. Expect it. Some VPNs are infamous for lying about their logging behavior. PureVPN is one of them. The fact that they're located in China (yes, Hong Kong is part of China) is bad enough. That they lied to all their customers and turned over secret logs to requesting authorities knocks them out of contention.
3) Never use a VPN service that resides within the 'Five Eyes' countries. They have a pact to share among themselves all citizen behavior on the Internet. Supposedly, that is limited to inter-country Internet activity, versus intra-country activity. But proof provided by Edward Snowden proved entirely otherwise. The Five Eyes countries are:
- New Zealand
4) Be certain to look into the verified SPEED (bandwidth) quality of each VPN as well as its list of available EXIT NODE countries on the Internet.
- The speed you need is dependent upon the work you need to do on the Internet. Email needs little bandwidth. Video uploading requires maximum bandwidth.
- Your required exit node on the Internet is also dependent up on what you need to do on the Internet. For example, nearly every country blocks access to copyrighted material available within their country (with some very kind exceptions of international news services, etc.). Therefore, if you need to do some work in a particular country, you may be entirely blocked from accessing resources in that country if your listed source IP address is outside that country. Using an Exit Node via a VPN that exists within that country may solve the problem.
5) Always use a full VPN service when you're connecting to the Internet at a wide open, unencrypted WiFi hotspot. That may include your library, your local coffee shop, your village's free WiFi service, etc. If you don't have to use a password to get into that service, you're wide open to surveillance and robbery of your unencrypted data. Take this very seriously!
The VPN business is currently full of crooks and liars as well as brilliant, thoroughly respected providers, free or paid. It doesn't actually matter.
One FREE VPN provider I vouch for is ProtonVPN out of Switzerland. The free version of their VPN may be all you want or need. But they have higher tiers of service for professionals and those with wider requirements. I also recommend their FREE encrypted email service, ProtonMail, accessible via the web.
" If you don't have to use a password to get into that service, you're wide open"
Even if you do have to use a password to get on, you're still probably wide open.
Pub wifi as an example - a shared password that gets you encrypted as far as the WAP, but any other connected computer is likely to be able to ARP-spoof etc, let alone the WAP being connected to a gateway that's unknown.
Or, on a simpler level, "The Cloud" style hotspots where the WiFi is open and the password is entered on a web page before granting you internet access. The key here being that the WiFi is open, so snooping and interception at that level is trivial.
Even Switzerland, unless you're one of their citizens, or happen to store several millions there, will happily sell you if it's in their interest.
You may want to learn German/French/Italian then and actually read their laws. There are caveats when you store data there (for instance, if you're a foreign company just hosting your data in Switzerland it still remains under jurisdiction of the country of origin - little gotcha that few know about), but in general you can use Swiss law to protect your data.
However, gotcha #2 is, of course, that that doesn't stop your local authorities from issuing a warrant demanding your data - irrespective of where you have it stored. It's up to you to take the gamble that they don't know about your data in Switzerland, but even the most basic surveillance would show interaction with a Swiss provider - unless (and here we circle back to the original topic) you have a trustworthy VPN and your traffic drowns in the volume of all other connections originating from that exit point.
I also recommend their FREE encrypted email service, ProtonMail, accessible via the web.
That didn't quite work IMHO. The idea is OK, but usability sucks so I had people revert back to other resources for communication. It's OK for people with a technical inclination but, in my experience, non-techs quickly tire of the effort involved.
I've had no trouble. It runs on a small laptop (Dell D630) in the cupboard my router is in, with it's own sub-domain, and I use cert-based authentication.
Pi-Hole helps a lot in keeping nasties out as well.
Makes using outside networks a lot safer, I know if I am at a friend's that my data is safe from their hands. Same for from a cafe, though I am much less likely to do my online banking even then (even though I can verify that the tunnel is encrypted over and above the HTTPS to the bank).
When a friend was in hospital recently we also had his system using it. Noted the hospital had blocks on the usual VPN port so we moved it - big advantage with home-grown.
It takes minutes to set up, and so far I've used it with Debian and Devuan based systems, Android (4&6 via the OpenVPN app) and even Win 7. Only issues I had was Devuan not using the server for DNS, which came down to a particular package not being installed that was used to update /etc/resolv.conf.
(Does pay to set the OpenVPN app to block all traffic on a disconnect, just in case it disconnects on your phone just before you start your banking session while at the local watering hole).
...on the mobile and tablet market due to so many people that are on those wanting shit for free. "I don't want to pay for Candy Crush. Pay for a game? Why would I do that"......"Oh it's so annoying you have to wait for a day to play the next level of Candy Crush. All I'm seeing now is adverts. There should be a way to stop these adverts."
Pay for the fucking thing!*
*I'm aware rouge apps that you pay for exist on said platforms so you could still end up in China.
Indeed, 'free' VPN services encompass a range from well meaning to scam. Distinguishing among them may nigh be impossible. Also, as noted elsewhere, commercially available VPN services must be taken on trust too; in this regard, the guiding principle is reputation and no known affiliation with 'Five Eyes', NATO, or Russian Federation nations, and no association with China and its like.
It's the use to which VPN is put that matters when considering security. I suggest most private users are seeking to avoid copyright trolls when BitTorrenting, to bypass blocks set by their home nation, and to persuade Netflix into thinking they reside elsewhere. In these instances it really wouldn't matter who else is aware of one's activities. The feed could go directly to GCHQ, the NSA, or the FSS, on it's way elsewhere, and nobody in those agencies would give a damn about it. Even if Hollywood's MPAA were to set up a honey pot VPN service it wouldn't be able to use information gathered for prosecuting individuals.
Commercial VPN of good standing suffices for contact with banks when using free WiFi but HTTPS alone ought be enough in an ideal world.
It's in areas of criminality of interest to state authorities, and decent citizens too, that VPN, Tor, and other obfuscation methods become less trustworthy. Even mixing modalities of obfuscation offers no guarantee of anonymity. Yet, it should be borne in mind that money launderers, sellers and buyers of illicit substances, terrorists, and similar evil operators are generally caught through traditional policing/security investigative methods with IT surveillance merely a sometimes helpful addition; people are caught through careless release of information and when their nefarious activities impinge on the physical world as through use of postal services.
Good thing I don't have to worry about VPN's since I can appear to be from ANY country I want since our company has Carrier Class Routing and Edge-Server capabilities AND I can use the 10 megabit satellite connection ANYWHERE in the world with the Satcom modem on my laptop. This means I can be in Egypt but look like I'm in New Zealand!
Thank You to my filthy rich, utterly techo-tastic "employer" who has either IN-HOUSE DESIGNED/BUILT or BOUGHT every major computing system and communications gadget known to human kind!
P.S. Sorry for blittering your $35,000 lens into the Blarney Stone...I promise I will TRY to not wreck the next lens until at least 2020!
Biting the hand that feeds IT © 1998–2019