I’ve read multiple posts where many users have recommended making/hosting your own VPN server. If I build my own VPN server at home, won’t my ISP still be able to view the connections from that VPN server regardless? Wouldn’t that completely defeat the purpose of privacy? Tried posting to r/vpn but didn’t have enough karma.
So there’s two distinct things that a vpn can do. They’re side effects of the fact that a VPN tunnels into a local network from anywhere on the internet.
The first thing, and the main way they’re used, is to provide access to resources on one network from another network. They provide a (usually but not necessarily) secure connection between two distant points. If you are on a public wifi at a starbucks, and you VPN back home, the traffic will leave your device, go through the wifi connection, through starbucks’s ISP’s network, through to your ISP’s network (if different ISPs), into your network, and then will be routed normally. So if you connect to a website over a vpn, the request is routed back to your home VPN, then out to the internet, which would respond to your home network, where the VPN would then send it back out to wherever you are.
If your VPN connection is properly secured, the outside world would only see a connection between the website you requested and your home network, it would have no knowledge of you being out at starbucks. Your home ISP, however, would know that someone from inside starbuck’s ISPs network made a request to your home network. They would also see a connection from your home network out to the internet, and the website’s response to your home network. They would then also see a response between your home network and the same person inside the starbucks network. It’s not hard for them to tell that someone is using a VPN. But they wouldn’t know what information you requested, only that you requested it (assuming the website is properly secured, which is not always a safe assumption).
Starbuck’s ISP only sees you communicating with your home network. Since they don’t control your home node, they are unaware of it travelling out to the web.
So the second use case for VPN’s is anonymization. Since the ISP controlling your home network cant see who made the request, but knows the request was made, they can reasonably assume that since it’s your home network, that its your traffic. If, instead of your home network, you were tunneling into a paid vpn service, whichever ISP controlled their network would only see tons of random connections going random places. It becomes much more difficult to match input traffic with output traffic, and while not impossible, is typically not worth doing unless you’re a high value target. Starbucks’ ISP, in this case, would see you tunelling into a paid VPN service, and nothing more. The paid VPN service, if they don’t keep logs, only sees activity associated with your login credentials. If you pay with bitcoin or giftcards and give no personal information, all they have on you is your IP address.
In the second case, think of the paid VPN service like this: you send two letters in one envelope out in the mail. First envelope contains a name and address, and the second letter is for them to read. you send this envelope with two letters to a company that opens the envelope, reads the first letter, and sends the second letter to the person name in the first letter. If they get a response from that person, they forward it to you. So the post office knows you were sending letters to the company, and they know the company was sending letters to the person named on the envelope, and they know what this company does, but it’s difficult from them to know that you were the one communicating with the person.
You’re confusing anonymity with security. A self-hosted VPN is intended to protect you from sniffing attacks while on public connections. A paid (remote) VPN service is intended to keep you anonymous, especially if you combine it with things like TOR and browser plugins like Ghostery and NoScript.
As long as you don’t even really know what a VPN server is and what it does: please, please do not host your own VPN that is accessible from the internet. First educate yourself about the topic so you can be sure you don’t put your whole home network on the risk.
You can start off by reading the Wikipedia article about vpn and after that some pi-specific tutorials on the topic. After that you can try to set up your own VPN - but don’t make the server accessible from the internet yet (e.g. if you are behind a nat, don’t forward the corresponding port). Only if you are 100% sure that you have a secure configuration, you can also make the server accessible from the internet.
If you have to hide your traffic buy a VPS or buy a VPN service from a provider. The idea is to have a VPN outside your network, otherwise is useless.
A vpn server at your home only makes sense if you are remote using wifi and you dont want them to snoop on your connection. Yes, you are right, this does squat to protect your privacy with the isp. Fact is, theres always someone upstream that can see your traffic thats not encypted like https.
Youll need a cheap vpn, preferably overseas if you want more privacy.
I have good luck with a $5 a month vm running openssh. There are deployment scripts available to make it easier to setup with a wizard.
A paid (remote) VPN service is intended to keep you anonymous,
Except they don’t. It’s all “trust me”. Even some that promise not to log and divulge activity are simply lying to their customers.
There is no anonymity online. At some point, some computer is going to handle your request to look up a website. And that computer is watching what you do, even if it’s on something like Tor.
The way forward, to more closely approach anonymity, which in turn frees people to say what they really think, is a fully decentralized internet, where communication never enters the old centralized internet, but is secure end-to-end by design.
Combining TOR and VPN is a bad idea…
Just curious. Can you elaborate about the security? I use an openvpn so I can remotly access my network without having tons of ports open, and for ads blocking in my mobile. I use 2048bit encryption, configuration made by pivpn. Should I take any extra security measure?
That’s close but still depends on payment. If the VPS is paid for with a credit card, it can be traced back. Maybe crypto currency?
Yeah, that’s why I said “is intended to” as opposed to “will”
Security isn’t something you do once (by installing some software). You’ll have to constantly make sure that everything stays secure. For OpenVPN alone, the follow security related problems have been found: Openvpn : Security vulnerabilities, CVEs.
It’s an option. Many accept crypto currencies. And buy one outside your country.
Also is very important that you secure your server.
Private Internet Access allows payment by gift card. Pay cash for the card.
Okay, and other than keep the device updated and logs visualized, any other measure that are good practices?
If you go to a doctor and he tells that you should be healthy, and if don’t know how to eat well, you should stop eating, you think it is a good recommendation?
Is crypto ostensibly anonymous? I know very little about it.
Noice! To bad I didn’t know about this a few months ago, haha. Gift cards may not be available over the counter in many jurisdictions either though. There’s many at my local supermarket but unsure how many PIA would accept, if any.
What exactly are you trying to show with this comparison? Setting up a publicly available server without knowing how to secure it is more like going climbing without knowing how to use a rope, climbing harness or a snap link… You can always try it but you should probably not go for the biggest rock (the internet) on the first try. And it is always better if you have someone who tells you how to do it properly.
I am not saying he should never have his own VPN server but he should only make it available from the internet once he knows that it is secure.
Yes. For example, some guys stole tons of them, and one know where they are. In my opinion is s pain in the ass to use them, and if you have any problem, say goodbye to all your money.
PIA uses a 3rd party service for the card payments. They’ll accept cards from Walmart, Starbucks and most big chains. I recall that a $50 Walmart card is good for about a year of service.