Honestly, nothing holds up to Mullvad [1]. They don't even take an email address while creating accounts, and you can pay easily with Bitcoin or even with cash mailed to them.
I'm not affiliated, just a very happy customer.
Mullvad is also who Mozilla trusts for the Mozilla VPN [2]. You can sign up with that if you'd like Mozilla to get a cut.
Don't use their service but they do really come across as one of most trustworthy out there. Have a Protonvpn account for getting around a geoblock once in a blue moon, personally don't have much use for commercial vpns.
"Honestly, nothing holds up to ... (VPN provider)"
If you're serious you send a machine, that you own, to a colo provider and you register for service with a corporate entity that you created for just that purpose.
Your name exists nowhere and ... regulatory inquiries are directed to your corporate contact email.
Or, if you feel like that's a heavy burden and you don't attach any value to the physical machine (some old 1U, right ?) then you can just sign up under an assumed corporate name with some colo provider that doesn't care that it is, or is not, an actual corporation and you can pay with your non-AMEX credit card[1] using whatever Mickey Mouse name you feel like.
Trust me - it won't take long to find someone who will take your money.[2]
For practical purposes the only people who can penetrate a simple vpn service are potentially a government order to start recording your traffic that is legal based on jurisdiction or a dedicated hacker.
It looks to me that NEITHER would be prevented by you using a colocated machine. It's not like your colocation provider is incapable of compromising you and probably would if ordered to do so in a jurisdiction where this act would be legal.
A hacker presumably isn't concerned about whether they are attacking a machine on your desk or in Nebraska.
Over a 5 year time frame your colocated machine would presumably run you between $6600 and $19000 and would have bought you zero additional privacy compared to paying $360 for a vpn in the same jurisdiction.
The problem is more that a commercial VPN changes the threat model from an individual one to a collective one.
Very likely, no one cares about me enough to put effort towards specifically monitoring or hijacking my internet traffic.
However, someone puts out a shingle as NordVPN or Mullvad or whatever else, and starts advertising VPN services to the world.
That VPN provider has a finite number of endpoints / egress nodes, and those become a very high value target. Now my threat model has to include not just targeted attacks at me, but general attacks on the VPN provider.
An analogy would be, if you have 1 million dollars worth of real-world valuables (artwork, say), it's better to store it in a nondescript warehouse than a warehouse with a neon billboard out front that says "BOB'S HIGH-SECURITY WAREHOUSE FOR EXPENSIVE VALUABLES". The latter is painting a giant target on itself for anyone interested in stealing stuff.
I think the analogy fails because thats valuable isn't a good that it is simply retained or lost. If your vpn usage for example is downloading movies the fact that bob the hacker knows you downloaded inception isn't very worrisome. Likewise with keeping your personal traffic personal instead of having it show up on your bosses network who cares if bob has it.
If the vpn provider doesn't keep any logs your total exposure is that they may start collecting logs of traffic for the duration during which they are compromised. If they are attentive and competent this either will never happen or it will be for a short duration. Again this breaks the example of valuables in storage.
In fact a VPS or indeed any host actually has the same problem you describe in that a host is a bigger target than you and therefore more valuable.
On the other hand for most people the differential between know how between you and professionals is probably sufficiently useful that you are less likely to get hacked with them than on your own. After all nobody has to actually target you in particular they can look for vulnerable hosts in an automated fashion.
I don't think you have provided any substantial argument for most commercial vpn users to switch. I feel like for most threat models its a more than acceptable tool.
If just you want to torrent the last season of game of thrones (why would you?) then a reasonably reputable no-log vpn service will probably do a perfectly fine job.
If you want to access non-https websites from coffee shops, buy a $5/mo vps from amazon/prgmr/digitalocean/whomever and tunnel through it.
I don't see a situation in which the dedicated colocated hardware is the right choice.
If you're super super serious, can you even trust Tor? I personally give it better than 50% chance that some consortium of goverments control the majority of tor exit points but won't reveal it for small cases so as not to reveal this trick.
Yes but tor is slow, making it slightly less practical than the tunnel through the VPS. It also doesn't hide your traffic from the exit nodes, who may be less trustworthy than a VPS provider if you are doing strictly legal things.
(On the other hand, if you want to perform a public service, using tor is a good way of masking the traffic of people who actually want to use it to disseminate sensitive information.)
The premise of Tor is exactly that you need not trust any of the nodes. The only exception being, all of the nodes in your path being controlled by the same entity. But an exit node knowing that an anonymous user has an encrypted connection to a specific site is usually not a privacy concern.
If the website you are accessing is unencrypted then the exit node knows the entirety of your communication with it. (It doesn't know your IP; but small consolation. You're still vulnerable e.g. to injection.)
This is far less anonymous than sending cash in the mail to Mullvad. There is a paper trail leading back to you when you register the corporate entity.
From a security perspective, this is equivalent to renting a dedicated server. Once it leaves your possession, it isn't really "your hardware" anymore from a data security standpoint.
Also, as others have pointed out, all you have to do is sniff the traffic going in to the machine, something both the colo and ISP and upstreams are trivially able to do to obtain your residential or GSM IP, linked to your name/identity.
This is bad advice. Mullvad is like five bucks and offers equivalent privacy.
I think it's at least conceptually possible to pre-load a machine with software that doesn't pass any plaintext between you and it, and which the software image can't be modified without you knowing it.
I don't know about obscuring the fact of the connection between you and it though. Tor isn't enough by itself.
> which the software image can't be modified without you knowing it.
Nah. If you're worried about the kind of attacks that necessitate sending your own hardware, then, regardless of who owns title to the device, the firmware being replaced to snoop on or alter what is actually in RAM is in-bounds.
There are lots of ways of hiding persistence on a system, and decades of research along these lines. Once it leaves your possession, there's not much you can do to ensure that it still has unmodified code on it (assuming standard PC hardware).
Really though this isn't the threat model at all for someone who just wants to use a VPN, I only went there because the comment senselessly advised shipping your own hardware to the colo. That's the same privacy as using the colo-owned machine, which, for a VPN, is the same privacy as using a generic $5/mo VPN service, as in all cases the upstream can be trivially monitored (even in the case where it's your own, tamper-evident HSM-whatever remote attestation hardware).
Then why can't the entire FBI break in to an ordinary iphone, except by virtue of finding errors in implementation rather than the fundamental invalidity of the concept of secure hardware?
Why don't they just desolder the cpu and wire up an emulator and laugh at all those secure enclaves and encryption?
That whole thing was farce; the FBI got the unencrypted backup data from Apple. iCloud Backup is on by default for every iPhone, and is effectively unencrypted, and sends pretty much the entirety of the device's data to Apple every night when plugged in (using Apple keys).
Apple can decrypt the whole thing without any input from the user: they don't need their phone, they don't need their password, they don't need their keys.
The whole thing was a carefully orchestrated media dance designed to make it seem like the feds can't get the data off of iPhones. Not only do they have access to almost all of the data on almost every iPhone, they have access to it without a warrant or probable cause thanks to the FISA Amendments Act. Apple compromised over 30,000 accounts for the US government without a warrant in 2019, per Apple's own transparency report.
And with Mullvad you can just make a one-time payment of EUR 5.00 if you need to use it for 30 days. No auto-renew crap / commitment to long subscriptions to deal with.
Mullvad is the service that Firefox use, I took that as an endorsement and tested them, it worked well (on Linux, which has a command line controller for a service that is installed) once you've got used to how it's set up. They seem to do anonymising thoroughly. IIRC you can even mail them cash.
Edit: I should say, I used their support email, they responded pretty quickly for a cheap service, offered a beta client and that fixed the issue (I'd actually tried the beta by the time I got the email back, but still).
I totally understand using a VPN service if you're trying to access the internet from another location, e.g. to get past the China firewall or get access to content from a different copyright jurisdiction.
However, I don't fully understand the privacy argument. It would seem to be that instead of handing over your entire DNS query history and unencrypted HTTP history to your own corporate IT department or the Starbucks Wi-Fi router, you're now handing over all that data to Mullvad. Are people okay with that?
I usually create my own VPNs. I realize that involves handing data over to AWS or whoever I use for my servers but I somehow feel slightly better about that than handing it over to some Mullvad dude.
Google tries to impose its VPN on Android too and my first insinct is: do I really want all my traffic going through Google?
> However, I don't fully understand the privacy argument. It would seem to be that instead of handing over your entire DNS query history and unencrypted HTTP history to your own corporate IT department or the Starbucks Wi-Fi router, you're now handing over all that data to Mullvad.
Well, you're of course right that the privacy argument for VPNs doesn't make a lot of sense. But there's a whole industry living from people believing it does, and ad partners of that industry willing to proclaim that VPNs are essential for your personal privacy.
The VPN providers promise not to keep logs. They go to different lengths to prove this claim to you.
If you do believe that, it's more private. If you don't, they still might have access to that data. Otherwise AWS or someone else will.
However, even so it will be more difficult for third parties to track you since you will generally not be assigned a dedicated IP address. You are probably NATed with a bunch of other customers from all over the world. If you set up a VPN in a VPS you'll most likely have a permanent public IP.
Personally, I believe that Mullvad is truthful about its privacy claims, but I'm not a customer.
Why do you think corporate IT or Starbucks or AWS is more trustworthy than "some Mullvad dude"? Isn't it possible that Mullvad is more trustworthy? Isn't it more possible to know about Mullvad than what's going on at Starbucks or AWS?
I don't consider corporate IT or Starbucks to be trustable.
AWS I would "trust" slightly more only because I get to implement the infrastructure and among the sea of trillions of requests they serve it would be a bit more of a challenge for them to figure out which of those requests are VPN browsing data and clean that data. I can also mildly obfuscate and pollute requests using their own infrastructure and make it hard for them to extract anything meaningful about me unless they really wanted to.
Basically AWS isn't already set up as a VPN service, so they'd have to put in a nonzero amount of time to extract, parse, collate, and analyze VPN logs, let alone figure out which instances among their billions are actually VPN instances, especially if I run a non-standard, modified protocol. Unless I was some Snowden-like target it's unlikely they would waste a couple weeks of engineer hours to wireshark and clean the data from my instances.
Mullvad on the other hand handles 100% VPN browsing data so if they unscrupulously keep logs, they would have clean logs to begin with, nicely organized by username, which is scary. They wrote the client and they control the protocol. They also rent their instances from various providers (the names of which they disclose on their website) and I could presumably just bypass them and rent an instance with one of those providers directly.
Why would AWS need to Wireshark your traffic? If law enforcement came to them with IP logs from some target machine, it's just a matter of looking at AWS outbound NAT logs to find your account.
Of course, either approach should work if the goal is merely to disassociate your traffic from your identity in order to keep marketing companies knowing your interests. Your approach is more provably reliable, but some VPN providers do provide 3rd party audits and such which seems a reasonable way to establish trust.
Other than that, I think it's mainly geoblocking evasion, which might have overtaken piracy recently as the most popular reason for using a proxy service.
Any use where the slowness of tor is a dealbreaker, and where criminal liability is not so high that law enforcement will attempt to unmask proxy users in realtime.
The privacy argument simply haven't stood the test of time. However, the first reason is still valid: some companies think they can segregate people based on their IP address, and VPNs offer a simple solution to that - even if it often doesn't work, and in many cases becomes a mouse-and-cat game with the service provider.
This is my feeling too. Also, I know for a fact that my ISP would be watching me browse (thanks for nothing, Ajit Pai!), while a VPN at least promises not to. The uncertainty of whether they're telling the truth on that is still better than knowing 100% on the ISP side.
I'd say it's probably worse privacy wise, corporate IT or your ISP are at least accountable since you share the same jurisdiction. Some dody VPN company which you should prefer to be overseas if your main objective is piracy is much less accountable in regards to your data.
It is interesting to me that the Mozilla option is cheaper. (5 USD vs 5 EUR)
Also it bugs me that there are 5 "Try" buttons on the Mozilla site before they even show you the price. To be fair it does show you the price on the credit card page after you log in but still feels a bit scummy to me. Mullvad puts it in your face above the fold.
The thing is, it costs >$5 per month. I pay $2 for NordVPN.
I'm not expecting privacy, I just want a way to occasionally geo-hop to other countries, for streaming video and to test if a problem is related to my IP/location or not. And occasionally to have some minimal level of protection in a coffee shop.
You can't use any commercial VPN service and expect privacy. Those are only good for bypassing geographical restrictions. If you want privacy, buy a VDS and host your own VPN server. It'll cost about the same, and you can use it for other things at no additional cost.
Seems like it'd be easier to "unmask" someone's VPS account than figure out who someone is when they use a paid VPN service.
If you're worried about a government, your personal info from a VPS provider is just one court order away. If you use a VPN service that actually is serious about not keeping PII or logs, you might fare better there (they might be coerced to log future traffic of yours, but at least your prior activity is still secret).
If you're worried about ad tracking, a VPN just doesn't do you much good period: ad tracking is sophisticated enough to not care about your IP address.
But all of this "VPN for privacy" stuff is predicated on trusting faceless third-parties to help keep you safe, so it's generally a losing proposition. Agree that the only "safe" thing to use a commercial VPN for is to bypass geographical restrictions.
Every form of security has different threat models and appropriate countermeasures.
If you are trying to avoid your ISP knowing you are downloading movies a VPN is a good solution.
If you don't want others in the coffeeshop to be able to snoop on remaining unencrypted http traffic. VPN
If you don't want your employer to have a list of your web traffic from your personal device. VPN
If you don't want a service which you don't pay with a credit card to have a way to connect your pseudonym to your real name. VPN
If you want to opt out of some degree of dragnet surveillance/data collection via parties like your ISP. VPN
None of these are incredibly uncommon. VPSs work great for most scenarios. If your actions are dangerous to your continued existence or you need to keep your own government from watching you then you probably need to adopt far more stringent measures but I feel this is vastly less common than the above situations.
Perhaps it depends on the definition of privacy. Now your identity is tied to any and all traffic to/from that IP address for the duration of ownership.
If I use a public WLAN, a VPN like Mullvad is going to gain me privacy and security. Furthermore, I would get (for good or bad) "mixed" with the rest of the users (although in my case this does not apply as I use WireGuard to my home connection). If I use mobile, a VPN makes MITM more difficult.
If I pirate using a VPN in a country hostile to mine, the local RIAA/MPAA can't do anything. They probably already can't when VPN is in same country. A VPN doesn't stop a determined adversary, but if you worry about these you should probably use Tor or something like that, possibly without going back to clearnet.
While your stance is a good wake-up call, and perhaps a decent rule of thumb the above are reasonable exempts.
Except most providers worth their salt will require your credit card/paypal for a subscription. This adds another potential loophole for de-anonymization. At least with Mullvad you can pay in crypto or even mail them cash. Though it all depends on what you want to achieve I'd say a trusted VPN is much better than a VPS, esp one located in US or any of the five eyes countries.
Does Mullvad allow me to connect using wireguard without pasting my private key into their website? Their website says the private key never leaves my browser and is only used to generate the configuration file, but all I really want to do is give them a public key and I suppose let them know which server I'll be connecting to. I can put together the config file by hand myself, thanks, I shouldn't need to ever copy the private key into my clipboard, let alone paste it into a browser.
How do they take bitcoin? I’ve seen various invoicing systems that completely break in Tor+JS and in all noJS environments.
If they shoehorned bitpay in, its probably not tapping into the utility of having bitcoin payment options.
I like paying invoices with Monero over Tor, while the merchant receives bitcoin that a third party pushed to them. I’ve been doing that for at least half a decade.
But if I can’t access their invoice they just lose a customer.
They show you a BTC address and you send BTC to that address. Whatever arrives at the address is credited to your account. No "invoicing system" involved.
Current BTC fee seems to be just over $1, not $20.
I don't think MorphToken would work because as far as I can tell, they have no way to set a fixed amount of the destination currency.
Other providers like ChangeNOW do offer that but they have much higher minimums, something like .003 BTC, which is obviously not useful for a $5 payment.
> Current BTC fee seems to be just over $1, not $20.
Really? My Ledger app says 112 sat/byte, which comes out to $8 for me, and I'm pretty sure they were higher a few weeks ago, when I checked. Am I way overpaying?
> I don't think MorphToken would work because as far as I can tell, they have no way to set a fixed amount of the destination currency.
That's too bad, XMR.to was really useful for this...
> Really? My Ledger app says 112 sat/byte, which comes out to $8 for me, and I'm pretty sure they were higher a few weeks ago, when I checked. Am I way overpaying?
Hm, maybe? I think those clients usually just use the average fee paid in recent transactions, which will result in overpayment if everyone else is doing it too.
The real question, "how low can I set the fee and still have my tx confirmed," is given an attempt at an answer by https://fees.watch, which is what I checked -- it showed less than $2 for every speed at the time.
To be honest I don't actually use Bitcoin, but I do use Ethereum regularly and I use this fees.watch site for that. My transactions almost always get confirmed exactly when expected, and it's almost always cheaper than whatever the wallet suggests.
I used to use Mullvad but got sick of having to pay them via Bitcoin (or Bitcoin Cash, lol). I emailed them about accepting Monero directly and they said something like "we would like to but it's too much work." Ended up switching to IVPN, which actually costs more but is worth it for me not to have to deal with those shitcoins.
I really love paying with Monero as well. Fast, super cheap and anonymous. It's definitely my favorite coin to use (since I don't like speculation). I just wish it were more widespread as a payment option.
Which exchanges? I'm only aware of Bittrex, whose Monero volume was insignificant to begin with. And what evidence is there that government pressure had anything to do with it?
As far as I can tell, MorphToken doesn't allow you to set a fixed destination amount. In other words, when going XMR->BTC you can't set or know the exact amount of BTC that will be delivered.
ChangeNOW allows that, but has a much higher minimum, .003 BTC or so. Not useful for small transactions.
And all of these services take many minutes to complete the exchange, by which time the invoice you're paying might expire. AFAIK xmr.to was the only one that did instant exchange with zero confirmations for smaller amounts.
Shadowsocks always used to work well enough to evade the GFoC if you hosted your own VPS. Which is simpler than say strongSwan - and IPSEC gives the game away anyway.
Nowadays its probably best to set up your own VPN server for that. Back when I lived there, most VPNs got occationally blocked, then they would get new IPs and work fine again. But from what I heard, it got way worse since Winnie the Pooh took over.
Most VPN services get blocked eventually and then play cat-and-mouse to get themselves back up, so the service is overall unreliable.
The China firewall also does some "intelligent" blocking of common VPN protocols by fingerprinting their traffic patterns, handshakes, ports, and other things.
If you set up own server, it helps to modify the protocol or wrap it in a proxy that obfuscates the VPN traffic as something innocent-looking. Basically, if you implement something like TCP/IP-over-cat-picture-jpeg-files-on-HTTP-port-80 you'll generally have a rock solid experience. (That's not exactly what I do, but it's along the same lines of thinking, you get the idea, be creative.)
Unfortunately I'm not going to provide code to do this though because that makes it vulnerable to its traffic pattern being fingerprinted and blocked.
Also, avoid AWS. Using slightly lesser-known IaaS providers helps.
Interesting thought. A little part of me want to make a TCP-over-HTML cat pictures wrapper. Maybe put the payload in every fifth cat pixel or something. Should work for bmp:s right.
I am not sure using your own is a good idea. Every time I was in China for the last 3 years they would quickly find and block my small startups VPN. I was able to send an email and ask someone to move it to a new IP. Now imaging you have your own setup and they block it, as well as access to the provider you used to create the VM that runs it. Using something like Nord or the like at least you know that they will keep changing the IPs. Your mileage might vary, but this was my experience.
I guess if you really wanted to be clever you could set up a number of IP addresses and if your VPN doesn't see you login for, say, a day, switch to another IP. Or just give your VM 14 addresses and rotate them as you need. For a 2 week trip/14 addresses this would cost you about $26 on AWS.
Your activity advertises that to anyone who can see the traffic. Even if you use a popular port, the traffic volume and timing easily stands out — and if you’re actually in China ask what they’d conclude from a client which does no other traffic except for that one IP/protocol/port, unlike basically every other device.
I'm not affiliated, just a very happy customer.
Mullvad is also who Mozilla trusts for the Mozilla VPN [2]. You can sign up with that if you'd like Mozilla to get a cut.
[1]: https://mullvad.net/ [2]: https://vpn.mozilla.org/