Please log in to view images

« prev   random   next »

5
0

How to build your own VPN if you're (rightfully) wary of commercial options

By anonymous follow anonymous   2017 May 26, 11:17am 1,198 views   14 comments   watch   nsfw   quote   share    


With a Congress that has demonstrated its lack of interest in protecting you from your ISP, and ISPs that have repeatedly demonstrated a "whatever-we-can-get-away-with" attitude toward customers' data privacy and integrity, it may be time to look into how to get your data out from under your ISP's prying eyes and grubby fingers intact. To do that, you'll need a VPN.

The scope of the problem (and of the solution)

Before you can fix this problem, you need to understand it. That means knowing what your ISP can (and cannot) detect (and modify) in your traffic. HTTPS traffic is already relatively secure—or, at least, its content is. Your ISP can't actually read the encrypted traffic that goes between you and an HTTPS website (at least, they can't unless they convince you to install a MITM certificate, like Lenovo did to unsuspecting users of its consumer laptops in 2015). However, ISPs do know that you visited that website, when you visited it, how long you stayed there, and how much data went back and forth.

They know this a couple of ways. First, if your website uses Server Name Indication (SNI) to allow multiple HTTPS sites to be served from a single IP address, the hostname is sent in the clear so that the server knows which certificate to use for the connection. Second, and more importantly, your DNS traffic gives you away. Whether you're going to Amazon.com or BobsEmporiumOfDiscountFurryMemorabilia.com, your computer needs to resolve that domain name to an IP address. That's done in the clear, meaning it's easily intercepted (and even changeable in flight!) by your ISP (or any other MITM) whether you're actually using your ISP's DNS servers or not.

This is already enough to build a valuable profile on you for advertising purposes. Depending on your level of paranoia, it's also enough to build a profile on you for blackmail purposes or to completely compromise your Web traffic if you aren't incredibly careful and observant. Imagine an attacker has the use of a Certificate Authority to generate their own (valid!) certificates; with both that and DNS, they can easily redirect you to a server of their own choosing, which uses a certificate your browser trusts to set up an invisible proxy between you and the site you're trying to securely access. Even without the use of a rogue CA, control of your DNS makes it easier for an attacker to use punycode domain names and similar tricks to slide under your radar.

Beyond that, any unencrypted traffic—including but not limited to HTTP (plain old port 80 Web traffic), much peer-to-peer traffic, and more—can be simply edited on-the-fly directly. Which, may I remind you, ISPs have repeatedly demonstrated themselves as perfectly willing to do.

You can't protect yourself from all potential attackers. Unfortunately, an awful lot of the critical infrastructure of your access to the Web is unencrypted and really cannot be secured. As a person with limited resources who can't afford to consider personal security more than a part-time job, you (and I) are unfortunately closer to Secret Squirrel than to James Bond. You can, however, move your vulnerable, unencrypted transmissions out of your ISP's reach. So that's what we'll aim to do here.

Full Article: https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/?comments=1

NOTE: Somewhat long read, technical and if you are not into this type of thing - nerdy and boring.

#VPN #Networks #Internet

1   NuttBoxer   ignore (2)   2017 May 26, 1:12pm     ↓ dislike (0)   quote   flag        

VPN is a start, private ISP's is the endgame. Leave their decrepit asses where they belong. Install a short range antenna in your backyard, and start your own internet. Or repeal government regulation that shuts down anyone else's attempt to start an ISP.

2   curious2   ignore (0)   2017 May 26, 1:17pm     ↓ dislike (0)   quote   flag        

Wouldn't it be simpler to use Tor?

3   NuttBoxer   ignore (2)   2017 May 26, 1:23pm     ↓ dislike (0)   quote   flag        

curious2 says

Wouldn't it be simpler to use Tor?

TOR is not completely untraceable. If you know the start and end times someone is using the network, you can figure out what they were doing. I don't think the internet's inventor pictured a world where Comcast throttles our downloads, and Cox red-directs our tor traffic to generate bad responses using their DNS. And yes, I verified the last actually does happen when I had to switch DNS to google to get my relay working.

4   jackieplatt   ignore (0)   2019 Jul 6, 11:26am     ↓ dislike (0)   quote   flag        

curious2 says

Wouldn't it be simpler to use Tor?



Actually it would make sense to simply use a reliable paid service like

expressvpn

or what not,
why all the hassle of setting up your own VPN?... I dont get it.
5   HEYYOU   ignore (47)   2019 Jul 6, 6:37pm     ↓ dislike (0)   quote   flag        

anonymous says
With a Congress that has demonstrated its lack of interest in protecting you from your ISP,


If people would vote for Reps & Dems,the problem would be fixed.
Stop voting for ISIS,illegal rapist & murderers,brown people,women,LBGTQ, they are the problem with Congress.
6   epitaph   ignore (0)   2019 Jul 7, 1:14pm     ↓ dislike (0)   quote   flag        

curious2 says

Wouldn't it be simpler to use Tor?



You can get flagged pretty easily for using a Tor exit node.
7   Patrick   ignore (0)   2019 Jul 8, 10:25am     ↓ dislike (0)   quote   flag        

jackieplatt says
why all the hassle of setting up your own VPN?... I dont get it.


The reason is so that commercial VPNs cannot spy on your if you set up your own VPN.

I think it would be very naive to think that commercial VPNs would not sell data about you.

So if you want real security, you have to go to the hassle of setting up your own.
8   Blue   ignore (0)   2020 Jan 15, 8:38am     ↓ dislike (0)   quote   flag        

Free VPN (basic).
https://addons.mozilla.org/en-US/firefox/addon/setupvpn/
It only works in firefox browser.
9   TEOTWAWKI   ignore (5)   2020 Jan 15, 11:55am     ↓ dislike (0)   quote   flag        

Blue says
Free VPN (basic).
https://addons.mozilla.org/en-US/firefox/addon/setupvpn/
It only works in firefox browser.


How do we know this thing is legit? It's not even verified by Mozilla.
10   Hircus   ignore (0)   2020 Jan 15, 6:58pm     ↓ dislike (0)   quote   flag        

People have been writing scripts to make setup of a vpn server ez for years.

I've used this one a couple times: https://github.com/Nyr/openvpn-install but there's others if you search for "openvpn install script"

It's basically a 1 liner to install and setup your own vpn server:

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh


It will prompt you for a few things, but it's very very easy. It will then generate a .ovpn file which you then download and import into your vpn client, and away you go.

I've been considering purchasing a commercial vpn service though. When I travel, I like to use public wifi when possible, but VPN is a total must when using other people's wifi unless you love being hacked. While my own VPN server has worked well for me, it's only a single node, and a commercial offering usually has tons of servers for you to choose from, which allows you to get better performance by using a geographically nearby server.

Soon, I will try wireguard - the new VPN protocol that has a very low encryption overhead, so a weak cpu (like the cpu in your phone) can support fast download speeds, which is a must for people like me who sometimes work on the road.
11   HeadSet   ignore (3)   2020 Jan 16, 11:32am     ↓ dislike (0)   quote   flag        

Is this worth anything? Or just another DuckDuckGo?

Verizon introduces privacy-focused search engine
Verizon has launched privacy-focused search engine OneSearch, which does not track or store personal or search data -- or share it with advertisers. OneSearch displays contextual ads based on factors such as search keywords and IP address location, rather than cookies and browsing history.
12   noobster   ignore (0)   2020 Jan 16, 4:04pm     ↓ dislike (0)   quote   flag        

HeadSet says
Is this worth anything? Or just another DuckDuckGo?

Verizon introduces privacy-focused search engine
Verizon has launched privacy-focused search engine OneSearch, which does not track or store personal or search data -- or share it with advertisers. OneSearch displays contextual ads based on factors such as search keywords and IP address location, rather than cookies and browsing history.


Verizon has no credibility in my book

https://www.forbes.com/sites/robertlenzner/2013/09/23/attverizonsprint-are-paid-cash-by-nsa-for-your-private-communications/#26ced24d43cb
13   NuttBoxer   ignore (2)   2020 Jan 16, 4:29pm     ↓ dislike (0)   quote   flag        

epitaph says
You can get flagged pretty easily for using a Tor exit node.


Running Tor browser, and running a Tor relay are very different. If you're just running the browser, you shouldn't get flagged at all, as the point of Tor is to hide your IP.
14   NuttBoxer   ignore (2)   2020 Jan 16, 4:30pm     ↓ dislike (0)   quote   flag        

Patrick says
I think it would be very naive to think that commercial VPNs would not sell data about you.


PIA has court cases proving they don't log, and removed all their servers from Russia a few years ago.

about   best comments   contact   one year ago   suggestions