this post was submitted on 20 Nov 2023
37 points (93.0% liked)

Privacy

32177 readers
395 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I'm shopping for a VPN providers, and really struggling to find a detailed and non-biased breakdown of the various options. A number of years ago, I recall finding an extremely detailed VPN comparison spreadsheet that had 30+ columns, which were contained criteria by which the VPNs were judged both quantitatively and qualitatively. I can no longer find that table, so I suspect it has been removed, but I did find the less-comprehensive table, below:

https://docs.google.com/spreadsheets/d/1ijfqfLrJWLUVBfJZ_YalVpstWsjw-JGzkvMd6u2jqEk/edit?usp=sharing

In the thread posted by the owner of this sheet, a few commenters pointed out that the highest rated VPN providers in this table just happen to be the ones that advertise most aggressively and are well-known for buying positive reviews from tech blogs, which are pretty clearly designed to be misleading. I too am suspicious that this table can't be trusted, however I really am not knowledgeable about VPNs, so before passing judgement, I figured I should consult those who know more about it. I also recognize that a strong marketing team and an excellent product aren't mutually exclusive, however I think that generally applies more in markets where economies of scale play a significant role, as does mass-adoption, which fuels loads of well-informed, independent research (ex: the car market and phone market.) That obviously isn't the case with the VPN markets... but I'm still sorta holding out hope.

If I end up excluding this table, I'm not sure where to turn at that point. Shilling is extremely pervasive in the VPN market, so it's tough to trust any one person or any one thread. It's also well established that a few of the large VPNs actually own a number of review blogs, so I can't really trust blogs either.

I guess I'm here hoping to be told that my suspicions about this table are unfounded, and / or that another excellent, unbiased resource for comparative VPN info exists. Any help would be appreciated!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (4 children)

I host my own on a vps where I pay $15 per year

[–] [email protected] 10 points 1 year ago (3 children)

So what if the vps hands your data to the feds and the feds are like hey, why was your vps torrenting Paul blart mall cop 2?

What do you say to that?

That’s my only concern with hosting my own vps.

[–] [email protected] 3 points 1 year ago

That 100% correct, literally no different than just using your ISP at that point, zero control over the hardware and no ability to control the IP.

[–] [email protected] 2 points 1 year ago (1 children)

you think they cant issue a warrant against any VPN hosts?

[–] [email protected] 2 points 1 year ago

Sure they could, but you are a a bit more anonymous and don’t keeps logs, then there may be nothing to hand over.

Hosting your own vps directly ties internet traffic to you. They can see your ip is part of a swarm and see who owns it. If it’s owned by some guy, they can press you. If it’s owned by a company with a legal team, it’s much more difficult.

[–] [email protected] 2 points 1 year ago (2 children)

NGL doing something like that is WAY above my pay grade anyway, but I still am interested in the answer to this question, because I've seen the advice to take the 'self-operated' approach before.

[–] [email protected] 3 points 1 year ago (1 children)

It’s not too difficult to setup, but I think people don’t realize that even if your not breaking the law, you may still have to deal with charges and going to court for years before your found innocent. All while dealing with the stress of a jury possibly finding you guilty.

Then you have prosecutors offering plea deals, so then you think do I stand my ground and risk X years in jail? Or do I plead guilty and just go to jail for 2 years?

[–] [email protected] 0 points 1 year ago

Good point. This sounds like a vote against going the vps route, am I correct?

[–] stifle867 1 points 1 year ago

With using a VPN for the common user use case (excluding business/work VPNs) you generally don't want to self-host. Part of the reason is that you want your traffic that comes out the other side to be mixed with a bunch of other users. If it's a 1 to 1 mapping i.e., you -> vpn -> web traffic then that can be reversed and traced back to you. If there's many users connected to the same VPN then the "you" and the "web traffic" parts are multiplied by hundreds or thousands of other users with no way to connect the dots. That web traffic might be coming from you or it might be coming from any one of the thousands of other users.

I hope I've explained that clearly.

[–] [email protected] 1 points 1 year ago (1 children)

And in doing so you have a never ending list of logs that you can't control. Fine if you only want to hide location, but useless other than that. 1 LE request and every log will be in there hands in 5mins.

[–] [email protected] 0 points 1 year ago (1 children)

I host the server, I dont have to keep any logs and I can pay with moneros

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago) (1 children)

Gotcha, your own server makes it better clearly, but you originally said it was on a VPS.

To be clear though just because I'm anal, you mean YOUR server? Not a VPS you pay somebody else to use? As in you can physically touch it if you want?

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (2 children)

whats the difference in trusting a remote vpn provider or remote vps provider? from a privacy standpoint... btw my vps is hosted in russia and I cant touch it... can you touch the server that host your vpn???

[–] [email protected] 3 points 1 year ago (1 children)

I'd argue that deanonimation would be easier.

In a VPN you have hundreds of clients and also hundreds of outbound connections, tho not impossible is way harder to find out which connection is being piped to which client. On you own hosted VPS, if you have a dedicated ip is easier, all the traffic will be redirected to only one address, then one of your client.

Even with a vps with a shared ip the number of clients mantaning open connections is probably way lower on average.

[–] [email protected] -1 points 1 year ago (1 children)

I don't know what size my vps provider is compared to your VPN provider but I'm pretty sure they would tell the US government to fuck off if they asked for data... They are from Russia

[–] [email protected] 2 points 1 year ago (1 children)

You are missing the point, in this case the vector would not be someone requesting data but someone surveiling the VPS or VPN server's traffic and drawing conclutions out of it

[–] [email protected] 0 points 1 year ago (1 children)

the NSA sees all traffic.... how is your VPN traffic not traceable?

[–] [email protected] 1 points 1 year ago (1 children)

It is about the ability to trace back, not to be traced.

Ws1------|----++++++++---| Ws2------| | ----Client 1 Ws3------|. VPN |----Client 2 Ws4------| |----Client 3 ... | | ... Wsn------| |----Client m

Since there are multimple outside conections (wb1..n), the traffic to the VPN clnent is encripted and each client can have multiople connections (thats why i used Client m and not Client n) you can not in a reliable fashion tell which connection will be sent to which client.

Now your case:

Ws1------|----++++++++---| Ws2------| | ----Client 1 Ws3------|. VPS. | Ws4------| | ... | | Wsn------| |

You can in that case reliable say that all the traffic is being piped to Client 1, because ks the only client.

From there a motivated party can trace back you traffic to you ISP, if you got a fixed IP you can be trace back to.

If you are behind a CGNAT that party will need help from your ISP, to see where the fraffic went. Which tbf I neglected to mention before, but still changes the trust from you VPS to you ISP.

To be REALLY fair this tho no wholly easy is also not incredibly hard given you have the right hardware in the right place, I just wanted to explain why mixing your traffic with others has an advantage over a single person VPN

[–] [email protected] 1 points 1 year ago (1 children)

"you can not in a reliable fashion tell which connection will be sent to which client."

You easily can if you can see all internet traffic like the NSA can

[–] [email protected] 1 points 1 year ago (1 children)

Not if going first through a MIMO ofuscator. Which is what the VPN is.

Or could you explain how would you be able to tell which connection goes to which client?

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago)

if you can see a server is sending 167 packets of X size and you can see a client is receiving the same, it doesnt matter that it goes through a VPN? You probably also could time the packets... or decrypt them if they are encrypted using a CA

[–] [email protected] -1 points 1 year ago (2 children)

It's a transfer of trust either way, point being you don't have physical control over it, and therefore have no idea what's actually happening on the other end, you're not hosting it, they are, you're just administering it.Russia is NO fan of privacy, arguably worse than the US, and now talking about banning all VPN use.

My server is in my house physically. I'd never host my own VPN because I could never compete with what commercial ones in privacy respecting countries can do, let alone needing more outsourced servers for changing my location all over the place, which I do regularly.

[–] [email protected] 0 points 1 year ago

Russia may be worst, but I doubt that they will share data with the USA and I will never visit Russia.

[–] [email protected] 0 points 1 year ago

If you don't host your own VPN, what's the difference

[–] [email protected] 1 points 1 year ago (2 children)

@authed @grubbylarry I also used to host my own openvpn and wireshark servers on a vps. But later I shut them down. The thing is, vps will definitely trade your data if Gov pressure is high. Remember, data protecting is not their first priority being a VPS provider, their main priority is giving infrastructure to customers. But with vpn providers, their core business model is based on protecting users privacy (I am not saying all really do that, but many are bound to follow swiss laws or such)

[–] [email protected] 1 points 1 year ago

@authed @grubbylarry Proton VPN free plan is even better than hosting vpn on a vps, because they atleast can claim of being protected by the Swiss law, so atleast they can protect your data by that. Whereas you can't even sue your vps if they share your data with anybody, because nobody knows if they really did it. Additionally the problem of dedicated ip is there always.

[–] [email protected] 0 points 1 year ago (1 children)

Do you really think that a VPN provider would resist requests from the US gov?

[–] [email protected] 1 points 1 year ago (1 children)

@authed I think they will resist more than a VPS would

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (2 children)

thats your opinion... I think they will honor a warrant any day... I.E.: Plz enable logs and let me look at them

[–] [email protected] 1 points 1 year ago

@authed All I wanna say is, you are free to use anything, it's your life, have fun.

[–] [email protected] -1 points 1 year ago

Honoring a warrant doesn't mean much, when there's nothing to turn over than a connection IP and some timestamps, vs all the traffic that could be there otherwise. That's been proven multiple times with zero knowledge VPN providers.

They can't make them starting doing things there system isn't made to do just because they want them to, not how warrants work. Again, been proven many times over at this point. Knowing that you connected at a time, exited from a shared IP, with a bunch of nonsense in the middle keeps you pretty safe. That ignoring that's even harder when that zero knowledge provider is ina country like Switzerland where it takes VERY direct reasons to have a judge approve a warrant in the first place, dragnets aren't allowed there, and even then, nothing useful comes back.

A country like Russia wouldn't kick back info, but their spying is at China level, so you've already lost there.

[–] [email protected] 1 points 1 year ago (1 children)

Where tf did you find a vps for 1.25$/month???

[–] [email protected] 1 points 1 year ago

I cant find the website right now, but you can some similarly priced vps here: https://lowendbox.com/