←back to thread

Who Owns, Operates, and Develops Your VPN Matters

(www.opentech.fund)
201 points sdsantos | 6 comments | 03 Sep 25 16:51 UTC | HN request time: 0.905s | source | bottom
Show context
fujigawa ◴[03 Sep 25 17:28 UTC] No.45118394[source]
Commercial VPNs will go down as one of the greatest money-making schemes of the last decade. Outside of a few specific use cases their sales often rely on leveraging non-technical users' fear of what they don't fully understand.

I have non-technical friends and relatives that have fully bought into this and when I asked why they use a VPN I got non-specific answers like "you need it for security", "to prevent identity theft", or my personal favorite: "to protect my bank accounts".

Not a single person has said "I pay to route my traffic through an unknown intermediary to obscure its origin" or "I installed new root certificates to increase my security."

replies(16): >>45118443 #>>45118486 #>>45118558 #>>45118644 #>>45118672 #>>45118693 #>>45119064 #>>45119252 #>>45119261 #>>45119717 #>>45119817 #>>45119936 #>>45120136 #>>45120782 #>>45124630 #>>45126517 #
tomrod ◴[03 Sep 25 17:33 UTC] No.45118443[source]
Commercial VPNs do indeed vaguely promise to protect your data, access, etc.

For those of us that are technical but unschooled, what resources would you recommend we learn from?

replies(3): >>45118477 #>>45118490 #>>45119575 #
busterarm ◴[03 Sep 25 17:37 UTC] No.45118477[source]
You can operate your own VPN (algovpn, openvpn, etc). There's low utility to doing so, but it's fairly straightforward these days.

Or run Tailscale (and a self-hosted DERP relay).

replies(3): >>45118506 #>>45118743 #>>45118837 #
jonny_eh ◴[03 Sep 25 18:14 UTC] No.45118837[source]
> You can operate your own VPN

On what infra? Can you trust that one? Doesn't that solution just move the problem down one level?

replies(1): >>45118907 #
1. 5f3cfa1a ◴[03 Sep 25 18:21 UTC] No.45118907[source]
The answer is always "maybe" until you bring your threat model to the table.

I use a VPN to watch IPTV & download torrents without my ISP sending me nasty letters. Mullvad is great for that.

I would trust it in conjunction with Tor to protect me from low-level crimes. I wouldn't run trust either it or Tor, alone or in combination, to run a marketplace the DEA would become interested in.

If your threat model is obscuring your home IP to hide your IP from above board HTTPS sites, a DIY VPN probably is great. If it's to do low level crime, a cheap VPN is probably enough. Anything else, good luck.

replies(2): >>45118950 #>>45120722 #
2. busterarm ◴[03 Sep 25 18:26 UTC] No.45118950[source]
This.

Between the parent and the other one, it's almost like I specifically pointed out the limited utility of this approach and all of the Well Acktshually posters had to spell it out anyway.

I was responding to someone who said they were technical, so it should be assumed they can work this all out for themselves.

replies(1): >>45119561 #
3. tomrod ◴[03 Sep 25 19:28 UTC] No.45119561[source]
You provided some great breadcrumbs. I appreciate your responses.
4. em-bee ◴[03 Sep 25 21:45 UTC] No.45120722[source]
a DYI VPN may hide my home IP but it does not hide my identity unless the server i route through is not owned by me. also any server that i can use is likely blocked by wikipedia, youtube, reddit, and others because they detect and block hosting services.
replies(1): >>45127289 #
5. 5f3cfa1a ◴[04 Sep 25 13:52 UTC] No.45127289[source]
> a DYI VPN may hide my home IP but it does not hide my identity unless the server i route through is not owned by me.

Again, threat model matters – hide your identity from whom?

You certainly won't hide it from someone who can seize payment records. You will struggle to hide it from someone who has control of enough of the internet to correlate data across sites, like Google or Cloudflare. But if you're looking to be pseudonymous in the face of a single site, or a small set of sites that don't conspire to unmask users? It might work just fine.

(unless as you rightly note they block your hosting service's ASN;-))

replies(1): >>45128094 #
6. em-bee ◴[04 Sep 25 15:03 UTC] No.45128094{3}[source]
sure, threat model matters. no protection is 100%, but more is better. using my own hosted proxy means that my identity is out in public. it's not even hidden. no need to even seize payment records. anyone can look up the ip address and eventually figure out who owns the server. i might hide it somewhat if i use that proxy only for this purpose, not point any DNS records at it, not reveal any public data, never use it for services where i log in, etc.

truly anonymous hosters are high profile targets for law enforcement, so in my opinion they are higher risk than even VPN providers. not interested in getting caught up with that crowd. and for the good VPN providers at least a court order is necessary, and if the VPN doesn't log usage, they can't prove anything.

there is no threat model where your own hosted proxy could ever provide better protection than any VPN. i use my own proxy because it's free, because i already have a server where i host my website, not because it provides me with any kind of protection. to get that, a VPN would be easier and cheaper.