←back to thread

Who Owns, Operates, and Develops Your VPN Matters

(www.opentech.fund)
201 points sdsantos | 1 comments | 03 Sep 25 16:51 UTC | HN request time: 0s | source
Show context
fujigawa ◴[03 Sep 25 17:28 UTC] No.45118394[source]
Commercial VPNs will go down as one of the greatest money-making schemes of the last decade. Outside of a few specific use cases their sales often rely on leveraging non-technical users' fear of what they don't fully understand.

I have non-technical friends and relatives that have fully bought into this and when I asked why they use a VPN I got non-specific answers like "you need it for security", "to prevent identity theft", or my personal favorite: "to protect my bank accounts".

Not a single person has said "I pay to route my traffic through an unknown intermediary to obscure its origin" or "I installed new root certificates to increase my security."

replies(16): >>45118443 #>>45118486 #>>45118558 #>>45118644 #>>45118672 #>>45118693 #>>45119064 #>>45119252 #>>45119261 #>>45119717 #>>45119817 #>>45119936 #>>45120136 #>>45120782 #>>45124630 #>>45126517 #
tomrod ◴[03 Sep 25 17:33 UTC] No.45118443[source]
Commercial VPNs do indeed vaguely promise to protect your data, access, etc.

For those of us that are technical but unschooled, what resources would you recommend we learn from?

replies(3): >>45118477 #>>45118490 #>>45119575 #
busterarm ◴[03 Sep 25 17:37 UTC] No.45118477[source]
You can operate your own VPN (algovpn, openvpn, etc). There's low utility to doing so, but it's fairly straightforward these days.

Or run Tailscale (and a self-hosted DERP relay).

replies(3): >>45118506 #>>45118743 #>>45118837 #
jonny_eh ◴[03 Sep 25 18:14 UTC] No.45118837[source]
> You can operate your own VPN

On what infra? Can you trust that one? Doesn't that solution just move the problem down one level?

replies(1): >>45118907 #
5f3cfa1a ◴[03 Sep 25 18:21 UTC] No.45118907[source]
The answer is always "maybe" until you bring your threat model to the table.

I use a VPN to watch IPTV & download torrents without my ISP sending me nasty letters. Mullvad is great for that.

I would trust it in conjunction with Tor to protect me from low-level crimes. I wouldn't run trust either it or Tor, alone or in combination, to run a marketplace the DEA would become interested in.

If your threat model is obscuring your home IP to hide your IP from above board HTTPS sites, a DIY VPN probably is great. If it's to do low level crime, a cheap VPN is probably enough. Anything else, good luck.

replies(2): >>45118950 #>>45120722 #
busterarm ◴[03 Sep 25 18:26 UTC] No.45118950[source]
This.

Between the parent and the other one, it's almost like I specifically pointed out the limited utility of this approach and all of the Well Acktshually posters had to spell it out anyway.

I was responding to someone who said they were technical, so it should be assumed they can work this all out for themselves.

replies(1): >>45119561 #
1. tomrod ◴[03 Sep 25 19:28 UTC] No.45119561[source]
You provided some great breadcrumbs. I appreciate your responses.