Self-Hosting VPN - Basic Questions

Discussion in 'privacy technology' started by diego898, Mar 29, 2017.

  1. diego898

    diego898 Registered Member

    Joined:
    Mar 7, 2017
    Posts:
    12
    Location:
    USA
    I am trying to improve my security/privacy on the internet. My "threat model" isn't necessarily the NSA/CIA, etc. I just want to make it "hard"/"annoying" for the government to unnecessarily spy on me (dont make it easy). What I would like is to not be a product while online. I don't use facebook, for example, and I use the excellent ublock origin on medium blocking mode, I have privacy bader and HTTPS Everywhere installed. My point is - I am trying, little by little.

    In light of recent political developments, I am interested in a VPN. I have some basic sys admin knowledge, and so the thought of setting up my own server isn't to bad. I have been looking at streisand and algo, and after reading around, think I will be going with algo to start. In shopping around for a VPS provider, I came across the $5 showdown and conclude that right now, Linode is the best bang-for-my-buck.

    Most of the advice I see is of the type: "set it up when you need it, and take it down when you're done". I am interested in using it all the time however, at school, work, home, traveling, etc. My questions are:
    • Is there a downside to using it all the time?
      • This blog post on algo has a section "streisand is no better" where they mention: "That’s a hefty footprint and it’s too complicated for any reasonable person to secure. If you set up an individual server just for yourself, you’d never know if or when an attacker compromised it."
      • I dont understand that criticism, as isn't that exactly what I will be doing with algo?
      • How do I mitigate that risk using the self-hosting approach?
    • For regular internet usage with occasional downloading, is the $5 a month plan reasonable for constant usage? Some of have said yes, some have said no, some have said yes but except to pay network overages, etc.
    • Does anyone have any insight into the streisand vs algo debate? Can anyone offer any counter points to the algo blog post linked above?
    Thank you
     
  2. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    122
    What are you using this for ? You need large amounts of storage that can be accessed anywhere , or just regular browsing downloading on the interwebs ?
     
  3. diego898

    diego898 Registered Member

    Joined:
    Mar 7, 2017
    Posts:
    12
    Location:
    USA
    Just to regularly use the internet and occasionally download (torrent)
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,773
    The three major issues about hosting your own VPN: 1) you're the only one using it, so it's obvious (to any adversary that cares enough to look) that it's you; 2) you may not know enough to secure it; and 3) there's no reason to trust VPS providers more than VPN providers.

    On the other hand, because you're the only one using it,you're less likely to have websites blacklist the IP address.
     
  5. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,167
    Location:
    Southern Rocky Mountains USA
    Low end self managed VPSes that are more than sufficient for VPN use can be had for a few dollars a year these days. I don't see any problem with keeping them active all the time, that is their purpose but firewalling is important. I have my own VPN node on a VPS these days and the greatest advantage is bandwidth. I am using it as a base VPN and nesting others on top of it so most of the traffic consists of connections to other VPNs. You do need some knowledge and experience of openvpn and linux to set it up correctly and securely. There are both advantages and disadvantages to setting up your own VPN. Anonymity is gone but the basic privacy of a VPN tunnel is there. In other words, though they may know who you are, they can't see what you're doing. And in view of what the US government is going to allow ISPs to do with user data, an exit node from server farm that mostly has outgoing web server traffic is not a bad idea at all.

    It's also wise to check the TOS of the VPS provider. Some are very tolerant and supportive of VPN use and some really want just web hosting on their servers. I recently looked at a VPS offer that was less than $20 year in a location I'd like to have a VPS in, the Netherlands, but the permitted uses in the TOS were too restrictive.
     
  6. diego898

    diego898 Registered Member

    Joined:
    Mar 7, 2017
    Posts:
    12
    Location:
    USA
    If I'm understanding you correctly, I wont be anonymous, but I will be private - I think this suffices to stop me being a product without my knowledge and consent. Would you agree?
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,822

    But why not be BOTH? I pay like 40 bucks a year for my AirVpn subscription (Black Friday deals). No hassle, and servers everywhere. I use several providers not just Air.
     
  8. diego898

    diego898 Registered Member

    Joined:
    Mar 7, 2017
    Posts:
    12
    Location:
    USA
    I keep hearing that paying for VPN provider is "bad" because "you cant trust them", etc. etc.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,773
    You can't trust anybody. So you need to distribute trust, such that compromise requires collusion.
     
  10. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,167
    Location:
    Southern Rocky Mountains USA
    From my personal experience there is and advantage to both running your own VPN and using a VPN provider and I find myself blending both. And it isn't that you totally lose anonymity by using a VPS, you just loose the one of the crowd anonymity of using a public VPN IP. It's not like you're obliged to reveal much more than that you are using an IP from a server located somewhere. Someone still has to really try to get any real information about you. It is also really nice to be in total control of the VPN tunnel on both ends and have a totally private VPN connection that doesn't have a 3rd party controlling the certificates. And static IPs have many advantages, that is why VPN providers charge extra for them. If you have a VPN subscription with a static IP, it is pretty much the same situation as hosting your own on a VPS and the VPN is being used for privacy, not absolute anonymity.

    In light of the original poster's concern about the latest political developments, it is a perfectly good solution to host your own VPN but not the easiest one. I would get a VPN subscription first and get some experience with VPNs before I set up my own. That is the path I took. After a couple of years of running VPN tunnels through my routers, the next logical step was to set up my own VPN tunnel on a VPS and run that through my router.
     
  11. diego898

    diego898 Registered Member

    Joined:
    Mar 7, 2017
    Posts:
    12
    Location:
    USA
    Thanks @MisterB - I keep trying to find a good one, and the prevailing advice is "dont trust reviews - find the one thats right for you", but its a bit of catch-22, because if you're a new user its pretty difficult. Many sites tell you all the things a good VPN should have - but one of the most important in mitigating the inherit risk of "trusting them", is go with ones that have "a good reputation with the community". Thats very hard for me to asses, as most "reviews" are "fake", and many people "in the know" simply refuse "to endorse" or even name the service they're using.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,773
    Yes, most review sites are worthless. Just paid advertorials. Just to reiterate, people have been recommending AirVPN, BolehVPN, IVPN, Mullvad and PIA on Wilders for several years. People who use just one VPN don't want to share which, because it somewhat identifies them.
     
  13. Less

    Less Registered Member

    Joined:
    Dec 24, 2008
    Posts:
    251
    you can try this and is simple. I guess it is not harden

    https://www.youtube.com/watch?v=6w3DquIB8yE

    For cheap VPS, maybe can buy those about $10USD per year.
    NAT VPS is even cheaper, $3/ year but slightly more complicated to set up.

    https://www.lowendtalk.com/

    Openvpn script by Nyr - this creates the openvpn confi files

    https://github.com/Nyr/openvpn-install
     
    Last edited: Mar 31, 2017
  14. diego898

    diego898 Registered Member

    Joined:
    Mar 7, 2017
    Posts:
    12
    Location:
    USA
    ah thank you I had not considered that before!
     
Loading...