They really put their money where their mouth is. You can just mail them physical money and they’ll give you back an integer that is your account number. You don’t need any other identifying...
They really put their money where their mouth is. You can just mail them physical money and they’ll give you back an integer that is your account number. You don’t need any other identifying information. They’ve consistently passed audits with flying colors. Their client is open source (and written in cool programming languages FWIW, Rust and Typescript).
On top of that, if you make the account first then send cash through the mail, you are given a completely separate identifier to include with the cash so your payment cannot be tied to your...
On top of that, if you make the account first then send cash through the mail, you are given a completely separate identifier to include with the cash so your payment cannot be tied to your account by anyone else. It's a really nice system!
Privacy Guides (full disclosure: I'm a team member) has a list of VPNs all of which should be able to fill your needs. The site isn't affiliated with any of the providers it recommends, which is...
Privacy Guides (full disclosure: I'm a team member) has a list of VPNs all of which should be able to fill your needs. The site isn't affiliated with any of the providers it recommends, which is somewhat of a rarity.
Hey, offtopic but just want to say I've been using Privacy Guides (and Tools before) for years. Not exclusively for recommendations, but also to learn what common threats exists that I should be...
Hey, offtopic but just want to say I've been using Privacy Guides (and Tools before) for years. Not exclusively for recommendations, but also to learn what common threats exists that I should be aware of. I think you folks do a very good job at summarizing convoluted topics as didactic as possible. Thanks!
I liked Mullvad when I was paying for it. 5 euros a month, reliable service, though they don't seem to be as friendly to bittorrent users as other VPN providers nowadays, so may not work for you....
I liked Mullvad when I was paying for it. 5 euros a month, reliable service, though they don't seem to be as friendly to bittorrent users as other VPN providers nowadays, so may not work for you. PrivacyGuides only recommends providers that meet their stringent requirements and Mullvad is one of the few on their list.
I've been using mullvad as my VPN for years as well, I torrent Linux distros through it all the time and have had no issues. I also game through it and still get solid ping. Also note: mullvad was...
I've been using mullvad as my VPN for years as well, I torrent Linux distros through it all the time and have had no issues. I also game through it and still get solid ping.
Ah I see, the unfriendliness I was referring to was the recent change made to port forwarding (or lack thereof). It sounds like you haven't found that this impacted your download speeds...
Ah I see, the unfriendliness I was referring to was the recent change made to port forwarding (or lack thereof). It sounds like you haven't found that this impacted your download speeds significantly? Mullvad also used to have a page where they explained how to use qbittorrent more securely with their VPN, but they have since deleted it (though perhaps that was for legal reasons, not because they no longer support using their VPN for that purpose).
I just tested and on Mullvad I'm able to download Debian ISOs at 50 MB/s, and without it the same torrent downloads at 100 MB/s. A significant difference but either way it's fast for me.
I just tested and on Mullvad I'm able to download Debian ISOs at 50 MB/s, and without it the same torrent downloads at 100 MB/s. A significant difference but either way it's fast for me.
I don't know what the other person is referring to, but recently Mullvad removed the port forwarding feature from the service. Port forwarding is helpful in making p2p connections through...
I don't know what the other person is referring to, but recently Mullvad removed the port forwarding feature from the service. Port forwarding is helpful in making p2p connections through torrenting. That might be all they meant by unfriendliness, or they could have been speaking about something else in addition to that.
In any case it's worth noting that the 3 providers recommended in the link they provided, 2 of them recently stopped allowing port forwarding (Mullvad first, then IVPN followed). The remaining one is ProtonVPN which still has some support for it, but I'd be skeptical about the survivability of the feature if some of the top recommended VPNs just removed support in quick succession. Seemingly would suggest there was something difficult for them to work with to continue supporting it, whether it was legal pressures, technical pressures or something else, and people who were using that service that might have led to that pressure existing move somewhere else, only for just as much if not more pressure to move with them when they become a bigger target when the competitors are no longer supporting the feature.
Citing their email product and not their VPN makes little sense. EDIT: For my part, it helps when I read articles. I still see the distinction here from the email product and VPN as behaving...
Citing their email product and not their VPN makes little sense.
EDIT: For my part, it helps when I read articles. I still see the distinction here from the email product and VPN as behaving differently enough that I'm still not so concerned about the VPN product. In my link, they do differentiate the different requirements of the products.
Swiss, as in Switzerland, I believe you mean? I’ve been looking into this stuff a while ago, I came up with the conclusion of pretty much you can’t trust anything that you don’t self host. I still...
Swiss, as in Switzerland, I believe you mean?
I’ve been looking into this stuff a while ago, I came up with the conclusion of pretty much you can’t trust anything that you don’t self host.
I still use their services though,mainly mail and vpn but should also use drive.
I don't think that's a totally fair way to look at it. It really depends on your "threat vectors" as it were, and your resources and capabilities. For example, no one would advise you make your...
I’ve been looking into this stuff a while ago, I came up with the conclusion of pretty much you can’t trust anything that you don’t self host.
I don't think that's a totally fair way to look at it. It really depends on your "threat vectors" as it were, and your resources and capabilities.
For example, no one would advise you make your own encryption methods when existing ones are out there, you would be worse off rolling your own solution than using a provided one, because it's too complex for most people to accomplish similar results on their own. Basically there's always some limits to doing things yourself versus using solutions others are providing. The same is true with self-hosting.
If you self-host, assuming you're talking about renting server space from a facility you don't own, you've now entrusted physical access to the machine you're using to someone else and you're using their network connection as well. The moment you do this, you're open to similar issues that any other VPN provider would be open to. The VPS company would also be serving a different market where logging connections, IP addresses etc. might be good business, which isn't true for many VPN services. So the moment you first connect to your VPS, you could be in their logs. Then authorities come knocking and they give you up. It doesn't matter that your self hosted solution on their VPS has no logs, because they can prove you were the one who set it up.
Now if you self host within your own facilities and your own equipment (such as in your own home), authorities come knocking and you're even less capable of warding them off depending on where you're located. If your goal was to put as much distance between yourself and any investigation, this would be ineffective.
That isn't to say there aren't situations where self-hosting isn't better, I'm just saying different people have different reasons for the solutions they go with. Some might even layer these different solutions to make it even harder to track them, at the expense of being more inconvenient or complex to operate.
I'm pretty wary of those claims, considering they made the same claims with protonmail before the incident. My bad for not including it in the first reply.
I'm pretty wary of those claims, considering they made the same claims with protonmail before the incident. My bad for not including it in the first reply.
The flip side to this is, it doesn't appear that ProtonMail was being malicious or intentionally underhanded regarding things surrounding that incident. It seems they weren't logging IP addresses,...
The flip side to this is, it doesn't appear that ProtonMail was being malicious or intentionally underhanded regarding things surrounding that incident.
However, as a Swiss company itself, ProtonMail was obliged to comply with a Swiss court's injunction demanding that it begin logging IP address and browser fingerprint information for a particular ProtonMail account.
It seems they weren't logging IP addresses, but then were obliged to begin logging for a particular account.
According to multiple statements ProtonMail issued on Monday, the company could not appeal the Swiss demand for IP logging on that account. The service could not appeal because a Swiss law had actually been broken and because "legal tools for serious crimes" were used. ProtonMail does not believe the tools were appropriate for the case at hand, but the company was legally responsible to comply with their use nonetheless.
Even though their prior policy was still true, that by default they were not logging IP addresses, they ended up removing it. Perhaps after this incident, realizing what they were up against with the authorities, it may have differed from what they anticipated. Perhaps they thought they could rebuff authorities for example.
Of course after all that you might say, well what is any different about the VPN? Perhaps they could be compelled to begin logging. That is true, they might face similar pressures. One perspective of this could be going back to what I initially stated, it doesn't seem as though they were malicious (lying about recording IP addresses) or intentionally underhanded, and they removed part of their privacy policy to better account for the legal authority which they were subjected to. To then make a VPN product and not be aware of this would be an orders of magnitude incompetent on their part, which they seemingly haven't shown such incompetence, or it would be malicious or underhanded of them to market it that way if the circumstances are exactly the same as they were with their email product.
Any of these companies could potentially be compelled to cooperate in ways that pierce the shield that they're offering. Even Mullvad with it's diskless setup, if authorities come knocking, put a gag order on them and make them log things into RAM for a particular ID when future connections occur, what are they going to do? Tell the authorities no?
I think the rub here is that the statement is still true. They don't keep any logs. When they were compelled, they started logging and turned that information over. I assume they didn't keep the...
I think the rub here is that the statement is still true. They don't keep any logs. When they were compelled, they started logging and turned that information over. I assume they didn't keep the switch toggled, and I would also guess it was only for that account.
It's possible I'm being too generous with Proton, but their clarification on the page I linked seems to indicate that email and VPN fall under different regulations, and because Proton does not log by default, they'd have nothing to turn over in the case of the VPN, and even if compelled, I'm not sure they could turn over anything actionable.
From the technical end, Wireguard + NAT-PMP make this fairly trivial for the VPN provider. On the user side, the Proton GUI app supports it well, but for server apps it requires some fiddling from...
From the technical end, Wireguard + NAT-PMP make this fairly trivial for the VPN provider.
On the user side, the Proton GUI app supports it well, but for server apps it requires some fiddling from what I've figured out.
I'm in the process of writing a bash script to keep the portforward alive and update firewall rules and Transmission port accordingly.
More so I was thinking technical difficulties on their part in the sense of preventing unwanted behaviors, such as excessive use beyond what they reasonably anticipate or other things. It could be...
From the technical end, Wireguard + NAT-PMP make this fairly trivial for the VPN provider.
More so I was thinking technical difficulties on their part in the sense of preventing unwanted behaviors, such as excessive use beyond what they reasonably anticipate or other things. It could be hard to distinguish between reasons as they can blend together, but it may also just be a business decision within that too. Technical and business reasons for their type of business are heavily intertwined.
I just suspect something has changed over time they made it more difficult for them to justify keeping the feature around, and the fact that another respected VPN followed suit a month later only further makes me suspicious that it wasn't just some flawed decision making by Mullvad or something along those lines, but something within that market that has made it less tenable to support.
Of course that isn't to say every VPN is now going to remove it, it could be seen as a rotating competition piece where when you're new it might be a good feature to elevate yourself above the competition even if it has additional burdens that come with it, sort of using it as a loss-leader if you will, only to remove it later when you don't need it to elevate yourself above the competition anymore and relieve yourself of the burdens that come with it.
If I recall, the problem is not the ability to forward the port, but the privacy problems it generates. To forward a consistent port, the VPN provider needs to have records tying that port to a...
From the technical end, Wireguard + NAT-PMP make this fairly trivial for the VPN provider.
If I recall, the problem is not the ability to forward the port, but the privacy problems it generates. To forward a consistent port, the VPN provider needs to have records tying that port to a particular account, which means that there is an externally visible property of the connection that can be used with access to the VPN provider's records to identify the account.
It's possible that there would be other options, for example, a per-connection forwarded port that would only be set for the duration of that connection / some fixed, short period of time, but having the same port consistently forwarded is problematic.
That Mullvad, which tends to prioritize privacy over convenience, would be the first to remove port forwarding, would fit with it being a privacy concern.
I was talking about what @Grumble4681 mentioned. If you check the PrivacyGuides link, they don't just tell you Yes/No if Mullvad meets their requirements, but they actually rate Mullvad on each...
I was talking about what @Grumble4681 mentioned. If you check the PrivacyGuides link, they don't just tell you Yes/No if Mullvad meets their requirements, but they actually rate Mullvad on each requirement, talking about their implementation, what it does right and what it does wrong, etc. Look under the "Port Forwarding" heading under the broader Mullvad heading on the site and they mention this change.
And then they check who connects to that VPN and it’s only you and your friends. When using a bigger vpn there’s at least a higher chance to be lost among their users. Your option is still...
And then they check who connects to that VPN and it’s only you and your friends. When using a bigger vpn there’s at least a higher chance to be lost among their users.
Your option is still reasonable in my opinion, but only if you don’t use it for sailing the high seas.
Can you expand on who "they" is and how they "check"? Only the cloud provider will have the ability to tie the incoming traffic to a specific connected user, which they can be forced to hand over...
then they check who connects to that VPN
Can you expand on who "they" is and how they "check"?
Only the cloud provider will have the ability to tie the incoming traffic to a specific connected user, which they can be forced to hand over but only by organizations that have the power to, which are more than likely investigating national security threats instead of movie pirates.
I meant exactly such organizations that could force such providers to hand out such details. I guess you are absolutely right that some organizations are not interested in pirates. But...
I meant exactly such organizations that could force such providers to hand out such details. I guess you are absolutely right that some organizations are not interested in pirates. But corporations have their way to make organizations become interested just to make an example out of someone. Just remember what happened to Aaron Swartz.
I should have used different wording in my original reply, as I just wanted to bring attention that self hosting doesn’t necessarily mean you will be fully protected from everything.
Worth to say this is not always the case. I have been using NordVPN which seems like one of the very mainstream choices for a few years now and while in the beginning I sometimes had to switch...
even for the use case of wanting to appear to be in a different country - VPN services use a relatively small set of egress IPs. providers that care about enforcing geographic restrictions (Netflix etc) will often be able to detect and block the VPN services' IP addresses. and perversely, the more well-known / trusted / established the VPN provider is, the easier it will be for someone like Netflix to block them.
Worth to say this is not always the case. I have been using NordVPN which seems like one of the very mainstream choices for a few years now and while in the beginning I sometimes had to switch servers because my VPN was detected, it hasn't happened in about two years (this is with Netflix and HBO Max).
edit: except, they only support bypassing Netflix regional restrictions through the most popular countries. I think you can't get Germany for example.
I'm on Nord and want to give Proton a try (as I use the rest of the suite happily), but I've got until 2025 with this sub. Have you used both? Any ideas on comparitve performance?
I'm on Nord and want to give Proton a try (as I use the rest of the suite happily), but I've got until 2025 with this sub.
Have you used both? Any ideas on comparitve performance?
I've switched from Nord to Proton about a year ago. I mainly switched because I now also use the drive, email and calendar features from them. Proton feels faster. However I've not done any data...
I've switched from Nord to Proton about a year ago.
I mainly switched because I now also use the drive, email and calendar features from them.
Proton feels faster. However I've not done any data collection to back this claim.
I get 100Mbits down 40Mbits up without issues.
Once upon a time, I would have said mullvad, but I had to drop them after they removed the ability to port forward. I switched to ProtonVPN, and it's been mostly okay. There are a few annoyances...
Once upon a time, I would have said mullvad, but I had to drop them after they removed the ability to port forward. I switched to ProtonVPN, and it's been mostly okay. There are a few annoyances (e.g. I can't enable the kill switch while excluding certain apps from the VPN — something I could do with mullvad), but it's been otherwise a fine replacement.
If you aren't familiar with port forwarding, or don't know what it might be used for, then I'd say mullvad is still a fine option.
All I know about port forwarding is that I can host something and connect to it externally. Does that mean that I can use ProtonVPN to break through CG-NAT, or does it serve a different purpose here?
All I know about port forwarding is that I can host something and connect to it externally.
Does that mean that I can use ProtonVPN to break through CG-NAT, or does it serve a different purpose here?
You could do this. However you can't choose the port to forward. So your server needs to respond to the port Proton opens for you. Alternatively you could set up a reverse proxy. If for example...
You could do this. However you can't choose the port to forward. So your server needs to respond to the port Proton opens for you. Alternatively you could set up a reverse proxy.
If for example you want to host a website every user would need to open yourpage.com:port which makes it unusable for hosting publicly.
If there is a way around that I'd be happy to learn about it.
You're looking for a reverse proxy; you send all traffic to it and let it route to the internal services on whatever port they use/expect. edit: I think I misunderstood your comment but now I'm...
You're looking for a reverse proxy; you send all traffic to it and let it route to the internal services on whatever port they use/expect.
edit: I think I misunderstood your comment but now I'm actually confused. You just point your domain to your IP, forward ports only to the reverse proxy, and it takes care of everything else. No need to put the port on the end of the domain.
Let's say Proton opens port 1000 for me. If I now point my domain to the VPN IP the reverse proxy is only reachable on that port. Now I configure the reverse proxy to forward port 1000 to 443 for...
Let's say Proton opens port 1000 for me.
If I now point my domain to the VPN IP the reverse proxy is only reachable on that port. Now I configure the reverse proxy to forward port 1000 to 443 for my webserver.
However when I now open a browser tab and go to mydomain.com the browser will only try to make a connection to port 443 and 80. Or can I change that in the DNS or something?
Yes, you have your proxy run on port 443 (via a VPS or something), and then route traffic to port 1000. SSL termination on the proxy is easiest, however that means traffic to port 1000 will be...
Yes, you have your proxy run on port 443 (via a VPS or something), and then route traffic to port 1000. SSL termination on the proxy is easiest, however that means traffic to port 1000 will be unencrypted. There is a way to just passthrough to the underlying server, but IIRC it needs more configuration.
Your reverse proxy should be on 80 and 443 internally (unless your router allows you to actually port forward, 80->8080 for example), so all traffic hits the reverse proxy first. You then...
Your reverse proxy should be on 80 and 443 internally (unless your router allows you to actually port forward, 80->8080 for example), so all traffic hits the reverse proxy first. You then configure your services:
Whatever and however you want to do it. Personally I run everything via docker with custom networking, makes it really easy to compartmentalize services into their own subnets and avoid port collisions.
If you're looking to break through CGNAT, look into Cloudflare Tunnels / cloudflared. I use it to tunnel my Home Assistant instance, and several other services, through my CGNAT'd T-Mobile home...
If you're looking to break through CGNAT, look into Cloudflare Tunnels / cloudflared. I use it to tunnel my Home Assistant instance, and several other services, through my CGNAT'd T-Mobile home Internet connection.
Airvpn.org An OpenVPN and WireGuard based VPN operated by activists in defense of net neutrality, privacy and against censorship I usually renew every Black Friday, the day of the year they reduce...
Airvpn.org
An OpenVPN and WireGuard based VPN operated by activists in defense of net neutrality, privacy and against censorship
I usually renew every Black Friday, the day of the year they reduce prices.
Normally I hesitate to even mention it. They're cheap, don't draw attention, have a ton of nodes, are highly versatile with an API, support for multiple connections, etc. They always have some...
Normally I hesitate to even mention it. They're cheap, don't draw attention, have a ton of nodes, are highly versatile with an API, support for multiple connections, etc. They always have some nodes that are not in the big vpn block lists so you can use them to route around stupid blocks. I've been using them for years and have them integrated in my openvpn-based route switching system.
Disadvantages: Legal entity in Italy, which is not considered a super privacy safe government (this is probably OK if you're not some kind of terrorist, which I am not). Speeds are not always the fastest.
Last I checked, they were also the cheapest. They don’t work well for me for getting around geo restrictions, and i sometimes have to do extra i am not a robot checks. They also don’t work for...
Last I checked, they were also the cheapest.
They don’t work well for me for getting around geo restrictions, and i sometimes have to do extra i am not a robot checks. They also don’t work for activision games.
They are also owned by a company that might have some questionable practices.
But they work great for my purposes as far as I can tell.
My exact experience. I bought a sub ~2018, but refunded after the company changed hands. We don't know exactly how well they respect their users' privacy, but that's where trust comes in. And I...
the cheapest
questionable practices
My exact experience. I bought a sub ~2018, but refunded after the company changed hands. We don't know exactly how well they respect their users' privacy, but that's where trust comes in. And I don't trust that company.
I had a lot of respect for PIA in those days, back when Rick Falkvinge was the company's public "head of security" and frequently blogged about important topics on their site. Once Kape took over...
I had a lot of respect for PIA in those days, back when Rick Falkvinge was the company's public "head of security" and frequently blogged about important topics on their site. Once Kape took over he quietly distanced himself from PIA. I was a proud subscriber for many years but the current owner's business model seriously skeezes me out. I've since moved to Mullvad and have no regrets.
Mullvad isn't too great for P2P anything now, after they removed port forwarding. I'd recommend ProtonVPN and if you get the higher price tier it also comes with the "premium" version of all their...
Mullvad isn't too great for P2P anything now, after they removed port forwarding. I'd recommend ProtonVPN and if you get the higher price tier it also comes with the "premium" version of all their other services.
I use Nord. They tend to be pretty good for getting around broadcast blackout restrictions for streaming. They're pretty inexpensive and I haven't had any issues with them so that's who I'll keep...
I use Nord. They tend to be pretty good for getting around broadcast blackout restrictions for streaming. They're pretty inexpensive and I haven't had any issues with them so that's who I'll keep using.
I use Windscribe. I got one of those inexpensive pay-once lifetime deals way back when. Mainly use that for bypassing geo restrictions on content. And also on the rare chance I'm torrenting. But I...
I use Windscribe. I got one of those inexpensive pay-once lifetime deals way back when. Mainly use that for bypassing geo restrictions on content. And also on the rare chance I'm torrenting.
But I do also have my own WireGuard VPN that runs off a server at home. I've definitely been using that more often when traveling in hotels and airports or hanging out at at Starbucks. No piracy for obvious reasons, but at least it's more secure than the public WiFi networks.
Really? That's good to know, I think. But I wonder why that is. Some kinda deal with the Chinese government? I probably won't ever go to China (though I do/did kinda want to go to Hong Kong), so...
Windscribe is one of the rare few VPNs that actually works in China.
Really? That's good to know, I think. But I wonder why that is. Some kinda deal with the Chinese government?
I probably won't ever go to China (though I do/did kinda want to go to Hong Kong), so maybe I won't ever need to test Windscribe there.
I run a VPN on both Oracle and AWS -- both free. I've got each in different countries depending on some content I want to stream. I just use this script for openVPN and call it a day. For those...
I run a VPN on both Oracle and AWS -- both free. I've got each in different countries depending on some content I want to stream.
I just use this script for openVPN and call it a day.
For those who are still using torrents, why not run a seedbox instead of messing with VPNs?
the micro instances are always free, so far as i know. they don’t have a lot of traffic, but it’s enough for a show or two every day. if you can’t find it, i can dig up a link
the micro instances are always free, so far as i know. they don’t have a lot of traffic, but it’s enough for a show or two every day.
I used NordVPN for a bit, and I liked it but I remember they had a data breach or something similar a couple of years ago. https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/ I...
I currently have MozillaVPN which is... alright. I've heard that it's built on top of Mullvad and I feel like I wasn't able to do anything like use streaming services from a different country. It's also attached to a Mozilla account which isn't great.
I've never used Nord VPN and have no skin in the game, but it's worth noting that cybersecurity is kind of like riding a motorcycle - there are companies that have crashed, and there are companies...
I've never used Nord VPN and have no skin in the game, but it's worth noting that cybersecurity is kind of like riding a motorcycle - there are companies that have crashed, and there are companies that are going to crash.
Just like it's helpful to learn how to crash a motorcycle in the "right" way, the goal in cyber shifts from "make sure we never get hacked ever" to something more like "configure our stuff so that damage is minimal even when someone gets inside."
By that standard, Nord VPN did pretty dang well. No customer info was exposed, they don't think anyone was able to decrypt the traffic, and so on.
That's fair! and as a former motorcyclist that has been in an accident I totally get that lol. Tbh i was considering switching back to Nord since I think they're still pretty good with streaming...
That's fair! and as a former motorcyclist that has been in an accident I totally get that lol. Tbh i was considering switching back to Nord since I think they're still pretty good with streaming and I've been travelling a lot so I gotta figure out what to use now.
Mullvad works much better than Mozilla VPN on Linux, despite the servers being the exact same servers. Mozilla had some critical bugs that I reported but their support team kept repeatedly saying...
Mullvad works much better than Mozilla VPN on Linux, despite the servers being the exact same servers.
Mozilla had some critical bugs that I reported but their support team kept repeatedly saying to please logout to clear the cache, and that they wouldn't forward my bug report to the dev team.
Mozilla VPN kill-switch doesn't always work on Linux. Sometimes network dropped and then I come back and see the Internet still works, except, it's not flowing through the VPN(!!!). the VPN app says something about an error connecting to the VPN.
Also a glitch where as soon as I bring up the logout/restart/shutdown menu on Ubuntu/Gnome, Mozilla VPN disconnects. I didn't logout, just bring up the menu to logout.
It's sad because I wanted to support Mozilla (and still do but not through their VPN product)
No issues whatsoever using Mullvad VPN directly. I'm a happy Mullvad user now.
I've tried and did not like ExpressVPN (was good at the start), CyberGhost (connection wonky), NordVPN (connection wonky), and SurfShark (good at the start then drops the ball once they have your...
I've tried and did not like ExpressVPN (was good at the start), CyberGhost (connection wonky), NordVPN (connection wonky), and SurfShark (good at the start then drops the ball once they have your money, though I think that goes for everything on this list).
I use Tailscale as the other kind of VPN: to keep access to my own services private as opposed to obscuring my internet traffic. For instance my iPad and three computers in the house all have the...
I use Tailscale as the other kind of VPN: to keep access to my own services private as opposed to obscuring my internet traffic.
For instance my iPad and three computers in the house all have the Tailscale client installed. They self-organize without any network management so they all appear to be on a private network. One of my computer runs the Jellyfin media server and some similar things, another one runs my YOShInOn RSS reader and intelligent agent. I can log into those applications anywhere without having to think about network configuration, UPNP, DMZ, firewall rules, nothing. It “just works”.
Regarding PIA (Private Internet Access), it was bought by "Kape Technologies" in 2019 by the same company that owns CyberGhost and ExpressVPN. Strange Ties: Private Internet Access, Kape, and...
Regarding PIA (Private Internet Access), it was bought by "Kape Technologies" in 2019 by the same company that owns CyberGhost and ExpressVPN.
Also, OP, regarding NordVPN. I feel the same way about it. My sub expires in ~2 weeks and I'm more than ready to drop it. I see it the same way as ExpressVPN with everyone shilling it so much; too much money involved.
The one consistent thing when researching VPNs is Mullvad VPN respecting your privacy. The whole point of VPNs.
I'm currently deciding between Mullvad and Proton VPN (Plus).
In the end you have your judgement and what you're comfortable with when it comes to VPNs.
I have been using Mozilla VPN for a few months without complaints. I'm using them really to support the company (I use Firefox a lot) while adding a little security. Hulu detected the VPN btw, but...
I have been using Mozilla VPN for a few months without complaints. I'm using them really to support the company (I use Firefox a lot) while adding a little security. Hulu detected the VPN btw, but I have used it without issue when I stream British video from BBC iPlayer and UKTV apps (so far that is). I was $56-ish for the year with a discount code.
I don't know which OS you're on, but in case it's Linux, I suggest reading my comment above about Mozilla VPN bugs on Linux, and consider if you want to switch to Mullvad instead (it's the same...
I don't know which OS you're on, but in case it's Linux, I suggest reading my comment above about Mozilla VPN bugs on Linux, and consider if you want to switch to Mullvad instead (it's the same servers as Mozilla, Mozilla just resells Mullvad service as a middleman). Except the Mullvad client software is different, and in my experience much less buggy.
I'm using Mozilla VPN on my Android phone and Chromebook. Would you consider Hulu detecting my VPN as Mozilla being buggy? I would maybe switch if Mozilla could prorate what I already spent, but I...
I'm using Mozilla VPN on my Android phone and Chromebook. Would you consider Hulu detecting my VPN as Mozilla being buggy? I would maybe switch if Mozilla could prorate what I already spent, but I haven't been bothered by anything yet.
No that would more likely be Hulu possessing a list of IP addresses known to belong to VPNs. Mozilla/Mullvad would both have the same problem there. Honestly if Mozilla is working fine for you...
Would you consider Hulu detecting my VPN as Mozilla being buggy?
No that would more likely be Hulu possessing a list of IP addresses known to belong to VPNs. Mozilla/Mullvad would both have the same problem there.
Honestly if Mozilla is working fine for you (Hulu aside) then stick with it, but if you do notice bugs then know that you're not alone
I have a t-shirt that I got at a conference that says friends don't let friends use VPNs. I think it's supposed to be a Zero Trust thing and I get that it's saying you shouldn't trust someone to...
I have a t-shirt that I got at a conference that says friends don't let friends use VPNs. I think it's supposed to be a Zero Trust thing and I get that it's saying you shouldn't trust someone to have full network access just because they authenticated into your VPN but I don't have any clue what you're supposed to use on personal devices instead of a VPN. Maybe I'm thinking too much about something that's supposed to be a pithy T-shirt.
I've been using the free version of Windscribe for years now. 15gb monthly cap is more than enough for me (basically just use it for torrenting every now and then). I can't really afford a paid...
I've been using the free version of Windscribe for years now. 15gb monthly cap is more than enough for me (basically just use it for torrenting every now and then). I can't really afford a paid VPN these days but when I could I used Mullvad and it was great, I'd recommend it.
I use Mullvad, it's very reliable with only a few random issues over the last couple of years. I was disappointed when they dropped port forwarding though, it does help with torrents but I only...
I use Mullvad, it's very reliable with only a few random issues over the last couple of years.
I was disappointed when they dropped port forwarding though, it does help with torrents but I only download stuff using that very occasionally and for the most part I still can, just not guaranteed to get things at quite as high a speed without forwarding.
Seems perfectly able to saturate my fibre internet though, I have seen people say it's even good up to a gigabit or more but can't confirm.
ExitLag is specific for games, it reduces up to 40ms off my ping when playing on foreign servers. Someone told me I could have the same effect changing my DNS but I'm lazy, not very technical, and...
ExitLag is specific for games, it reduces up to 40ms off my ping when playing on foreign servers.
Someone told me I could have the same effect changing my DNS but I'm lazy, not very technical, and it's paid for the year.
I was using urbanVPN as it's free and offers ability to get IPs from pretty much any country (many of the free services I looked at only allowed 2-3 countries as options). Strangely, when I try...
I was using urbanVPN as it's free and offers ability to get IPs from pretty much any country (many of the free services I looked at only allowed 2-3 countries as options). Strangely, when I try and connect to a server in the country I need, it seems to just connect to one in Germany on occasion. I have to play around with it to finally get it to connect.
I'm looking for an alternative, so if anyone is aware of other free vpn services that offer the possibility of a wide range of countries, please let me know. The country I connect to is the most important part for me, so that's why I'm stuck with those options.
You're probably aware of this, but people generally recommend against using free VPNs as they make their money by selling your data. Other companies do this too, of course, but a free VPN only...
You're probably aware of this, but people generally recommend against using free VPNs as they make their money by selling your data. Other companies do this too, of course, but a free VPN only makes money by selling your data, suggesting that it's probably on a different scale than, say, what your ISP is doing. The security implementations are probably also quite a bit more suspect, if you're using it for privacy reasons.
Not telling you what to do, just want to make sure it's an informed choice.
Oh. I was unaware of this, but this would not surprise me. I am new to using VPNs. I suppose I should have thought more about it. My use case is probably a less popular one, and is not geared...
Oh. I was unaware of this, but this would not surprise me. I am new to using VPNs. I suppose I should have thought more about it. My use case is probably a less popular one, and is not geared around obscuring my identity. But even still, I don't like using services that sell my data. Thanks for letting me know.
You bet. Just so you're as informed as possible, basically the vpn can see whatever your internet service provider would normally see. So if you're visiting https websites, it's encrypted so they...
You bet. Just so you're as informed as possible, basically the vpn can see whatever your internet service provider would normally see. So if you're visiting https websites, it's encrypted so they can't see what the data you're exchanging is (or any subdomains - they can only see that you're on tildes.net for example, not this specific topic), but they can sort of infer what you might be doing based on how long you're spending on each site. And some other stuff like that. (what type of device you're using, that sort of thing.)
oh wow, I had no clue! But now that I think about it - it makes perfect sense! Luckily, I have nothing to fear as I used it to visit the same couple very boring sites. Regardless, it's just gross...
oh wow, I had no clue! But now that I think about it - it makes perfect sense! Luckily, I have nothing to fear as I used it to visit the same couple very boring sites. Regardless, it's just gross if they collect this data and sell it, and I don't want that.. I'm slightly embarrassed by my ignorance here, because this seems obvious and I just never thought about it. EDIT: Looked it up and yes, UrbanVPN both shares and sells your data :(
Very Apple-centric perspective: I canceled my NordVPN subscription right after Apple released iCloud Private Relay, and I've been using exclusively that ever since. It's always active, adds no...
Very Apple-centric perspective: I canceled my NordVPN subscription right after Apple released iCloud Private Relay, and I've been using exclusively that ever since. It's always active, adds no latency whatsoever (none that I could notice anyways), works seamlessly on all my Apple devices requiring no additional software, and it's included in my iCloud+ subscription, which I need anyway. Of course it only works in Safari, but that suits me perfectly since I only use Safari and don't need IP-masking anywhere else.
I might be worth mentioning that I no longer torrent locally and happily pay for my put.io subscription. I could not imagine going back to local torrenting after using put.io... it's just that good.
I use AdGuard for my mobile device, it's 100% free and hasn't given me any issues, I also don't get any ads on any website anymore, which is nice. They also have a way to block ads on YouTube, but...
I use AdGuard for my mobile device, it's 100% free and hasn't given me any issues, I also don't get any ads on any website anymore, which is nice. They also have a way to block ads on YouTube, but I haven't tried it because I use ReVanced
If you're only going to use HTTP/HTTPS, I've used Shadowsocks before and it was pretty great. You can setup a server very easily on an AWS T2 Micro instance and just proxy all of your traffic to...
If you're only going to use HTTP/HTTPS, I've used Shadowsocks before and it was pretty great. You can setup a server very easily on an AWS T2 Micro instance and just proxy all of your traffic to any region you want.
My cousin moved to Australia for work, and she was able to watch US Netflix this way
I host my own wireguard server out of my home network. There is a docker container that makes it pretty easy. I've been thinking of trying out Tailscale though
I host my own wireguard server out of my home network. There is a docker container that makes it pretty easy.
I have been using mullvad for the past 2 years with 0 complaints. I suggest you check it out. they really try to be privacy focused above all else.
They really put their money where their mouth is. You can just mail them physical money and they’ll give you back an integer that is your account number. You don’t need any other identifying information. They’ve consistently passed audits with flying colors. Their client is open source (and written in cool programming languages FWIW, Rust and Typescript).
On top of that, if you make the account first then send cash through the mail, you are given a completely separate identifier to include with the cash so your payment cannot be tied to your account by anyone else. It's a really nice system!
Privacy Guides (full disclosure: I'm a team member) has a list of VPNs all of which should be able to fill your needs. The site isn't affiliated with any of the providers it recommends, which is somewhat of a rarity.
Hey, offtopic but just want to say I've been using Privacy Guides (and Tools before) for years. Not exclusively for recommendations, but also to learn what common threats exists that I should be aware of. I think you folks do a very good job at summarizing convoluted topics as didactic as possible. Thanks!
Thanks for the kind words!
I liked Mullvad when I was paying for it. 5 euros a month, reliable service, though they don't seem to be as friendly to bittorrent users as other VPN providers nowadays, so may not work for you. PrivacyGuides only recommends providers that meet their stringent requirements and Mullvad is one of the few on their list.
I've been using mullvad as my VPN for years as well, I torrent Linux distros through it all the time and have had no issues. I also game through it and still get solid ping.
Also note: mullvad was raised by police a while back and the authorities got nothing because mullvad doesn't log anything https://www.theverge.com/2023/4/21/23692580/mullvad-vpn-raid-sweden-police
Ah I see, the unfriendliness I was referring to was the recent change made to port forwarding (or lack thereof). It sounds like you haven't found that this impacted your download speeds significantly? Mullvad also used to have a page where they explained how to use qbittorrent more securely with their VPN, but they have since deleted it (though perhaps that was for legal reasons, not because they no longer support using their VPN for that purpose).
I just tested and on Mullvad I'm able to download Debian ISOs at 50 MB/s, and without it the same torrent downloads at 100 MB/s. A significant difference but either way it's fast for me.
Anywhere I can find out more about the unfriendliness to bittorrent users? This thread was making me interested in mullvad but that makes me hesitate
I don't know what the other person is referring to, but recently Mullvad removed the port forwarding feature from the service. Port forwarding is helpful in making p2p connections through torrenting. That might be all they meant by unfriendliness, or they could have been speaking about something else in addition to that.
In any case it's worth noting that the 3 providers recommended in the link they provided, 2 of them recently stopped allowing port forwarding (Mullvad first, then IVPN followed). The remaining one is ProtonVPN which still has some support for it, but I'd be skeptical about the survivability of the feature if some of the top recommended VPNs just removed support in quick succession. Seemingly would suggest there was something difficult for them to work with to continue supporting it, whether it was legal pressures, technical pressures or something else, and people who were using that service that might have led to that pressure existing move somewhere else, only for just as much if not more pressure to move with them when they become a bigger target when the competitors are no longer supporting the feature.
Proton isn't afraid to give user data away if the police ask for it, something Mullvad doesnt store in the first place.
Citing their email product and not their VPN makes little sense.
EDIT: For my part, it helps when I read articles. I still see the distinction here from the email product and VPN as behaving differently enough that I'm still not so concerned about the VPN product. In my link, they do differentiate the different requirements of the products.
They also only started to collect data once forced to. Depending on Swedish law, the same could happen to Mullvad.
Swiss, as in Switzerland, I believe you mean?
I’ve been looking into this stuff a while ago, I came up with the conclusion of pretty much you can’t trust anything that you don’t self host.
I still use their services though,mainly mail and vpn but should also use drive.
I don't think that's a totally fair way to look at it. It really depends on your "threat vectors" as it were, and your resources and capabilities.
For example, no one would advise you make your own encryption methods when existing ones are out there, you would be worse off rolling your own solution than using a provided one, because it's too complex for most people to accomplish similar results on their own. Basically there's always some limits to doing things yourself versus using solutions others are providing. The same is true with self-hosting.
If you self-host, assuming you're talking about renting server space from a facility you don't own, you've now entrusted physical access to the machine you're using to someone else and you're using their network connection as well. The moment you do this, you're open to similar issues that any other VPN provider would be open to. The VPS company would also be serving a different market where logging connections, IP addresses etc. might be good business, which isn't true for many VPN services. So the moment you first connect to your VPS, you could be in their logs. Then authorities come knocking and they give you up. It doesn't matter that your self hosted solution on their VPS has no logs, because they can prove you were the one who set it up.
Now if you self host within your own facilities and your own equipment (such as in your own home), authorities come knocking and you're even less capable of warding them off depending on where you're located. If your goal was to put as much distance between yourself and any investigation, this would be ineffective.
That isn't to say there aren't situations where self-hosting isn't better, I'm just saying different people have different reasons for the solutions they go with. Some might even layer these different solutions to make it even harder to track them, at the expense of being more inconvenient or complex to operate.
I'm pretty wary of those claims, considering they made the same claims with protonmail before the incident. My bad for not including it in the first reply.
The flip side to this is, it doesn't appear that ProtonMail was being malicious or intentionally underhanded regarding things surrounding that incident.
It seems they weren't logging IP addresses, but then were obliged to begin logging for a particular account.
Even though their prior policy was still true, that by default they were not logging IP addresses, they ended up removing it. Perhaps after this incident, realizing what they were up against with the authorities, it may have differed from what they anticipated. Perhaps they thought they could rebuff authorities for example.
Of course after all that you might say, well what is any different about the VPN? Perhaps they could be compelled to begin logging. That is true, they might face similar pressures. One perspective of this could be going back to what I initially stated, it doesn't seem as though they were malicious (lying about recording IP addresses) or intentionally underhanded, and they removed part of their privacy policy to better account for the legal authority which they were subjected to. To then make a VPN product and not be aware of this would be an orders of magnitude incompetent on their part, which they seemingly haven't shown such incompetence, or it would be malicious or underhanded of them to market it that way if the circumstances are exactly the same as they were with their email product.
Any of these companies could potentially be compelled to cooperate in ways that pierce the shield that they're offering. Even Mullvad with it's diskless setup, if authorities come knocking, put a gag order on them and make them log things into RAM for a particular ID when future connections occur, what are they going to do? Tell the authorities no?
I think the rub here is that the statement is still true. They don't keep any logs. When they were compelled, they started logging and turned that information over. I assume they didn't keep the switch toggled, and I would also guess it was only for that account.
It's possible I'm being too generous with Proton, but their clarification on the page I linked seems to indicate that email and VPN fall under different regulations, and because Proton does not log by default, they'd have nothing to turn over in the case of the VPN, and even if compelled, I'm not sure they could turn over anything actionable.
For the record, one can use Protonmail email via Tor, they have an .onion website.
From the technical end, Wireguard + NAT-PMP make this fairly trivial for the VPN provider.
On the user side, the Proton GUI app supports it well, but for server apps it requires some fiddling from what I've figured out.
I'm in the process of writing a bash script to keep the portforward alive and update firewall rules and Transmission port accordingly.
More so I was thinking technical difficulties on their part in the sense of preventing unwanted behaviors, such as excessive use beyond what they reasonably anticipate or other things. It could be hard to distinguish between reasons as they can blend together, but it may also just be a business decision within that too. Technical and business reasons for their type of business are heavily intertwined.
I just suspect something has changed over time they made it more difficult for them to justify keeping the feature around, and the fact that another respected VPN followed suit a month later only further makes me suspicious that it wasn't just some flawed decision making by Mullvad or something along those lines, but something within that market that has made it less tenable to support.
Of course that isn't to say every VPN is now going to remove it, it could be seen as a rotating competition piece where when you're new it might be a good feature to elevate yourself above the competition even if it has additional burdens that come with it, sort of using it as a loss-leader if you will, only to remove it later when you don't need it to elevate yourself above the competition anymore and relieve yourself of the burdens that come with it.
If I recall, the problem is not the ability to forward the port, but the privacy problems it generates. To forward a consistent port, the VPN provider needs to have records tying that port to a particular account, which means that there is an externally visible property of the connection that can be used with access to the VPN provider's records to identify the account.
It's possible that there would be other options, for example, a per-connection forwarded port that would only be set for the duration of that connection / some fixed, short period of time, but having the same port consistently forwarded is problematic.
That Mullvad, which tends to prioritize privacy over convenience, would be the first to remove port forwarding, would fit with it being a privacy concern.
Proton's does a 60s timeout, fixed. If you want to keep it alive, you have to renew it.
I was talking about what @Grumble4681 mentioned. If you check the PrivacyGuides link, they don't just tell you Yes/No if Mullvad meets their requirements, but they actually rate Mullvad on each requirement, talking about their implementation, what it does right and what it does wrong, etc. Look under the "Port Forwarding" heading under the broader Mullvad heading on the site and they mention this change.
And then they check who connects to that VPN and it’s only you and your friends. When using a bigger vpn there’s at least a higher chance to be lost among their users.
Your option is still reasonable in my opinion, but only if you don’t use it for sailing the high seas.
Can you expand on who "they" is and how they "check"?
Only the cloud provider will have the ability to tie the incoming traffic to a specific connected user, which they can be forced to hand over but only by organizations that have the power to, which are more than likely investigating national security threats instead of movie pirates.
I meant exactly such organizations that could force such providers to hand out such details. I guess you are absolutely right that some organizations are not interested in pirates. But corporations have their way to make organizations become interested just to make an example out of someone. Just remember what happened to Aaron Swartz.
I should have used different wording in my original reply, as I just wanted to bring attention that self hosting doesn’t necessarily mean you will be fully protected from everything.
Seconding rolling your own. With a VPS, you can pick data centres wherever you want in the world.
Worth to say this is not always the case. I have been using NordVPN which seems like one of the very mainstream choices for a few years now and while in the beginning I sometimes had to switch servers because my VPN was detected, it hasn't happened in about two years (this is with Netflix and HBO Max).
edit: except, they only support bypassing Netflix regional restrictions through the most popular countries. I think you can't get Germany for example.
I use ProtonVPN and love it.
I'm on Nord and want to give Proton a try (as I use the rest of the suite happily), but I've got until 2025 with this sub.
Have you used both? Any ideas on comparitve performance?
I've switched from Nord to Proton about a year ago.
I mainly switched because I now also use the drive, email and calendar features from them.
Proton feels faster. However I've not done any data collection to back this claim.
I get 100Mbits down 40Mbits up without issues.
Once upon a time, I would have said mullvad, but I had to drop them after they removed the ability to port forward. I switched to ProtonVPN, and it's been mostly okay. There are a few annoyances (e.g. I can't enable the kill switch while excluding certain apps from the VPN — something I could do with mullvad), but it's been otherwise a fine replacement.
If you aren't familiar with port forwarding, or don't know what it might be used for, then I'd say mullvad is still a fine option.
All I know about port forwarding is that I can host something and connect to it externally.
Does that mean that I can use ProtonVPN to break through CG-NAT, or does it serve a different purpose here?
You could do this. However you can't choose the port to forward. So your server needs to respond to the port Proton opens for you. Alternatively you could set up a reverse proxy.
If for example you want to host a website every user would need to open yourpage.com:port which makes it unusable for hosting publicly.
If there is a way around that I'd be happy to learn about it.
You're looking for a reverse proxy; you send all traffic to it and let it route to the internal services on whatever port they use/expect.
edit: I think I misunderstood your comment but now I'm actually confused. You just point your domain to your IP, forward ports only to the reverse proxy, and it takes care of everything else. No need to put the port on the end of the domain.
Let's say Proton opens port 1000 for me.
If I now point my domain to the VPN IP the reverse proxy is only reachable on that port. Now I configure the reverse proxy to forward port 1000 to 443 for my webserver.
However when I now open a browser tab and go to mydomain.com the browser will only try to make a connection to port 443 and 80. Or can I change that in the DNS or something?
You can specify the port in the browser. So you can do mydomain.com:1000 to make your browser navigate that.
Yes, you have your proxy run on port 443 (via a VPS or something), and then route traffic to port 1000. SSL termination on the proxy is easiest, however that means traffic to port 1000 will be unencrypted. There is a way to just passthrough to the underlying server, but IIRC it needs more configuration.
You should then be able to access https://mydomain.com without port 1000.
Your reverse proxy should be on 80 and 443 internally (unless your router allows you to actually port forward, 80->8080 for example), so all traffic hits the reverse proxy first. You then configure your services:
domain.com -> reverse proxy -> internal-webserver:1234
sub.domain.com -> reverse proxy -> internal-service-a:5678
another.domain.com -> reverse proxy -> internal-service-b:1234
domain.com/something -> reverse proxy -> internal-something:5678
Whatever and however you want to do it. Personally I run everything via docker with custom networking, makes it really easy to compartmentalize services into their own subnets and avoid port collisions.
If you're looking to break through CGNAT, look into Cloudflare Tunnels / cloudflared. I use it to tunnel my Home Assistant instance, and several other services, through my CGNAT'd T-Mobile home Internet connection.
For privacy: mullvad
For getting into my own network: Tailscale
For getting around geo restrictions on streaming sites: NordVPN
Airvpn.org
An OpenVPN and WireGuard based VPN operated by activists in defense of net neutrality, privacy and against censorship
I usually renew every Black Friday, the day of the year they reduce prices.
Normally I hesitate to even mention it. They're cheap, don't draw attention, have a ton of nodes, are highly versatile with an API, support for multiple connections, etc. They always have some nodes that are not in the big vpn block lists so you can use them to route around stupid blocks. I've been using them for years and have them integrated in my openvpn-based route switching system.
Disadvantages: Legal entity in Italy, which is not considered a super privacy safe government (this is probably OK if you're not some kind of terrorist, which I am not). Speeds are not always the fastest.
I use PIA and haven't had problems.
Last I checked, they were also the cheapest.
They don’t work well for me for getting around geo restrictions, and i sometimes have to do extra i am not a robot checks. They also don’t work for activision games.
They are also owned by a company that might have some questionable practices.
But they work great for my purposes as far as I can tell.
My exact experience. I bought a sub ~2018, but refunded after the company changed hands. We don't know exactly how well they respect their users' privacy, but that's where trust comes in. And I don't trust that company.
I had a lot of respect for PIA in those days, back when Rick Falkvinge was the company's public "head of security" and frequently blogged about important topics on their site. Once Kape took over he quietly distanced himself from PIA. I was a proud subscriber for many years but the current owner's business model seriously skeezes me out. I've since moved to Mullvad and have no regrets.
That's the reason why I subscribed at first. It had a good reputation and wasn't like those "big" providers out just for profit.
Mullvad isn't too great for P2P anything now, after they removed port forwarding. I'd recommend ProtonVPN and if you get the higher price tier it also comes with the "premium" version of all their other services.
I use Nord. They tend to be pretty good for getting around broadcast blackout restrictions for streaming. They're pretty inexpensive and I haven't had any issues with them so that's who I'll keep using.
I use Windscribe. I got one of those inexpensive pay-once lifetime deals way back when. Mainly use that for bypassing geo restrictions on content. And also on the rare chance I'm torrenting.
But I do also have my own WireGuard VPN that runs off a server at home. I've definitely been using that more often when traveling in hotels and airports or hanging out at at Starbucks. No piracy for obvious reasons, but at least it's more secure than the public WiFi networks.
Really? That's good to know, I think. But I wonder why that is. Some kinda deal with the Chinese government?
I probably won't ever go to China (though I do/did kinda want to go to Hong Kong), so maybe I won't ever need to test Windscribe there.
I run a VPN on both Oracle and AWS -- both free. I've got each in different countries depending on some content I want to stream.
I just use this script for openVPN and call it a day.
For those who are still using torrents, why not run a seedbox instead of messing with VPNs?
How are you getting free AWS time?
the micro instances are always free, so far as i know. they don’t have a lot of traffic, but it’s enough for a show or two every day.
if you can’t find it, i can dig up a link
Huh - thanks for letting me know.
I used NordVPN for a bit, and I liked it but I remember they had a data breach or something similar a couple of years ago. https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
I currently have MozillaVPN which is... alright. I've heard that it's built on top of Mullvad and I feel like I wasn't able to do anything like use streaming services from a different country. It's also attached to a Mozilla account which isn't great.
I've never used Nord VPN and have no skin in the game, but it's worth noting that cybersecurity is kind of like riding a motorcycle - there are companies that have crashed, and there are companies that are going to crash.
Just like it's helpful to learn how to crash a motorcycle in the "right" way, the goal in cyber shifts from "make sure we never get hacked ever" to something more like "configure our stuff so that damage is minimal even when someone gets inside."
By that standard, Nord VPN did pretty dang well. No customer info was exposed, they don't think anyone was able to decrypt the traffic, and so on.
That's fair! and as a former motorcyclist that has been in an accident I totally get that lol. Tbh i was considering switching back to Nord since I think they're still pretty good with streaming and I've been travelling a lot so I gotta figure out what to use now.
Mullvad works much better than Mozilla VPN on Linux, despite the servers being the exact same servers.
Mozilla had some critical bugs that I reported but their support team kept repeatedly saying to please logout to clear the cache, and that they wouldn't forward my bug report to the dev team.
Mozilla VPN kill-switch doesn't always work on Linux. Sometimes network dropped and then I come back and see the Internet still works, except, it's not flowing through the VPN(!!!). the VPN app says something about an error connecting to the VPN.
Also a glitch where as soon as I bring up the logout/restart/shutdown menu on Ubuntu/Gnome, Mozilla VPN disconnects. I didn't logout, just bring up the menu to logout.
It's sad because I wanted to support Mozilla (and still do but not through their VPN product)
No issues whatsoever using Mullvad VPN directly. I'm a happy Mullvad user now.
I've tried and did not like ExpressVPN (was good at the start), CyberGhost (connection wonky), NordVPN (connection wonky), and SurfShark (good at the start then drops the ball once they have your money, though I think that goes for everything on this list).
FWIW, Michael Bazzell recommends ProtonVPN and PIA (see here)
I use Tailscale as the other kind of VPN: to keep access to my own services private as opposed to obscuring my internet traffic.
For instance my iPad and three computers in the house all have the Tailscale client installed. They self-organize without any network management so they all appear to be on a private network. One of my computer runs the Jellyfin media server and some similar things, another one runs my YOShInOn RSS reader and intelligent agent. I can log into those applications anywhere without having to think about network configuration, UPNP, DMZ, firewall rules, nothing. It “just works”.
Regarding PIA (Private Internet Access), it was bought by "Kape Technologies" in 2019 by the same company that owns CyberGhost and ExpressVPN.
Strange Ties: Private Internet Access, Kape, and Crossrider
Do we have a potential VPN criminal conglomerate?
Also, OP, regarding NordVPN. I feel the same way about it. My sub expires in ~2 weeks and I'm more than ready to drop it. I see it the same way as ExpressVPN with everyone shilling it so much; too much money involved.
The one consistent thing when researching VPNs is Mullvad VPN respecting your privacy. The whole point of VPNs.
I'm currently deciding between Mullvad and Proton VPN (Plus).
In the end you have your judgement and what you're comfortable with when it comes to VPNs.
Mullvad regularly, sometimes switch to OECK and also ProtonVPN
I have been using Mozilla VPN for a few months without complaints. I'm using them really to support the company (I use Firefox a lot) while adding a little security. Hulu detected the VPN btw, but I have used it without issue when I stream British video from BBC iPlayer and UKTV apps (so far that is). I was $56-ish for the year with a discount code.
Does Mozilla care if you go sailing with their VPN? I'd love to support them instead of ExpressVPN
That I don't know. Also don't know if they have port forwarding (I haven't torrented).
I don't know which OS you're on, but in case it's Linux, I suggest reading my comment above about Mozilla VPN bugs on Linux, and consider if you want to switch to Mullvad instead (it's the same servers as Mozilla, Mozilla just resells Mullvad service as a middleman). Except the Mullvad client software is different, and in my experience much less buggy.
I'm using Mozilla VPN on my Android phone and Chromebook. Would you consider Hulu detecting my VPN as Mozilla being buggy? I would maybe switch if Mozilla could prorate what I already spent, but I haven't been bothered by anything yet.
No that would more likely be Hulu possessing a list of IP addresses known to belong to VPNs. Mozilla/Mullvad would both have the same problem there.
Honestly if Mozilla is working fine for you (Hulu aside) then stick with it, but if you do notice bugs then know that you're not alone
I have a t-shirt that I got at a conference that says friends don't let friends use VPNs. I think it's supposed to be a Zero Trust thing and I get that it's saying you shouldn't trust someone to have full network access just because they authenticated into your VPN but I don't have any clue what you're supposed to use on personal devices instead of a VPN. Maybe I'm thinking too much about something that's supposed to be a pithy T-shirt.
I've been using AirVPN.org for years. The prices are very reasonable and the staff is friendly and helpful.
I've been using the free version of Windscribe for years now. 15gb monthly cap is more than enough for me (basically just use it for torrenting every now and then). I can't really afford a paid VPN these days but when I could I used Mullvad and it was great, I'd recommend it.
I use Mullvad, it's very reliable with only a few random issues over the last couple of years.
I was disappointed when they dropped port forwarding though, it does help with torrents but I only download stuff using that very occasionally and for the most part I still can, just not guaranteed to get things at quite as high a speed without forwarding.
Seems perfectly able to saturate my fibre internet though, I have seen people say it's even good up to a gigabit or more but can't confirm.
ExitLag is specific for games, it reduces up to 40ms off my ping when playing on foreign servers.
Someone told me I could have the same effect changing my DNS but I'm lazy, not very technical, and it's paid for the year.
I was using urbanVPN as it's free and offers ability to get IPs from pretty much any country (many of the free services I looked at only allowed 2-3 countries as options). Strangely, when I try and connect to a server in the country I need, it seems to just connect to one in Germany on occasion. I have to play around with it to finally get it to connect.
I'm looking for an alternative, so if anyone is aware of other free vpn services that offer the possibility of a wide range of countries, please let me know. The country I connect to is the most important part for me, so that's why I'm stuck with those options.
You're probably aware of this, but people generally recommend against using free VPNs as they make their money by selling your data. Other companies do this too, of course, but a free VPN only makes money by selling your data, suggesting that it's probably on a different scale than, say, what your ISP is doing. The security implementations are probably also quite a bit more suspect, if you're using it for privacy reasons.
Not telling you what to do, just want to make sure it's an informed choice.
Oh. I was unaware of this, but this would not surprise me. I am new to using VPNs. I suppose I should have thought more about it. My use case is probably a less popular one, and is not geared around obscuring my identity. But even still, I don't like using services that sell my data. Thanks for letting me know.
You bet. Just so you're as informed as possible, basically the vpn can see whatever your internet service provider would normally see. So if you're visiting https websites, it's encrypted so they can't see what the data you're exchanging is (or any subdomains - they can only see that you're on tildes.net for example, not this specific topic), but they can sort of infer what you might be doing based on how long you're spending on each site. And some other stuff like that. (what type of device you're using, that sort of thing.)
oh wow, I had no clue! But now that I think about it - it makes perfect sense! Luckily, I have nothing to fear as I used it to visit the same couple very boring sites. Regardless, it's just gross if they collect this data and sell it, and I don't want that.. I'm slightly embarrassed by my ignorance here, because this seems obvious and I just never thought about it. EDIT: Looked it up and yes, UrbanVPN both shares and sells your data :(
Very Apple-centric perspective: I canceled my NordVPN subscription right after Apple released iCloud Private Relay, and I've been using exclusively that ever since. It's always active, adds no latency whatsoever (none that I could notice anyways), works seamlessly on all my Apple devices requiring no additional software, and it's included in my iCloud+ subscription, which I need anyway. Of course it only works in Safari, but that suits me perfectly since I only use Safari and don't need IP-masking anywhere else.
I might be worth mentioning that I no longer torrent locally and happily pay for my put.io subscription. I could not imagine going back to local torrenting after using put.io... it's just that good.
I use AdGuard for my mobile device, it's 100% free and hasn't given me any issues, I also don't get any ads on any website anymore, which is nice. They also have a way to block ads on YouTube, but I haven't tried it because I use ReVanced
Run your own VPN server, I used to do mine on a digital ocean droplet but I'm sure there are other better options.
This comment brought to you by Nord VPN! Reach out to me if you want to claim this space!
If you're only going to use HTTP/HTTPS, I've used Shadowsocks before and it was pretty great. You can setup a server very easily on an AWS T2 Micro instance and just proxy all of your traffic to any region you want.
My cousin moved to Australia for work, and she was able to watch US Netflix this way
I host my own wireguard server out of my home network. There is a docker container that makes it pretty easy.
I've been thinking of trying out Tailscale though
If you want a hosted service, Mullvad, for sure.