Mailing List Archive

About to have fiber internet and need VPN info
Howdy,

Fiber internet is right around the corner.  Some neighbors are already
connected and they working their way to my area.  Once I get connected,
I also want to use a VPN but only for some programs.  Example, I want
Ktorrent and a couple Firefox profiles to use VPNs but at least one
Firefox profile I want to remain outside of VPN.  I watched a few videos
but want to be sure I understand this right.  If I want software to use
a VPN, I put the IP address of the VPN into the proxy settings of the
program and that makes it use the VPN.  If I want it to not use the VPN,
I leave the settings as they are now.  Am I understanding this correctly? 

Also, the package I'm getting is 500Mbs/sec.  What speeds should I
really expect?  If memory serves me right, that is about 50MBs/sec, note
the size of the B.  By the way, that is about 50 times faster than what
I have now.  Also, up and down is the same.  Current up stream is a lot
smaller.  Basically, I can upload files as fast as I download them.  Now
I can upload videos or something. 

I'm looking at Surfshark and NordVPN.  Both seem to be good and at a
decent price.  Anyone used one or both of these?

Just trying to make sure I'm on the right path. 

Thanks.

Dale

:-)  :-) 

P. S.  Seamonkey is still not fetching emails automatically, I'm waiting
on a upgrade to see if it gets fixed then.  If not, revive old thread
and bring out the hammer.  ;-) 
Re: About to have fiber internet and need VPN info [ In reply to ]
Hey,
NordVPN and Surfshark aren't really considered good VPNs. I'd instead suggest you take a look at Mullvad and IVPN (maybe ProtonVPN too if your threat
model doesn't include governments or any kind of law enforcement). A VPN tunnel basically routes all traffic directed at it to the VPN server, so
you'd probably have to employ something like split tunneling t keep traffic seperate (guide:
https://mullvad.net/en/help/split-tunneling-with-linux-advanced/) (basic guide: https://mullvad.net/en/help/split-tunneling-with-the-mullvad-app/).
And you'll need to always keep in mind that a VPN is a low-level protection. It's enough for protecting yourself against spammers, script kiddies or
similar but it can't keep you private in the face of any high-level threats. Don't place too much trust in VPNs.

Regards,
F. Denkena

Am Samstag, dem 16.07.2022 um 05:57 -0500 schrieb Dale:
> Howdy,
>
> Fiber internet is right around the corner.  Some neighbors are already
> connected and they working their way to my area.  Once I get connected,
> I also want to use a VPN but only for some programs.  Example, I want
> Ktorrent and a couple Firefox profiles to use VPNs but at least one
> Firefox profile I want to remain outside of VPN.  I watched a few videos
> but want to be sure I understand this right.  If I want software to use
> a VPN, I put the IP address of the VPN into the proxy settings of the
> program and that makes it use the VPN.  If I want it to not use the VPN,
> I leave the settings as they are now.  Am I understanding this correctly? 
>
> Also, the package I'm getting is 500Mbs/sec.  What speeds should I
> really expect?  If memory serves me right, that is about 50MBs/sec, note
> the size of the B.  By the way, that is about 50 times faster than what
> I have now.  Also, up and down is the same.  Current up stream is a lot
> smaller.  Basically, I can upload files as fast as I download them.  Now
> I can upload videos or something. 
>
> I'm looking at Surfshark and NordVPN.  Both seem to be good and at a
> decent price.  Anyone used one or both of these?
>
> Just trying to make sure I'm on the right path. 
>
> Thanks.
>
> Dale
>
> :-)  :-) 
>
> P. S.  Seamonkey is still not fetching emails automatically, I'm waiting
> on a upgrade to see if it gets fixed then.  If not, revive old thread
> and bring out the hammer.  ;-) 
>
Re: About to have fiber internet and need VPN info [ In reply to ]
On Saturday, 16 July 2022 11:57:25 BST Dale wrote:

> Basically, I can upload files as fast as I download them. Now I can upload
> videos or something.

...or run a web server!

--
Regards,
Peter.
Re: About to have fiber internet and need VPN info [ In reply to ]
Peter Humphrey wrote:
> On Saturday, 16 July 2022 11:57:25 BST Dale wrote:
>
>> Basically, I can upload files as fast as I download them. Now I can upload
>> videos or something.
> ...or run a web server!
>


That's way above anything I'd want to tackle.  Heck, this VPN thing is a
bit confusing.  I've never seen it used before so sort of lost with it. 
Maybe once installed it will make sense. 

Dale

:-)  :-) 
Re: About to have fiber internet and need VPN info [ In reply to ]
On Sat, Jul 16, 2022 at 3:57 AM Dale <rdalek1967@gmail.com> wrote:
>
<SNIP>
> Also, the package I'm getting is 500Mbs/sec. What speeds should I
> really expect? If memory serves me right, that is about 50MBs/sec, note
> the size of the B. By the way, that is about 50 times faster than what
> I have now. Also, up and down is the same. Current up stream is a lot
> smaller. Basically, I can upload files as fast as I download them. Now
> I can upload videos or something.

You will almost certainly get your 500Mb pretty much right away - or
within a day or two. I get 475Mb on my comcast cable connection
but it's rate limited at the other end. They sell and upgrade which
I don't need. At these speeds it's more about bytes/month than
bytes/second so make sure you know how much data you can move
without incurring any extra charges.

As for upload I'm limited at about 13Mb/S. I can upload lots of
data to a Google drive for backups but I have to do it slowly

- Mark
Re: About to have fiber internet and need VPN info [ In reply to ]
Mark Knecht wrote:
>
>
> On Sat, Jul 16, 2022 at 3:57 AM Dale <rdalek1967@gmail.com
> <mailto:rdalek1967@gmail.com>> wrote:
> >
> <SNIP>
> > Also, the package I'm getting is 500Mbs/sec.  What speeds should I
> > really expect?  If memory serves me right, that is about 50MBs/sec, note
> > the size of the B.  By the way, that is about 50 times faster than what
> > I have now.  Also, up and down is the same.  Current up stream is a lot
> > smaller.  Basically, I can upload files as fast as I download them.  Now
> > I can upload videos or something.
>
> You will almost certainly get your 500Mb pretty much right away - or 
> within a day or two. I get 475Mb on my comcast cable connection
> but it's rate limited at the other end. They sell and upgrade which
> I don't need. At these speeds it's more about bytes/month than 
> bytes/second so make sure you know how much data you can move
> without incurring any extra charges. 
>
> As for upload I'm limited at about 13Mb/S. I can upload lots of
> data to a Google drive for backups but I have to do it slowly
>
> - Mark


If I understand this correctly, they are stating bits but most data
speeds are commonly in bytes.  I read once where one should divide by 8
or 9 to get the true speed in common use.  Internet folks use the larger
number because it makes it look bigger.  If I'm correct, and allowing a
little for overhead, I'll see about 50MBs/sec in common use terms.  In
other words, using none salesman terms. 

From what they state, there is no limits.  I may be a bit of a heavy
user at first but at some point, hard drive space will slow me down. 
I'm a collector of videos and other documents.  If I download it, I tend
to keep it unless it is really of no use.  I've got videos on appliance
repairs, tractor, tree management and just interesting stuff that I
refer back to.  It's a lot.  Organizing it is also fun. 

I'm hoping to get it pretty soon.  It's getting really close to me. 

Dale

:-)  :-) 
Re: About to have fiber internet and need VPN info [ In reply to ]
On Sat, Jul 16, 2022 at 10:18 AM Dale <rdalek1967@gmail.com> wrote:

>
> If I understand this correctly, they are stating bits but most data
speeds are commonly in bytes. I read once where one should divide by 8 or
9 to get the true speed in common use. Internet folks use the larger
number because it makes it look bigger. If I'm correct, and allowing a
little for overhead, I'll see about 50MBs/sec in common use terms. In
other words, using none salesman terms.
>
> From what they state, there is no limits. I may be a bit of a heavy user
at first but at some point, hard drive space will slow me down. I'm a
collector of videos and other documents. If I download it, I tend to keep
it unless it is really of no use. I've got videos on appliance repairs,
tractor, tree management and just interesting stuff that I refer back to.
It's a lot. Organizing it is also fun.
>
> I'm hoping to get it pretty soon. It's getting really close to me.
>
> Dale

Comcast currently gives me 1.3T bytes/month download. I don't think they
limit my upload because with the low speed or upload no one will ever use
that much.

bits to bytes is *8. I typically use about 200G bytes/month so I'm a long
way from hitting the 1.3T Byte limit. I don't use much 4K video though.
Re: About to have fiber internet and need VPN info [ In reply to ]
On Saturday, 16 July 2022 18:17:35 BST Dale wrote:
> Mark Knecht wrote:
> > On Sat, Jul 16, 2022 at 3:57 AM Dale <rdalek1967@gmail.com
> > <mailto:rdalek1967@gmail.com>> wrote:
> >
> > <SNIP>
> >
> > > Also, the package I'm getting is 500Mbs/sec. What speeds should I
> > > really expect? If memory serves me right, that is about 50MBs/sec, note
> > > the size of the B. By the way, that is about 50 times faster than what
> > > I have now. Also, up and down is the same. Current up stream is a lot
> > > smaller. Basically, I can upload files as fast as I download them. Now
> > > I can upload videos or something.
> >
> > You will almost certainly get your 500Mb pretty much right away - or
> > within a day or two. I get 475Mb on my comcast cable connection
> > but it's rate limited at the other end. They sell and upgrade which
> > I don't need. At these speeds it's more about bytes/month than
> > bytes/second so make sure you know how much data you can move
> > without incurring any extra charges.
> >
> > As for upload I'm limited at about 13Mb/S. I can upload lots of
> > data to a Google drive for backups but I have to do it slowly
> >
> > - Mark
>
> If I understand this correctly, they are stating bits but most data
> speeds are commonly in bytes. I read once where one should divide by 8
> or 9 to get the true speed in common use. Internet folks use the larger
> number because it makes it look bigger. If I'm correct, and allowing a
> little for overhead, I'll see about 50MBs/sec in common use terms. In
> other words, using none salesman terms.

1 byte = 8 bits

https://www.gbmb.org/mbps-to-mbs


> From what they state, there is no limits. I may be a bit of a heavy
> user at first but at some point, hard drive space will slow me down.
> I'm a collector of videos and other documents. If I download it, I tend
> to keep it unless it is really of no use. I've got videos on appliance
> repairs, tractor, tree management and just interesting stuff that I
> refer back to. It's a lot. Organizing it is also fun.
>
> I'm hoping to get it pretty soon. It's getting really close to me.
>
> Dale
>
> :-) :-)

Regarding VPNs and SOCKS proxy servers, a VPN works at layer 2 or 3 of the OSI
model while a SOCKS proxy uses layer 5.

Simply, with VPN you tunnel all your connections to the Interwebs via a remote
VPN server which acts as a router (full tunnel mode); or you tunnel some
connections via the remote tunnel and some via your local ISP as usual (split
tunnel).

With a SOCKS proxy you need to use an application which has a SOCKS client
capability, or you can 'socksify' it with a separate piece of software, e.g.
privoxy.

As has already been commented, unless you control both ends of a VPN tunnel,
you should not assume privacy or anonymity despite marketing claims.
Re: About to have fiber internet and need VPN info [ In reply to ]
>
> And you'll need to always keep in mind that a VPN is a low-level
> protection. It's enough for protecting yourself against spammers, script
> kiddies or
> similar but it can't keep you private in the face of any high-level
> threats. Don't place too much trust in VPNs.
>

I'm not an expert, but AFAIK VPNs don't offer any particular benefit with
regards to spam or script kiddies.

A VPN will;
- Hide your internet activity from your ISP
- Make your internet activity available to your VPN provider
- Make your internet activity available to your VPN provider's ISP

Without a VPN, your ISP could sell the details used to sign up for the
account (eg. name, phone number, email address) along with your internet
activity. With a VPN, the VPN provider could sell similar information,
however, there is typically an explicit claim that they won't do this,
whereas your ISP has probably buried information on what they do with your
information and metadata in Terms and Conditions documents. Your VPN
provider's ISP will be able to monitor your internet activity but it will
be mixed with the activity of the VPN provider's other customers, and they
won't have any of your sign up information.

I've heard some VPNs let you pay pseudo anonymously with crypto currency
(albeit with a cryptographically verifiable public ledger!), to prevent
direct matching of internet activity to an identity.
Re: About to have fiber internet and need VPN info [ In reply to ]
On Sun, Jul 17, 2022 at 2:41 AM Dale <rdalek1967@gmail.com> wrote:

> Peter Humphrey wrote:
> > On Saturday, 16 July 2022 11:57:25 BST Dale wrote:
> >
> >> Basically, I can upload files as fast as I download them. Now I can
> upload
> >> videos or something.
> > ...or run a web server!
> >
>
>
> That's way above anything I'd want to tackle. Heck, this VPN thing is a
> bit confusing. I've never seen it used before so sort of lost with it.
> Maybe once installed it will make sense.
>

That prompts the question - why do you want a VPN? (what do you think it
will do for you?)

If it's to get around geo-blocking, it's probably a good option if there's
no legal implications. If it's for something else it's probably worth
digging a bit deeper. If it's to try to avoid legal responsibility (eg. to
download copyrighted content), don't do anything you're not prepared to pay
the fine / do the time for.
Re: About to have fiber internet and need VPN info [ In reply to ]
Dale wrote:
> Howdy,
>
> Fiber internet is right around the corner.  Some neighbors are already
> connected and they working their way to my area.  Once I get connected,
> I also want to use a VPN but only for some programs.  Example, I want
> Ktorrent and a couple Firefox profiles to use VPNs but at least one
> Firefox profile I want to remain outside of VPN.  I watched a few videos
> but want to be sure I understand this right.  If I want software to use
> a VPN, I put the IP address of the VPN into the proxy settings of the
> program and that makes it use the VPN.  If I want it to not use the VPN,
> I leave the settings as they are now.  Am I understanding this correctly? 
>
> Also, the package I'm getting is 500Mbs/sec.  What speeds should I
> really expect?  If memory serves me right, that is about 50MBs/sec, note
> the size of the B.  By the way, that is about 50 times faster than what
> I have now.  Also, up and down is the same.  Current up stream is a lot
> smaller.  Basically, I can upload files as fast as I download them.  Now
> I can upload videos or something. 
>
> I'm looking at Surfshark and NordVPN.  Both seem to be good and at a
> decent price.  Anyone used one or both of these?
>
> Just trying to make sure I'm on the right path. 
>
> Thanks.
>
> Dale
>
> :-)  :-) 
>
> P. S.  Seamonkey is still not fetching emails automatically, I'm waiting
> on a upgrade to see if it gets fixed then.  If not, revive old thread
> and bring out the hammer.  ;-) 
>


I now have fiber internet.  It was installed on Tuesday morning.  Speed
test shows it is awesome.  I downloaded a Knoppix iso file, about 4.4GBs
worth, in just about 5 minutes.  It would have taken about 9 hours on
old DSL internet.  I'm perfectly happy with that.

I also ordered a router that has openvpn installed on it.  I watched
some videos and think I can set it up to keep my traffic out of public
view.  After I learned more about it, there's no reason to not use the
VPN for all traffic really.  That way I'm protected a little bit even if
a website is not secure.  May not help much but it may be enough. 

This is as big a difference as when I went from dial-up to DSL.  I can
update my OS in minutes as far as downloading goes.  Now it will be
compiling that I have to wait on.  Again.  ;-)

Now I know what some of you guys have been enjoying, and why. :-D 

Dale

:-)  :-) 

P. S.  Seamonkey still doesn't do email fetch automatically.  I may dig
out my mini sledge hammer.  :/ 
Re: About to have fiber internet and need VPN info [ In reply to ]
On Thursday, 4 August 2022 23:32:03 BST Dale wrote:

> I also ordered a router that has openvpn installed on it. I watched
> some videos and think I can set it up to keep my traffic out of public
> view. After I learned more about it, there's no reason to not use the
> VPN for all traffic really. That way I'm protected a little bit even if
> a website is not secure.

If by "not secure website" you mean an unencrypted connection to a web server,
then such an insecure website remains insecure and so does your connection to
it, whether the leg from your router to the VPN concentrator is encrypted or
not.

What kind of protection are you seeking - what is your threat model?
RE: About to have fiber internet and need VPN info [ In reply to ]
> -----Original Message-----
> From: Dale <rdalek1967@gmail.com>
> Sent: Thursday, August 4, 2022 3:32 PM
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] About to have fiber internet and need VPN info
>
> Dale wrote:
> > Howdy,
> >
> > Fiber internet is right around the corner. Some neighbors are already
> > connected and they working their way to my area. Once I get
> > connected, I also want to use a VPN but only for some programs.
> > Example, I want Ktorrent and a couple Firefox profiles to use VPNs but
> > at least one Firefox profile I want to remain outside of VPN. I
> > watched a few videos but want to be sure I understand this right. If
> > I want software to use a VPN, I put the IP address of the VPN into the
> > proxy settings of the program and that makes it use the VPN. If I
> > want it to not use the VPN, I leave the settings as they are now. Am I understanding this correctly?
> >
> > Also, the package I'm getting is 500Mbs/sec. What speeds should I
> > really expect? If memory serves me right, that is about 50MBs/sec,
> > note the size of the B. By the way, that is about 50 times faster
> > than what I have now. Also, up and down is the same. Current up
> > stream is a lot smaller. Basically, I can upload files as fast as I
> > download them. Now I can upload videos or something.
> >
> > I'm looking at Surfshark and NordVPN. Both seem to be good and at a
> > decent price. Anyone used one or both of these?
> >
> > Just trying to make sure I'm on the right path.
> >
> > Thanks.
> >
> > Dale
> >
> > :-) :-)
> >
> > P. S. Seamonkey is still not fetching emails automatically, I'm
> > waiting on a upgrade to see if it gets fixed then. If not, revive old
> > thread and bring out the hammer. ;-)
> >
>
>
> I now have fiber internet. It was installed on Tuesday morning. Speed test shows it is awesome. I downloaded a Knoppix iso file, about 4.4GBs worth, in just about 5 minutes. It would have taken about 9 hours on old DSL internet. I'm perfectly happy with that.
>
> I also ordered a router that has openvpn installed on it. I watched some videos and think I can set it up to keep my traffic out of public view. After I learned more about it, there's no reason to not use the VPN for all traffic really. That way I'm protected a little bit even if a website is not secure. May not help much but it may be enough.
>
> This is as big a difference as when I went from dial-up to DSL. I can update my OS in minutes as far as downloading goes. Now it will be compiling that I have to wait on. Again. ;-)
>
> Now I know what some of you guys have been enjoying, and why. :-D
>
> Dale
>
> :-) :-)
>
> P. S. Seamonkey still doesn't do email fetch automatically. I may dig out my mini sledge hammer. :/
>
>

Most commercial VPN services are of limited value privacy-wise unless you use forged credentials to sign up and chain a couple of them together.

Otherwise you have only their word that they're not collecting exactly the same information your ISP would, and if you're worried about government spying you may as well paste a big sign saying "look here, this guy thinks he's being sneaky" all over your traffic.

The main place they're useful is if you want somebody a little bit more trustworthy than random open wifi hotspots to be the ones handling your data, or if you can get a VPN service provider in a country known not to cooperate with whoever the malicious actors are in your country.

With a full on fiber connection, as long as it doesn't violate your ISPs terms of use, if you want to hide what you're actually doing, proper configuration of tor and/or i2p will likely serve you better, and help other people in oppressive countries do the same.

That said, openvpn is still useful for point-to-point links between friends.

Oh, and note that if your ISP works the same way as mine, they have a backdoor into whatever equipment they happen to have provided. So definitely put it in bridge mode or whatever and use your own gear if you don't want them spying on the doings of your internal network. One of the local ISPs here even calls it a "feature" and will ping the mobile app they require you to install to use their service every time they detect "suspicious" traffic on your internal net...

LMP
Re: About to have fiber internet and need VPN info [ In reply to ]
Michael wrote:
> On Thursday, 4 August 2022 23:32:03 BST Dale wrote:
>
>> I also ordered a router that has openvpn installed on it. I watched
>> some videos and think I can set it up to keep my traffic out of public
>> view. After I learned more about it, there's no reason to not use the
>> VPN for all traffic really. That way I'm protected a little bit even if
>> a website is not secure.
> If by "not secure website" you mean an unencrypted connection to a web server,
> then such an insecure website remains insecure and so does your connection to
> it, whether the leg from your router to the VPN concentrator is encrypted or
> not.
>
> What kind of protection are you seeking - what is your threat model?


I'm mostly wanting it so people can't just look and see what I'm doing
or where I am, mostly my ISP.  I do a little torrenting and such too.
;-)  That said, even if I go to my bank's website which is https, it
will also go through a VPN which also encrypts the traffic.  My bank is
secure as far as I know but having more protection added can't be a bad
thing. 

I'm torn between torguard and surfshark.  I'm not sure where torguard is
located but surfshark is in the Netherlands I think.  Outside US
jurisdiction and from what I've read, they never give info to anyone
about their customers traffic.  I'm still researching torguard.  Maybe
someone here knows where they are located???

I have a add-on for one of my Firefox profiles that adds a free VPN but
it is slow since it is free.  I've been using it for a while for some
stuff.  So far, I haven't visited my bank or anything with it tho.  It
remembers my location and if it says I've moved to some other place, it
might freak out a bit.  I still have a bit to learn about VPN but some
things I'm not going into in public. 

The biggest thing, the speed of my new internet is just awesome. 
Downloading that Knoppix ISO that would normally take almost half a day
but on fiber took minutes, very few of those even, was just plain
awesome.  Used to, I waited on the internet, now it waits on me.  If I
were to upgrade to the really fast one, I'd likely fall out of my
chair.  :/ 

Dale

:-)  :-) 
Re: About to have fiber internet and need VPN info [ In reply to ]
On Friday, 5 August 2022 21:45:25 BST Dale wrote:
> Michael wrote:
> > What kind of protection are you seeking - what is your threat model?
>
> I'm mostly wanting it so people can't just look and see what I'm doing
> or where I am, mostly my ISP.

In this case 'people' and your ISP will see you are connecting to the remote
VPN, but not what website you visit thereon.

The website you visit will not see your real IP, but the exit IP of the VPN
node. This may break some websites and streaming services who only allow
connections from specific jurisdictions.


> I do a little torrenting and such too.
> ;-) That said, even if I go to my bank's website which is https, it
> will also go through a VPN which also encrypts the traffic. My bank is
> secure as far as I know but having more protection added can't be a bad
> thing.

All connections to banks are encrypted end-to-end for decades now and the
encryption has becoming stronger over the years.


> I'm torn between torguard and surfshark. I'm not sure where torguard is
> located but surfshark is in the Netherlands I think. Outside US
> jurisdiction and from what I've read, they never give info to anyone
> about their customers traffic.

Yeah, that's what they all say - their business model depends on it. State
sponsored actors are likely to know what the need to know anyway, with or
without the explicit VPN providers collaboration. ;-)


> I'm still researching torguard. Maybe
> someone here knows where they are located???

I understand they are a US based provider in Florida:

Vpnetworks, LLC
618 E South St
Orlando, FL 32801

but they have VPN servers all over the globe. Some are virtual servers and
are NOT physically located in the countries they claim. The fact it is
located in the USA it means the authorities can request client list
information. VPN providers in jurisdictions like BVI, Panama, or even
Switzerland might stand a better chance.

Anyway, this is a moot point. If a VPN provider protects your traffic from
'people', who protects your traffic from the ... VPN people?! LOL!

I don't use VPNs, but the interwebs are buzzing with reviews and suggestions.
If torrenting is a requirement, then associated forums and mailing lists would
provide advice on what works best for your use case.
Re: About to have fiber internet and need VPN info [ In reply to ]
On 05/08/2022 15:53, Laurence Perkins wrote:
> Oh, and note that if your ISP works the same way as mine, they have a backdoor into whatever equipment they happen to have provided. So definitely put it in bridge mode or whatever and use your own gear if you don't want them spying on the doings of your internal network. One of the local ISPs here even calls it a "feature" and will ping the mobile app they require you to install to use their service every time they detect "suspicious" traffic on your internal net...

What do they do if you don't know how to use a mobile? (Yes that IS a
serious question - I provide tech support to family like that :-)

Cheers,
Wol
Re: About to have fiber internet and need VPN info [ In reply to ]
On 7/16/22 10:41, Dale wrote:
> Peter Humphrey wrote:
>> On Saturday, 16 July 2022 11:57:25 BST Dale wrote:
>>
>>> Basically, I can upload files as fast as I download them. Now I can upload
>>> videos or something.
>> ...or run a web server!
>>
>
>
> That's way above anything I'd want to tackle.  Heck, this VPN thing is a
> bit confusing.  I've never seen it used before so sort of lost with it.
> Maybe once installed it will make sense.
>
> Dale
>
> :-)  :-)

Check out this post I made some time ago:
https://forums.gentoo.org/viewtopic-p-8028944.html#8028944

It might give you better understanding what it does, and how it is implemented.

OpenVPN is just encrypted communication between two networks over public internet (your ISP can not snoop on what you are doing).
Re: About to have fiber internet and need VPN info [ In reply to ]
On Saturday, 6 August 2022 00:05:20 BST Wol wrote:
> On 05/08/2022 15:53, Laurence Perkins wrote:
> > Oh, and note that if your ISP works the same way as mine, they have a
> > backdoor into whatever equipment they happen to have provided. So
> > definitely put it in bridge mode or whatever and use your own gear if you
> > don't want them spying on the doings of your internal network. One of
> > the local ISPs here even calls it a "feature" and will ping the mobile
> > app they require you to install to use their service every time they
> > detect "suspicious" traffic on your internal net...
> What do they do if you don't know how to use a mobile? (Yes that IS a
> serious question - I provide tech support to family like that :-)

...or if you use your own equipment?

--
Regards,
Peter.
Re: About to have fiber internet and need VPN info [ In reply to ]
Michael wrote:
> On Friday, 5 August 2022 21:45:25 BST Dale wrote:
>> Michael wrote:
>>> What kind of protection are you seeking - what is your threat model?
>> I'm mostly wanting it so people can't just look and see what I'm doing
>> or where I am, mostly my ISP.
> In this case 'people' and your ISP will see you are connecting to the remote
> VPN, but not what website you visit thereon.
>
> The website you visit will not see your real IP, but the exit IP of the VPN
> node. This may break some websites and streaming services who only allow
> connections from specific jurisdictions.
>

That may be the case but if it is a problem I run into, I can adjust
settings if needed.  


>> I do a little torrenting and such too.
>> ;-) That said, even if I go to my bank's website which is https, it
>> will also go through a VPN which also encrypts the traffic. My bank is
>> secure as far as I know but having more protection added can't be a bad
>> thing.
> All connections to banks are encrypted end-to-end for decades now and the
> encryption has becoming stronger over the years.

That is likely true.  I still remember Snowden tho.  We don't know what
backdoors are in use even for bank encryption.  Thing is, open source
tools are harder to fall into that trap since everyone can see what the
code is.  If a backdoor is forced in, it will be known to a lot of
people and then that tool won't be used.  It's sort of funny in a way,
they more Govts and others try to restrict things, the more tools there
is to get around it.  From what I've read, most VPNs use open source
tools.  Most even use the current best and would upgrade if needed. 
That gives me some extra protection in the event my bank or any other
website falls behind on updating theirs. 

Basically, I don't trust Govt with much of anything.  If they say they
don't do something bad, you can pretty much bet they are doing exactly
that or even worse. 


>
>> I'm torn between torguard and surfshark. I'm not sure where torguard is
>> located but surfshark is in the Netherlands I think. Outside US
>> jurisdiction and from what I've read, they never give info to anyone
>> about their customers traffic.
> Yeah, that's what they all say - their business model depends on it. State
> sponsored actors are likely to know what the need to know anyway, with or
> without the explicit VPN providers collaboration. ;-)
>

May be the case but I plan to try anyway.  At least it won't be easy for
them. 

>> I'm still researching torguard. Maybe
>> someone here knows where they are located???
> I understand they are a US based provider in Florida:
>
> Vpnetworks, LLC
> 618 E South St
> Orlando, FL 32801
>
> but they have VPN servers all over the globe. Some are virtual servers and
> are NOT physically located in the countries they claim. The fact it is
> located in the USA it means the authorities can request client list
> information. VPN providers in jurisdictions like BVI, Panama, or even
> Switzerland might stand a better chance.
>
> Anyway, this is a moot point. If a VPN provider protects your traffic from
> 'people', who protects your traffic from the ... VPN people?! LOL!
>
> I don't use VPNs, but the interwebs are buzzing with reviews and suggestions.
> If torrenting is a requirement, then associated forums and mailing lists would
> provide advice on what works best for your use case.

Well, that settles that then.  I guess it will be Surfshark.  Pretty
sure it is in the Netherlands but may be wrong on country.  I just
recall it being outside US jurisdiction.  I also read they have been
audited by independent people to ensure they have no logs even if asked. 

Thanks for all the info.  Yours to Tastytea. 

Dale

:-)  :-) 

P. S.  Anyone need some used AT&T DSL modems?  I got a few. Some have
been updated with heat sinks on the chips which makes them run cooler. 
I got several Westel black ones and a couple smaller gray Motorola
ones.  I also have one that is a AT&T marked one.  They need a home. 
;-)  May start a new thread if no one replies here.  Kinda buried in
this thread.
Re: About to have fiber internet and need VPN info [ In reply to ]
On Saturday, 6 August 2022 07:07:26 BST Dale wrote:
> Michael wrote:
> > All connections to banks are encrypted end-to-end for decades now and the
> > encryption has becoming stronger over the years.
>
> That is likely true. I still remember Snowden tho. We don't know what
> backdoors are in use even for bank encryption.

It's safer to assume state actors have full access to bank information. The
hope is bad guys don't get access too! ;-)


> Thing is, open source
> tools are harder to fall into that trap since everyone can see what the
> code is. If a backdoor is forced in, it will be known to a lot of
> people and then that tool won't be used. It's sort of funny in a way,
> they more Govts and others try to restrict things, the more tools there
> is to get around it. From what I've read, most VPNs use open source
> tools. Most even use the current best and would upgrade if needed.
> That gives me some extra protection in the event my bank or any other
> website falls behind on updating theirs.

A VPN gives no end-to-end protection whatsoever in this scenario. All you get
is protection in the network connection between your PC and the VPN server.
From the VPN server onward to your bank, the connection will be no more
protected than whatever encryption protocol the bank offers. Only a VPN
server offered by your bank for connections to their network would afford
additional protection in this scenario.


> Basically, I don't trust Govt with much of anything. If they say they
> don't do something bad, you can pretty much bet they are doing exactly
> that or even worse.

Heh! After the Snowden revelations any such suspicions could be taken as a
certainty.


[snip ...]
> Well, that settles that then. I guess it will be Surfshark. Pretty
> sure it is in the Netherlands but may be wrong on country. I just
> recall it being outside US jurisdiction. I also read they have been
> audited by independent people to ensure they have no logs even if asked.

Surfshark gets good reviews and it offers the wireguard protocol with the
ChaCha20 cipher for better encryption and performance. However, the
Netherlands is part of the EU and 14 eyes, so I would think similar state
powers exist to access your private communications and the ISPs would have no
way of refusing and staying in business. Surfshark offers a warrant canary,
but it looks more like a marketing statement to me when you compare it to
something like the Qubes digitally signed canaries.
Re: About to have fiber internet and need VPN info [ In reply to ]
Michael wrote:
> On Saturday, 6 August 2022 07:07:26 BST Dale wrote:
>
>> Well, that settles that then. I guess it will be Surfshark. Pretty
>> sure it is in the Netherlands but may be wrong on country. I just
>> recall it being outside US jurisdiction. I also read they have been
>> audited by independent people to ensure they have no logs even if asked.
> Surfshark gets good reviews and it offers the wireguard protocol with the
> ChaCha20 cipher for better encryption and performance. However, the
> Netherlands is part of the EU and 14 eyes, so I would think similar state
> powers exist to access your private communications and the ISPs would have no
> way of refusing and staying in business. Surfshark offers a warrant canary,
> but it looks more like a marketing statement to me when you compare it to
> something like the Qubes digitally signed canaries.


I forgot about the 14 eyes thing.  Do you know of one outside that that
is good?  The bad thing about most, they are pricey if done by the month
for testing.  You only get a good deal if you subscribe for a year or
even two years.  I don't want to subscribe and then find out it is a bad
one. 

Dale

:-)  :-) 
Re: About to have fiber internet and need VPN info [ In reply to ]
Dale wrote:
> Michael wrote:
>> On Saturday, 6 August 2022 07:07:26 BST Dale wrote:
>>
>>> Well, that settles that then. I guess it will be Surfshark. Pretty
>>> sure it is in the Netherlands but may be wrong on country. I just
>>> recall it being outside US jurisdiction. I also read they have been
>>> audited by independent people to ensure they have no logs even if asked.
>> Surfshark gets good reviews and it offers the wireguard protocol with the
>> ChaCha20 cipher for better encryption and performance. However, the
>> Netherlands is part of the EU and 14 eyes, so I would think similar state
>> powers exist to access your private communications and the ISPs would have no
>> way of refusing and staying in business. Surfshark offers a warrant canary,
>> but it looks more like a marketing statement to me when you compare it to
>> something like the Qubes digitally signed canaries.
>
> I forgot about the 14 eyes thing.  Do you know of one outside that that
> is good?  The bad thing about most, they are pricey if done by the month
> for testing.  You only get a good deal if you subscribe for a year or
> even two years.  I don't want to subscribe and then find out it is a bad
> one. 
>
> Dale
>
> :-)  :-) 
>


I did a quick google search and Surfshark is based in British Virgin
Islands and is outside the eyes countries.  I was thinking it was
Netherlands but wasn't sure.  When I searched for VPN outside 14 eyes
country, Surfshark is highly rated.  Depending on the site, it's in the
top few each time. 

https://earthweb.com/vpn-outside-14-eyes/

https://www.privateproxyguide.com/best-vpn-outside-14-eyes/

Unless there is some good reason to avoid, still thinking of using it. 

Dale 

:-)  :-) 
Re: About to have fiber internet and need VPN info [ In reply to ]
On Sat, Jul 16, 2022 at 6:57 AM Dale <rdalek1967@gmail.com> wrote:
>
> I also want to use a VPN but only for some programs. Example, I want
> Ktorrent and a couple Firefox profiles to use VPNs but at least one
> Firefox profile I want to remain outside of VPN.

I can't keep up with which VPNs are more or less scummy at any moment
in time, but I will comment on this bit and on the concept in general.

Controlling which HOSTS use a VPN is pretty straightforward via the
routing tables. If you have a decent DHCP server and can issue
routers to individual hosts you can do it that way (most consumer
routers probably won't support this with their built-in DHCP).

Controlling it at the software level is a real PITA. On an OS like
Windows I don't think it is even possible unless via SOCKS or
whatever. On Linux you can do it with iproute2 and often netfilter is
needed as well. Look up policy-based routing, and be prepared to do
some studying. I'll tell you right now you probably don't want to do
it this way. I think for outbound-only connections it isn't as hard
to do it at a uid level, so if you run software under different uids
that would make it easier. If you want to handle inbound connections
on servers and have the replies not go out over the normal
destination-based route then you need to mark the connections using
netfilter and then set a policy routing for the replies, otherwise
your reply traffic will go out over the wrong router and have the
wrong IP and the other end won't associate it with the connection. I
imagine you run into the same problems with any kind of use of NAT for
inbound forwarded traffic in a multi-homed situation.

Controlling routes by container is also a potential issue. If you're
using a container technology that uses virtual interfaces that get
their own IPs/routing/etc then it is easy - same as host-level
routing. If you're using something like Docker/k8s where it wants all
the outbound traffic to just go out from the host then it can be a
pain. I think they can do macvlan but I think that has its own
issues. That is actually something I'm trying to figure out for
myself.

Ok, topic change: the threat model. As others have pointed out, the
VPN changes WHO can see your traffic, and that's mainly it. I think
this is still a useful consideration, because in many places your ISP
is chosen by where you live, but with a VPN provider you can choose
anyone you want. The ISP has no reason to earn your trust because
you're a captive audience, while a VPN provider who gets outed for
leaking private info basically is out of business. So I think there
is a benefit. However, you're going to be reducing your risk of being
traced by private companies here, like advertisers, intellectual
property enforcement companies, and so on. If you're worried about
the NSA or some other state-level actor then you need to do a LOT more
to evade them. I just assume the NSA has root on all my hosts
already, and I wish that they'd at least offer to sell backups of my
systems back to me so that I didn't need to keep my own... :)

--
Rich
Re: About to have fiber internet and need VPN info [ In reply to ]
On Saturday, 6 August 2022 12:08:30 BST Dale wrote:

> I did a quick google search and Surfshark is based in British Virgin
> Islands and is outside the eyes countries.

According to [1], the BVI is "considered partners or affiliates of the fourteen
eyes alliance."

1. https://www.securitymadesimple.org/cybersecurity-blog/fourteen-eyes-surveillance-explained

--
Regards,
Peter.
Re: About to have fiber internet and need VPN info [ In reply to ]
On Saturday, 6 August 2022 12:08:30 BST Dale wrote:
> Dale wrote:
> > Michael wrote:
> >> On Saturday, 6 August 2022 07:07:26 BST Dale wrote:
> >>> Well, that settles that then. I guess it will be Surfshark. Pretty
> >>> sure it is in the Netherlands but may be wrong on country. I just
> >>> recall it being outside US jurisdiction. I also read they have been
> >>> audited by independent people to ensure they have no logs even if asked.
> >>
> >> Surfshark gets good reviews and it offers the wireguard protocol with the
> >> ChaCha20 cipher for better encryption and performance. However, the
> >> Netherlands is part of the EU and 14 eyes, so I would think similar state
> >> powers exist to access your private communications and the ISPs would
> >> have no way of refusing and staying in business. Surfshark offers a
> >> warrant canary, but it looks more like a marketing statement to me when
> >> you compare it to something like the Qubes digitally signed canaries.
> >
> > I forgot about the 14 eyes thing. Do you know of one outside that that
> > is good? The bad thing about most, they are pricey if done by the month
> > for testing. You only get a good deal if you subscribe for a year or
> > even two years. I don't want to subscribe and then find out it is a bad
> > one.
> >
> > Dale
> >
> > :-) :-)
>
> I did a quick google search and Surfshark is based in British Virgin
> Islands and is outside the eyes countries. I was thinking it was
> Netherlands but wasn't sure.

You were thinking correctly at the start. Surfshark is located in the
Netherlands since 2018 and has been bought out by Nord Security, who owns
NordVPN.


> When I searched for VPN outside 14 eyes
> country, Surfshark is highly rated. Depending on the site, it's in the
> top few each time.
>
> https://earthweb.com/vpn-outside-14-eyes/
>
> https://www.privateproxyguide.com/best-vpn-outside-14-eyes/
>
> Unless there is some good reason to avoid, still thinking of using it.

The more you try to escape the 14 eyes Big Brother, the closer you may fall
into the hands of various authoritarian regimes. LOL! Even VPNs like NordVPN
which operates within the jurisdiction of Panama (let's not forget it is
Langley's doorstep), it also has offices in the UK, Netherlands and Lithuania.
I wonder why . . .

Total privacy on the Internet is improbable. If your only concern is to
retain your privacy from your ISP with regards to your Internet connections,
then most/any VPN service will offer this benefit by obfuscating your IP
address. Your browsing patterns, browser User Agent, addons and umpteen other
OS and application fingerprints won't be obfuscated beyond the VPN server.
Therefore your identity can only be protected so much and no more.

1 2  View All