Encrypting my entire network?

I do what I can to remain anonymous in terms of my internet usage, (Tor, VPN, etc.) But would there be a way to completely encrypt any traffic coming in or out of my network? Not to lord edward snowden level of course but just enough to halt any further data collection towards an already existing ad profile or anything like that. Thanks. :smile:

1 Like

VPN on your router.


I go the vpn on my router route myself. My router at this point is just a debian server box with an lxc-container that hosts an openvpn client that connects to an openvpn server on my AWS EC2 instance. And with the help of mangle table and a few rules, dns and most http traffic is routed through my ec2 instance.

But if it’s an “ad profile” that you are concerned about, you should keep in mind that vpns don’t really offer a lot of protection from ad tracking because IP addresses are weak identifiers and not what is predominantly used to track you.


Would it be better to build one or do you think I can get the similar result with a decent router that has VPN client support?

Jim Salter wrote several articles for Arstechnica that compared a homebrew (dual nic mini pc with ubuntu server) to various off the self routers:

that basically showed a basic DIY router can handle any home use you can throw at it as well as any consumer product. But it really depends on your specific use case, what parts you already have lying around and how much effort you want to expend.


oooo new project confirmed. thanks :smile:

A VPN is really only going to stop your ISP or someone on whatever network you’re on from looking at your traffic. It won’t make you anonymous and it won’t really help with ad tracking and profiles as those don’t use your IP address or atleast don’t use the ip exclusively.


This. The only way to prevent ad tracking in reality is to use a VPN + Never having any accounts tied to you (google, facebook, or any that use ads, which is all of them). Even then, you’d still get that information collected, they just wouldn’t know specifically who it was from.

The real answer is to use an anonymizing proxy like TOR, browse with fingerprint protection, don’t share any logins, don’t save cookies, and be very careful never to give away any personally identifiable information, even if it seems harmless like “I grew up on the east coast”.

Of course all that is a huge pain in the ass and completely unnecessary unless you’re actively being targeted and running for your life.

A much more reasonable path is to run a VPN on your router, run a browser blocking ads and trackers like uBlock Origin, and isolate each site you visit, either via separate browsers, browser profiles, or something like Firefox containers. You can still be fingerprinted but there’s no way around that if you want to do things like, I dunno, resize your browser window.

+1 to this.

VPN is primarily to stop your ISP selling your data, even then it’s pretty easy to see where you are heading with connections, it is just a tunnel after all. Also If your home --> internet VPN and it’s not a home -> corporate (i.e work) then your putting yourself on a list no doubt.


It might be worthwhile if your running an ISP router to run your home servers on SSL with self generated certs, or even better GPG, even if they are internal so you can have secure communications between client server and if the routers are compromised it’s another layer to get through.

TOR is indeed US government funded, and more importantly, it would only take ~3000 exit nodes to compromise a user’s anonymity within a couple minutes. A lot of money for you and me, but not a lot for a nation-state, even a much smaller one than the US.

Of course if a nation-state is coming after you, you’re boned anyway. There’s no defense against that, kiss your ass goodbye.

Which means all an average user needs is to protect themselves from, location data, ads and data mining or coin mining scripts. All of this can be done at the OS, browser level with script blockers and cookie management and using a host file to block sites. Your best advice would be to not break any laws and be fairly sensible online.

Using Tor is just a sticking plaster over a bigger issue.

Not at all, Tor is much better than just blocking trackers. It’s just so insanely slow that nobody would actually use it for anything legal/aboveboard other than political dissidents in repressive regimes.

It’s all a balancing act of privacy vs pain-in-the-assedness. If Tor was fast, I would leave it on. It isn’t, and thankfully I have no need for black tar heroin, so I don’t use it.

1 Like

I didnt say blocking trackers were better than Tor, they are two completely different concepts. I think you put words in my mouth there.

Which makes it almost pointless in the context of this discussion unless were talking about how to hide illegal activities?

It isn’t pointless to explain the tradeoffs as they are key to gauging your own comfort levels. I could do a lot more to ensure my own privacy, but I choose not to. And yet I go to tremendous lengths compared to most of my friends, even those working in IT.

1 Like

Fair enough. In the context of a tradeoff, when your travelling through an exit node that is mixing the same content as someone who is doing HIGHLY illegal stuff, then your treading on ice when in reality for most people there is very little need to do so. But it is true that anonymity comes at a price… TOR might be worth it.