They’ve rebranded as privacyguides.org because they will soon lose control of the privacytools.io domain as it is set to expire soon. The original owner of the domain doesnt seem to be responding to communications.
What happened to Proton is very unfortunate. They had no choice but to comply to start logging. No responsible company is immune to court orders. Anyone, including Mullvad could be told to comply next.
Mullvad accounts don’t require personal information like name, address or e-mail.
Network Chuck is great. I love learning from this guy. I got a Netgate 1100 after watching one of his VPN videos and am still waiting on shipping. Its my first hardware firewall and I am excited to learn pfsense. Though I think they have changed recently, I didn’t want to go to a subscription based NGFW as they are very expensive, also I do not have a need for a 1000$ firewall and a 250$ a year monitoring service. Maybe if I was running my own website, servers, etc…
The proper solution is to use TOR . . .
I am glad someone else purchased a Netgate Firewall appliance; I bought and installed it last December. I forgot to mention the model number of my Pfsense device; I bought the Netgate 5800. If you have any trouble getting your modem connected to your Netgate 1100, give me a shout-out.
@CodeDragon57 The best you can do to increase your privacy is to use a mail service like Proton Mail, Don’t allow a website to store your credit card information; only use Tor to surf the web. And use individual passwords for all your logins.
I don’t think people really answered to what OP asked.
There are ways in which an ISP can gather data about you and multiple types of buyers, depending on the data.
Here an ISP or any middleman can see what you are browsing or downloading and can inject whatever junk in your webpages. Not much you can do to protect against it other than to block JavaScript and do a deny by default policy of connections to domains. And forget about protecting data, because even if you don’t get ads served, the ISP still knowns exactly what you like and build a profile on you.
Here the ISP can see what domains you are visiting (e.g. google.com, or subdomains like videos.google.com), but cannot see what resources you are accessing (they can’t see that you are visiting google.com/your-search-query). But they can see what domains you are querying in DNS, so they can still build a profile on you depending on what websites you visit (e.g. if you visit level1 forum, arstechnica, servethehome, anandtech and gamersnexus, they can accurately guess you are into tech and serve you ads for PCs, monitors and TVs, or can sell the data to Google or ad networks who will serve those ads to you on the internet; if they see lots of connections to a power tools websites, you might get served ads for power tools and so on).
If you aren’t using your ISP DNS, your ISP can still determine what sites you are visiting by the connections to internet IPs on ports 80 (http) and 443 (https) that you are establishing. If you do encrypted traffic, the same thing as point 2. applies, just that instead of looking directly at your DNS queries, they look at your connections and do a reverse DNS query on the IPs you are connected to determine what sites you are visiting. Some websites have the same IP for different subdomains. Say for example level1techs and forum.level1techs - haven’t checked if they do, it’s just an example, so ISPs can’t determine what sites you visit as accurately, but they can get the big picture and still build a profile on you.
If you use unencrypted traffic and encrypted DNS, then the same as above and point 1. applies.
So if you don’t trust your ISP, how can you protect your data? A VPN is probably the obvious choice for most. What a VPN does, either a VPN to your own server on the internet, a VPN to your company or a VPN Service Provider (things like Mullvad, I call them VSPs), is that they encrypt all your traffic (usually, unless you have a special “split tunnel,” we won’t talk about those, because they are rare). So all your ISP will see will be a DNS query (encrypted or unencrypted, doesn’t matter) to your VPN server of choice and an established connection to your VPN. All trafic goes through the VPN and consequentially, your connections to other websites will show as if the VPN server is connecting to them and what’s important in our case, the ISP won’t be able to tell what sites you are visiting, all it can see is your connection to the VPN server.
But your VPN becomes the next point of trust. If you use a VSP like Mullvad, they will be able to see exactly what you were hiding from your ISP. So you switch the point of trust to another party. Same for a company VPN (+all the traffic restrictions and agreements with them). If you go the DIY route, let’s say you build your VPN at a friend’s house, you have to trust his ISP now. If you use a VPS (virtual private server, Linode) or cloud server (virtual private cloud or VPC, AWS) for your VPN, now you have to trust the VPS / VPC provider. Everything from 1., 2. and 3. applies, but to another party.
Technically, a VSP and a VPS / VPC have more privacy, because they can’t serve you ads directly. But they can still data mine you and sell your data to third parties, just that they won’t be the same ad networks that your ISP was selling your data to.
One issue with using a VPN is that usually ISPs, being the dicks that they are (at least in the US), will throttle your traffic to anything that is not a connection to a port 80 or 443. The workaround is usually to make a tcp VPN and use port 443 for it. If you only visit websites, you should not see much of a performance difference, but if you also use UDP programs through it, you will notice considerable lag, while some programs might misbehave.
An alternative to VPNs is to use a darknet. Tor comes to mind first, because it’s the most popular. A darknet for our case with hiding data from an ISP is similar to how VPNs look to them: they will only see a connection to a darknet and that’s it. I won’t get into how darknets work. But Tor has what is called exit nodes. Exit nodes are used so you can access clearnet (the internet) websites from within Tor network. Websites will see traffic coming from the Tor node. The ISP, as is the case with VPNs, will only see that you are connecting to a Tor entry node, but won’t know what exit node you are using (or even if you are using one at all), because data is scrambled throughout the Tor network. But IMO exit nodes are dumb, people should stay inside the darkwebs. There are other discussions about Tor vs i2p and their inherent design, but I won’t get into it here, I think that’s pretty much the whole of it. Just note that due to all the traffic scrambling, redirecting, encrypting and what darknets do to fibrin, they will be from slow to dog slow. I don’t recommend darknets just to browse the clearnet.
I didn’t discuss what alternatives you have with ISPs. There are other ways, albeit not as convenient, to combat ISP surveillance. You can use big platforms only and get your news and videos only from there, but that means not visiting other websites. You can use a cloud PC, kinda like an Azure windows VM (or any VM with VNC on a VPS / VPC), but with added latency and it will work basically like a VPN. And the last, but not least, but part of the last resort options, switching ISPs (if you have more than 1 in your area). The nuclear option is cutting your internet cable and moving in a cabin in the woods 
Linode is garbage. On 21 September i finally signed up for Linode after watching a L1 news video. Put in all my info and they said wait for account to be activated. Today is over 2 weeks later and still not activated.
I deployed an OpenVPN instance on AWS with a permanent elastic IP and it was working in 15 minutes later.
I don’t know why L1Techs pimps Linode so much.
You are right, I didn’t mention to simply use TOR, the onion router and its browser based on Firefox. The other solution is to change ISP’s. If you can’t get one in your area, consider relocating. Outside of the options we have, vpns, proxy, browser config and ext, firewalls, there is no way to 100% leave no trace of your digital self and your Internet behavior. Considering the laws Congress are enabeling, privacy is a much needed commodity and they plan to use this to profit from greatly.
That might be because of me lol. I tried signing up for another $100 free credit promo and tried multiple names, emails, etc but I guess they might be checking for people abusing it
I haven’t seen anything like that (I rely on Linode for the gateway node for my server because I don’t trust my ISP with that). Reach out to Linode support I’m sure they’ll be happy to help.
Because it’s a good service, and is a mutually beneficial situation.
Did you sign up through the VPN that you signed up to this forum with? Linode has a responsibility to protect against malicious activities. Almost all malicious activities happen from behind VPNs.
Using a VPN isn’t illegal though, and to assume becuase someone is conducting illegal activities when using a vpn, simply by signing up for services, isn’t that paranoid and prejiduce? I mean, I use a vpn everywhere I go, and the only services that give me trouble are like google based services. I have to temperarily shut down my vpn if I don’t want to go thru extra verification and or sms. Is this what you are meaning?
I would consider asking support, checking your email address, perhaps there is a typo, and or, that verification email went to spam, or another email account even, if you mistakenly used a different email address. If you check all the possible areas you could have made a mistake, I would maybe contact support and/or simply make a new account and try again with a different email. Maybe use a different computer on a different network, ie Lilbrary, to create the account on?
Yep.
Clearly something about his fingerprint set off their protections.
Sometimes what we do on this forum when we suspect someone is a spammer is ask them to re-verify their email. It’s as simple as opening their email and clicking a button, but for 95% of spammers, that’s too much work and they go elsewhere.
I’m not sure what Linode suspected, but they obviously have a protection in place to prevent either illegal activity or terms of use violations, and somehow xasLok ran afoul of the anomaly detection systems.
Also, from a forum administration perspective, it only indicates to us that you don’t want us to know who you are, and that makes us suspicious. For example, it’s fairly easy to find out who I am if you look into my profile. I’m sure that’s horrifying to some, but frankly, there’s good reasons for that.
That is exactly it. They couldn’t get his fingerprint. That is how I know my vpn and broswer settings, extensions, are working. I always assumed this without actually knowing, giving them more credit possibly, than they deserve. But I was wrong. It would be intetional fingerprinting they are after to associate the account with the actual hardware of the device. Of course this would be in the form of a huge database and would likely be updated daily. This centralization of personal private data is what is concerning to me. But this is childs play, though we are not talking about the capability of an intel community who has a target in sight. We are talking about companies, that which operate under protocol and authority to mass dragnet meta data, as well as content. And being we are talking about ISP and your traffic, our traffic, everyones everything traffic, its a bit concerning. Maybe even unbelievable at times. With the scale and magnitude of the net cast, it would only be logical to have this technology and reach in literally every digital corner.
You may know who I am. I am good with that, because I know you personally and decently well. Otherwise, though, I think you already know I don’t agree.
Nah, I don’t want to use Protonmail. I decided a long time ago that I didn’t trust the service; and something recently happened that justified my decision. Instead, I’ve been using https://runbox.com. I am a firm believer of privacy-by-compartmentalization; so I do not use any one provider for two or more services at the same time (i.e. putting all my eggs in one basket).
I am a Linode customer already. I have two servers with them, both at the $10/month tier with backups enabled so I pay like $25/month for them. And as a matter of fact, one of those servers, my host for various game servers (namely Factorio and Vintage Story), would be perfect for a wireguard instance.
That’s cool. Could I do that same thing except with my Linode server? Also you got any documentation or tutorial links I could utilize as I am still very new to PFSense? Thanks.
Comcast is a greedy-ass corporation. I was looking at the stock market the other day as I was planning on doing a little bit of trading, and did you know that Comcast has the highest stock price of any cable company? Additionally, from one of the articles I read about it, a Wells Fargo financial expert seems to think that Comcast’s high-margin ad business will allow it to better weather new infrastructure rollouts that he predicts cable companies are having to do as “competition increases among them” (Boy I hope he’s right).
Also, @KenPC and @regulareel, currently I use MozillaVPN. I realized long ago that trusting Mozilla with my data really isn’t much different than that of Linode or Mullvad (since MozillaVPN uses the Mullvad infrastructure after all). I don’t think I would ever use AWS for this simply because I am not already a customer.
Honestly, the thing that I think I will do is use my Linode that I use to host my game servers. This will hopefully help alleviate the speed issues and vpn-blacklist problems of some websites and services. Remember, my goal isn’t total anonymity. My goal is self-preservation from abusive ISP practices. Linode isn’t an abusive data-brokering ISP.
Thanks @ThatGuyB for being the only one to answer the technical question. And My ISP is a humongous dick - the biggest dick of them all. I’d literally rather have Google as my ISP. But as with so many other areas in the United States, my only two viable options are Comcast and AT&T, but AT&T only offers 25/2 VDSL in my neighborhood which brings the viable count down to 1. Though to AT&T’s credit, they are aggressively rolling out fiber in my local area.
I use Tor very rarely, and have a basic understanding of how the network works from my research on the Tor Project’s official website. I don’t really have much use of it outside of surfing onion websites out of curiosity, and I haven’t found anything useful to me on there yet sadly. I’ve considered putting my personal website on the dark web for funsies though. 
Also, I am aware of the path of trust one goes through when considering privacy, and I have decided that I’d even trust Google Fiber more than Comcast. That being said, I currently use MozillaVPN and I have been. They use Mullvad’s servers, and although they are slightly less trustworthy than Mullvad themselves, I figured that this would be a good way to support them since I only wanted a VPN to get around the firewall at work xD and connect to insecure public networks - which I do a fair bit. Now the scope of why I need a VPN has slightly changed, so I am finding that Mullvad/MozillaVPN no longer work for me anymore. I run into too many blocks from services I try to use, and I get 1/4 the speeds that I am paying for. Considering that my service costs me (and the FCC xD) a total of $60/month for 400/20mbps I really want all the speed I can get for that highway-robbery of a price.
Piggy-backing on what @SgtAwesomesauce said:
I’ve noticed a lot of abuse of Linode’s services; and simply because they don’t have the reputation of Amazon’s AWS, they are sadly fairly powerless to counteract the negative reviews they get from it. I’ve seen someone complain that an IP address that originated from this company “hacked” his YouTube TV account or something. Someone from Linode explained that they were a VPS provider and that someone was probably abusing the service. His unfair complaint is still active - though I wonder what that guy’s true intentions were because evidently he’s smart enough to trace an IP address back to its originating source, but not smart enough to perform basic research on the business and draw logical conclusions about why an IP address from them “hacked” their account…
I don’t remember the sign-up process for Linode since I have been a customer since 2019, before I found Level1Techs; but I imagine that the Sergeant is right in saying that Linode is trying to protect its service from abusive “customers”.
As another example, someone filed a formal complaint that Linode deleted their account without warning; and Linode’s Terms of Service explain why an account could be deemed fraudulent. Among those, nonpayment for services rendered is one reason.
Another complaint was generated by a person who is receiving unsolicited Spam from an IP address owned by Linode. And the email sending the spam is a gmail account… but Linode gets the flack.
Yes, you could set up an OpenVPN client on pfSense to connect to a VPN server running on your Linode instance. Then, assign the OVPN client to an interface, configure manual outbound NAT for LAN to OVPN, and change the ‘Default allow LAN to any’ rule to use the OVPN interface as its gateway.
That’s a really brief summary. Lawrence Systems is probably one of the best tutorial resources for pfSense.
