some of the UK ISP go further then just dns blocking, Some do deep packet inspection. But this can be countered with dns over https something firefox supports. But last i check you had to enable it.
Witch also gets countered by most half way decent VPNs since any decent VPN should not use whatever DNS server you set and instead route it threw the VPN and use their DNS servers. Deep package inspection is gonna look pretty lonely on your isps DNS servers.
I donāt think you get how a vpn works, becose that comparison was quite weird.
Ofc a VPN is not using your local DNS, You are running an encrypted connection from your LAN before you enter the network of your ISP to somewhere else outside their network, And exiting from there.
The ISP has no way of knowing what is inside that connection.
For what itās worth, prior to explicitly setting block-outside-dns in my OpenVPN config file my Windows host would routinely leak DNS requests.
that is a client error, but yes it is fare from unheard off.
I take it your point is that a good VPN provider must get around windows being a faulty client to begin with.
While the VPN providers that i have looked into run their own DNS servers, just not leaking would mask the origin of the DNS lookup.
What differentiate the good from the bad providers is rather protecting you from other customers.
In part, but I still dont get what the āisps are now doing deep package inspection on the DNS serverā is supposed to accomplish.
I think if your VPN provider does not have a DNS AND someone along the way (probably the client) decides its probably a good idea to use that as opposed to your isps or whatās set on your router. You would still be using your isps dns servers even if it has to travel around the globe to do so.
It probably would be fine. But since you brought up the deep package inspection thing I was thinking you can maybe somehow get something out of it when you do deep package inspection on your dns traffic.
VPN is a waste of money, decent OPSEC should not rely on external factors (open source networking, such as TOR, is of course an exception). I recommend building a networked life around realities such as prying ISPs and VPNs
I disagree, different people have different requirements and as pointed out already some live in countries where working on the understanding they are under surveillance will likely limit what they feel they are able to do. TOR has itās place, but since so much criminal activity is routed through it many legit web-sites and services actively block connections from exit nodes. A VPN is another useful tool to have.
The rates that some of the VPN providers charge and the value-for-money of that is another matterā¦
Edit: For some users the leaders of their countries might want Facebook to start looking more like this:
If that happens VPNās or TOR become the defaultā¦
1 Like
A question from the category of āanswer yourselfā.
Do you need health insurance? Do you need insurance for an apartment?
If you do not see / feel the need to own something, then I do not see the sense of spending money on it!
If you do not have clear needs in owning a VPN then why spend money on it?
Do you own a smartphone?
Do you have a laptop?
Do you have a PC?
Do you have a Mac?
Do you have a tablet?
Do you have a NAS?
Do you have a satellite phone?
Do you have a mistress?
If the answer is ānoā then why do not you buy it? If the answer is because I do not have āsuch a needā to have it, congratulations you have the answer ā¦
We can discuss long whether it is worth having a VPN or not. But the heart of the matter is ādo you need itā.
Someone may convince you that YES. Someone else that is NO.
If you personally do not feel you need a VPN, you probably do not need it so much. Imho
PS
And in terms of p2p instead of VPN, I recommend a good seedbox.
Recommendations on priv ā¦ 
Such situations happen even as the app has a kill switch. It is best to deprive the host, situational awareness of the network. VPN set up on a separate machine before the end host. In a similar way how Whonix works, but for TOR.
14:10
1 Like
-
Learn to use Linux & rent a Debian 128mb OpenVZ VPS to use as an OpenVPN server (costs around $10 / year). There are plenty of guides for configuring this. With this
4096bit encryption is possible. -
Use
tor/i2p/bitmessage/ GnuPG /dnscrypt-proxyover your VPN. -
Get a 2nd OpenVZ Storage VPS & configure it as a seedbox for torrenting (this server could also run your I2P daemon)
-
Do not use Intel CPUs (since Sandybridge all intel CPUās have hardware backdoors) - & if possible use AMD CPUās without a PSP.
3 Likes
Learn to use Linux & rent a Debian 128mb OpenVZ VPS to use as an OpenVPN server (costs around $10 / year). There are plenty of guides for configuring this. With this
4096bit encryption is possible.
Damn, Iāll have to give this a try. Thank you for giving a quick breakdown.
Since this wasnāt addressed directly (or I have memory leaks), a VPN can be created between you and your work network. I know Iāll be setting this and a remote desktop solution for managers so they can work off-site. Great for accessing work resources or matching IP whitelists your IT department probably has.
Also, nobody tell my co-workers. Most donāt think this is possible, so I get to be a wizard once again when itās time.
1 Like
Ah ok. Not really applicable for my situation, but I could see how that would be useful for people who work outside of work. I could get in trouble for doing that haha.
this will get you started:
Would this include seeding for Linux distros and stuff like that too?
Get a seedbox for that, rather than a VPN. Itās perfect for that purpose.
If you setup your own seedbox have a look at deluge headless setup.
With this you can run the deluge daemon on your seedbox & run the deluge desktop app locally to manage your torrents (via an ssh tunnel to your seedbox). Download your completed torrents with an sftp client like filezilla.
https://www.kimsufi.com/us/en/vps-ssd.xml
https://www.kimsufi.com/us/en/servers.xml
Buy KS-1 away from NSA ground. $60 a year and you have your own machine with Atom / 2GB, HDD 500GB and 100Mb/s for VPN and seedbox and youāre the master and ruler of your own fate with a clean IP just for you.
Or VPS for $40 a year only for vpnā¦
Personally, I would rather be skeptical about solutions as cheap as 10/year. There are no miracles. The quality is adequate to the price usually. And in the case of VPN, however, it would be useful for the machine to be relatively efficient and especially to have a good connection. Because many of these cheap vps usually have very poor transfers. If someone wants to have an average of at least 50Mb/s by vpn then I have doubts if such cheap vps will give you such transfers.
Personally, I had to deal with kimsufi for years and 100Mb/s per machine is not a problem, there is no limit on the amount of data transferred.
1 Like
So just like anything else, its a tool. Its useful for security things. If I wanted to use 4chan to drop an ARG Iād use a vpn. If I wanted to almost do anything securely, Iād use a vpn.
Actually if I was really crazy Iād tunnel through thedns connection. No one will find you then :PPP
1 Like
Itās a few dollars a monthā¦ and it reduces the possibility of there being a permanent record of your actions which is valuable from a privacy and security perspective (think ad companies accumulating and selling your stuff). This is more about making it harder to track your site to site behavior by ads networks - it only takes ONE data breach to cause you harm.
You SHOULD be clearing your cookies after each session and you should also be blocking tracking scripts as much as possible.
With that said, my own threat model is fairly relaxed - Iām not torrenting a bunch of stuff, Iām not looking at illegal content, etc. If I forgot to use a VPN (it happens), itās not a big deal.
1 Like