So I see a lot of people recommending setting up a VPN through your own server, which I do have. That would be versus using a paid service.
I always wondered though, if someone REALLY tried hard, they could get the IP of your server, and find out who's paying for the server on that IP address. Even if multiple servers used the same one, blah blah, you get my question now probably lol.
Maybe that's just a risk whatever way you go, but you have to take care of your own security. Would love some thoughts, thanks everyone.
Basically that sort of set up would protect you from man in the middle stuff on public networks or whatever, but if you want a VPN for anonymity then it's about the same as using your home internet, probably even easier to track as a VPS usually has a static IP.
3 Likes
I just use Digitalocean VPS with openvpn. Works well. There are plenty of tutorials between HAK5.org and DigitalOcean's own tutorials to help you out. DO also has plenty of beginner walk-through documentation for locking down your VPS.
Neat thing is that when you have multiple clients logged into the server you get local networking between them if you choose. IMO: This option is better to have a remote VPN to reverse tunnel into your home network from remote than to just have your VPN be internet facing from inside the network.
Most things we have to worry about are bots doing port scans for vulnerable devices and creeps on public wifi sniffing your packets.
Also if you torrent and your ISP is sketchy about that, then a VPS with a DNS server set to something like OpenDNS or Level3, will keep them from knowing what you are doing as all your traffic will be encrypted over the VPN and DNS requests outsourced to an unaffiliated server.
I 2nd Dexter_Kane's opinion on anonymity. The best way is to pay anonymously for VPNs outside the states, foreign VPS and Tor. But if you need that kind of security then you're either doing some level of crime you shouldn't be or a Journalist/Whistle-blower with a govt target on your back.
Happy hacking!
1 Like
Depends on the service you are using but generally you are correct. It will only really provide protection from tracking your location from laypeople. If you're trying to mask your traffic from a stronger of more trained threat then there are many ways you could be compromised.
For example, Digital Ocean knows your box's root password. At the drop of a hat they could send it to anyone to install tracking code. They also control all traffic heading into and out of the box. Since it will be a private server there will be nothing to sort through. It's all your traffic.
If you are using a public VPN then at the very least there is a mass of traffic heading in and out that helps to mitigate the correlation between your incoming and outgoing connections. It still wouldn't be secure unless the VPN didn't log requests/traffic however as you could simply pull the logs on the servers and find out who was accessing what.
Ideally you want a completely unlogged public portal with thousands to millions of active users to help make correlative identification harder.
1 Like
Okay, thanks for the explanation. I have Private Internet Access, and will probably keep that as I easily exceed my VPS's max bandwidth every month.
I am making a PfSense router and want to at least try a VPN through that, see how it goes.
Look for a offshore vps provider that accepts bitcoin if you want anonymity