VPN (An Unpopular Opinion)

PRIVACY SHIELD — October 08, 2020

Introduction

Hello, friends. Today, I want to discuss a very old and overused topic: VPNs. Specifically, the role this tool plays in building your personal security. I’ll try to keep it brief and to the point, without any unnecessary words. You probably already know what a VPN is and what it does (or doesn’t do). If for some reason you don’t, just head over to https://duckduckgo.com and search for it—there’s plenty of information available.

When preparing your PC for secure activities and the topic of VPNs comes up, you usually have three options:

• Set up your own VPN on a rented VPS, paid for with cryptocurrency
• Use a commercial provider’s services
• Use a free provider’s services

Important Points to Remember

• All providers keep logs. Some keep more information for longer periods, others less and for shorter times. But every single one keeps logs—there’s no such thing as a provider that keeps none. If someone tries to convince you otherwise, they’re not being honest.
• No business will put your interests above their own. If refusing to hand over your data to authorities would cause inconvenience or, worse, financial loss, they’ll give you up. No one will hesitate for long.
• Geography and political climate matter. For example, if your activities are related to Russia, avoid using services from Germany, as there’s a bilateral agreement on cybercrime cooperation and extradition. In general, most European providers are reluctant to respond to requests from CIS authorities. The safest bets are the Netherlands, Switzerland, Gibraltar, Czech Republic, Greece, and others. Also, be aware of international agreements like the Five, Nine, and Fourteen Eyes alliances if your activities involve the EU or US.

Option 1: Your Own VPN on a VPS

Setting up your own VPN configuration doesn’t require deep sysadmin knowledge. Ideally, you’d do everything yourself, but there’s a script on GitHub that will set up OpenVPN on your VPS with minimal effort. First, you need to rent a server.

Where to rent a VPS:

• https://lowendbox.com/ – Aggregator of affordable VPS providers
• https://www.comparevps.com/ – VPS provider comparison
• https://www.PoiskVPS.ru – Russian VPS aggregator

When registering, use plausible information or the anti-fraud system may block you. You can generate a fake identity at https://datafakegenerator.com/generador.php.

For our purposes, a VPS with 512MB RAM, 10GB SSD, and ideally unlimited bandwidth is enough. The VPS must support TUN/TAP for OpenVPN. Most providers have this enabled by default, or you can enable it in the control panel. For payment, Bitcoin is common, but Monero is even better for privacy, as BTC is far from truly anonymous. As for the OS, Debian, Ubuntu, or CentOS 64-bit (latest versions) will work.

After renting, you’ll receive login details by email (change the root password immediately using passwd). The OpenVPN setup script is open source and very easy to use: https://github.com/angristan/openvpn-install.

About Wireguard: I don’t recommend it. Although it’s been around for a few years, it’s not as mature as OpenVPN. Plus, Wireguard has been known to leave odd settings in resolv.conf. Stick with OpenVPN.

Next, you’ll just need to specify the OpenVPN port, protocol, and DNS servers. Then enter your config name, and it will be saved in your user’s home directory.

This is a very brief overview of setting up your own OpenVPN on a VPS. However, you’ll still need to properly secure the server: protect against brute-force attacks, set up a firewall, block unnecessary traffic, disable IPv6, and more. Obfuscating traffic and writing your own killswitch (to block traffic outside the VPN and prevent leaks) are also more advanced tasks. In the end, you’ll only have one location, which is a problem if you need variety.

It may seem like I’m discouraging you from setting up your own VPN. I’m not. If you’re an experienced user and know what you’re doing, the best option is to do everything yourself, including obfuscation and creating as many configs as needed. My point is that just renting a server, running a script, and moving the config to your PC is easy, but it’s not enough. Remember the rule: do it well, or don’t do it at all. Unfortunately, while this option is ideal, it’s too time-consuming and complex for many users.

Option 2: Commercial Provider

Now for the interesting part: My unpopular opinion is that you should never rely on just one VPN. A VPN should play only a partial, limited role in your security. It’s best to combine a VPN with Tor and other technologies—never use it alone!

What should you look for in a provider?

• Traffic obfuscation capabilities
• Jurisdiction (considering 5/9/14 Eyes, or your specific situation)
• Linux client and OpenVPN support
• Cryptocurrency payment options (BTC, ideally Monero)
• Killswitch feature

A commercial provider will do its job well if you combine it with Tor (either before or after the VPN). Some say you shouldn’t use a VPN with Tor, especially after Tor, due to concerns about the last “static” Tor node. My view is that you should use a VPN to hide the final Tor node, since it could be monitored or even set up by adversaries. Plus, most clearnet sites now block Tor, which is a problem for many users.

If you connect to a VPN before Tor, the VPN provider doesn’t know what’s happening with your traffic. If you connect after Tor, the VPN provider doesn’t know who you are. The only downside is the cost.

That said, you can buy VPN “brute” accounts (with a guarantee) from us, which can significantly reduce your expenses.

Conclusion

A commercial VPN should only be a small part of your security system, performing its specific role and nothing more.

Option 3: Free Provider

If, for some reason, you can’t or don’t want to spend money (for example, you just need to hide your IP, or have financial issues), here’s a list of free VPN providers. Keep in mind that their speed, features, and quality are noticeably lower than commercial options, but they’re fine if you just need to hide your IP address.

Russian Providers:

1. http://free-vpn.org/
2. http://shadeyouvpn.com/ru/
3. https://www.securitykiss.com/index.php
4. http://wafers.cc/channelloading/ru/

International Providers:

5. https://www.vpnreactor.com/
6. http://gpass1.com/gpass/
7. http://www.vpnbook.com/
8. http://justfreevpn.com/
9. http://vpnip.net/europe-vpn
10. http://www.vpngate.net/en/
11. http://linkideo.com/
12. http://www.vpntool.com/services.php
13. http://itshidden.com/
14. http://www.anchorfree.com/
15. http://www.usaip.eu/en/free_vpn.php
16. http://thefreevpn.com/
17. http://proxpn.com/
18. https://www.proxpn.com/index.php
19. http://www.usaip.eu/en/index.php
20. https://openvpn.net/
21. http://itshidden.eu/
22. https://www.torvpn.com/en/vpn

Thank you for your attention.

https://t.me/privacy_shield
https://t.me/privacy_guard