I need a new vpn and don't know which one I should get, any recs?
The only point of a commercial VPN is to do peer-to-peer without exposing your home IP address. If you are into Proton and their suite of services than you can get ProtonVPN but don't expect anything else since Proton is NATO-aligned, otherwise you can get AirVPN which does sales yearly (I got 6 months for only $15). The other use of VPNs is geo-spoofing (aka: using Netflix under a VPN to get access to other content), but I can't speak on that, Mullvad might be a good option since it sports a lot of server locations.
Avoid any VPN that requires an email account/personal details up front, it's likely a Israeli shell company (no youtuber sponsored vpns, they all suck).
If you want to use a VPN for home server stuff then you should look into Tailscale since they have a free tier for personal use (connecting to your home server while outside the network).
Otherwise, there are more useful things you can do to improve your security instead of using a VPN:
- Use a libre web browser: Firefox+Derivatives or vanilla chromium/ungoogled variant
- Make sure you have HTTPS everywhere or equivalent on.
- Use services like email aliases for online accounts.
- Use an up-to-date GNU/Linux or any other free/communal operating system instead of US State Dept. ones like Windows and MacOS.
- Use Ublock Origin.
It bears mentioning that a VPN is not a magic bullet for privacy.
Also use a private DNS server even if not using a privacy VPN. I set Firefox to route through Mullvad always. It’s just another way your browsing activity gets fed back to your ISP or DNS provider company
Edit: Also I think VPNs have a lot more utility than that. E.g. hiding your real IP from websites to prevent geolocation or tying back to your real ID, preventing your ISP (and thus the US govt through PRISM etc) from logging your traffic, etc. Yes the details of what you do are encrypted through HTTPS but the servers you connect to and the times you do it are not. The CIA says they kill people based off metadata so I would at least try to shift the trust away from known collaborators like my ISP and towards groups like Mullvad to protect myself
I use DNS.SB and use DNS over HTTPS.
On Android, I use Nebulo, which I install through its F-Droid repository. It allows me to use DNS over HTTPS and offers DNS.SB as one of its options.
Make sure you have HTTPS everywhere or equivalent on.
This extension is no longer needed and obsolete.
https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-dont-bother
HTTPS Everywhere
Redundant with HTTPS-Only Mode and scheduled for deprecation: maintenance mode only Sept 2021, sunsets Jan 2023
Yeah the web extension thankfully got merged with Firefox's graphical settings. It eliminates a whole class of vulnerabilities right from the get go.
AirVPN if you need port-forwarding for torrents.
Otherwise Mullvad or IVPN (Mullvad is cheaper). Mullvad is also removing support for OpenVPN and will be just using WireGuard, so if you need OpenVPN for any reason, you will need to use one of the other two.
Also, if you are using a VPN for the sake of privacy...
I would instead look into using Tor or I2P. Being private and secure involves a lot of ongoing research, maintenance, and care, and a VPN is not generally a good way to be private. There's no set it and forget it option. It's better to use a VPN for port-forwarding, circumvent geo-blocking to access media, hide IP from gaming in P2P servers, etc. Otherwise, I would recommend looking into virtualization, using QubeOS and Tails, hardening Firefox, etc.
If you use Linux, here are a few good resources to harden your OS:
- https://wiki.archlinux.org/title/Security
- https://wiki.gentoo.org/wiki/Category:Security
- https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html
- https://kspp.github.io/Recommended_Settings.html
- https://madaidans-insecurities.github.io/guides/linux-hardening.html
- https://github.com/trimstray/linux-hardening-checklist
- ∞ 🏳️⚧️Edie [it/its, she/her, fae/faer, love/loves, ze/hir, des/pair, none/use name, undecided]·1 day ago
Cool links. I should go harden my system. Actually... I could make a nixos module with my changes so others can import these things easily... Hmmm.
I recommend Mullvad bevause you can pay anonymously with cash or anonymously enough with a voucher.
Mullvad, IVPN, and AirVPN all support crypto. They all do not require email accounts, too.
I do not recommend Proton for many reasons.
They support Israel.
https://proton.me/support/protonmail-israel-radware
https://protonvpn.com/blog/israel-vpn-servers/
They supported the 2020 Hong Kong protests.
https://protonvpn.com/blog/hong-kong-servers
This comment from Lemmygrad explains why Proton may be a honeypot and to be wary of VPN services in general.
https://lemmygrad.ml/comment/361523
Here is a list of potential issues with ProtonMail (including their onion site deanonymizing Tor users when they create an account by redirecting them back to their .com address):
https://encryp.ch/blog/disturbing-facts-about-protonmail/
Some practical reasons I don't recommend Proton
- Port-forwarding on linux is shoddy.
- Proton treats Linux and its open source community as second-class citizens.
- ProtonMail Android app is slow as hell. Takes several minutes to load an email and is basically unusable.
- 3+ year old issues never get fixed: https://github.com/ProtonMail/proton-bridge/issues/180
Proton's support for anything other than M$ Windows or MacOS is really bad. It's another case of a company open source virtue signaling. They're better than Google and Microsoft but that isn't saying much.
Never said they didnt.
Yes you should be vary of VPNs but obviously also your ISP. I know mine is selling my data, I just don't have any options. If I would do something highly ileagal I would obviously not really on just a VPN and trust them. That would be one stepping stone of several.
HK have read yet Isreal yea thats bad but still far from PIA etc. Looks mullvad is the better option. Scary there is so few recomendations in general.
Yes you should be vary of VPNs but obviously also your ISP. I know mine is selling my data, I just don't have any options. If I would do something highly ileagal I would obviously not really on just a VPN and trust them. That would be one stepping stone of several.
It is a stepping stone, but can be hit or miss depending on your ISP and VPN. I made some alternative suggestions to improve your privacy and security here: https://hexbear.net/comment/5674063
But given that Proton gave the French police a climate activist's IP information which led to his arrest, despite claiming to store no IP logs and then deleting the claim on their website, it's better to recommend our fellow comrades other VPN services that have a better track record at this time. Proton has proven time and time again to be untrustworthy, and it's a very reactionary company that fights against socialist nations and supports countries like Israel, Taiwan, etc., which you can see by looking at its blog.
Thing is thats mullvad, nothing else. And thats only becouse we don't know what we dont know.
A better approach should be not to trust any singular entity. If you are going to occupy buildings and have Interpol chasing you you should use TOR, VPN and proxy in combination.
Neither of those tools are foolproof , espacially if its not your own hardware somewhere.
And no one will go to prison for you. Obviously any court order to any VPN will be complied with, including mullvad.
Thing is thats mullvad, nothing else. And thats only becouse we don't know what we dont know.
Not sure what you mean. Are you saying we can only trust Mullvad VPN because IVPN and AirVPN have been caught with untrustworthy actions? As far as I know, they haven't, and they're all pretty much equivalent in tech, security, and privacy. Mullvad is just more popular.
A better approach should be not to trust any singular entity.
Easier said then done. At some point you have to be willing to sacrifice with some trust. Even the best security professionals struggle to stay private in today's world of surveillance, so if that trust is yourself, you have to stay on top of security 24/7.
If you are going to occupy buildings and have Interpol chasing you you should use TOR, VPN and proxy in combination.
Using a VPN with TOR is not recommended as a VPN can log your activity every time you connect to TOR. Using a VPN on top of TOR usually doesn't provide you anymore safety unless you are on some public wifi hotspot.
https://support.torproject.org/faq/faq-5/
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
https://tails.net/support/faq/index.en.html#vpn
And no one will go to prison for you. Obviously any court order to any VPN will be complied with, including mullvad.
Thus, my point is using a VPN, especially one we know is untrustworthy, like Proton, is generally not a solution for privacy and security. Being private and secure requires training and practice, and there's much more effective means of securing your data and anonymity.
Not sure what you mean. Are you saying we can only trust Mullvad VPN because IVPN and AirVPN have been caught with untrustworthy actions? As far as I know, they haven't, and they're all pretty much equivalent in tech, security, and privacy. Mullvad is just more popular
As an example it is few thats considered trustworthy and we just dont know if they really are trustworthy.
Easier said then done. At some point you have to be willing to sacrifice with some trust. Even the best security professionals struggle to stay private in today's world of surveillance, so if that trust is yourself, you have to stay on top of security 24/7.
Security and privacy are layers. I would for sure stay on top ( or pay someone to do it for me) if I expecting international warrants.
Using a VPN with TOR is not recommended as a VPN can log your activity every time you connect to TOR. Using a VPN on top of TOR usually doesn't provide you anymore safety unless you are on some public wifi hotspot.
Depends how you set It up but doing VPN for proxy jump will at most let your VPN know you are using TOR. It is recommended , just not by some. VPN is a part of a good setup, a lot more trustworthy than my ISP for example.
Thus, my point is using a VPN, especially one we know is untrustworthy, like Proton, is generally not a solution for privacy and security. Being private and secure requires training and practice, and there's much more effective means of securing your data and anonymity.
See previous points. If you consider all untrusted you limit what those entitys know about you. Proton can know more or less depending how you set it up and use it. Dismissing VPNs because TOR is better is like dismissing blowjobs because fucking is better. We can have both
I can agree with what you said here. I'm not dismissing VPNs altogether, though. The reason I am so critical is because VPNs are marketed as a magic bullet that makes you 100% private and secure, and the average person does not know better. Many people just believe they need to be on a VPN 24/7 to be private, which can be worse than not being on a VPN at all. I gave a lot of links that weren't necessarily critical of VPNs and explained how to use them correctly. I made emphasis on the need for people to research and practice effective opsec. I don't know what OP needs a VPN for, so I made sure to clarify what to use a VPN for and to dispel any myths that are commonly believed with them.
Proton has been really fast for the high seas, but the app is kinda fucked on Linux.
Use wireguard directly, works better. just some time needed to set it up
I had it set up, until it spontaneously decided that I need to enter the password every time I connect.. and it disconnects if my computer goes to sleep.
Mullvad was great until they got rid of port forwarding. Since I have used AirVPN and been pretty happy so maybe check that as an alternative option too :)
Correct me If im wrong but wasnt airvpn bought up with company with some isreali connections?
Are you thinking about PIA or ExpressVPN? I hope AirVPN is not connected to Israel. I just paid a subscription.
PIA ah yea might be that, I believe there where a few more than those, let me see if I can find something about it . https://geopolitics.co/2024/10/02/exposed-how-israeli-spies-control-your-vpn/ Yea it was PIA 😃
PS that story was buried deep in Google search results, weird huh..
Whew, thanks for doing that research! I'm glad that it wasn't after I paid for 2 years just a couple of months ago!
Proton requires you to run a looping script on Linux if you want to use port-forwarding, and it is prone to breaking.
https://protonvpn.com/support/port-forwarding-manual-setup/#linux
i don't use linux so i just click a couple buttons
https://protonvpn.com/support/port-forwarding
Can someone explain to me why using one of these is better than hiding in plain sight
Hides ur IP address from the websites you visit and any peer to peer services, which otherwise could be used to geolocate you or identify whoever’s name is on the internet plan. They also block your ISP from seeing what connections you are making, but this is just a shift of trust as the VPN provider will then get that information so you need to trust that they won’t log it or sell it
I don't trust Brave
https://archive.ph/jKeYQ
https://absolucy.moe/dont-use-brave/
https://davidgerard.co.uk/blockchain/2020/06/06/the-brave-web-browser-is-hijacking-links-and-inserting-affiliate-codes/
https://davidgerard.co.uk/blockchain/2019/01/13/brave-web-browser-no-longer-claims-to-fundraise-on-behalf-of-others-so-thats-nice/
https://github.com/brave/brave-browser/issues/8793
If you need a Chromium based browser, I would suggest Cromite. Otherwise, I recommend people use hardened Firefox or LibreWolf, especially considering Manifest V2 not being supported by Chromium unless forks maintain their own. The whole point of switching to V3 was to make adblock less effective. Thus, Firefox and its derivatives, which are not within the chromium ecosystem, which has its neck under Google's boot (though Mozilla is basically supported financially by Google, which is another story), are the best to use with uBlock Origin, which is generally the best adblock you can use.
https://www.privacyguides.org/en/desktop-browsers/#best-case
https://backlit.neocities.org/browser-evaluation-mullvad-floorp-librewolf
https://privacytests.org/
brave is a cornucopia of blockchain scams and lies but it does a little ad blocking well so the average tech person doesn't bother fact checking any of it's marketing/privacy claims lmao
Your last-mile cable/fiber/wireless ISP is likely a subsidiary of one of the world's largest IP holdings companies, and if they aren't, they likely have big contracts with them and will bend over backwards to please them. They also have a lot of politicians under their thumb, which is necessary to maintain their extortionate regional monopolies. They have a financial incentive and the resources to observe your traffic and send you legal threats or disconnect you unilaterally.
When you use a VPN you are just letting some other company see what your ISP could see (i.e. every website and server you connect to, and how much data is being transfered, if not the plaintext of the data itself). Your ISP can still glean a lot based on the time and amount of data being transferred between you and your VPN, even though it is all encrypted. The VPN has different incentives than a multinational IP conglomerate, but at the end of the day still has to comply with the law. Some of them are legit. Some of them are literally run by Mossad. They generally solve the problem for media piracy, but should not be used thoughtlessly if there is any serious criminal or political risk involved.
Whichever one has decent prices and the features you need. Mullvad, AirVPN. I know AirVPN seems to have multiple sales a year. I can almost guarantee they'll have a Black Friday sale or something by the Monday that follows so if you do go with them, don't buy more than a week right now to see if you like it and if you do buy a year or two for maximum discounts.
Avoid PIA and a lot of the others in that vein, they're owned by ad-tech companies with ties to "isreal".