undefined | Better HN

0 pointsmsh10y ago0 comments

Well, then you depend on your VPS company.

Its important that you dont host any domains on the VPS you run the VPN on.

Security might not be top priority at the VPS provider.

All your requests come from the same IP address (and the VPN provider might very easily give out your private info).

I think a VPN from a reputable provider (like f-secure) is better for most users.

0 comments

9 comments · 3 top-level

wongarsu10y ago· 3 in thread

It depends on your goal. For privacy, a self-hosted VPN is a nightmare. To prevent sniffing and/or modification of content, a self-hosted VPN is great (your VPS company is less likely to target VPN traffic than a dedicated VPN provider).

I think a reputable VPN provider offers the better tradeoff, but there are legitimate reasons for self-hosting a VPN.

nowherecat10y ago

could you please explain why a self-hosted vpn is a nightmare for privacy? i am running a streisand server and the disk is fully encrypted

halomru10y ago

With a VPS-self-hosted VPN all your connections to the outside originate from a static, unique, unshared IP, making it trivial to track and correlate your behavior across all protocols. Instead of containable identifiers like cookies, your IP has become a guaranteed unique identifier.

To leverage this, it's fairly easy to detect you're on a self-hosted VPN: your IP is in an IP range assigned to a hosting/colocation provider, is not a TOR proxy (there is a public list of those) and doesn't belong to any remotely popular VPN (easy to enumerate for a little money, lots of lists exist).

In exchange for that you have eliminated your ISP (or public wifi) as a threat but instead added the hosting provider to the list of threads. And for any adversary that stands above the law, the routing infrastructure of your hosting provider is already a valuable target.

1 more reply

vox_mollis10y ago

Because you're moving the "exit" from your non-anonymous local ISP to your non-anonymous colo provider. If you want to hide your traffic or at least make your adversary work a little to determine who you are, shared VPN endpoints are better.

1 more reply

pavel_lishin10y ago· 2 in thread

You could set up a box at home to route through.

mshOP10y ago

Not if its your home connection you want to protect.

pavel_lishin10y ago

True, but most of the advice given here seems to be about preventing MITM-type of attacks and general traffic sniffing

tiatia10y ago· 1 in thread

"Its important that you dont host any domains on the VPS you run the VPN on."

Why is that is I may ask? I have the impression that the great firewall blacks a lot of domains by default and they are allowed/blocked after a review after somebody tries to access them the first time. I may be paranoid but often I try to open an obscure site. It is blocked. I have to use a VPN. A few days later the site can be accessed. Why not use a VPN sever with a nice website that makes it look harmless?

mshOP10y ago

I see three issues:

- You might forget private whois and expose your identity. - There might be issues with the private whois that exposes your identity. - The contents of the website might expose you.

j / k navigate · click thread line to collapse

0 comments

9 comments · 3 top-level

wongarsu10y ago· 3 in thread

I think a reputable VPN provider offers the better tradeoff, but there are legitimate reasons for self-hosting a VPN.

nowherecat10y ago

could you please explain why a self-hosted vpn is a nightmare for privacy? i am running a streisand server and the disk is fully encrypted

halomru10y ago

1 more reply

vox_mollis10y ago

1 more reply

pavel_lishin10y ago· 2 in thread

You could set up a box at home to route through.

mshOP10y ago

Not if its your home connection you want to protect.

pavel_lishin10y ago

True, but most of the advice given here seems to be about preventing MITM-type of attacks and general traffic sniffing

tiatia10y ago· 1 in thread

"Its important that you dont host any domains on the VPS you run the VPN on."

mshOP10y ago

I see three issues:

- You might forget private whois and expose your identity. - There might be issues with the private whois that exposes your identity. - The contents of the website might expose you.

j / k navigate · click thread line to collapse