There are a few schools of thought on where responsibility should lie in protecting user privacy. The first that it is a role of government and policy - in the same way the government sets standards for automobile and road safety they can set and enforce policies for user privacy.
The second school of thought is individual responsibility. Users should take steps to protect their own privacy on a case-by-case basis, in the same way they look after their own home security or personal safety.
The third would be a hybrid approach - that there is a role for the government to play in setting up a universal minimum level of privacy protection while users also have a role to play in their own protection. This is most akin to how healthcare works - i'm guaranteed treatment in an emergency room but I also might choose to keep myself healthy with diet, exercise etc.
I personally believe in user responsibility for personal privacy and security, where you can't and shouldn't depend on policy to protect you and that all users should be aware of the issues and actively educated on how to protect themselves. For a few reasons:
1. Policy is not universal. Some countries may have extensive and rigorous user privacy protections but that doesn't apply to users everywhere. While user privacy protections are strong in Europe, and consumers have access to recourse if they're privacy rights have been violated, that same advice doesn't apply to the majority of internet users, most of whom are residents of a nation or jurisdiction where there is no strong protection or user recourse.
2. Governments are a major party in privacy violations and are conflicted, so they can't be expected to behave in the interest of users. The most recent campaigns to roll out encrypted communications and connections in apps was prompted by the US government intercepting internal Google data. The government will almost always be incentivized to lower barriers to ease intelligence gathering and in most of the world government surveillance trumps individual rights.
3. Similarly, government can't be trusted. This is the point Ed Snowden made when he argued for individual and tech solutions to privacy over government policy[0]. Snowden cites the difference in Obama's campaign promises and what he delivered[1], and this isn't unique to Obama - the FCC ISP privacy rules being blocked this week is yet another example of how easily and quickly policy can be undone, while the mass surveillance Snowden disclosed is an example of how public policy and private actions can be different.
4. Tech solutions to privacy doesn't imply individual responsibility. We can, and do have, tech solutions that are universal - such as the campaign to roll out encrypted communications and connections with Whisper and LetsEncrypt.
5. Policing government policy is labour intensive and difficult. It relies on privacy researchers - usually individuals - to track what companies are doing with user data. With more data being shared between companies it is even more difficult to apply individual oversight to how policies are being enforced. See Natasha Singer's reporting in the NYTimes on data brokers[2]
6. There are usually very minor enforcement penalties for companies that violate user privacy policy. The FCC tracking opt-in rules were prompted by some ISPs adding tracking headers or cookies to user traffic. AT&T and Verizon were adding tracking cookies to user traffic and it took two years to notice, and there were zero implications for both companies[3] other than the new FCC rules which are now dead.
7. Even in the perfect world of good policy, good application of policy and good enforcement you still have more data than ever being stolen and leaked online. You only have to look yourself up on haveibeenpwnd or a similar database to find that for a lot of people, all of their PII has already leaked[4]
It is very clear to me that technology solutions have the primary role in protecting user privacy. Policy isn't a waste of time but it can't be relied upon. The question is how user privacy protection is packaged for a mass-audience. User privacy requires an equivalent of what 'use WhatsApp, use Signal' is for user security, what 'install antivirus, don't click on attachments' used to be for user security and the growing popularity and awareness of ad blockers.
I'm not sure what that will be or what it will look like, but warning people away from VPN's probably isn't going to help. Chances are that some form of VPN connection will become part of the standard solution (along with HTTPS/encrypted comms everywhere) now that the reality of ISPs and users not sharing privacy interests is here and many are aware of it.
Theres a great market opportunity here - perhaps not for VPNs as a product but VPN as a technology.
Lots of people seem to think the right answer is selling improved security. I disagree. It would be much more exiting to get the data coming from politicians homes, and the homes of their staff. It would be a fantastic way to generate news. Why is senator X's household researching cancer treatment? Will they step down this year? I can't help but think military bases would google their next deployment, that's another set of huge news articles.
If you're more into the finance side of things, CXO's home clickstreams would probably be enlightening. Or hedge fund managers. Some will be fully encrypted and secure, but just the dns would be a strong signal about what companies they're researching.
That is the kind of business that will drive privacy legislation.
Well, pastebinning communication of a politician (or better - their kid) seems like such an effective idea, I wonder why this doesn't seem to happen? Is there a strong roadblock somewhere there? It's not like most politicians and their staff know much about Internet security.
A heads up: theres a really nice project called Streisand[1] which provides a multi-protocol VPN with very little effort. You can launch one on a cheap cloud provider (like DO, if their policy allows).
The solution is getting strong, enforced laws that protect our privacy and punish those who break them.
But for the moment, with advertisers viewing themselves as gods gift to the internet who think that all your information belongs to them simply by virtue of existing, and who will go to great lengths to acquire and store it all (for perpetuity), a solution is needed, and part of that is VPN's.
Data you release can never be recovered. Even if we were to chuck out the entire House and reverse this change in 2018, VPNs would still be a key part of the solution. It would only take one medical search sold to insurers (as a random example) to seriously affect you, so I agree that downplaying technical defenses is unreasonable.
Tangential point, I've heard from a friend how much you can earn by being involved in a "premium" ad network, and it's basically around 100x what I can make as a SWE freelancer. I also remember a HN user claiming they make $30k/month from a simple "YouTube downloader" kind of site.
It's strange to see the evolution of the technology versus policy debate. We started out with "the Internet views censorship as damage and routes around it." A little later we had Lessig saying "code is law." And now the refrain is "VPNs are not the solution to a policy problem."
I miss the idealism and optimism of the past. The only hopeful thing I can find in the new "quote" is that it seems that the tech world is finally aware of the need to work with policy makers and the public in addition to building new systems.
Another thing often overlooked with VPNs is that they're just not that fast. I have a 600/40 connection, and I've tried at least six for-pay VPN providers. The fastest one I found (won't mention as my goal isn't to advertise for them) hits, at best, 100/30. And even then, only over L2TP. For whatever reason, OpenVPN is always slower on every PC I've tried this with.
And obviously, you gain a good deal of latency, especially if you use an overseas exit point.
And now we get to deal with shitty services like Netflix punishing privacy-conscious users and blocking access to paid accounts while your VPN is up.
I've used SoftEther VPN software on the type of cheap VPS you find on lowendbox.com.
I notice little if any change in speed. If anything, download speeds seem more consistent in speed without long pauses (or momentary bursts in speed).
It's very easy to install and configure, but I'm not sure how good it is at addressing the point of having a VPN, since I don't know how well the software has been audited by other people, and I wouldn't know where to begin. The same goes for how I must trust the VPS provider.
You can setup your own on digital ocean or aws light sail you will get better bandwidth... IP will not be blocked as it will not be known vpn IP and it can be rotated.. not saying these are solutions to the privacy problem only the technical ones
Potentially a workaround is getting a business account/connection. I doubt most businesses will want any kind of data gathering. So they'll be exempt but obviously more expensive. Could be worth it for no speed loses/VPN hassle.
Maybe they'll even offer pay for privacy on consumer accounts? It's just the price you pay when most people don't know about the issue, or don't understand the issue, or don't care about the issue.
VPNs will definitely incur overhead and latency costs, yeah.
OpenVPN can be fairly slow if you are sharing CPU usage (ex. VPS provider) with other users. You are also most likely implementing NAT on your VPN server which is probably not accelerated unless you are paying for an expensive appliance that does so.
I use Private Internet Access and I can easily max out my 300Mbps/50mbps connection, both ways, when connecting through a neighbouring country(I'm in UK, and usually use either Sweden or Netherlands exit points)
Perhaps one solution might be to poison the data and have your router/device make spurious random DNS lookups and HTTPS connections. Ensure the list of random websites includes the top few hundred companies likely to be in the market for usage data. If enough people did this it would make the data useless.
Data poisoning is a fantastic approach: flood the captures with so much, and with so much trash that it becomes an increasingly large amount of work to just sort out the 'real' traffic (even before any advertiser analysis of what that real traffic contains).
There's a couple of things that do this actually: the AdNauseum plugin will hide ads for you, but will also click through on them often as well which helps pollute advertiser data capture. It won't of course be able to replicate you browsing on the page, but it'll go a long way to frustrating the efforts of 3rd parties who won't have access to the landing page metrics anyways.
There was also a post on /r/InternetIsBeautiful that was supposed to do something similar: essentially destroy your browsing habits by performing additional searches and following links in the background, but I think that relied upon a hardcoded list of searches, so it's ongoing functionality was somewhat limited.
A big challenge to making something that continually obfuscates your browsing habits is making sure it doesn't accidentally end up going throw actually sketchy or illegal stuff (i.e. sites/etc that could get you on lists/attention) and making it work in a way that isn't easily detectable/filterable as 'machine traffic'.
I guess that means you'd have to build in functionality to replicate following pages several links deep, not making successive requests immediately (sleeping execution/simulating scrolling), simulating some kind of 'natural' interaction: mouse movement + hovering over things + other things that users might do?
I'm sure most of that stuff is totally possible, probably even easy, might make for a fun personal project...
How would one go about doing this? More importantly... Is there a simple cross platform application I could have my friends and family install that takes little to no effort on their part?
Why aren't VPNs, and more broadly encryption, a solution to this problem? "Waving the wand of a technical solution," as the post pejoratively calls it, isn't such an unreasonable thing to do with an inherently technical problem. This problem only exists because of other technical wands we waved. Why solve this problem with policy? Policy is hard to get passed, hard to keep passed and even when it is passed often times it means nothing. Remember this is the same government that contains multiple organizations surveilling your every move, not because they legally can, because they illegally can. The point is, it's foolish to count on USG to give you a right to privacy, just look at the history on this, it's not going to happen. But it's especially foolish when this is a right that you can enforce for yourself. If you actually care about your privacy use a VPN, or Tor, don't sit around waiting for the government to do it for you.
Then the question is: are technical experts the only ones who deserve privacy? Are the strong the only ones who deserve safety? etc etc.
While I also prefer a system which assumes no trust in government policy, it is still prefferable provide legal protections for the little guys whenever possible. In this case, the little guy is the vast majority of people who don't understand how the internet works.
I believe policy is important as a part of the solution because it is a matter of protecting the general public not just a select technically capable.
Yes, policy is hard and can be useless but I still believe it is an important goal to fight towards.
You can care about your privacy, use a VPN and use the democratic process to enact policy change. Those things need not be mutually exclusive. VPNs are only a part of the solution and incomplete, not the solution.
One thing I was wondering, beyond your own personal ISP, does this mean that the backbone providers, the Level 3's of the world, are going to get into selling data to advertisers? I was feeling personally ok because I use an ISP with a strong privacy pledge, but I wonder if their uplink is going to be selling my data. Though I guess it's less of a concern since the backbones don't have the complete personally identifying info that the customer ISPs have.
I understand the viewpoint of the article, but it assumes that the person waving the wand particularly cares about everyone else.
Personally, with the Investigatory Powers Bill in the UK, I will "wave the wand of a technology solution" to conserve and protect my own privacy.
Sure, if the policy was changed upstream then a lot more people would benefit than the technically inclined folks, but if there's a bug upstream we don't all sit with it and wait, we fix it locally and vendor.
What would be wrong with selling preconfigured routers to solve the problem?
The router could talk to a standard web api to get information to configure itself. The web service behind the scenes could set up and teardown digital ocean droplets as necessary running streisand. The web service IP's wouldn't be blocked because they'd only be used to periodiy get configuration.
So then you buy a non technical person this router, they create an account on the configuration website and as Ron Popeil would say, set it and forget it.
I think the bigger hole is DNS. Full-tunnel VPNs to primarily TLS-encrypted sites seems like overkill. Encrypted DNS plus an "HTTPS Everywhere" plugin should obfuscate enough info for most people without significantly affecting latency.
The limitations are: no ipv6 support :(, sometimes leaks dns, and always crashes shortly after it is first started (then works fine when you start it again). There seems to be little active development.
To work around the limitations, I mostly use SOCKS (curl also supports SOCKS), plus run sshuttle to try to catch any additional traffic. For that matter, SOCKS alone would at least catch the most sensitive traffic for most people (and would make it easy to have another browser profile for watching netflix).
I get a $15/year OpenVZ account from ramnode.com, which supports VPN usage. I haven't had an issue with bandwith (it seems to undercount quite a lot) but don't watch netflix or otherwise use that much bandwidth.
The main issue I've had is that some websites (google, amazon, gog) will default to various other languages that I assume other people who are doing the same thing speak. Fixed by logging in to the site and they then seem to remember for a while even if you don't log in, but eventually they switch again.
The nice thing is that the remote server can be configured to just have an SSH server on port 80 (in case you ever want to use it from restrictive public wifi; I first stated to do this after seeing SSL downgrade errors on public wifi) with public key authentication, so there is much less to worry about in terms of being responsible for a system open to the internet all the time. In SSH, I set:
So still not a super easy option but a somewhat easier option than OpenVPN. It would be quite easy with an automated way to set up the remote ssh server correctly.
Edit: Speed is quite good with this setup and while I haven't done extensive comparisons, it does not seem to lower the connection speed by much.
Until a better solution is found, I think the way the recent IOT botnet stuff + this ISP privacy deregulation is portrayed in the media opens the opportunity for a startup that sells a secure, smart home router + VPN subscription plan.
Technology used to trump policy, in an unstable but stubborn way. Napsters and piratebays die, but file sharing lives. It's less intense now nit because of policies, but because legal ways to buy most music and videos became reasonably convenient for the mass user.
How well might connectivity limitation work? It took China immense centralization and a lot of technical effort to build the great firewall, which is not exactly impenetrable, though.
I used a droplet on DigitalOcean to configure an Algo server. Very seamless setup, highly recommend. There's a $10 promo floating around: DROPLET10. You can self host too.
Ya, this sucks... a lot. VPNs are a start with existing tech. I firmly believe new technology will solve this problem. Encryption everywhere. Overlay networks. New fully encrypted and annonymized DNS systems. Digital currency incentivizations. Policy helps but in the absence of policy technology will find a solution.
This whole damn thing spawns from the lack of competition with ISPs. If consumers had more than 1 or 2 options, we could choose with our money. I don't think the solution is to regulate the industry, but our privacy should certainly be protected by our fucking useless government.
I personally use Cloak as it was easy to set up (https://www.getcloak.com/), but I'll be adding proxy.sh (https://proxy.sh) as my primary soon (on recommendation from a few security minded friends and their logging policy).
setting up VPNs doesn't scale. the entire internet can't be behind VPNS not to mention people with poor internet will not be able to use a VPN effectively
At the end of the day, it is obvious that policy is the right direction to stop this bleed of infringement. However; be it noted: those who have the capability to circumvent, or ethically "get around" such enchroachment; have a responsibilty to free those who may be entagled by that which is "freedom limiting". The argugment could be had, however; is it really freedom limiting for others to know your web history? Obviously, there are second, and third abilities to be held when a dominant party knows of the lesser's behavior. Still a great bit to parse. As for me and my house, we will tunnel safely through VPN.
[+] [-] nikcub|9 years ago|reply
The second school of thought is individual responsibility. Users should take steps to protect their own privacy on a case-by-case basis, in the same way they look after their own home security or personal safety.
The third would be a hybrid approach - that there is a role for the government to play in setting up a universal minimum level of privacy protection while users also have a role to play in their own protection. This is most akin to how healthcare works - i'm guaranteed treatment in an emergency room but I also might choose to keep myself healthy with diet, exercise etc.
I personally believe in user responsibility for personal privacy and security, where you can't and shouldn't depend on policy to protect you and that all users should be aware of the issues and actively educated on how to protect themselves. For a few reasons:
1. Policy is not universal. Some countries may have extensive and rigorous user privacy protections but that doesn't apply to users everywhere. While user privacy protections are strong in Europe, and consumers have access to recourse if they're privacy rights have been violated, that same advice doesn't apply to the majority of internet users, most of whom are residents of a nation or jurisdiction where there is no strong protection or user recourse.
2. Governments are a major party in privacy violations and are conflicted, so they can't be expected to behave in the interest of users. The most recent campaigns to roll out encrypted communications and connections in apps was prompted by the US government intercepting internal Google data. The government will almost always be incentivized to lower barriers to ease intelligence gathering and in most of the world government surveillance trumps individual rights.
3. Similarly, government can't be trusted. This is the point Ed Snowden made when he argued for individual and tech solutions to privacy over government policy[0]. Snowden cites the difference in Obama's campaign promises and what he delivered[1], and this isn't unique to Obama - the FCC ISP privacy rules being blocked this week is yet another example of how easily and quickly policy can be undone, while the mass surveillance Snowden disclosed is an example of how public policy and private actions can be different.
4. Tech solutions to privacy doesn't imply individual responsibility. We can, and do have, tech solutions that are universal - such as the campaign to roll out encrypted communications and connections with Whisper and LetsEncrypt.
5. Policing government policy is labour intensive and difficult. It relies on privacy researchers - usually individuals - to track what companies are doing with user data. With more data being shared between companies it is even more difficult to apply individual oversight to how policies are being enforced. See Natasha Singer's reporting in the NYTimes on data brokers[2]
6. There are usually very minor enforcement penalties for companies that violate user privacy policy. The FCC tracking opt-in rules were prompted by some ISPs adding tracking headers or cookies to user traffic. AT&T and Verizon were adding tracking cookies to user traffic and it took two years to notice, and there were zero implications for both companies[3] other than the new FCC rules which are now dead.
7. Even in the perfect world of good policy, good application of policy and good enforcement you still have more data than ever being stolen and leaked online. You only have to look yourself up on haveibeenpwnd or a similar database to find that for a lot of people, all of their PII has already leaked[4]
It is very clear to me that technology solutions have the primary role in protecting user privacy. Policy isn't a waste of time but it can't be relied upon. The question is how user privacy protection is packaged for a mass-audience. User privacy requires an equivalent of what 'use WhatsApp, use Signal' is for user security, what 'install antivirus, don't click on attachments' used to be for user security and the growing popularity and awareness of ad blockers.
I'm not sure what that will be or what it will look like, but warning people away from VPN's probably isn't going to help. Chances are that some form of VPN connection will become part of the standard solution (along with HTTPS/encrypted comms everywhere) now that the reality of ISPs and users not sharing privacy interests is here and many are aware of it.
Theres a great market opportunity here - perhaps not for VPNs as a product but VPN as a technology.
[0] https://www.wired.com/2016/11/despite-trump-fears-snowden-se...
[1] https://www.forbes.com/sites/thomasbrewster/2016/11/10/edwar...
[2] http://www.nytimes.com/2013/09/01/business/a-data-broker-off...
[3] https://www.techdirt.com/articles/20150115/07074929705/remem...
[4] https://haveibeenpwned.com/
[+] [-] jfoutz|9 years ago|reply
If you're more into the finance side of things, CXO's home clickstreams would probably be enlightening. Or hedge fund managers. Some will be fully encrypted and secure, but just the dns would be a strong signal about what companies they're researching.
That is the kind of business that will drive privacy legislation.
[+] [-] supertrope|9 years ago|reply
[+] [-] confounded|9 years ago|reply
[+] [-] TeMPOraL|9 years ago|reply
[+] [-] KurtMueller|9 years ago|reply
[+] [-] Goopplesoft|9 years ago|reply
[1] https://github.com/jlund/streisand
[+] [-] FridgeSeal|9 years ago|reply
The solution is getting strong, enforced laws that protect our privacy and punish those who break them.
But for the moment, with advertisers viewing themselves as gods gift to the internet who think that all your information belongs to them simply by virtue of existing, and who will go to great lengths to acquire and store it all (for perpetuity), a solution is needed, and part of that is VPN's.
[+] [-] surement|9 years ago|reply
[+] [-] Bartweiss|9 years ago|reply
[+] [-] smnscu|9 years ago|reply
Tangential point, I've heard from a friend how much you can earn by being involved in a "premium" ad network, and it's basically around 100x what I can make as a SWE freelancer. I also remember a HN user claiming they make $30k/month from a simple "YouTube downloader" kind of site.
[+] [-] mirimir|9 years ago|reply
[+] [-] JeremyBanks|9 years ago|reply
[+] [-] dfc|9 years ago|reply
I miss the idealism and optimism of the past. The only hopeful thing I can find in the new "quote" is that it seems that the tech world is finally aware of the need to work with policy makers and the public in addition to building new systems.
[+] [-] byuu|9 years ago|reply
And obviously, you gain a good deal of latency, especially if you use an overseas exit point.
And now we get to deal with shitty services like Netflix punishing privacy-conscious users and blocking access to paid accounts while your VPN is up.
[+] [-] rz2k|9 years ago|reply
I notice little if any change in speed. If anything, download speeds seem more consistent in speed without long pauses (or momentary bursts in speed).
It's very easy to install and configure, but I'm not sure how good it is at addressing the point of having a VPN, since I don't know how well the software has been audited by other people, and I wouldn't know where to begin. The same goes for how I must trust the VPS provider.
[+] [-] manquer|9 years ago|reply
[+] [-] guitarbill|9 years ago|reply
Maybe they'll even offer pay for privacy on consumer accounts? It's just the price you pay when most people don't know about the issue, or don't understand the issue, or don't care about the issue.
[+] [-] st553|9 years ago|reply
[+] [-] angry-hacker|9 years ago|reply
[+] [-] staticsafe|9 years ago|reply
OpenVPN can be fairly slow if you are sharing CPU usage (ex. VPS provider) with other users. You are also most likely implementing NAT on your VPN server which is probably not accelerated unless you are paying for an expensive appliance that does so.
[+] [-] gambiting|9 years ago|reply
[+] [-] herbst|9 years ago|reply
[+] [-] sjwright|9 years ago|reply
[+] [-] FridgeSeal|9 years ago|reply
There's a couple of things that do this actually: the AdNauseum plugin will hide ads for you, but will also click through on them often as well which helps pollute advertiser data capture. It won't of course be able to replicate you browsing on the page, but it'll go a long way to frustrating the efforts of 3rd parties who won't have access to the landing page metrics anyways.
There was also a post on /r/InternetIsBeautiful that was supposed to do something similar: essentially destroy your browsing habits by performing additional searches and following links in the background, but I think that relied upon a hardcoded list of searches, so it's ongoing functionality was somewhat limited.
A big challenge to making something that continually obfuscates your browsing habits is making sure it doesn't accidentally end up going throw actually sketchy or illegal stuff (i.e. sites/etc that could get you on lists/attention) and making it work in a way that isn't easily detectable/filterable as 'machine traffic'. I guess that means you'd have to build in functionality to replicate following pages several links deep, not making successive requests immediately (sleeping execution/simulating scrolling), simulating some kind of 'natural' interaction: mouse movement + hovering over things + other things that users might do?
I'm sure most of that stuff is totally possible, probably even easy, might make for a fun personal project...
[+] [-] wizardforhire|9 years ago|reply
[+] [-] jdoliner|9 years ago|reply
[+] [-] false-mirror|9 years ago|reply
While I also prefer a system which assumes no trust in government policy, it is still prefferable provide legal protections for the little guys whenever possible. In this case, the little guy is the vast majority of people who don't understand how the internet works.
[+] [-] staticsafe|9 years ago|reply
I believe policy is important as a part of the solution because it is a matter of protecting the general public not just a select technically capable.
Yes, policy is hard and can be useless but I still believe it is an important goal to fight towards.
You can care about your privacy, use a VPN and use the democratic process to enact policy change. Those things need not be mutually exclusive. VPNs are only a part of the solution and incomplete, not the solution.
[+] [-] guelo|9 years ago|reply
[+] [-] libeclipse|9 years ago|reply
Personally, with the Investigatory Powers Bill in the UK, I will "wave the wand of a technology solution" to conserve and protect my own privacy.
Sure, if the policy was changed upstream then a lot more people would benefit than the technically inclined folks, but if there's a bug upstream we don't all sit with it and wait, we fix it locally and vendor.
[+] [-] WhitneyLand|9 years ago|reply
The router could talk to a standard web api to get information to configure itself. The web service behind the scenes could set up and teardown digital ocean droplets as necessary running streisand. The web service IP's wouldn't be blocked because they'd only be used to periodiy get configuration.
So then you buy a non technical person this router, they create an account on the configuration website and as Ron Popeil would say, set it and forget it.
[+] [-] philip1209|9 years ago|reply
[+] [-] joveian|9 years ago|reply
The limitations are: no ipv6 support :(, sometimes leaks dns, and always crashes shortly after it is first started (then works fine when you start it again). There seems to be little active development.
To work around the limitations, I mostly use SOCKS (curl also supports SOCKS), plus run sshuttle to try to catch any additional traffic. For that matter, SOCKS alone would at least catch the most sensitive traffic for most people (and would make it easy to have another browser profile for watching netflix).
I get a $15/year OpenVZ account from ramnode.com, which supports VPN usage. I haven't had an issue with bandwith (it seems to undercount quite a lot) but don't watch netflix or otherwise use that much bandwidth.
The main issue I've had is that some websites (google, amazon, gog) will default to various other languages that I assume other people who are doing the same thing speak. Fixed by logging in to the site and they then seem to remember for a while even if you don't log in, but eventually they switch again.
The nice thing is that the remote server can be configured to just have an SSH server on port 80 (in case you ever want to use it from restrictive public wifi; I first stated to do this after seeing SSL downgrade errors on public wifi) with public key authentication, so there is much less to worry about in terms of being responsible for a system open to the internet all the time. In SSH, I set:
So still not a super easy option but a somewhat easier option than OpenVPN. It would be quite easy with an automated way to set up the remote ssh server correctly.Edit: Speed is quite good with this setup and while I haven't done extensive comparisons, it does not seem to lower the connection speed by much.
[+] [-] andrenotgiant|9 years ago|reply
[+] [-] nine_k|9 years ago|reply
How well might connectivity limitation work? It took China immense centralization and a lot of technical effort to build the great firewall, which is not exactly impenetrable, though.
[+] [-] quantumfoam|9 years ago|reply
I used a droplet on DigitalOcean to configure an Algo server. Very seamless setup, highly recommend. There's a $10 promo floating around: DROPLET10. You can self host too.
[+] [-] skynode|9 years ago|reply
[+] [-] siculars|9 years ago|reply
[+] [-] frebord|9 years ago|reply
[+] [-] pryelluw|9 years ago|reply
[+] [-] alex_lod|9 years ago|reply
[+] [-] Splines|9 years ago|reply
[+] [-] BEEdwards|9 years ago|reply
https://thatoneprivacysite.net/vpn-section/
[+] [-] rargulati|9 years ago|reply
[+] [-] itake|9 years ago|reply
[+] [-] ZeroManArmy|9 years ago|reply
On that site he has a massive spreadsheet of many if not all VPN providers and the various pros and cons.
[+] [-] nyolfen|9 years ago|reply
[+] [-] vxxzy|9 years ago|reply
[+] [-] staticsafe|9 years ago|reply
The possibility for blackmail exists and therefore the possibility of your freedom being curtailed.