Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- >Welcome to the /XMR/ General opsec discussion!
- Firstly I just wanted to mention that its been a pleasure putting these together for the /XMR/ community! The feedback received so far has been overwhelmingly positive and I look forward to continuing these sessions into the future.
- In this session we will discuss Virtual Private Networks, What are they, how and why should we use them and what are their limitations. There are a LOT of misconceptions and false beliefs around VPN's and hopefully we can clear up some confusion and set you on the road to making informed choices.
- >Previous weeks discussion
- PGP - pastebin.com/K5uK4vvg
- File Verification - pastebin.com/64jdYSua
- Compartmentalization - pastebin.com/fduPVLmV
- Case File Reading - pastebin.com/6Jgr2zsL
- >OpsAnon's public key
- pastebin.com/kiEVscyb
- >What is a VPN?
- A VPN or Virtual Private Network is an encrypted connection over the Internet from an user's device to a network. The private connection runs on top of the public internet by using tunneling protocols and encryption that prevent an outsider from seeing where that data is coming and going from. VPN's are commonly used in enterprise networks to allow employee's to remotely access their employers LAN, this became even more popular with the increase of work from home employees, a VPN can also be used by a generic end user to hide their IP from websites and to obscure your traffic from your ISP.
- >Why Should I Use A VPN?
- For a generic end user, a VPN is a valuable tool to protect your privacy while connecting to the internet both from your home network and especially while using a public network. A VPN can help us in many ways but here is a short list of the most common use cases:
- -Avoiding "Man in the Middle" attacks on public networks
- -Obfuscating our IP when engaged in activities like torrenting
- -Preventing websites from gaining our true IP
- -Bypassing geographical blocking
- -Minimizing advertising tracking & ISP snooping
- >Limitations OF VPN's
- VPN's ARE NOT A HOLLISTIC PRIVACY SOLUTION AND WILL NOT MAKE YOU ANONYMOUS!
- When using a VPN you are essentially transferring your trust from your ISP to the company that provides your VPN. There are a multitude of ways in which your anonymity can be broken other than determining your IP ex: browser fingerprinting, DNS leaks and WebRTC leaks. New users are often misled by overstated advertising by VPN providers and other misinformed users that think a VPN will make you untraceable, this is a very common and dangerous misconception that I want to make absolutely clear is untrue. Other limitations include increased latency, encryption inherently slows connection speeds, as does the additional routing to the providers servers especially if the server you are connecting to is far from your IRL location. A false sense of security can also be considered a limitation, users may think that they are more protected than they actually are, resulting in a lack of attention or the outright disregard of other essential measures.
- >Choosing a VPN Provider
- When researching a provider there are a few things you should always look for and keep in mind. Lets look at a few of the most important metrics by which we can judge a providers trustworthiness.
- -Paid VS Unpaid
- There is a common saying in the security/privacy world, "If it's free, you are the product". When using a free VPN, it is more than likely that they are keeping your traffic logs and they may be sold off for profit by the provider. Unpaid VPN's also typically experience slower connections, less secure encryption and even the injection of advertising. You should always avoid "free" VPN services, if your privacy is worth enough for you to be reading these discussions, it is worth paying a few bucks a month for.
- -Logging policy
- It is important to review the providers policy on log retention. Some providers will actually keep logs of your traffic while you are using the VPN. For obvious reasons this is an immediate "trash it" flag, if the provider is keeping logs they are likely using reselling the logs to data brokers and advertising companies. The retention of traffic logs also may pose a security risk if the provider experiences a breach, potentially putting your comings and goings in the hands of a malicious or state actor.
- -Audits
- Reputable VPN providers should have third party audits conducted on their services and to verify their log retention commitment. Take note of when these audits took place and if there have been changes to their policies since the last audit.
- -Country of Origin
- For many users, they prefer to deal with VPN providers who are based outside Five Eyes partner countries and ones which are not based in countries that have poor records with regards to data security. For example, you probably wouldn't want to choose a provider that is based in China as they often are required to hand over information upon request.
- >Providers
- A big concern in making this discussion was that I do not want to come of as a shill for any particular VPN provider, there are already advertisements everywhere and enough braindead youtubers shilling overpriced and overstated services. We will look at a couple of popular providers as well as a few pro's and con's for each, but this is in no means an endorsement of any provider DYOR.
- -Mullvad
- This provider is based in Sweden and provides a lightweight VPN UI for Windows, Android, MacOS and iOS.
- Pro's:
- - Audited by third party in June 2022
- - No logs retained
- - Can be paid by various methods including crypto and cash by mail
- - User accounts require no personal information (based on an account number)
- Con's
- - Port forwarding no longer supported
- - Fewer available servers than some providers
- -Proton VPN
- Proton is a privacy oriented company that provides various services including a popular email service. The company is based in Switzerland.
- Pro's:
- - Audited by a third party in 2022
- - No logs policy
- - large number of servers including p2p optimized servers
- - Port forwarding
- Con's:
- - Free service limited
- - User reported inconsistent connection speeds
- -Nord VPN
- Nord is a very popular provider based in Panama, you are likely already familiar with this provider as it is one of the most advertised.
- Pro's:
- - Large number of servers and specialty servers
- - Audit conducted in 2022
- Con's:
- - UI more heavyweight than other UI's
- - Payment processing done by an American third party
- - Expensive
- - Advertisements in the UI
- >Conclusion
- Virtual private networks can provide a layer of protection for many users, weather you are torrenting, bypassing geographic clocking measures or want to increase your privacy during day to day browsing. While a VPN is not a method to achieve anonymity online, they still provide a valuable service and are another useful tool in our fight to reclaim some level of online privacy. Always be sure to research the provider you intend to subscribe to and remember that as with all tools and procedures we have discussed, know their limitations!
Add Comment
Please, Sign In to add comment