It's bad enough of an idea to connect to an open/untrusted WiFi network - now we're showing HN how to connect to random VPNs all over the world? My cursory opinion of this is that it's the worst idea ever I've ever seen make HN's front page.
> My cursory opinion of this is that it's the worst idea ever I've ever seen make HN's front page.
Not disputing that it's the worst but it could be even more worse.
It's missing the key component: a curl | bash install and upgrade script running over HTTP (not HTTPS). In this case it'd be extra hilarious as upgrades would presumably go over your existing VPN connection which could then hijack the script and run arbitrary code on your machine.
I couldn't agree more, and in JavaScript to top it off!
Seriously people - don't just randomly connect to VPNs: you're essentially bridging your computer / network to a completely untrusted network that's more than likely to have all manor of people doing nefarious / dangerous things on it - do you really want to put yourself at risk as well as be associated with them?
I haven't actually looked at the code yet, but to be fair, if your connection through any VPN is completely encrypted (e.g. HTTPS only), then it's not much different to most ISPs...
They can grab metadeta but this is already being done with all the traffic we generate anyway, one should assume.
Even with DNS spoofing, you can't MITM an encrypted connection with pinned public keys. That includes Google, GitHub, most social networks, and any SSH host to which you have previously connected.
Almost everything I do while on the move falls into this tamper-proof category. It's been a while since I stopped caring which Wi-Fi I connect to. I just borrow anyone's connection and tunnel right through.
Most people don't understand whys secure and what's not, remember we live in a society where people generally don't know that connecting to a 'free' wireless network without a password means that all your traffic is completely unencrypted.
I can't count how many times I've made a point on HN and someone has replied about how most people are so ignorant. If secure matters then you better read and educate yourself. Ignorance of the law is no excuse and ignorance in general is no excuse. It's not tech savy people's problem if most people refuse to exercise their brain.
Sorry if I sound like a jerk but, I get tired of this dismissive as if it's excusable. I feel like people think tech savy people should hold everyone's hand and help them figure out how to use technology. No one is forcing them to use technology as far as I can tell.
That's not of my business, I cant protect people from themselves, and even if I could, I think it's wrong to protect somebody by restricting the options. Anyway... those arguments will never make a point against sharing an open tool.
I already did. Here is how to createa a self-hosted VPN server at a cloud provider of your choice. Don't trust your network traffic to anyone but yourself:
> Don't trust your network traffic to anyone but yourself
You still trust the cloud providers' upstream. In case of UK providers, the GCHQ sniffs upstream and ingress, so they can correlate traffic. Same for DE (BND, MAD) and basically all countries.
Yes, and you also have to trust your home ISPs upstream, and the routers upstream from that, and so on and so forth. Are you trying to say that using a VPN is useless?
> Are you trying to say that using a VPN is useless?
No, but you're making your traffic stick out and yourself a target for dragnet surveillance. The constant flow "packet in, other packet out" is easy to pick up for snoops, compared to "just packets out" from your home ISP.
Do you have users in China? I'm curious whether IKEv2 works well through GFW. I use Shadowsocks (on my Asus router, and on my Android/iOS devices), and it works well.
What would I gain in ease-of-use, performance, or security by switching to Algo?
That's a common refrain. It's just that I don't think there's a good idea on which to build/improve. I commend you for putting (presumably) your work out here for all to see, and good on you for making your project FOSS, but this is not a project I will support.
I guess this tool is intended for command line operation and scripting. If all you want to do is get around regional restrictions to watch videos, see http://hola.org/ .
EDIT: Also, you should assume that any anonymous VPN service has a good chance of being spyware or even malware, so you should sandbox it in a virtual machine or similar.
The source of the VPN servers is vpngate.net - an academic research that started 2013, at Graduate School of University of Tsukuba, Japan. From their about [0] page:
- You can get through the government's firewall to browse restricted web sites (e.g. YouTube).
- You can disguise your IP address to hide your identity while surfing the Internet.
- You can protect yourself by utilizing its strong encryption while using public Wi-Fi.
The list of servers (on the main url) gives throughput and others stats and you can support them by creating a node [1].
They use SoftEther for VPN server - does someone have any experience with it?
I've taken a cursory look at SoftEther a few months ago.
It looks like a research project that was then unsuccessfully commercialized, and then released to the public somewhat hastily.
The code quality leaves a lot to be desired (there is nothing offensive, but it still does not inspire confidence for there not being security bugs), and the code style is not great either. The amount of marketing copytext is disproportionately large to the amount of code comments and design documentation.
It generally seems to go for a everything-but-the-kitchen-sink approach in terms of features (which is not a bad thing per se, but an approach that I dislike). The SoftEther repository is 280k lines of C and headers, while OpenVPN is 80k.
This would have been really useful a few years ago, when the international version of NBA League Pass was a far better experience due to the complete lack of blackouts, as well as being roughly 50% of the price for the much more limited US version. Instead of fixing the US version, they've simply doubled the price of the international version and made it worse, from what I understand.
Netflix is able to detect you're using a VPN, and advices to switch back to enjoy its services, I'm sure. At least I got that alert recently. So is there another bypass?
Just throwing it out there - are you sure there isn't a session cookie tied to your login still on your machine? Or, am I completely wrong and you're just limited to the country's offerings by your location on registration?
Yes, that's essential. Assuming use of a vps that is not really a real vm (xen pv, xen hvm or kvm), but more like a glorified jail, which is what most of the cheap ones are that use openvz or similar.