[sshtunnels]

Yeah, I use SOCKS5 over SSH all the time, although I didn't follow that particular guide. I am also not an expert but after making sure DNS requests were tunneled, I wasn't able to see any cleartext at all using Wireshark.

It is not a Tor replacement or anything. I think it should be effective at simple things like: masking personal browsing at work[0], masking browsing habits from your ISP.

[0] Obviously if you use a company computer, you could be keylogged/monitored in other ways. Use your judgement.

[eriknstr]

>masking browsing habits from your ISP

What I don't get is why people think that random VPS and VPN providers would somehow be better for your privacy than to let your ISP see the content of your traffic.

[SturgeonsLaw]

I live in a country where metadata is recorded at the ISP level for government perusal. More than 60 agencies want access this data without a warrant [0]. Why does the Taxi Services Commission need to know my web browsing history? Or Greyhound Racing Victoria?

There's also a law specifically making it a crime to post any information about government actions deemed a "special intelligence operation" [1], which makes me think that they're recording this data in bad faith.

So fuck 'em. Fuck the government that seeks to monitor everyone in order to entrench their power structure. Fuck them for lying to us, by claiming it's about terrorism. Fuck them for indicating a willingness to prosecute anyone who shines a light on their shady actions.

That's why I use a VPN, running on a VPS I have provisioned myself. No, I don't trust the VPS provider, but they have no power to imprison people, nor have they demonstrated a desire to expand their power over others.

[0] http://www.abc.net.au/news/2016-01-18/government-releases-li...

[1] https://www.theguardian.com/commentisfree/2014/sep/26/journa...

[kijin]

Your ISP and your government have a strong interest in monitoring what you do, and they are more likely to take action against you if they don't like what you do.

A random VPS service (preferably in another country) only cares about you insofar as you pay them and don't cause any trouble to them. They don't have as much of an incentive to invade your privacy as your home ISP does, and I trust incentive structures a lot more than I trust boilerplate words on a privacy policy.

It can also be a matter of opportunistic encryption. Most public wi-fi is vulnerable to anyone in the vicinity, in addition to the usual ISP and the NSA. Use a VPN and now you're only vulnerable to the VPS service and the NSA. That's quite a bit of improvement.

You also have the freedom to choose a VPS service with good connectivity in a relatively less snoopy country, a luxury you often don't have in choosing your home ISP.

[spaceboy]

> Use a VPN and now you're only vulnerable to the VPS service and the NSA

You can always try 'chaining' VPNs together, or stacking them on top of each other so that if one of the VPS servers is compromised, a TLA gets nothing but encrypted traffic and can't see what you're doing. The only caveat here is the 'exit' VPS is always going to have to be unencrypted. This is why it's worth looking into offshore VPS providers in non-five-eyes countries. I'm not sure what countries these are. I haven't done the research.

Typically I achieve chaining by doing the following:

- Hardware VPN that I connect to as normal. Personally I use http://www.pivpn.io/

- Then I connect to another VPN on my host/hypervisor machine

- Then I fire up Virtualbox and run another VPN inside the VM

- The chain now has three hops, and the exit VPN is on a box that I control. I avoid Digital Ocean like the plague as it's a US company.

[viraptor]

> They don't have as much of an incentive to invade your privacy as your home ISP does

The have a much better opportunity of correlating traffic than anyone else. It's not separated by an IP anymore. They've got a specific account they can connect to a specific person. (via billing) I believe if they wanted to sell the traffic logs, they'd easily find customers.

Also there have been companies like Hola (https://torrentfreak.com/hola-vpn-sells-users-bandwidth-1505...) that do outright evil things just because you run their software. Facebook bought Onavo VPN which gave them more traffic visibility.

There's also a few VPN services which will replace / inject ads into pages you visit without https.

So yeah - a lot of reasons to invade both your security and your privacy here.

[kijin]

I said VPS service, not VPN service. I don't trust VPN services at all.

Meanwhile, I doubt that Linode has any interest in injecting ads or selling traffic logs.