| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by cheghook 2878 days ago
	Hmmm, I've always wondered why you'd want to run your own VPN server. The very first step is to rent a server from Microsoft/Google/DigitalOcean/etc and then setup the VPN on that server, right? But how does it help you stay anonymous? You are still paying for that server using your CC and they'd have your address and all other info. Unless I can rent the server anonymously, I can't see any point to run my own VPN server. That's why I'm paying a third party, PIA for example, to rent and run that server for me.

11 comments

vbezhenar 2878 days ago

I'm renting VPS in Netherlands. I'm using VPS mostly to circumvent internet censoring my country does (mostly porn sites, but they occasionally breaking legit sites and what's wrong with porn anyway). There's no legal punishment to circumvent blocks AFAIK, so I feel pretty safe even if someone would find out I'm doing that (it's not like I'm hiding, gigabytes of traffic on standard OpenVPN port, lol). But anyway I'm sure that Netherlands provider won't tell anything to Kazakhstan request even if they would ask something and I don't do anything to warrant Interpol engagement. It's all about attacks you want to mitigate, I think. If you want to break into Pentagon, that won't work, I guess.

tinco 2878 days ago

Still be safe, if the government gets proactive and starts to make house visits to people who are having suspicious long running connections to foreign national transferring GB's of data you don't want to be caught with loads of illegal to own content on your machine.

Doing that kind of analysis has become very easy and cheap recently.

aequitas 2878 days ago

There are many more uses for VPN then anonymity. Like securing communication between my devices networks, bypassing/escaping restricted networks (geolocked or captive portal, proxies).

chillydawg 2878 days ago

In the UK, all ISPs are obliged to hold a log of all your surfing. I suspect it's every dns request made and every parseable http get/post. If you host your own vpn, even inside the UK, you sidestep the generic bulk data collection. Obviously, if GCHQ want you, they'll get you.

tialaramex 2877 days ago

The Government wrote themselves a law (the "Investigatory Powers Act 2016") that says the Home Secretary can write to a service provider and ask them to record all the connections made.

Some of Britain's smaller IPSs don't like this sort of stuff (e.g. Andrews and Arnold's "implementation" of the government's opt-in child friendly censorship was to have a checkbox on their application page, if you say you want censorship it says you should choose a different ISP...), and so the smart money is on them having not written to ISPs at all. The backbone providers are few, bigger, and much more corporate. No colourful personalities apt to make the government look a fool in a televised hearing. So any letters probably went to the backbone providers although so far as I know none have come forward to say so.

In 2017 the ECJ told the UK government that such mass surveillance is prohibited, and it is also widely rumoured that the government then told the backbone providers to pause the collection.

Amezarak 2878 days ago

> But how does it help you stay anonymous? You are still paying for that server using your CC and they'd have your address and all other info. Unless I can rent the server anonymously, I can't see any point to run my own VPN server. That's why I'm paying a third party, PIA for example, to rent and run that server for me.

I don't see the purpose of VPNs as anonymity, and I think many people are making a mistake to see them that way. If anyone really wanted to know who you are, they could file a suit and subpoena PIA. Now you're trusting that PIA really doesn't keep any logs. You have no way of verifying this. Or, if someone has some suspicions about who (and where) you are, they could subpoena their billing information. If someone (particularly a government) really wants to find you, a VPN does little to stop them. You've just introduced a single middleman.

On top of that, you can only take PIA's assurances that they themselves are not tracking you.

I run my own VPN server, hosted in a DO droplet, to get around networks that filter certain ports and websites. That's it. I have considered adding a VM with read-only access to my NAS to the VPN but that's all.

zhte415 2878 days ago

I live in a country, of which there are many, that blocks most internet content of interest and heeavily logs and monitors the rest. However having developed this habit I quite like my ISP being unable to monitor me

chrisper 2878 days ago

You can also run the VPN server at home. Then you dial in and you will be able to access all your home services!

int0x80 2878 days ago

What?

E: NVM, you mean to access your stuff without NAT etc.

xfer 2878 days ago

Most people use vpn to hide from their own ISP, that's a sad state of affairs.

babuskov 2878 days ago

> Unless I can rent the server anonymously

Perhaps if you used Bitcoins to pay?

babuskov 2878 days ago

We're down-voting questions now? Wow.

chippy 2878 days ago

I run my own VPN server with a hosts file on it that blocks ads and tracking domains. I then use it for my mobile phone as an ad blocker.

I'd wager that quite a few people would like to pay for a managed VPN service that did the same thing.... however, as once in a while you need to disable your adblocker on some websites, so once in a while you might need to circumvent the blocking on the VPN. I wonder how that might be done.

crtasm 2878 days ago

I recently did this with openvpn+Pi-Hole running on a NATted £4/year VPS. It's great to have DNS blocking for your phone's apps and so cheap I'll setup another one for redundancy at some point.

OpenVPN on Android lets you select apps to bypass the VPN, so I have a second browser on standby if I ever need direct internet access. Or I could use the disable for x minutes feature of pi-hole.

GordonS 2877 days ago

Where can I find a £4/year VPS?

crtasm 2877 days ago

https://lowendspirit.com/

Proper ipv6, shared ipv4 with a port range forwarded for you to use.

GordonS 2875 days ago

Bandwith allowances seem far too low for use as a VPN or proxy server though?

crtasm 2874 days ago

500gb/month is fine for my needs.

cabraca 2878 days ago

i run my own vpn server because a) i already have a server for teamspeak and other smaller stuff and b) it allows me to use public wifi more securely.

mindgam3 2878 days ago

Some VPS providers allow you to pay with bitcoin. In theory this means you could stay 100% anonymous.

tdurden 2878 days ago

bitcoin is hardly anonymous

mindgam3 2878 days ago

Forgive my ignorance, I’m new to bitcoin. If I buy bitcoin with cash at an ATM, how could a transaction be traced back to me?

CamTin 2877 days ago

The easy answer is that somebody can photograph you putting the cash in the machine. Cameras are pretty small these days and facial recognition is cheap.

Besides that, though, the entire mechanism of Bitcoin is one where all transactions are recorded publicly in perpetuity. It's really the polar opposite of private in that respect. It means that if your identity is ever linked to a particular bitcoin address (as in the not-so-unlikely scenario that the authorities or some other attacker are monitoring bitcoin-for-cash machines), then all transactions linked to that address can be linked to you.

mindgam3 2877 days ago

I see. In hindsight my comment about “100%” anonymity was misguided. My original intuition was that a cash-bitcoin payment had to be at least “more” anonymous than the alternative of a credit card, but now I’m not so sure. Presumably tracing a credit card payment would require a court order or hacking a bank account/email, but the bitcoin scenario only needs a big database of faces which I guess you could get by crawling Facebook or something(?). Anyway, your main point about all transactions being recorded forever is well taken. Thanks for clarifying my understanding.

CamTin 2877 days ago

The other bit that people seem to neglect with BTC is that it is not immune to ordinary network analysis. Yes, it's a very clever system that creates a trustless layer of distributed storage, but it still works via IP. If you want to spend some coins, you still need to sign your transaction and submit it somehow to the network. Analysis of where that block came from (for example, by controlling the node where you submitted it, or even just simple sniffing of your connection) can correlate a physical location or IP address with a BTC address. Tor or similar measures can of course help with this, but you will probably always leak some information about your computer/OS/ISP/general physical location via things like packet timing, if you haven't accidentally leaked even more via things like forgetting to mask your MAC address.

In short, as always, it depends on your threat model. Are you trying to hide the fact that you forwarded sensitive nuclear secrets to overseas actors from a determined U.S. Government investigation? Sorry, you probably can't, at least without a bit of luck. Are you trying to fool Netflix long enough to stream latest season of Arrested Development? Probably doable.

babuskov 2875 days ago

> Cameras are pretty small these days and facial recognition is cheap.

Masking your face is also cheap and easy to do if you are really concerned about it.