Hacker News new | ask | show | jobs
by stonepresto 1049 days ago
At some point of paranoia people should really look into selfhosting a VPN service. Sure, your VPS provider can see one side of the traffic so its not bullet proof, but that can be mitigated.

Mullvad is a nice middle ground for those who don't see that as worth their time or don't know how. Its good to see they're at the very least trying to keep up appearances.
3 comments
dewey 1049 days ago
I doubt that's the better way. How is self-hosting helping with the paranoia vs. using Mullvad?

I don't really see how it's more secure to run some software that you haven't audited on a VPS somewhere at a provider you haven't audited. I'd trust a company with resources to run their own hardware, investing into a more secure setup [1] and contributing to more open infrastructure [2] much more than I trust myself to run something securely which isn't my sole occupation.

[1] https://mullvad.net/en/blog/2022/1/12/diskless-infrastructur...

[2] https://mullvad.net/en/blog/2019/8/7/open-source-firmware-fu...

link
rvnx 1049 days ago
Self-hosting also makes you vulnerable to the network hosting you (not only the hosting server itself, but also the internet transit provider) and of course the website you are visiting, as you are the only user from that source IP (rendering a VPN practically useless).
link
BLKNSLVR 1049 days ago
There may be holes in this but:

1. |Router| -> Wireguard / OpenVPN -> |VPS|

2. |Device| -> Wifi -> |Router|

3. |Device| -> app -> |Mullvad|

= |Device| -> |VPS| -> |Mullvad| -> Internet

Can do various mixing and matching if you have more than one VPS. Again, it rearranges rather than removing the vulnerabilities, and it's pure window dressing against an organised, financed actor.

I've done this as an intellectual challenge more than anything else.

link
pokeymcsnatch 1049 days ago
I do this, mostly for the static IP that isn't linked directly to me and my approximate location, with mullvad exit only for 'sensitive' stuff. The degree of separation is nice even if the breadcrumbs are there. Best if the VPS allows crypto or cash payments.
link
aborsy 1049 days ago
Self hosting isn’t private at all. You will replace home IP with VPS IP, both of which linked to you. Also, VPS provider probably logs the traffic.
link
stjohnswarts 1049 days ago
why would self host be better? Do you have a list of VPS that are better than mullvad?
link