/tech/ - Technology★

>>>/vpn/

>>901254

dead board. when was the last time anyone went there?

>>901249 (OP)

Only thing I have to hide is my bank credentials. And I don't care if the NSA knows I connected to my bank. lol.

>>901293

>runs with kernel privileges

>more secure

<hurr

>>901249 (OP)

Any discussion of VPNs would be amiss without mentioning this site:

https://thatoneprivacysite.net

This man has done a lot to gather data regarding different services, and his chart is really helpful in choosing a good service. I'm using Mullvad currently myself. I'm mostly happy with it, though it is a little on the pricey side. One thing to note is not to trust the majority of VPN reviews or charts. A lot of VPNs use very shady affiliate programs to purchase good reviews for their products. The site I linked is one of the only ones that I think has pretty good reviews. Of course, use your own judgement.

>>901300

Good point.

>tfw no usable microkernel OS

Although heres their justification

>WireGuard uses state-of-the-art cryptography, like the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, and secure trusted constructions. It makes conservative and reasonable choices and has been reviewed by cryptographers.

>WireGuard has been designed with ease-of-implementation and simplicity in mind. It is meant to be easily implemented in very few lines of code, and easily auditable for security vulnerabilities. Compared to behemoths like *Swan/IPsec or OpenVPN/OpenSSL, in which auditing the gigantic codebases is an overwhelming task even for large teams of security experts, WireGuard is meant to be comprehensively reviewable by single individuals.

Also they say it will be on other OSes at some point, so either they're going to somehow convince Microsoft and Apple to implement this into the NT and Darwin (MacOS still uses darwin, right?) kernels, it's gonna have to be able to run in userland.

>>901310

https://thatoneprivacysite.net/vpn-comparison-chart/

I was going to post but forgot oh well.

Seemes like the "best" ones are boleh and NordVPN based on jurisdiction, payment, pgp, and dns protection.

>>901310

"This man" is a retarded shill that uses google apis on his site

>>901318

>that one privacy site

>needs javascript to load

Nope

Does anyone have issues with selecting servers in western Europe and the chans thinking it's Portugal? I can't tell if this is a subtle troll or what.

>>901346

A no he uses google services. He cant possibly know what he is talking about if he uses a bog standard google API used on almost every site.

>>901362

that aside you cant deny his content is better than every normie tech shill site and /reddit/

>>901379

What content? I can't see anything.

>>901351

OpenVPN is a way of connecting to a VPN, not the VPN itself.

>>901346

What is he shilling, may I ask? If he's shilling, he's doing an awful good job of hiding it.

>>901293

>but what do u think about Wireguard?

What I think about it doesn't matter. But what the Wireguard devs think does, presumably. And they think it's not ready.

>About The Project

>Work in Progress

>WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software).

What the fuck is the difference between a "VPN" and a (group of) proxy server(s)? It seems to me that a couple of years ago everyone just started to use the former pretentious abbreviation.

Can torrents use IPv6?

>>902678

VPN isn't a "pretentious abbreviation" for the same thing as a proxy, you twit. They're different technologies operating at different OSI layers.

>>902677

Private internet access has all of that (I'm not sure about the private DNS) and it's $3/month

What do you mean by fast speed?

PIA is pretty slow at usually .8-2MB/second but it supports aes-256, rsa-4096, and sha256

>>902677

>>902719

And pia customer support is slow as shit

>>902690

>They're different technologies operating at different OSI layers.

Is that so? From what I see, a "VPN" is an entity that maintains a map of a network even though its nodes have no physical connection to each other. This is exactly what a proxy is. Functionally, the proxied connection is direct, but physically, it is relayed through a hop or a number theteof. It seems that "VPN" is just a marketing rebranding of a known old thing.

>>902722

Vpns let us enter their private network (typically encrypted) whereas proxies just forward traffic (most encrypted it gets for proxies is like TLS 1.1 or 1.2).

But if you know of a proxy that uses military-grade encryption, anonymizes, is logless, and allows P2P, TOR, etc. I'll consider it

>>902724

>Vpns let us enter their private network (typically encrypted) whereas proxies just forward traffic (most encrypted it gets for proxies is like TLS 1.1 or 1.2).

So this is a major naming fuckup.

Because if VPS literally proxy connections, and proxies literally are virtual networking entities, and the only difference is in scope and stealth of their operation, then we should simply use the term

>local/global (en)crypted proxy

or

>local/global (en)crypted VPN,

depending on whether one wants to stress the functional or the structural aspect, I suppose.

Well, thanks for clarifying the lack of clarity.

>>902726

>(en)crypted proxy

(un)encrypted*

>>902724

Also, there is no such thing as "loglessness." Everything is always logged. The aim isn't loglessness, but reduction of logged things' correlatability.

Proxy is a middleman that passes your traffic between you and destination though itself. First proxies were used for caching and/or filtering files on the network, similar to what cloudflare/cdns do today, but in a more simple way, mostly at ISP or company network level. The side use for remote proxies was that you could route your traffic through third-party computer thus being anonymous for receiver. Proxies don't have or need transport encryption because they were never designed for it, so your ISP will see what hosts you connect to and what traffic you send.

Trivially speaking, a VPN is a virtual patch cord you put between two remote servers. The intended purpose of all VPN software was to build virtual local(private) networks. Example: remote employees connect to corporate network, remote servers connect to main server. This is where encryption is needed to acquire privacy of passing information.

A commercial VPN service, most people are thinking about when seeing word VPN is an entity that gives you a bunch or remote servers you could connect to over an encrypted channel via a VPN client for a fair price. It doesn't mean you'll be on the same local network with other users, well, ideally. Commercial VPNs had a boom in late 00's when users started understanding the fact any skid could hax their myspace passwords by sniffing plain http 95% of websites used back then, so a VPN would be a slightly better choice of browsing web on untrusted networks by offloading trust from non-existent wireless access point security to VPN provider's remote servers. Today we have fast Tor network and can be both anonymous and safe from local sniffers.

Side note on shadowsocks and why it is called so while being an tool for establishing an obfuscated encrypted channel to a remote server, and not a proxy on a remote server. It's just because it exposes a SOCKS port on one side for easy connection of machines and applications on LAN (when run on one of computers within local network, e.g. OpenWRT router) or localhost, same thing a tor daemon does.

Pardon mon Français and repetitive vocabulary clumsiness, English is my third language.

>>902926

Entertaining read. Appreciate the focus on the concept's evolution. Thank you.

>First proxies were used for [...] filtering files on the network

What does that mean? That the proxy in question basically served as a search/"grep" engine with respect to some set of files?

>Today we have fast Tor network

How strictly does Tor fulfill technical definitions of a VPN?

>>902732

>be VPN provider

>make money from user for providing VPN services

>make more money from their ISPs for selling them all the info on their users' connections they would normally have

>users and ISPs are back at square one, while you have made nice money off of them

genius

>inb4 "b-but VPN providers wouln't sell my info back to muh ISP"

wew cuck

>>902931

>What does that mean?

It can run bad domain request against a database and display a placeholder page instead, check all downloaded exe files on antivirus software so dumb managers won't install more ram on their puters.

In fact, today some companies require to have a root ssl certificate for their mitm-proxy server that does the same but even on https sites by terminating their encryption on local firewall appliance server, not user's computer.

>How strictly does Tor fulfill technical definitions of a VPN?

Run a hidden service on one machine, connect with the other. That will be a textbook VPN.

Use Tor network with exit nodes, and it will be similar to "look mom no hands logs" VPN service, but more anonymous because the exit server doesn't know who accesses the Internet though it.

>>902932

>find an ISP with cheapest plan and most expensive VPN

>ISP gets bankrupt by servicing you while buying off data

DO NOT USE ANY VPN

VPNs are honeypots. and you even pay for them

instead use Tor

https://torproject.org

you can route any TCP socket application through Tor

Tor works by design, not by trust

implying any VPN provider will choose to close business rather than continue profit, if government give him offer that cannot be denied

>>903221

But can you torrent over TOR?

>>901419

openvpn has a server and client are you 'tarded or something?

>>903221

tor privacy can be easily compromised if you don't use it with a popular default setup. Using tor with different applications makes it easier to correlate your identity also tor is best used over a vpn as it reveals your IP

>>903221

I don't like the idea of my real IP connecting to Tor(ah)

>>902933

>today some companies require to have a root ssl certificate for their mitm-proxy server that does the same but even on https sites by terminating their encryption on local firewall appliance server, not user's computer

Somehow, the idea that an authority may simply approach people and ask that they open a hole in their security setup and many people will agree to do it is far scarier than the prospect of an adversary merely breaking it by skill or force. Not only is protection useless if we don't know how to use it, there is also a whole separate layer of just giving it up.

e

v

e

r

y

w

e

e

k

n

e

w

v

p

n

t

h

r

e

a

d