The Living Thing / Notebooks :

Virtual private networks and ilk

You don’t want ISPs and governments to record your complete browser history? VPNs, Tor, SSH tunnels can hide what you are doing on the internet. (Or bypass the internet with a sneakernet, but that’s another story.)

But how, you ask?

Client-end (you, using the internet)

Now you want to install the right client software; this is fairly straightforward. The only non-obvious thing is that you can set your ROUTER to use the VPN.

TODO: explain how.

For now, here’s a link to a setup guide from a major commerical provider.

Server end (which provides you this service of confidentiality)

The EFF tells Americans it might be a good time to get a VPN..

This applies also in my jurisdiction, Australia.

Note that the VPNs do degrade the efficiency of your internet, but Australians are used to shit internet anyway, so this is not a major issue.

But OK, you need a VPN to maintain privacy. Which one? How? Do you want to DIY, or pay someone else to provide it?

Note, that virtual machines on someone else’s cloud can never be especially secure from determined nasty persons or state actors. But they do at least prevent concerted profiling by commercial interests, and casual ambient profiling by the state, which is good enough for me.

A commercial VPN provider can probably do that better, with greater expertise, if their intentions are pure. On the other hand, a commercial VPN might be selling your data to evil bastards for their own profit, so… make your own risk assessment.

Two I see mentioned often are Blackvpn and NordVPN (Disclaimer: I get a cut if you sign up using that latter link.).

Commercial VPN services

That one privacy guy’s big overview is a great list VPN providers by e.g. bandwidth, jurisdiction, and privacy advocacy.

DIY

Running your own VPN/proxy/anonymizing/p2p etc servers can be less convenient for the panopticon.

  • mostly-secure cheap, light VPN in the cloud: popup-openvpn.

  • Piratebox

  • streisand

  • openvpn on docker+digitalocean: See kylemanna/openvpn, and the digitalocean pitch, or the alternative walkthrough with a couple more terms clarified.

  • even easier than real VPN, try turning your SSH login into effectively a VPN via sshuttle.

    sshuttle --dns -r [email protected] 0/0
    

Stealth mode

Hiding that you are hiding. obfsproxy and other , tor pluggable transports, but isn’t so simple and if we really want normal people to go through these tedious steps people will die of boredom before they ever get around to overthrowing their repressive regimes.

You can get pre-rolled scripts from help sites such as scramblevpn which tells you how to make cheap raspberry pi router.

Other

How does tcpcrypt fit in?

tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP. Install Tcpcrypt and you’ll feel no difference in your every day user experience, but yet your traffic will be more secure and you’ll have made life much harder for hackers.