Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
Njalla, hands down.
Co-founded by Peter Sunde of The Pirate Bay fame. Run by a great little crew that cares about privacy. They do VPN, domains, and hosting.
Wireguard and OpenVPN. Your external IP periodically rotates through the pool, but at least all ports are forwarded.
Too bad almost nobody knows about them. They even have a Wiki page, ffs!
Tailscale Mullvad combo
Mullvad apparently no longer supports port forwarding. This better in tailscale?
Firefox VPN is cheaper isn't it, and funds the Firefox nonprofit?
Don't know if Tor proxy front ends like Orbot or Carburetor count as a VPNs. If so, I highly recommend them.
Top 3 for me are IVPN, Proton VPN and Mullvad.
I personally use Proton VPN because it has lot's of servers to choose from.
I suggest using https://www.techlore.tech/vpn to compare VPNs and see which one has the features you want.
Proton or mulvad
If you can live without port forwarding, mullvad is another great option.
OVPN is a 1-to-1 feature clone of mullvad (wireguard, multiple device keys, crypto payments/cash in the mail, no usernames/emails, etc.) AND has port forwarding. Switched to them when mullvad sadly closed their ports, no problems since. Can't live without port forwarding.
+1 for OVPN. I switched to them from Mullvad for the same reason. They are also one of the more trustworthy VPNs in my book ever since they actually won a court case proving that they actually practise what they advertise.
It's what I use and it works well for me. It seemed like the best option when I was researching this recently. Plus the icon is cute.
It's all around goat unless you torrent maniac... You can still torrent without port forwarding, just not at high speeds
Airvpn is perfect for my needs (torrenting)
I recently started using WireGuard hosted on elest.io platform It works realy well, we are a 4 people company full time using it and i pay around $15usd a month with a dedicated ip It's self hosting made easy https://elest.io/open-source/wg-easy
IVPN, Mullvad, or Proton. Criminals aren't necessarily smart, I remember a ghost phone that criminals thought were secure and it was a honeypot. Shoulda used Graphene for free.
ANOM?
That sounds familiar
encrochat?
Two these are the goats. Figure out your use case and pick one.
I love Mullvad but for some reason they refuse to add reverse split tunneling, so imo the only options are IVPN or Proton.
Reverse split tunneling gives you the ability of using the VPN only in the apps/programs you select.
You can set up split tunneling yourself if you run the wireguard/OpenVPN daemon manually and move the "mouth" of the tunnel to a separate Linux network namespace.
Last time I researched it I didn't found easy answers. Do you have an easy script?
The exact script would depend on the use case; you'd use commands something like this:
mkdir -p /etc/netns/VPN
sh -c 'echo nameserver 1.1.1.1 > /etc/netns/VPN/resolv.conf'
ip netns add VPN
ip link add tun1 type wireguard
ip link set tun1 netns VPN
Because the wireguard device was created in the default namespace, it will "magically" remember its birthplace, even after you move its mouth (the tun1 device) to a separate namespace. The envelope VPN packets will keep going in/out in the default namespace.
ip netns exec VPN wg setconf tun1 /etc/wireguard/vpn.conf
ip netns exec VPN wg set tun1 private-key /etc/wireguard/vpn-key.private
ip -n VPN addr add 192.my.peer.ip/32 dev tun1
Get the wireguard config file from the VPN website, both mullvad and OVPN have a wizard to generate them. Your assigned private network ip is in the config file. Also get and save your device key.
ip -n VPN link set tun1 mtu 1420
ip -n VPN link set tun1 up
ip -n VPN route add default dev tun1
ip netns exec VPN su myuser -c 'firefox --no-remote'
Now all firefox (and only that firefox) traffic will go through the tunnel. Firefox has its own DNS, if you run another app it will use 1.1.1.1.
I actually do the reverse of this - I create a namespace ETH and move my eth0 device in there and attach dhcpcd to it. Then I create the wireguard tun1 device inside ETH namespace, and move tun1 to the default namespace. Then any software I run can only use the tunnel, because the ethernet device doesn't even exist there. This keeps the routing table simple and avoids a whole class of issues and potential deanonymization exploits with the split routing table used in traditional single-namespace VPN configurations.
Mullvad.
airvpn seemed nice but i havent tried it.
FWIW I am not enjoying the Proton app experience. I can’t favorite servers so I have to manually search and connect to the location I want each time.
Hi just wanted to share these 2 links, since others have already answered your question:
Links should help you decide what to use for other apps as well.
I personally use Mullvad since I don't need port fowarding, but it does come with full IPv6 support.
Windscribe or Mullvad. I personally use Windscribe and it has some really good features and so far they have a really good reputation in privacy circles.
mullvad but you cant seed while torrenting with it due to no port forwarding
I enjoyed mozilla vpn until a few months ago - seemed like every site in the world had their ips blocked; ended up rolling my own on a cheap vps.
How does the price of a vps compare to any other vpn. Surely this isnt as private?
I purchased a lowend vps for $15 USD a year. Correct, it is not as private - due to the singular ip; however, for my needs it works quite well.
Would you be willing to share which one can be had for that cheap?
Sure! https://softshellweb.com/shared-hosting looks like it's $20 USD a year without a promotion/coupon. I bought a holiday special if memory serves me correct.
Ive never had an issue with PIA, CHEAP as hell on a 3 year plan with an affiliate link and they run their servers on RAM Disk so no logging