Why you should set up your own WireGuard VPN to increase privacy and securely access remote resources
How does it increase privacy? Don’t VPN’s just shift your trust to where you’re hosting the VPN?
My current homeserver has a dynamic IP (with an A record). This used to be a no-go for WireGuard. Does anyone know whether this is still the case?
Is wireguard considered secure now? Last time I checked it hadn’t received a third party security audit and thus wasn’t considered secure?
Strictly speaking I’m not sure VPNs increase privacy that much. Facebook/Google/whoever else will still be able to track everything I’m doing if I’m logged in. It’s only really for changing geo-location & the external IP you get. People always use the argument of public WiFi, but if you’re going on Google or Facebook, they all use HTTPS connections anyway so your private information isn’t being leaked.
I use a VPN, but for getting new shows on Netflix and accessing Torrent sites, that’s about it.
I was just looking to setting up a vpn and was debating between wire shark and openvpn. Maybe you can help me settle this. The sole reason I need a vpn is because of my schools restrictive(but logical) network restrictions around local device communication (you cannot communicate between devices so things like chromecasts are useless and I can’t ssh in my raspberry pi). My goal of using a vpn or something of the sort is that I can use client to client communication over the vpn. I know open vpn can do that but I am having immense amounts of trouble getting easy-rsa working for me. The other reason I would like to use a vpn is so that I can interact with my setup at home without having to open up a ton of ports. Back home I have a fairly powerful laptop that is running Ubuntu LTS 20.04. What would be your recommendation/suggestion on where to look?
Regarding your ISP can still spy on you… Why not just host this on an EC2 server on AWS, Digital Ocean or some other cloud service. To my knowledge they’re not tracking anything unless you intentionally setup Cloud watch to track your server logs.
Simple.
Set up a WireGuard server on a Raspberry Pi and plug it in under the bed at your grandma’s house.
Now you can pipe all your online Bazooka purchases through it without having to worry about your privacy!
I guess it depends on your security model and your reference point. You definitely increase privacy by accessing your resources through a VPN, instead of the public internet. Regarding moving from a popular VPN provider to self-hosted, you do shift your trust. However, as mentioned in the article, and due to the history of VPN providers, it’s less likely you will be snooped on by your VPS provider.
Check out their page on formal verification:
geo-location & the external IP
This is part of privacy. This is why I wrote increasing privacy. There is no such thing as 100% privacy. My points were: do you need a VPN? If so, you should host your own.
They’re enough to stop me getting shitty letters from my ISP about all the Linux ISOs I download so that’s good enough for me.
How to setup WireGuard VPN and securely access your resources | Curiosity Overflow | Software Developer, tech enthusiast. In this section I detail why I chose WireGuard over OpenVPN. Looks like you are having problems with complexity. WireGuard is a lot simpler to use.
This, the traffic still goes to your main ISP, if it’s where it’s hosted.
Aren’t you incriminating your grandparents?
Supposedly all the web traffic would route to their ISP as an end user wouldn’t it?
But how does it increase privacy?
You definitely increase privacy by accessing your resources through a VPN, instead of the public internet.
This is probably generally true but is not always true. It is possible to decloak the VPN traffic if you have a wide-enough view of the internet, and the use of a VPN can mark the traffic as interesting.
I would not tell an arbitrary layman that they should just use a VPN, because the layer 7 traffic identifiers are going to make the VPN an expensive and irrelevant placebo.
I also would not tell a dissident “just use a VPN” without a good deal more discussion around opsec, because they might make some rather dangerous assumptions about what the VPN will and will not protect against and how nation-states will often subvert it.
Formal verification is not the same as “secure”. It’s a part of it but not the whole thing.
I know, but I think sometimes it makes people think they’re greatly increasing their privacy, when they’re not really, not in a meaningful way. It’s more the Youtubers who advertise it as a one stop shop for total privacy, when in reality, for a normal person, they’d see a bigger impact by just not signing into their Google account for every service etc.
I do agree there, hosting your own is the way to go - unless you’re doing illegal activities of course…
It doesn’t though there are cookies and now those ghost pages they load to see which sites you visited and can fairly accurately trace you.