this post was submitted on 07 Sep 2024
56 points (96.7% liked)

Privacy

31808 readers
367 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi privacy fans :) I've been a lurker in this lemmy-community for a while now and a "fan" of privacy for about 4 years now. Since 4 years, I've been on and of with VPNs. Sometimes I think I dont need one, sometimes I change my mind and start searching for one. The only one I tested (and used) so far, was Mullvad. But now reading about Surfshark, I was wondering, if there might be a better solution or if Mullvad is already the best solution for VPN. What I dont like about Surfshark is, that it is part of North Security and that it is not open-source (or at least I can find any info about that).

I hope you guy and gals have some suggestions or recommendation :)

Edit: wow... thanks for all of your fast replies. Coming from Reddit, I am used to only shitposting. Thanks for all your input. I will look into all the mentioned VPN hosters, thx πŸ‘

top 50 comments
sorted by: hot top controversial new old
[–] Mosfar@sh.itjust.works 56 points 1 month ago (1 children)

Mullvad is great, I’ve been using it for some time and I’m happy with them

[–] Imprint9816@lemmy.dbzer0.com 43 points 1 month ago (3 children)

Mullvad, IVPN, and Proton are the top tier for privacy respecting VPNs.

Windscribe and AirVPN are also decent options but do not have the audit history to be in the same tier as the other 3.

Most other VPNs people mention either have a dubious history or no real proof of their claims to be privacy respecting.

[–] JustAnotherKay@lemmy.world 15 points 1 month ago (1 children)

Plus one to Proton. They recently moved to a not-for-profit model because they believe it will help them better protect their customers interests

[–] pearsaltchocolatebar@discuss.online 12 points 1 month ago (1 children)

They also lowered prices when their costs went down a year or so ago

[–] JustAnotherKay@lemmy.world 7 points 1 month ago (1 children)

And they're continuing to put out more and more apps and features without increasing prices or any of that bullshit. They grandfathered my Proton Prime plan or whatever it was called without any interruption of service when they got rid of the plan. Basically, they just do a lot of great things

[–] themadcodger@kbin.earth 4 points 1 month ago

Same, I got grandfathered into the unlimited plan at only $5ish a month. I really can't beat that.

[–] harsh3466@lemmy.ml 8 points 1 month ago

+1 for proton. Been using them for years now.

[–] MangoPenguin@lemmy.blahaj.zone 6 points 1 month ago (1 children)

Windsribe also has a big advantage for price with their "Build a plan" in that you can pick a few locations and only spend $3 a month without needing to deal with any coupons/sales or long term purchases.

load more comments (1 replies)
[–] AllNewTypeFace@leminal.space 38 points 1 month ago (1 children)

Another recommendation for Mullvad. Solid privacy options and no marketing snake oil

[–] Tundra@lemmy.ml 5 points 1 month ago
  • another recommendation for mullvad
[–] kevincox@lemmy.ml 25 points 1 month ago (1 children)

Mullvad is one of the best options if you care about privacy. They take privacy seriously, both on their side and pushing users towards private options. They also support fully anonymous payments. Their price is also incredibly reasonable.

I'm actually working on a VPN product as well. It is a multi-hop system so that we can't track you. But it isn't publicly available yet, so in the meantime I happily recommend Mullvad.

[–] andylicious1337@lemmy.world 6 points 1 month ago (1 children)

wow, that look really promising. altough I read, that you are making only your clients open-source. wouldn't it be better to have also the server-side open-source?

[–] kevincox@lemmy.ml 7 points 1 month ago (1 children)

I mean it is always better to have more open source. But the point of the multi-hop system is that you don't need to trust the server. Even if the server was open source:

  1. You wouldn't know that we are running an unmodified version.
  2. If you need to trust the server then someone could compel us to tap it or monitor it.

The open source client is enough to verify this and the security of the whole scheme.

[–] andylicious1337@lemmy.world 4 points 1 month ago

makes sense :) well I guess I am going to join your newsletter anyway to stay in the loop :)

[–] Gleddified@lemmy.ca 14 points 1 month ago (1 children)

I'd only recommend Proton if a) you're already paying for their suite or b) you're not using Linux. Otherwise, Mullvad is the way to go IMO.

[–] BingBong@sh.itjust.works 6 points 1 month ago* (last edited 1 month ago)

The proton client for Linux has improved recently. I use it on PopOS. As to your first point I agree. I landed with Proton specifically because it was cheaper to do it and email rather than separate services.

[–] refalo@programming.dev 10 points 1 month ago (1 children)

you need to define a threat model first

[–] andylicious1337@lemmy.world 4 points 1 month ago (1 children)

well I haven't really thought of a threat model jet (but I will do so now :) ). But in general I want a VPN, for when I am on the wifi @work and also to route my traffic through from my DreamMachine.

[–] refalo@programming.dev 5 points 1 month ago

also consider that almost any VPN service will have all of their IPs flagged for bot/abuse traffic and many sites will block you for it

[–] foremanguy92_@lemmy.ml 8 points 1 month ago

I recommended to you Windscribe and ProtonVPN as free, Mullvad and iVPN as paid option

[–] Matth78@lemm.ee 7 points 1 month ago

IMHO I am not an expert but Mullvad seems the best (from what I read from others) and I would stick with it. I am using it and happy with it. I also appreciate that their monthly price do not change depending on how many months you subscribe and that there is no bullshit discount for the first x months.
You could also look at Proton VPN if you need port forwarding.

About SurfShark don't have much opinion !

[–] gomp@lemmy.ml 6 points 1 month ago (1 children)

What do you (think you) need a VPN for?

[–] andylicious1337@lemmy.world 3 points 1 month ago (2 children)

well mainly to route my traffic trough from my DreamMachine and for when I'm @work on the wifi

[–] gomp@lemmy.ml 6 points 1 month ago* (last edited 1 month ago) (1 children)

I have no idea what a DreamMachine is (and wikipedia does not help) so here's the long answer :)

If you want a VPN tunnel to your own home, for secure access to your LAN, I'd recommend you look into NetBird and/or TailScale, which at their core are wireguard plus NAT punch-through (you can also run wireguard or openvpn directly, but it may be a pain since you most probably have a dynamic IP and possibly a CGNAT).

If you want to hide your traffic while connecting through networks you don't trust (such as the work one or some cafe's wifi), you can either use NetBird/Tailscale as above and connect though your home (well, assuming you trust your ISP of course) or some third party VPN which connects to their servers (I'd say look into Proton first).

Keep in mind that VPNs actually do very little for your online privacy (ie. it's not like google or facebook can't track or fingerprint you). They do is prevent man-in-the-middle traffic analysis from your ISP (or the admin of whatever LAN you are using), but then the VPN provider can do the exact same things, so... make sure to double-check the privacy guarantees of your VPN provider and compare them with those of your ISP.

[–] andylicious1337@lemmy.world 3 points 1 month ago

sorry :) A DreamMaschine is the Firewall from Ubiquity :)

well the thing is, that after reading more into all the option, people gave here, I tougth the same thing. I am basicly only hiding my traffic from my ISP and move the information to another entity πŸ€·β€β™‚οΈ For work this might not make that much sense. All I do there is listen to music and check my back-account so nothing my comoany doesnt already know :D

and at home (after planing my threat model) a VPN does not really make that much sense, since I already use stuff like PiHole and Unbound for my whole network.

but thx for your input, it really made things clearer.

[–] Pantsofmagic@lemmy.world 5 points 1 month ago (1 children)

I use proton through my dream machine and it works great.

[–] andylicious1337@lemmy.world 1 points 1 month ago (1 children)

oh ok, good to know. are you using the paid service or free?

[–] Pantsofmagic@lemmy.world 2 points 1 month ago

Paid currently, I use several of their other services as well

[–] philpo@feddit.org 6 points 1 month ago

Mullvad until you are often in the PCR, there I had a much better experience with ExpressVPN compared to basically everyone else.

If you need a lot of exit nodes in different countries Proton or Pure, but I grow increasingly wary of Proton these days and Pure is getting more and more enshitified these days.

So I simply use Mullvad for privacy and my own WG service for security.

[–] DARbarian@fedia.io 4 points 1 month ago (1 children)
[–] user224@lemmy.sdf.org 5 points 1 month ago (1 children)

Only if you need (cheap) port-forwarding.

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 3 points 1 month ago (1 children)

What do you mean? Are they not good for privacy or security? They seem definitely more zealous about that on their FAQs and forum pages than, say, ProtonVPN, for sure.

[–] user224@lemmy.sdf.org 7 points 1 month ago (2 children)

As far as I know they don't have audits done, so who knows about the logging. Both IVPN and Mullvad pass those. Could still be fine though, but I'd rather trust Mullvad or IVPN.

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 5 points 1 month ago* (last edited 1 month ago) (1 children)

So, I just looked it up and apparently their official stance is that auditing is questionably effective and thus unnecessary:

Our software is free and open source, while we repute at the moment [it's] not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.

In other words, their reasoning seems to be:

  1. Their software is free and open source, so if it does logs anything, the community would find out, so in this sense the community is the independent auditors;
  2. There's no stopping an audited party from ceasing to log right before the audit and start up again after the audit ends, so an audit is kind of toothless anyway;
  3. Regarding penetration tests, they already have independent testing done as well as a bounty program.

Personally, I don't entirely agree with points #2 and #3 (though I can see their points), but point #1 is fair I suppose. In my opinion, though, it should not be up to the users to hold the company accountable; and there is a difference between penetration tests and log auditing, as the former I believe are merely to check the resilience against outside hacking.

My end impression is that judging from their other documentation and forum posts, the fact that their software is fully open-source, and their past behavior in accordance with their stated values, I think I'm inclined to believe them. However, it is somewhat worrying nevertheless that there isn't log auditing involved regardless of their actions.

Β 


Edit: Clarification

[–] RmDebArc_5@sh.itjust.works 4 points 1 month ago (1 children)

But what about server side logging? Even if the server is open source how can one that they are actually the code they publish without changing anything if there are no audits?

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 2 points 1 month ago* (last edited 1 month ago)

There's a certain point where it just comes down to trust. And if you distrust a company enough that you think they aren't posting the same code to the git repository that they say they are, then maybe that's when you shouldn't be doing business with them.

This is the case with all organizations, corporate or otherwise.

[–] refalo@programming.dev 2 points 1 month ago* (last edited 1 month ago)

audits are invalid as soon as they finish, there's absolutely no way to trust any of these companies.

[–] MNLFNUT8YG@lemmy.world 4 points 1 month ago (3 children)

A VPN is not for privacy. It simply put your front door to another location. There needs to be more done for being β€œprivate”. But Mullvad would be a good start.

load more comments (3 replies)
[–] Mazoku@lemmy.ml 3 points 1 month ago

Been using Mullvad for years. Love em, glad to see everyone else does too

[–] ArcaneSlime@lemmy.dbzer0.com 2 points 1 month ago (1 children)

Hijacking this thread with a related question: I'm stuck on Mullvad, any good ones that let you port forward from linux? I'd like to use slsk more effectively once again.

[–] finestnothing@lemmy.world 5 points 1 month ago (1 children)

Protonvpn lets you port forward. I use docker and have a gluetun container that connects to protonvpn, all of my other docker containers for sailing the high seas (arr suite, qbittorrent, sabnzbd, soulseek client, etc) are routed through it and I have port forwarding setup to the ones that need it. For soulseek I use nicotine-plus-docker, all traffic is routed through the gluetun container, the port is forwarded, and a bit shy of 700 gb uploaded since March so I can confirm it works well.

I don't think the protonvpn Linux client supports port forwarding yet so only docker things can do it right now afaik, but anything I want permanently through VPN runs in docker anyway

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 month ago (1 children)
[–] finestnothing@lemmy.world 2 points 1 month ago

On an extra note, I actually switched to slskd (since writing that comment earlier today)because the nicotine app bugs me sometimes (it's just the app ran in a VM), so far I like it

[–] ccx@sopuli.xyz 2 points 1 month ago

Tor.

And the correct term is anonymizing proxy. Having the term VPN overloaded to mean two completely distinct things is rather annoying and/or confusing.

load more comments
view more: next β€Ί