Hey all,

I’ve been using a commercial VPN for years on my mobile devices and home PCs. Recently I’ve started to use Tailscale and realized I can easily create a self-hosted VPN on a cheap VPS with unlimited traffic.

But I’m not really sure if that’s what I need. BTW, I’m not doing anything dangerous, no torrents, no illegal stuff, no journalism or whistleblowing, not even looking up abortion clinics. I just hate mass surveillance and I don’t want to be constantly profiled.

Commercial VPN allows to “hide in a crowd” by sharing IP with thousands of other clients. But there are a few issues:

  1. Often sites blacklist VPN IPs, so I can’t get in or pass captcha
  2. Performance is not very good
  3. I have to trust VPN to not keep the logs and not sell data. I used Mullvad and they are considered reliable, but you never know until it’s too late

With self-hosted VPN, I’m losing benefit of “hiding in crowd” as my VPN will be used only by me and maybe a couple of other people. My understanding is that my VPS outgoing traffic is from static server IP. So if I login to Facebook once, the address is associated with me. I’ll also have to trust VPS provider to not analyze my traffic and sell it. On other hand, I’m still protected from my ISP spying, from exposing my real IP address to web sites, from dangers of public WiFi networks. And I might get better performance for about the same price.

What’s your take on VPNs? Tell me if you are using self-hosted VPN and why.

  • sun_is_ra@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 months ago

    I use self hosted VPN for many years now.

    You worry that facebook would associate that static ip with you but the problem is quiet the opposite.

    most website will recognize that your IP belong to a hosting company so they often suspect that you are a bot. Wikipedia wont let u edit articls, youtube wont let u comment on videos. Other than that its fine, just expect to pass more captcha.

    you could pay little extra and get dynamic IP from your provider. That effectivwly changes your IP. Deleting dynamic IP and recreating it gives u a new one. But I dont do that.

    I just hide in the crowed by letting others uss my VPN and rely on service providers often dismissing my IP as bot

  • Deckweiss@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    To make it absolutely clear:

    Your VPS has an ip. All your traffil will go through it if you set it up as a VPN. So your behaviour patterns will be tied to that one IP. You will be the only one on that VPN.

    A commercial VPN has many users at the same time on a given Server. So the traffic and behaviour that comes from that servers IP will produce garbage data for analysis.

    You could selfhost a VPN on your VPS and let others use it for free somehow to obfuscate your behaviour and patterns, but you as the VPS owner will have to deal with legal stuff then.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    I route through my server or my home router when using public WiFi and stuff. I don’t care too much about the privacy aspect, my real identity is attached to my server and domain anyway. I even have rDNS configured, there’s no hiding who the IP belongs to.

    That said, server providers are much less likely to analyze your traffic because that’d be a big no-no for a lot of companies using those servers. And of course any given request may actually be from any of Lemmy, Mastodon, IRC bots or Matrix, so pings to weird sites can result entirely from someone posting that link somewhere.

    And it does have the advantage that if you try to DDoS that IP you’ll be very unsuccessful.

  • Bookmeat@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    Your traffic will be analyzed even when encrypted because information leaks in your traffic patterns and ML can suss out what you’re browsing or talking to. If you want to avoid this you need to pad your packets and stuff random data into your packet stream to throw off the analysis.

  • AnAnonymous@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    If you want anonymity no, if you don’t then yes.

    If you want anonymity and the advantages of a VPS VPN at the same time you should look for a provider which accept crypto payments, and optionally setup tor, i2p and freenet nodes to obfuscate your traffic.

    That way you will be helping the community and at the same time securing yourself.

    • pound_heap@lemm.eeOP
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Thanks for the suggestion, but anonymity is not my goal with VPN. I known about tor etc, and it is not working well for everyday web surfing

  • xabadak@lemmings.world
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    From a privacy standpoint I don’t think it would make a big difference over not using a VPN at all. It will take a bit of time but your new IP will become associated with your identity. From the perspective of Facebook and Google, it will just look like you moved and are living inside a datacenter now.

  • Tenkard@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    I use a self hosted vpn because my main reason to use a vpn is avoiding monitoring from my isp and whoever is managing the local network, and I don’t want websites to know where I’m located.

    • SzethFriendOfNimi@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Exactly. Even for mobile use besides accessing your home resources you can avoid your cellular provider monitoring/hijacking your traffic.

      Of course self hosting means you’re still sending that info from your home network over your ISP.

      So it’s a trade off there but depending on your ISP vs your cellular network makes sense.

    • EngineerGaming@feddit.nl
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Commercial VPNs are intended to hide your identity across the web and to hide your non-HTTPS web traffic from your ISP.

      You’re forgetting a demographic that is probably bigger than this - people who don’t care and just want to go to blocked sites.