How do you feel about major VPN providers?

I've never really been big on them purely because it seems the majority get bought out by someone only to change ethics (no logs, that kind of thing). What's your thoughts on any VPN provider you have experience with?

Note: I've only used NordVPN out of any of them; I pay for a Linode server and use Wireguard, but that's a personal preference.

 

I had a 3-year subscription before needing to renew this year again to find they dropped the 3-yr plan.

I tested a few of them out and they all fell flat on their face for how I use them. Some wouldn't even install on Linux or would need additional steps after booting to enable them / connect / etc.

Being use to Nord just working w/o fiddling with things after initial setup got frustrating to say the least and wasn't worth the "savings" of having to deal with them. I think I tested 3-4 others besides Nord over the course of a week before my sub expired and none of them impressed me much. The key for me though was WG being part of the package since I get full bandwidth over WG and not with the other which helps when you have a Gigabit connection. No sense in having the connection if you only get 1/2 the speed from it w/ VPN legacy technologies.

Nord has been consistent with their policies and avoiding all of the monitors. Well worth the money to keep nosey org's out of my use history. No one needs to know except me and the site I'm communicating with directly. On top of VPN though invoking something like PiHole helps even more in restricting traffic from escaping by blocking offenders like Microsoft / Amazon / etc. from skimming info about patterns.

I also designed my own "router" to take back control from the flakes that you pick up off the shelf and DENY all and allow originated traffic only through the firewall. No need for external traffic to be allowed to come in for ANY reason.



There's even traffic getting dropped across IN / FWD / OUT that doesn't hit the intended rules properly. i.e. leaks

Preventing this leakage is important as well since you don't know what triggered it or where it's going. With all of the FW issues from the off the shelf options causing breaches it's better to control your own traffic as well as you can instead of relying on someone else to do it for you.

There's more to safety / security than just relying on a VPN or even a FW for that matter. There's always some device that's going to try to speak when not asked to. By building the router myself I can see all of the traffic if there's a need to down to the packet. I can implement more controls than your OTS router unless you're going with something more robust like Cisco / Juniper / etc. which most people aren't going to pay $1000+ for a device.

 

See, I'd love to do all of that, but due to my living situation at the moment, if I do any tinkering to the network, I'm as good as fried steak by my mother, but that's changing.

I'm gonna have to ask my girlfriend to see if she might want to actually try setting up PiHole on our home network once I move in around February. I've been wanting to do it, but that's sadly not been the case.

 

You've got to trust someone.

I don't really see much of a difference between trusting a reputable VPN provider with a strong security/privacy background or trusting myself to find a reputable VPS (or multiple?) and reliably administrate and run my own VPN.

There seems to be at least a few very reputable VPN's, but the more important hurdle IMO is what you're trying to accomplish with a VPN. There might be better technologies or a VPN might just be one of the many technologies you should be using. Who hosts the VPN might be a non-issue. Security ≠ privacy.

The users over on Hacker News seem to like Mullvad. After researching Mullvad & using them for a few months, they seem to be what they say they are. They support Wireguard VPN, which is getting a lot love from reputable people everywhere, like Linus Torvalds.

 

Wireguard is a nice protocol; it's more secure and has better speeds than OpenVPN from my experience, and I don't know if I'll ever pay for a subscription to something like Mullvad, unless I decide to stop paying for Linode.

 

Mullvad has pros/ cons like anyone offering WG. For me though dealing with Euro over Dollar complicates things from a payment perspective not to mention twice the cost for something long term w/o any discount for longer periods of time.

VPN isn't a silver bullet for everything but, it's a good first step or foundation to being more private.

PiHole isn't all that difficult to setup if you have a PC laying around for it to run on and configure your router / DHCP allocation to point to it. Grab some premade lists and apply them to the server and you're set. There's even DHCP bundled into pihole if you choose to go that route to keep it simple. Setting up a RasPI might be the economical version @ $50 for the parts and add the app to the device. For a router though a RPI probably would be slower or a bottle neck for packet processing / inspection.

To an extent. Trust but verify is key here. The company you trust with your data should be reputable enough to provide some protection. Most ISP's though offer you a pipe w/o any protections and that falls onto you to implement yourself. Most people though only hook up a router and maybe install some AV software to protect themselves. With all the issues with AV / FW software though i ditched them all years ago in favor of not having to TS their issues of not working as designed. Most of them are more of a PITA than it's worth to get them tuned and working properly. Not to mention they slow down the endpoint from performing at peak performance. The handling of traffic should be on the Network and not the endpoint anyway. Properly securing things is the key to not having an issue along with not doing shady stuff online that gets you infected in the first place. Knocking out the popups and misc traffic that causes them in the first place cuts down the risk considerably.

Let's put it this way. If you build your own router and add the apps to it to lock things down you're already in a better position than buying a Netgear @ BestBuy. Sure it takes a little more effort than opening the box and plugging in a couple of cables to get online but, you don't risk issues with the firmware being buggy every time they release a new version. The benefit of running a Linux Router is it's open source and any bugs get nailed down and remedied quickly. Also, by building a router of your own you have flexibility of what speeds you want to run vs prepackaged 1/2.5gbps WAN / LAN ports. If you want to for ~$200 you can get a 4 port 5gbps card to slap into the box and max out your bandwidth for storage / WAN traffic. My CM has 4 ports on it as well that can be bundled together for more than 1gbps connections e.g gigabit plans are over provisioned to 1200mbps but a single gpbs port only yields you 960mbps DL. Bundling 2 ports to the CM gets you that extra ~300mbps.

With some of the latest kernel updates and a HW upgrade to Z690 / 12700K I've seen some DL's hitting 50MB/s (500mbps) over WG VPN. Prior to the 12700K I was running an 8700K and it would also be able to hit those speeds. The 12700K though with my AP bumped my internal WIFI / Server access from 1.25gbps to 1.5gbps which is interesting since that would mean the total BW on WIFI should be ~3000mbps but the PHY ate is 2.4gbps. Maybe some mechanism for 802.11ax is scheduling things faster with the new build?

BYOR though doesn't need to be cutting edge HW though to get the performance / central VPN working. It's just nice to know it's not the bottleneck for speed / processing packets. If I were building for someone where ancillary apps / functions weren't a request then I would probably just pick a random $100 PC off ebay and build from there and throw in the $200 5gbs card or if they want cheaper a 4 port gig card for $50 and build from there. The only hard costs are the physical HW and the time to configure Linux to be a router.

 

I have been happy with NordVPN - especially since they integrated a version of WireGuard, so I don't have to use OpenVPN protocol (Win 10 Pro). The speed difference is fairly dramatic - almost a factor of four.

 

I don't know if it's a 4X improvement but.....

OVPN speeds for me topped out ~500-600mbps while WG speeds can hit wireline 1gbps @ 960mbps and when bundling 2 ports together to exceed 1gbps I can hit 1200mbps over the same connection and server.

OVPN vs WG in this example would be a 2X speed throughput increase due to the slimmed down WG coding. This performance increase is why I won't ever go back to OVPN based providers unless for some reason I'm forced to because the service is being worked on. I did have to revert to OVPN profiles for a brief period after NVPN made some change on their server that caused an issue with devices beyond the "router" but the "router" itself was able to access just fine directly from a browser. I opened a TT with them and pestered them for ~45 days about the issue and magically got it resolved. I had a work around though using their CR servers with WG but, for things like plutotv it would select spanish channel lineups due to geolocating the IP.

Other than that issue I haven't had much to complain about with them in 3+ years.

 

Missing poll option: Don't really have a strong opinion on providers

Been using one for the last few years and don't really have any complaints so far.

 

My 3 year Nord VPN plan will be expiring soon and I don't see any better options than accepting their 2 year plan offer.

 

@ WhatsThePoint

When I renewed I found a code for a discount and then stacked that with RetailMeNot for 25% back on the purchase price. RTM was a bit difficult to deal with though because I tend to block tracking / cookies but kept a screenshot of the purchase and got the cash back after pestering them. Going forward though using Rakuten is much easier to work with on these sorts of things.


https://www.rakuten.com/nordvpn.com?query=nordvpn&position=1&type=suggest&store=15557
20% back right now


Add "RETAILMENOT" as your coupon for an additional discount.

Overall I got the price down to $2.36/mo but under the 3-yr option I was able to stack discounts to get it under $2/mo.

 

That's not too bad, although the whole reason I host under Linode is because it prevents blacklists for things like game servers and what not, something I use it for (and as a general security thing purely because of a housing situation I'm in)

 

I had a period of time where I was blocking all Linode subnets because there was a barrage of traffic coming from them. I also had some mechanisms setup to auto add IP's to a blocklist as they hit my filter rules. I ran into some annoyances though like frequent sites I wanted to get to returning traffic on different IP's causing them to get added to the lists. I played around with using geo filters as well but, that caused more latency in processing packets.

Pinning down originating / return traffic hits most of the marks for securing things along with the Nord + PiHole. I'm finding Nord to doing some randomization of IP's beyond the initial endpoint I'm actually connected to. I see this mostly when announcing a hash and seeing probes from several different sources using the same unique port number. When doing a lookup for info on the IP it also comes back as different registered geo regions.

As for being blacklisted for spam / reported / etc. which I assume is your use case for Linode. If it's not a shared IP it shouldn't be a problem is you're not doing things to get flagged by users. A while back I worked for a company that had some issues getting blacklisted due to some network issues getting flagged. Did some network sniffing to figure out what was causing it and blocked the traffic from exiting the network to get the bans lifted.

 

Yeah, my IP is just for myself, which was the whole purpose of it; also gave me a server to do some work on as a side project, so overall, $30 a month isn't too bad for what I use it for.

 

@Mowoka

I've considered the idea of renting a node and setting up a WG server but, financially it just makes more sense to go w/ Nord. Leasing rack space / HW can be done on the cheap. It all comes down to use / budget / privacy.

 

I don't mind renting it since I have the money to do so and it serves more than one purpose; but yeah, it does come down to budget.

 

Isn't all your VPN traffic sourcing from a single IP? That doesn't seem very private, regardless of budget.

 

Yeah, albeit privacy isn't my largest concern; I have it as a multi purpose VPS, the whole reason I have it like this is a mix of weird reasons. I might look into Mullvad eventually.