Recommend me a VPN. So many to choose from!

Klutch9

Klutch9

Joined
Jan 7, 2009
Messages
3,036
Location
Rochester, MI, US, World
Been looking into VPNs for awhile, and I still have no clear direction on which to go with. They all seem so similar. Some are faster, some have a few more features, etc. A number of them have cheap plans if you buy a couple years at a time, but I still don’t know which one I want. I have a UniFi network at home, with a USG serving as the router/gateway. I have 300 down/20 up. We don’t really need anywhere near that, so I’m willing to take a hit on speed if the VPN is good. I do stream 4k DV occasionally, but over Ethernet, so I don’t have to worry about losses over WiFi.
 
Get a small VPS from a good provider and install OpenVPN on it. That would be the only secure option. Otherwise you're just shifting who watches you, from your ISP to your VPN provider.
 
Klutch9 said:
Just overall privacy. Had a at least 4 fraudulent hits on my CCs over a 3/4 month period. May or may not be related to online activity, but it can’t hurt to be proactive.
Click to expand...
That's not going to help you there. You are just changing the egress point of your traffic, it doesn't provide any additional protection to what you are doing online.

This thread might be of interest to you:
OVERKILL

Thread '3rd party VPN privacy'



TOS as to what's collected:
Screen Shot 2024-02-01 at 10.13.31 PM.jpg


Note the owner of many popular VPN's is Kape (formerly Crossrider), who apparently does/did ad tracking and injection.

In recent years, Kape Technologies has been buying up providers including ExpressVPN, Private Internet Access, and CyberGhost. Ziff Davis, which owns PCMag, also bought IP Vanish and StrongVPN in 2019.
Click to expand...
  • Like
 
Your biggest "privacy" exposure, ignoring Windows and Microsoft spying on you, are your DNS queries, which, unless you've manually changed them, are leaving your USG in clear text and heading off to your ISP (though it's highly unlikely anybody is sniffing the traffic on the DOCSIS network anyway). This is because most traffic is encrypted now. Hijacked ads and search results are common threats, and your best defense against those are liberal use of ad and script blockers as well as some form of DNS protection that stops them from being resolved. Changing where your traffic comes out does not improve security here (VPN).

Most browsers try to use DoH now to encrypt DNS traffic by default, but that's not always possible, and, depending on the browser, it may just fall back to clear text when it tries to use DoH with your ISP's DNS servers and they don't support it.

I have a thread on how I locked down DNS on my home network, where the only queries that exit are over DoH, and only to my specified servers (and they come from my PiHole). You likely don't desire to go to those extremes, but your USG should support DoH, so you can set it to use Cloudflare, OpenDNS or the provider of your choice. I know with OpenDNS you can create a profile and do categorical blocks of certain types of content, which you might be interested in.
 
I've used a few different VPNs over the years. My top VPNs are Mullvad and Proton. Most VPNs are owned by just a few companies, many are pretty sketchy.

A VPN is a requirement if you connect at Airports, Hotels, Coffee Shops, Stores etc. IMO. Some people like to use them to keep their internet service provider from snooping on their traffic. Some think that they can keep 3 letter agencies from seeing what they are doing on the internet but I would assume that if they really wanted to monitor you, a VPN wouldn't be much of a road block.
 
Interesting tidbit. When running the free version of Apps like AccuWeather on my Iphone I often get ads and popups. Turn on Proton VPN and they are filtered out especially if you connect to a different country like Switzerland etc. Some phone apps will not play well with a VPN connected to a different country like My chevy App.
 
VPN's are a scam. I can see some use-cases where you're trying to access geo-fenced material (ie - you're in country A but you need to be in country B to access something). But if that's not why you are using it, you need to be aware that most/many VPN's are using your IP to route traffic from other users, and a lot of times those users are bots, and bots do a lot of things on the net. Send spam, port scan, probe, scrape and hack web servers.

As I scan the logs of my own web server, I constantly see examples of residential IP's in G-7 countries that are used by bots to access my site. I know they are bots by (a) the user-agent they use, (b) the files they are trying to access, (c) their IP checks out in third-party data bases (like spur.us). I've come across starlink IP's that were part of 14 different vpn networks!

There is even a term that is used in the industry - "ethically sourced residential IP's". In other words, when you sign up to use their service, they tell you that your IP will be used as part of a network where other users will have access to your internet connect. Who those users are - they won't elaborate, but some of them will be paying to access the internet through your IP to perform bot-like activity. This phenomena is talked about in some web-master forums.
 
BobsArmory said:
Interesting tidbit. When running the free version of Apps like AccuWeather on my Iphone I often get ads and popups. Turn on Proton VPN and they are filtered out especially if you connect to a different country like Switzerland etc. Some phone apps will not play well with a VPN connected to a different country like My chevy App.
Click to expand...
Facebook Messenger doesn't work with VPN either.
 
BobsArmory said:
Depends on the VPN. No problems with proton. But that said Meta probably doesn't like them since they are in the business of collecting private info and reselling it.
Click to expand...
The VPN does not stop that. You are still communicating with the same servers, but the traffic appears to come from some other physical location based on the IP, than your home network. Of course "location services" in the browser may defeat that anyway.
 
OVERKILL said:
You likely don't desire to go to those extremes, but your USG should support DoH, so you can set it to use Cloudflare, OpenDNS or the provider of your choice. I know with OpenDNS you can create a profile and do categorical blocks of certain types of content, which you might be interested in.
Click to expand...
that’s why I have an Eero setup to override Comcast’s DNS servers using Cloudflare. I’ll do that with any router I touch for a home setup.

And the fact the cable companies, now robbed of cable TV statistics on viewership and ad info(Nielsen slipped their code into the interactive guides on cable boxes - be it the legacy iGuide or Navigator - both Rovi middleware, Comcast used iGuide before Xfinity X1 and Charter fka Time Warner Cable and Astound used Navigator) are using their DNS as another data source to serve up ads.
 
SumGuy said:
VPN's are a scam. I can see some use-cases where you're trying to access geo-fenced material (ie - you're in country A but you need to be in country B to access something). But if that's not why you are using it, you need to be aware that most/many VPN's are using your IP to route traffic from other users, and a lot of times those users are bots, and bots do a lot of things on the net. Send spam, port scan, probe, scrape and hack web servers.

As I scan the logs of my own web server, I constantly see examples of residential IP's in G-7 countries that are used by bots to access my site. I know they are bots by (a) the user-agent they use, (b) the files they are trying to access, (c) their IP checks out in third-party data bases (like spur.us). I've come across starlink IP's that were part of 14 different vpn networks!

There is even a term that is used in the industry - "ethically sourced residential IP's". In other words, when you sign up to use their service, they tell you that your IP will be used as part of a network where other users will have access to your internet connect. Who those users are - they won't elaborate, but some of them will be paying to access the internet through your IP to perform bot-like activity. This phenomena is talked about in some web-master forums.
Click to expand...
Yikes. This certainly explains why so many of them can be offered for free.

Any chance you know if Private Internet Access or NordVPN is among those VPNs using users' IPs that way?
 
OVERKILL said:
Your biggest "privacy" exposure, ignoring Windows and Microsoft spying on you, are your DNS queries, which, unless you've manually changed them, are leaving your USG in clear text and heading off to your ISP (though it's highly unlikely anybody is sniffing the traffic on the DOCSIS network anyway). This is because most traffic is encrypted now.
Click to expand...

I would note that the TLS handshakes still include the hostname, like an HTTP Host header, it's called SNI. ESNI/Encrypted SNI isn't prolific yet. So, your provider can also glean the visited website hostname from the 443/TLS SNI, even if you've encrypted your DNS traffic.

1751649107765.webp
 
I regrettably prepaid NordVPN for 2 years. I have stopped using it because it is too glitchy for me. Certain websites and IOS apps either won’t work or occasionally don’t work. For example, I use the Waze app and it often won’t load, but works normal when I disable VPN. Likewise, some podcasts won’t play with VPN enabled.
 
You must log in or register to reply here.

Similar threads

A
Roku Player has faster connection with my WiFi vs ethernet connection
Replies
13
Views
2K
alarmguy
Klutch9
Ubiquiti/Unifi experts, come in!
Replies
10
Views
1K
Rand
O
AT&T Phone - Advanced. Any Experience?
Replies
10
Views
2K
jcy
Donald
Wireguard VPN
Replies
19
Views
3K
mk378
JHZR2
What is Ubiquiti doing to my work computer connection?
2
Replies
22
Views
706
JHZR2
Back
Top Bottom