DIY Internet: More on personal VPNs

A few followup thoughts regarding Monday’s post about setting up a personal VPN.

Self-Sufficient, DIY Internet

All the Facebook Cambridge Analytica nonsense has really emphasized how dependent we have become on third party services and social networks.

As I thought about it, the idea of being self-sufficient online has really started to appeal to me. I mean this blog has always been independent, fully controlled by me. As a web developer with fully-stack devops ninja experience, I have all the skill and experience I need to set up any sort of web service I want.

So when I thought about the reasons for using a VPN regularly and the likelihood that I’d have to pay for a decent service, I wanted to see if i could do it myself. On severs I own.

I think there are more opportunities to DIY online, to rely less on dubious third parties.

Peace of Mind

As I alluded to in my first post, the real world security threats associated with public wifi are only a minor concern. I’m not generally too concerned, most of the time.

That said this little icon next to my WiFi connection gives me such a massive sense of security and piece of mind. The fact that it auto-connects without me having to take an action is just the icing on the cake.

Censorship

Streissand is an anti-censorship tool designed to bypass draconian government censorship like China’s Greatfirewall. You don’t live in China, do you really need do worry about censorship? Probably — and if you hang around the right subreddits — increasingly so.

Canada’s telcos are presently lobbying for a censorship regime. Perhaps the first draft targets content most of us would agree is “bad,” but who knows what the next version will look like.

Even if you’re less paranoid, there’s a good chance your workplace or school is filtering some content. Maybe it’s not content you bump in to very often. But if even if they are not filtering traffic, they’re almost certainly collecting your web traffic. That’s something I’ve never been too comfortable with.

A VPN allows you to take back your online freedom whenever you’re using a work, school or any other network that distrusts you.

Bypassing Geographic Restrictions

In case you missed, VPNs allow you to bypass geographic content restrictions. When you use a VPN, you traffic originates from the IP address of the VPN server. And since cloud providers host servers in many physical locations, you can easily bypass any geo restrictions based on IP address.


If you missed Monday’s post you can read it here:

How to: Set Up A Personal VPN

How to: Set Up A Personal VPN

Skill Level, Novice: To set this up you’ll want to be mildly comfortable with the command-line. But you won’t necessarily need know (or care) about the technologies involved.


Way back in 2010, firesheep scared my pants off. I was traveling for work when it dropped and I became acutely aware of just how vulnerable my data was on huge airport wifi. In the 8 years since then  https everywhere has become a reality and the threat of bad actors sniffing your web traffic is nearly a thing of the past.

But I’m still paranoid. And today I finally did something about it.

Enter Streisand

Streisand is an open-source project with the goal of defeating censorship. The best way to defeat local censorship is secure, undetectable VPN connection (usually in a foreign country). The goal of defeating censorship aligns nicely with the goal of hardening your internet connection.

Streisand is essentially an installer for a set VPN tools which you’ll install on a cloud hosted server that you control. The project presently supports Amazon EC2, Azure, DigitalOcean, Google Compute Engine, Linode, and Rackspace. You simply run a few commands, select a few options (the defaults are totally fine) and Streisand does the rest.

If you’ve ever run apt-get or setup homebrew on MacOS you should have no problem setting this up. Streisand’s installation instructions well written and easy to follow (jump right to the instruction here).

Much to my surprise — unlike many of these types of command-line driven projects — I ran into absolutely zero issues during the install.

It gets even easier.

If that doesn’t sound easy enough — get this — Streisand copies over an HTML document with an incredibly easy to use guide, per-filled with all the configuration settings your need for your server. It’s dead simple to share this with anybody you choose.

Bonus points: Auto-Connect on public WiFi.

The last time I used the TunnelBear app, I noticed an advanced setting to auto-connect to all wifi except for a whitelist of trusted network. So that if you’re on your secure home, work or other trusted wifi network, you don’t waste VPN bandwidth or take the potential performance hit.

Unfortunately, iOS doesn’t support settings like this natively.

In order to accomplish this, you have to create a custom .mobileconfig file. These files are huge XML documents that you probably shouldn’t write by hand.

Save yourself a headache, use this iOS VPN autoconnect generator (props @klinquist).

Costs

I am hosting my Streisand VPN on Linode, my goto host for the past serveral years. Their lowest tier server is more than power enough to host a VPN. And they generously include 1TB of service. For US$5/mo.

The $5/mo price-point is competitive with many of the popular VPN services. Except, since you’re self-hosting, you are not limited to 1 user. You can freely hand out the streisand connection to friends and family.

Conclusion

One of the most powerful aspects of the internet and open source software is the ability to take control of everything yourself. As somehow with this skills to do this myself, I am going to start to make a concerted effort to take control of more things myself and be less dependant on untrustworthy third-parties.

Running my own VPN is just one small step.


I wrote a short follow-up post you might enjoy:

DIY Internet: More on personal VPNs

VPN Reviews: Watching Hulu, Comedy Central Without Hacks

Full Disclosure: VPN Authority approached me with a trial account for review purposes.

A VPN (or Virtual Private Network) is a system for securely joining a remote network over the internet, typically they’re used to allow remote workers secure access to their company’s internal networked file system and other network resources. When a computer connects to a VPN all internet traffic can be configured to route through that VPN. As a side-effect, this re-routed traffic appears to be coming from whatever geographic location the VPN server. In other words, if you connect to a VPN in the USA, you can use geo-restricted sites – like Hulu and Pandora –  from anywhere in the world; if you use a VPN located in the UK, you can access BBC iPlayer and Spotify. You get the picture, see Wikipedia for all the glory details.

A while ago, someone decided that they could charge money for access to this side-effect. When you to a search for something like US VPN you get a tonne of results, some free, others paid. It’s hard to tell them apart and for the most part, they’re fairly similar. The main differentiating factors for the purposes of watching geo-restricted video are connection speed and cost.

Truth be told, before VPNAuthority contacted me I had not tried using a VPN to access US content, at least not in a very long time. I had assumed that the free options were too slow and the paid options weren’t worth it. I’m not about to shill for VPN Authority just because they set me up with a free account (sorry guys). It’s only fair to pit them against some of their competitors. So, I took a look at 2 other services: HotSpot Shield and CastleVPN. HotSpot shield seems to be the most popular free VPN and I picked CastleVPN because they had a professional looking website.

Continue reading “VPN Reviews: Watching Hulu, Comedy Central Without Hacks”