What the hell Proton! - eviltoast

  • RiQuY@lemm.ee
    link
    fedilink
    English
    arrow-up
    78
    arrow-down
    4
    ·
    27 days ago

    I don’t understand why everyone assumes using a VPN means paying for a third party. I have Wireguard deployed in my NAS and I always have that VPN connection active on my phone to be able to access my LAN deployed services remotely, Jellyfin for example.

    • TORFdot0@lemmy.world
      link
      fedilink
      English
      arrow-up
      25
      ·
      27 days ago

      Most VPNs sell themselves on encrypting your traffic to an endpoint that either is in a different locale to get around region locks or to put it out of the grasp of the RIAA so they can’t send your ISP copyright notices.

      While remote access to a local network is a good use case for a self-hosted VPN it’s totally unrelated to the use case for commercial VPNs

      • stephen01king@lemmy.zip
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        1
        ·
        27 days ago

        For the use case of encrypting your traffic while using a public WiFi, both commercial VPNs and self-hosted ones provide the same functionality.

        • OR3X@lemm.ee
          link
          fedilink
          English
          arrow-up
          12
          ·
          27 days ago

          I think the point they’re getting at Is that you can’t use a self-hosted vpn to hide your piracy activity because the link is registered to yourself.

          • stephen01king@lemmy.zip
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            27 days ago

            Yes, but this thread is about security while using public Wi-Fi, which the original comment was saying doesn’t require commercial VPNs.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              27 days ago

              And I highly doubt people are pirating while on public wi-fi, the bandwidth just isn’t good enough, and even if it was, it would be a dick move to other public wi-fi users.

        • TORFdot0@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          27 days ago

          Yes that’s true. But also that’s the wink and nudge marketing claim that VPN marketers make while everyone knows the real reason you are using a VPN.

          With HTTPS, DNS-over-HTTPS, and most endpoint firewalls dropping non-gateway traffic, the risk is a lot less than the VPN ad reads want you to believe

          • stephen01king@lemmy.zip
            link
            fedilink
            English
            arrow-up
            1
            ·
            27 days ago

            DNS-over-HTTPS sounds like it’ll be the least used by general public since most people I know are still using default DNS settings which would point towards their ISP’s. I’m not sure how many ISPs have moved towards DNS-over-HTTPS or if they are even activated by default.

            • exu@feditown.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              26 days ago

              Firefox has DoT enabled by default, maybe Chrome does the same. That would cover the use-case of most people on public wifi.

                • exu@feditown.com
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  26 days ago

                  Both, the browsers (and any other application) can choose to ignore your DNS settings and use whatever other mechanisms they like.

    • Praise Idleness@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      19
      ·
      27 days ago

      For less technical people or just don’t want to deal with public-facing open port: Tailscale or Zerotier are both great option (use Tailscale if former)!

      • floquant@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        10
        ·
        27 days ago

        Since Wireguard uses UDP and peers only reply to a received packet if it’s expected and valid, it won’t show up in port scans and barely increases your attack surface. Tailscale and Zerotier are quite nice, but personally I dislike NAT-punching protocols.

      • tfw_no_toiletpaper@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        27 days ago

        I use tailscale for hosting gameservers for friends and the occasional watch together on jellyfin. Kinda scuffed setup with one burner github account for login. And ~10 devices connected to that network. So I need to authenticate every device myself (at the beginning and sporadically) but I don’t need to pay Tailscale for adding multiple accounts to the network.

        At the beginning I tried to do set up everything with my own wireguard server. I only have a public v6 IP, so some of my friends connected without problems and for some it would not work. After I think 3h helping them in their router settings I just gave up. I looked up if I could rent a service somewhere that gives me a public Ipv4 relay, found Tailscale instead and stopped looking for something else haha. Sometimes it’s not worth the effort.

      • kameecoding@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        27 days ago

        I am technical, I decided to just not open up any port that’s not needed for Plex and Jellyfin, sometimes it would be nice to access radarr and sonarr remotely, but fuck I just don’t want to deal with the setup

    • arthurpizza@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      27 days ago

      It’s also worth mentioning that the VPN in question, Proton, offers one of the best free tiers of any VPN company.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        27 days ago

        Agreed. I’ve used it, and it’s perfectly fine for normal web browsing. In fact, I added it to my router a while ago to test it out, and I’m considering leaving it on as a “secure” SSID so we can use it for things that my state requires ID for (e.g. porn and social media).

    • s_s@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      ·
      27 days ago

      I don’t understand why everyone assumes using a VPN means paying for a third party.

      It’s because that is what is advertised to them.

    • diffusive@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      27 days ago

      My setup as well (plus encrypted DNS for good measure)

      I still have to somehow trust my ISP but I go down from having to trust my mobile ISP, my employer WiFi, random shops WiFi to just one ISP (that,fwiw, has shown to be transparent, customers friendly etc)

    • mat@linux.community
      link
      fedilink
      English
      arrow-up
      4
      ·
      27 days ago

      I tried setting this up, and I can connect to my honeserver, but I’ve no idea how to access its LAN services. How does it work?

      • Zanathos@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        27 days ago

        Do you have internal DNS set up? I have my wire guard deployed on both of my pihole servers, which have local DNS entries for my internal services, which point back to my internal Traefik container for NAT translations. I know that sounds a bit complicated, but that’s how it works for my environment.

        • mat@linux.community
          link
          fedilink
          English
          arrow-up
          1
          ·
          27 days ago

          Wow yeah, that’s way more than what I have haha. So I guess I need to look into DNS…

    • Randelung@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      27 days ago

      I do the same, but it’s very clear that when people talk about “a VPN” they’re referring to a commercial cloud hosted product.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      27 days ago

      Yup, I have the same, but not to access services on my devices, but to tunnel services so they can become public services. Basically, Jellyfin is accessible at mydomain.com, which tunnels traffic over WireGuard to my internal Jellyfin instance. I’ll connect to the VPN occasionally if I need to access something else on my network though.

      That said, I’ve considered paying for a VPN service so I can get around my state’s stupid ID laws around porn and social media, which I consider to be a massive privacy violation. But it hasn’t bothered me enough to actually spend the $5/month or whatever.

    • MystikIncarnate@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      26 days ago

      IMO, the post is centered around proton VPN, and since that’s a public VPN service, it’s the focus of the discussion.

      Private VPNs are a very different story.