2020 Post-pandemic VPN?

[dvsman]

So I haven't had a vpn since PIA got bought out by foreign owners. With that in mind, I've been searching for a replacement that is not owned by a foreign country - whether it's China / India or other.

While reviews suggest the same names as always, though PIA seems to have dropped off some of the top 10 lists Like this one: https://www.comparitech.com/blog/vpn-privacy/best-vpn-for-usa/

Anyone have firsthand experience with Express VPN, NordVPN or Surfshark (the top 3 from that review)?

This isn't for anything tha requires conspiracy-levels of secrecy but I would prefer my stuff not getting piped directly to Beijing or wherever if at all possible.

 

[SamirD]

With the domestic awareness of foreign interference increasing at the federal level, at some point all the ties from the US Internet to the rest of the world will be severed to prevent the weaponization of the Internet to harm the US. You can already do this with enterprise routers that have options for 'geoblocking', but as the damage costs continue to rise from being 'wide open' the way we currently are, there will be a point when someone in control realizes that 'the only winning move is not to play'.

That all being said, you probably have more of a chance to have your data funneled to a foreign power via a vpn service than without. ISPs have very strict rules by which they have to play by and the law here still (mostly) work so there are penalties for overstepping those bounds. You have no control or rights to your data when it reaches any foreign soil so I wouldn't bother with any of that vpn nonsense.

Now, if you really want to do it right, get an ipsec vpn router at home and setup an account with azure/amazon/etc to have all your traffic routed up to their cloud over an ipsec tunnel and out to the Internet that way. Then you are paying for business level services where they can't monkey around with you.

 

[cjcox]

With TLS 1.3 and DNS over HTTP(s).... should see a ton of VPNs no matter what the country as a lot of things become private.

Of course, if such protocols are mandated more, VPN for circumvention, might not be as necessary.

(I take it you're mostly interested in "circumvention" of location?)

 

[dvsman]

Pretty much my only use is for when I'm out and about. Coffee shops, hotels, airports are my main concern. Like I said, nothing confidential or anything, just personal security / privacy.

I take it you're mostly interested in "circumvention" of location?

 

[Shoganai]

Been with NordVPN for years. I've used many others, but I keep sticking with Nord.

 

[SamirD]

Pretty much my only use is for when I'm out and about. Coffee shops, hotels, airports are my main concern. Like I said, nothing confidential or anything, just personal security / privacy.

Oh, then you need my setup. I basically remote in to home via an ipsec tunnel and then rdp into a system at home and work using it.

A couple of advantages to this. One is that you never have to start/stop work--need to make a quick run somewhere? Just leave and take a system. You can rdp back into your system right where you left off. Another advantage is data--you can use a simple thin client laptop or even an older laptop running linux to connect to your network so no data on the system you're connecting from so no risk of physical data theft. And because your data never leaves your home network, no risk of interception either.

Setting this up right requires an enterprise vpn router and client setup on your system, but that's basically it. Enable rdp on your system behind your router and you can log in via your home network systems or via your ipsec tunnel.

 

[Shoganai]

Oh, then you need my setup. I basically remote in to home via an ipsec tunnel and then rdp into a system at home and work using it.

A couple of advantages to this. One is that you never have to start/stop work--need to make a quick run somewhere? Just leave and take a system. You can rdp back into your system right where you left off. Another advantage is data--you can use a simple thin client laptop or even an older laptop running linux to connect to your network so no data on the system you're connecting from so no risk of physical data theft. And because your data never leaves your home network, no risk of interception either.

Setting this up right requires an enterprise vpn router and client setup on your system, but that's basically it. Enable rdp on your system behind your router and you can log in via your home network systems or via your ipsec tunnel.

Sounds a lot more complicated than just clicking the connect button in my VPN.

 

[cjcox]

Oh, then you need my setup. I basically remote in to home via an ipsec tunnel and then rdp into a system at home and work using it.

A couple of advantages to this. One is that you never have to start/stop work--need to make a quick run somewhere? Just leave and take a system. You can rdp back into your system right where you left off. Another advantage is data--you can use a simple thin client laptop or even an older laptop running linux to connect to your network so no data on the system you're connecting from so no risk of physical data theft. And because your data never leaves your home network, no risk of interception either.

Setting this up right requires an enterprise vpn router and client setup on your system, but that's basically it. Enable rdp on your system behind your router and you can log in via your home network systems or via your ipsec tunnel.

Since ultimately this is a proxy like approach, you could eliminate the ipsec altogether and do (any) encrypted tunnel. (just saying... and btw, this is the most secure approach)

 

[dvsman]

What Shoganai said, plus having to tunnel back into your own home network really only works when you are close / in the USA. when you travel ... especially abroad, not very handy.

 

[Shoganai]

What Shoganai said, plus having to tunnel back into your own home network really only works when you are close / in the USA. when you travel ... especially abroad, not very handy.

And if your home internet is spotty like mine, I could never rely on it when away from the house. And like you said, when traveling abroad, it’s nice to be able to change your country IP location.

 

[SamirD]

Sounds a lot more complicated than just clicking the connect button in my VPN.

But a lot safer too.

 

[SamirD]

What Shoganai said, plus having to tunnel back into your own home network really only works when you are close / in the USA. when you travel ... especially abroad, not very handy.

I've actually used this from India and Canada without issues, so not sure why it would be an issue.

 

[SamirD]

And if your home internet is spotty like mine, I could never rely on it when away from the house. And like you said, when traveling abroad, it’s nice to be able to change your country IP location.

Yeah, if home Internet isn't reliable then that's an issue on its own.

Personally, I wouldn't want my IP to be local. I'd want a fully encapsulated tunnel back to home base--just like enterprises do it.

 

[Vengance_01]

I would just use my work VPN but I would setup an ipsec tunnel to home if feasible

 

[Nicklebon]

Sounds a lot more complicated than just clicking the connect button in my VPN.

Once setup it really isn't. I have pretty much the same style setup SamirD describes and it works flawlessly. On the road I literally just slide the vpn button to on and enter my RSA code when asked as I have that extra layer of security. All my traffic appears to be coming from home so never any security warnings or other hassle from service providers becuase they don't recognize my IP.

I should add that I wrap everything in TLS vs IPSEC. There are too many places that will block IPSEC.

 

[Nicklebon]

What Shoganai said, plus having to tunnel back into your own home network really only works when you are close / in the USA. when you travel ... especially abroad, not very handy.

I find the opposite to be the case. When abroad, especially Central and Eastern Europe, many service providers lose their mind and lock you out which then requires unlocking them only to be relocked out the next time you get a new IP. I had zero issues tunneling all my traffic home literally from Siberia over public wifi and LTE. I could even argue that some things worked better as my home DNS server is more reliable than many abroad.

 

[blackmomba]

Nord is good, connection speeds are good
Their Windows client is Ok, Linux client is horrible
I've had cyberghost too. Theyre based in Germany though iirc

 

[Shoganai]

I've actually used this from India and Canada without issues, so not sure why it would be an issue.

I guess it would be the same as using a VPN server based in your location. Dunno why I thought of it any differently. But again with the spotty internet thing.

 

[SamirD]

I guess it would be the same as using a VPN server based in your location. Dunno why I thought of it any differently. But again with the spotty internet thing.

Well, kinda. A vpn service still can do anything to your traffic. Your isp can do the same, but probably has a lot more oversight to prevent too much nonsense.

 

[ZeqOBpf6]

VPN reviews here
https://thatoneprivacysite.net/ are about the only place I really trust. VPN companies are super sketchy and there are tons of astroturfers trying to discretely manipulate people in to paying for one or the other.

 

[tangoseal]

Go read my mini review of Malwarebytes VPN. Its like 2 threads under this one.