Replying to Avatar Ava

"The encryption used by WireGuard has no known vulnerabilities. However, the current establishment of a shared secret to use for the encryption is known to be crackable with a strong enough quantum computer.

Although strong enough quantum computers have yet to be demonstrated, having post-quantum secure tunnels today protect against attackers that record encrypted traffic with the hope of decrypting it with a future quantum computer."

https://mullvad.net/en/blog/stable-quantum-resistant-tunnels-in-the-app

Avatar
boston wine 1y ago

Okay, as a relative newbie, here are my takeaways from these threads. Am I indeed getting the right picture?

1. Mullvad is a superior VPN for multiple reasons, and is worth switching from another provider like Proton or Nord

2. Running Tor - for any viable usage - through a VPN is fine, because you’re really just evaluating whether your VPN provider or your ISP knows you’re using Tor, and while neither can see the activity, you’d rather a quality VPN service be aware of Tor usage than a “definitely captured” ISP like Verizon or Spectrum

3. If you’re aiming to cover the lowest-hanging fruit, but aren’t ready (or feel it’s currently necessary) to make the full shift to a de-googled Graphene phone and TailsOS, then simply running an always-on VPN like Mullvad for benign web activity should gain a significant amount of privacy with minimal inconvenience.

For the tech-familiar and privacy-conscious beginner, would you say the above is a decent start? Any glaring holes?

Reply to this note

Please Login to reply.

Discussion

Avatar
Ava 1y ago

1. Mullvad is a superior VPN for multiple reasons, and is worth switching from another provider like Proton or Nord

-- i don't recommend nord, but i do also recommend proton vpn. if you only want a vpn, mullvad is where it's at.

2. Running Tor - for any viable usage - through a VPN is fine, because you’re really just evaluating whether your VPN provider or your ISP knows you’re using Tor, and while neither can see the activity, you’d rather a quality VPN service be aware of Tor usage than a “definitely captured” ISP like Verizon or Spectrum

-- basically yes. tor over vpn (tor through vpn). there is more to evaluate, but it is riskier to turn off your vpn, then connect to tor, forget to reenable then expose your ip or trust your isp over a respected no log vpn provider.

also, if you don't have a vpn enabled, surfing http (unsecured sites) on tor can be used to deanonymise you by a malicious tor exit node etc (same with clearnet). this was a rebuttal to the argument made in the video.

3. If you’re aiming to cover the lowest-hanging fruit, but aren’t ready (or feel it’s currently necessary) to make the full shift to a de-googled Graphene phone and TailsOS, then simply running an always-on VPN like Mullvad for benign web activity should gain a significant amount of privacy with minimal inconvenience.

yes i recommend using an always-on vpn as i outlined. it's a basic first step re: the post, and yes to grapheneos, but with qubesos with whonix for a daily driver os. tails is awesome for what it is but it is not a daily driver per se, it's more for one and done stuff (this depends on your threat model).

tl;dr: use tor over (through) vpn. keep your vpn always-on (except for banking and other sites/apps that don't play nicely with it...you can use splittunneling to bypass vpn traffic for those). also, fyi amethyst allows you to connect through a tor proxy via orbot.

Avatar
Orange Crush 1y ago

This is why QubesOS rocks. Breaking applications, different sites, and different activities apart from each other with app specific qubes will increase your focus by removing highly personalized and well designed attacks on your attention. I could care less about hiding, I want the freedom to drive my own experience.

67
67af7c7a... 1y ago

Please be careful with recommendations of this girl.

She's perhaps a girl who seeks attention or is paid/controlled by official entities or both.

1. Sweden(Mullvad) has one of the worst privacy laws in the world. For instance police can enter your home w/o warrant, they can hack your devices and they use facial recognition.

Try to avoid services located in Sweden.

Remember Libera.Chat is located in Sweden too.

2. Using Tor over VPN - you can be easier fingerprinted, time-correlated. If in your country Tor isn't forbidden just connect directly to Tor. Perfectly make Tor run 24/7.

3. Do not use GrapheneOS which builds a walled garden and forces users to use their server (updates, clock sync etc). Using GOS you're like a beacon. If you want to have GOS for sure do not follow their recommendations for instance do not use web installer, disable their Store, disable auto-updates, don't install Google services. Disable all known connections to GOS' servers like supl, connectivity checks etc.

Do not listen to this lady. Even banks, not all of course accept Tor connections.

This girl's recommendations are dangerous.

#security #privacy

Avatar
boston wine 1y ago

Thanks for the thorough feedback, Ava 🤙

I’ve found mixed feedback on Nord (the first VPN I had tried). Mostly benign and then the occasional word of caution - how come?

My threat model is minimal - reducing the number of companies and aggregators that have my data, and telling my ISP to mind their own business, are my primary goals.

My bank seems to have no issue with VPN. I had to “train” my mobile banking app to accept traffic from my vpn servers until it stopped giving me errors, but now it works fine.

Appreciate it 🙏