What VPN on Host before Whonix VMs? [Open to Personal Opinions]

Name the VPN you use!
In this specific case I’m looking for one to use like this user>VPN>tor and the VPN possibly hosted on the HOST not Whonix-Gateway.

TELL WHAT VPN YOU USE, AND WHY CHOOSE THAT AMONG THE OTHERS!
Explain why you have chosen that one among all the others VPNs available out there!

PLEASE DO NOT FORGET TO mention your THREAT MODEL in explaining your personal choice! it is extremely relevant for the purpose!

Thank you!

Although this user has now taken a permanent holiday, it’s worth reminding users that VPNs probably hurt your anonymity and security goals since they are glorified proxies.

Read the VPN documentation in detail if you are in any doubt. At a minimum you increase the attack surface of your platform, and have to hope you didn’t hit a malicious/honeypot provider. Also, the bottleneck will probably kill your anonymity goals and your wallet will be lighter.

You’re better off configuring a bridge - preferably with someone who is willing to provide it, so it is not publicly listed by The Tor Project.

“VPNs = better privacy/security” seems to be one of those urban myths that won’t die, a bit like Elvis visiting McDonalds somewhere in the States last week.

If you really want to worry about something, worry about Stylometry and how you are boned right now if you don’t disguise your linguistic style. It’s not a sexy topic, but simply ignored by almost 100% of users.

1 Like

So true.

Perhaps worth adding (also to docs) that one should also look where the VPN servers are hosted. I wouldn’t wonder if these are hosted at amazon AWS / S3. For example, dropbox is just a frontend, and S3 is the backend.

A cheap VPN provider could also just be hosted on S3 or some other cloud server provider. Would be better if they had their own servers under physical control.

Imo saying “we’re pro privacy” and then running google analytics (among other tracking scripts) on the VPN’s website isn’t a sign of competence.

Other signs of non-competence:

  • using weak algorithms
  • why use aes128 if there is aes256
  • vpn config files that allow cipher downgrade attacks
  • not mentioning browser fingerprinting (I guess super majority of users just installs the VPN and thinks they are now anonymous while something as simple as cookies still fully keeps them tracked)
  • not mentioning a VPN fail closed mechanism
  • opinionated: using non-libre software

Quite harsh, I hope. I haven’t researched VPN providers in depth yet. Would be cool to know which ones fulfill this all (and perhaps more?).


For reference:

That’s alright. Can still discuss the topic. Even if the original thread starter has no interest anymore or is otherwise away, the topic may of course still be discussed by others. Starting a thread is like anonymously contributing an interesting discussion. The thread starter doesn’t own the topic.

1 Like

So, when do we get the anti-Stylometry Random text generator ? :slight_smile:

Unfortunately it rather looks like we probably don’t in foreseeable future. Happy to be proven wrong.

When the upstream project AnonyMouth secures funding for a python rewrite. As Patrick said its not happening anytime soon.

was mostly speaking facetiously, but kudos