Hi privacy fans :)
I've been a lurker in this lemmy-community for a while now and a "fan" of privacy for about 4 years now.
Since 4 years, I've been on and of with VPNs. Sometimes I think I dont need one, sometimes I change my mind and start searching for one.
The only one I tested (and used) so far, was Mullvad.
But now reading about Surfshark, I was wondering, if there might be a better solution or if Mullvad is already the best solution for VPN.
What I dont like about Surfshark is, that it is part of North Security and that it is not open-source (or at least I can find any info about that).
I hope you guy and gals have some suggestions or recommendation :)
Edit: wow... thanks for all of your fast replies. Coming from Reddit, I am used to only shitposting. Thanks for all your input. I will look into all the mentioned VPN hosters, thx 👍
Windsribe also has a big advantage for price with their "Build a plan" in that you can pick a few locations and only spend $3 a month without needing to deal with any coupons/sales or long term purchases.
Yeah. The 2$/month port forwarding option can also be a great deal as well especially if combined with the lifetime pro memberships they used to sell for $30 back in the 2010s.
Mullvad is one of the best options if you care about privacy. They take privacy seriously, both on their side and pushing users towards private options. They also support fully anonymous payments. Their price is also incredibly reasonable.
I'm actually working on a VPN product as well. It is a multi-hop system so that we can't track you. But it isn't publicly available yet, so in the meantime I happily recommend Mullvad.
wow, that look really promising. altough I read, that you are making only your clients open-source. wouldn't it be better to have also the server-side open-source?
I mean it is always better to have more open source. But the point of the multi-hop system is that you don't need to trust the server. Even if the server was open source:
You wouldn't know that we are running an unmodified version.
If you need to trust the server then someone could compel us to tap it or monitor it.
The open source client is enough to verify this and the security of the whole scheme.
The proton client for Linux has improved recently. I use it on PopOS. As to your first point I agree. I landed with Proton specifically because it was cheaper to do it and email rather than separate services.
well I haven't really thought of a threat model jet (but I will do so now :) ).
But in general I want a VPN, for when I am on the wifi @work and also to route my traffic through from my DreamMachine.
IMHO I am not an expert but Mullvad seems the best (from what I read from others) and I would stick with it. I am using it and happy with it. I also appreciate that their monthly price do not change depending on how many months you subscribe and that there is no bullshit discount for the first x months.
You could also look at Proton VPN if you need port forwarding.
Mullvad until you are often in the PCR, there I had a much better experience with ExpressVPN compared to basically everyone else.
If you need a lot of exit nodes in different countries Proton or Pure, but I grow increasingly wary of Proton these days and Pure is getting more and more enshitified these days.
So I simply use Mullvad for privacy and my own WG service for security.
I have no idea what a DreamMachine is (and wikipedia does not help) so here's the long answer :)
If you want a VPN tunnel to your own home, for secure access to your LAN, I'd recommend you look into NetBird and/or TailScale, which at their core are wireguard plus NAT punch-through (you can also run wireguard or openvpn directly, but it may be a pain since you most probably have a dynamic IP and possibly a CGNAT).
If you want to hide your traffic while connecting through networks you don't trust (such as the work one or some cafe's wifi), you can either use NetBird/Tailscale as above and connect though your home (well, assuming you trust your ISP of course) or some third party VPN which connects to their servers (I'd say look into Proton first).
Keep in mind that VPNs actually do very little for your online privacy (ie. it's not like google or facebook can't track or fingerprint you). They do is prevent man-in-the-middle traffic analysis from your ISP (or the admin of whatever LAN you are using), but then the VPN provider can do the exact same things, so... make sure to double-check the privacy guarantees of your VPN provider and compare them with those of your ISP.
What do you mean? Are they not good for privacy or security? They seem definitely more zealous about that on their FAQs and forum pages than, say, ProtonVPN, for sure.
A VPN is not for privacy. It simply put your front door to another location. There needs to be more done for being “private”. But Mullvad would be a good start.
Yes, your traffic is encrypted through the VPN tunnel, to the other location, but than you need to get access to the internet again. SSL traffic is already private, so there you don’t need an VPN for. Yeah, you get another IP, but you browse on the internet (same fingerprint) your pc has access to the internet (same hardware ID) and so on. So you can be tracked still. There are multiple videos on YouTube telling you a VPN on its own is a private method to access the Internet. Look for it.
Hijacking this thread with a related question: I'm stuck on Mullvad, any good ones that let you port forward from linux? I'd like to use slsk more effectively once again.
Protonvpn lets you port forward. I use docker and have a gluetun container that connects to protonvpn, all of my other docker containers for sailing the high seas (arr suite, qbittorrent, sabnzbd, soulseek client, etc) are routed through it and I have port forwarding setup to the ones that need it. For soulseek I use nicotine-plus-docker, all traffic is routed through the gluetun container, the port is forwarded, and a bit shy of 700 gb uploaded since March so I can confirm it works well.
I don't think the protonvpn Linux client supports port forwarding yet so only docker things can do it right now afaik, but anything I want permanently through VPN runs in docker anyway