I'd prefer to get a VPN to avoid the risk of my internet getting shut down, but I'm not aware of what the options for Linux are. I figured this would be a good place to ask.
The only VPNs which are not owned by marketing companies are Mullvad and Proton. The largest VPNs are owned by Kape Technologies, renamed because their prior company name distributed malware, whose top people are former Israeli military, so I wouldn't trust them as far as I could throw them. I would never use a free VPN except for Proton, and Proton's paid VPN has a lot more nodes and features.
IVPN doesn't do any kind of marketing, none... And Windscribe is FOSS too ( too bad it's US based tho ), another one I can think of is TorGaurd ( proprietary ), they received a court subpoena but they revealed nothing about their users ( they don't keep logs )...
Proton and mullvad are the two best options I know of.
Pretty much any VPN provider is usable on Linux though, network manager can handle wireguard or openvpn configs just fine. Your biggest concern should be trustworthiness.
They are great for privacy, but for piracy, you need something that will do port forwarding. Neither proton or mullvad will do that. I have had both of those vpns.
I'm a Proton slave, all my eggs are in their basket so I'll go ahead and provide some free marketing for them. ProtonVPN is pretty good since it's ran by a good company that cares about you, getting Port Forwarding setup on Linux is a bit of a chore but I believe they're working on automating it, the Windows app does have it automated already by the way.
I do worry about the long-term practicality of ProtonVPN because of this manual process, since as far as I can tell there's no way to automatically hand your assigned port to the torrent client...
I'm not sure if their app does it. But the gluten docker container supports their port forwarding. Works really well if you're looking to route other containers through a VPN.
Pick one that has a wireguard config generator, so you don't need to use any client software besides the normal linux wg client.
I'd also look for one that accepts anonymous payment methods. Even if you don't intend to go to the trouble to use that yourself, it's probably a good sign if it's available. Mullvad is pretty safe and served me well until they stopped doing port forwarding. Proton, windscribe, azire, and airvpn were the ones that seemed most recommended when I went to look for a new one a few months ago.
As you may read elsewhere, Mullvad and ProtonVPN are the go-to for many people. But what Linux distro are you running? both of them don't have an OFFICIAL client for Arch, you can install them from the AUR though but I read the from proton rep in reddit that they don't recommend these packages as they're handled by the community.
If I ever get a VPN this is what I'd go for, but implement on the firewall. That way if I choose to, I can route specific traffic through my regular internet if I wanted.
I didn't see anything about not keeping logs (please correct me if I just missed it). Also, they don't have any built-in DNS protection, and it's expensive at $8.34usd/month.
It's an interesting idea to stratify your VPN and force individual apps to bind to their own tunnels, but seems like a lot of extra setup for little payoff, and if you can't be certain they're not keeping logs, there's little benefit to having multiple VPN connections vs one.
Please, feel free to correct me if I've misunderstood something.
They do have built in DNS protection, it's just not DNS servers controlled by them. You can pick presets from AdGuard, Cloudflare, etc. Or, use your own.
Regarding logging, I'm not sure I understand entirely how it's relevant to a service such as SPN. Have you used Tor and wondered if the nodes are logging? SPN is also an onion router. So, the exit node will not know your origin, even if they are logging. Of course, we could go down rabbit holes about speculative traffic correlation and/or timing attacks, but that's a separate discussion. A large portion of the SPN network is also community operated nodes.
SPN nodes can also be run by anyone without needing a large investment of staked cryptocurrency, unlike another onion router Lokinet. This lowers the barrier to entry for a more diverse number of community contributed nodes to SPN.
These aren't necessarily multiple VPN connections. Instead, every network request is sprayed across the SPN network based upon your desired number of hops and other settings. This means one app might see you as being in Iceland while another in Australia, etc. It bounces every connection around the network. If someone were trying to track you, it'd make it just a little more difficult than a static location connection with a traditional VPN.
I really like ProtonVPN with the unlimited plan. Comes with their premium email, drive, and password manager for $8-12 a month (depending on what plan length you buy)
I used the free version of Proton for a while, but when I decided to start paying I went with Surfshark. They were the best deal at the time and their client works well with the Windows, Android and Linux devices I have used it on. I have encountered some annoying "prove you are human" prompts when using Google Search so I mostly use DuckDuckGo.
I can also vouch for PIA's cost vs. performance, but their prices have risen recently (still cheaper than most), and I also learned the other day that they're now owned by Kape Technologies, a company that used to do bloat/malware development to do shady data mining.
I'm actually considering switching to AirVPN or Mozilla VPN/Mullvad, despite being a longtime customer, just for the peace of mind. Also, if you buy the three year plan of AirVPN, it's cheaper than PIA.
And, PIA still doesn't offer a standalone WireGuard configuration file, despite promising it was in the works a few years ago, and that's been a stick in my craw when trying to set it up the way I want on Bazzite Linux.
hey’re now owned by Kape Technologies, a company that used to do bloat/malware development to do shady data mining.
not a new thing. been that way fr years nw. sucsk but there apps are stlll foss (on github), still 3rd pary audite, and ii still havent been sued for downlodaing shit lpl
an they have wg. but you neeed to clone their git repo and run some shit to generate it. i wish it was just a simple conf file like ovpn but something about auth token i think. idr
Proton and Mullvad have the best privacy record, but I want to suggest a different tool. VPNs are really only useful for tunneling and adding an extra layer of anonymity, there's no total assurance they won't rat on you or get breached.
Real-Debrid is a way to torrent without risking ISP shutting down. Other debrid services exist, I just prefer real-debrid. The debrid service does the illegal part and you download over high speed. It's also more available since you can think of it like a very large scale seedbox. There's also implementation for most media center apps.