I have seen the following argument (summarized here as I understand it):

Despite the promises that VPN providers make, it is known that they will often monitor your traffic, collect logs, might share your information, and will collaborate with law enforcement. Renting a VPS and running an OpenVPN server on it and using that as your VPN, is better - because you have full control over the logs. Let’s assume we trust the VPS provider to adhere to their TOS and privacy policy.

To talk about a concrete typical usecase, I am thinking about how this applies to downloading illegal torrents. In my current view, the only scenario in which the self-hosted option makes sense is if you pay for hosting using crypto and reveal no personal information during the process. Otherwise using a VPS would be virtually the same as downloading it through your ISP - and in some cases even worse - because the VPS provider might be more easily pushed to throwing you under the bus if abuse is reported since this might be a TOS violation. On the other hand, a VPN provider has a much larger motivation to protect users against this because the way that users perceive these protections is fundamental to their business model.

So, is there a reason to self-host a VPN instead of using a VPN provider? If so, should the VPS be acquired anonymously, or are there ways to protect yourself while using a provider that you gave your personal information to?

  • The only reason I can think of to use a VPN is to get access to content that’s location restricted. Setting up OpenVPN on a VPN is pretty straight forward, and VPS hosting is pretty cheap nowadays. I really don’t see a reason to use a provider if you have the technical skills to set up your own. Furthermore, if you control the VPN server then you can ensure that it’s not logging your activity.

    • I do find it convenient to have the ability to change my location quickly, but I am willing to give up on some of this flexibility. I am trying to understand the tradeoffs.

      • The main downside of having a private VPN is that the location is fixed to wherever the VPS is located. The downside of using a provider is that they can collect any unencrypted data going through the VPN, and you don’t know whom they share it with.

        • Given that most of my traffic goes through HTTPS, unencrypted traffic is not much of an issue. What they can do is keep a list of all of the websites a person has visited. VPN providers promise not to do this, but it is likely that they do.

          So, what I am gathering is:

          A VPN provider gives you more flexibility with geofencing and a faster network speed, but there is a chance that they are logging the websites that you visit. They are less likely to get you in trouble if you torrent because to forward an abuse claim they would need to admit that they log activity, and they will try to avoid that.

          A VPS provider is unlikely to log your traffic because this information is less valuable to them. A VPS is more expensive than a VPN provider, but it is possible to use the server for other purposes, and it is possible to delete it when not in use. A VPS is not suitable for illegal network activity because the abuse reports get routed to you.

  •  poVoq   ( @poVoq@slrpnk.net ) 
    link
    fedilink
    4
    edit-2
    1 year ago

    Most VPS are heavily traffic limited via the fine-print / QoS traffic shaping and will not work for torrenting due to that. And abusing a VPS for traffic heavy VPN is nearly always against their ToS regardless of what you actually use it for.

    • It makes sense. I am asking because I ran into a few videos (such as this one) advocating self-hosting of VPNs, but I am thinking that it is not such a good idea.

      I just watched this video by Linus Tech Tips on the topic and I think that he gives a good explanation.

      It appears that there are some specific cases in which having a VPN server is useful, but these cases are different than the cases for which a VPN provider is useful. Do you think that it fair to say that if one wants a ‘DIY’ solution it is better to stick with TOR and/or P2P?

      •  poVoq   ( @poVoq@slrpnk.net ) 
        link
        fedilink
        2
        edit-2
        1 year ago

        There is certainly a logic behind self-hosting a VPN, but it doesn’t work very well if your main intended purpose is torrenting copyrighted videos. You will not have a great experience doing that over ToR either as that is quite slow. While ToR exit nodes are not preventing such use, it is clearly against the intended purpose of them and harms the overall ToR network by saturating bandwidth.

        • I am talking about torrenting because I figured it was one of the main use-cases. But I don’t personally torrent, I use the VPN as a general privacy strategy. Thinking about this, I think that I have framed this question the wrong way by giving an illegal usecase. So I am interested in the logic for legal use.

          If I am not breaking the law, then one purpose of the VPN is to keep my activity private. If I connect through an ISP, my ISP has my personal information and can log my activity. If I connect through a VPN provider, the VPN provider has my personal information and they can associate it with my activity. If I use my own VPN, then my VPS provider can in theory log my activity by monitoring the connections that my server makes. But it is less likely that the VPS provider would invest the effort in logging this type of information because different servers are pinging the web all the time for many different reasons, so it is of no value to them to try to gather this type data.

          So I am now thinking about it along the following lines:

          The VPS is better for privacy because even though they can see their servers communicating with other networks, and they know that you own the server, they don’t have enough information to determine why those connections are being made (is it a website? a vpn? a web crawler? or some other junk…), so collecting this data is worthless to them.

          On the other hand, the network that goes through a VPN provider’s server knows that it is you using the server to browse the web, so this is a well-defined a valuable dataset, and the value of this data incentives them to collect it.

          •  poVoq   ( @poVoq@slrpnk.net ) 
            link
            fedilink
            3
            edit-2
            1 year ago

            Its not so much about using it for illegal stuff (but ofc then a VPS rented on your own name running a VPN makes even less sense) but the high amount of traffic / occupying bandwidth that is the problem for these VPS providers. They usually over-provision their services and sell a lot of cheap VPS while having relatively little bandwith shared between all these VPS. So if they allow one customer to torrent movies via their VPS that can easily have an impact on hundreds of other VPS customers by clogging up their allocated bandwidth as well.

            But the VPS provider knows exactly what sites you visit and so on when you run a VPN on one of their servers (so does any VPN provider btw.). It might be just that you have more trust in the VPS provider keeping that information safe then you home ISP or the local wifi in the coffee shop you go to.

            In most cases a VPN is pretty useless and snake-oil to be honest, unless you have very specific needs and threat profile like living in China and wanting to circumvent their “great firewall” or other similar censorship efforts.

            Edit: if you rent a VPS anyways for other purposes, it is relatively little effort to put up a Wireguard VPN on that and use it on certain occasions like online shopping on a unsecure airport wifi or such. It can also help using VoIP on a mobile data connection that blocks VoIP otherwise and so on. But I would not rent a VPS just for that purpose.

            • Thank you. VoIP is something that I have vaguely heard about but have never looked into - maybe I should, it sounds interesting.

              From this thread I have gotten a few ideas. It would make sense to host a VPN from my raspberry pi at home. The network at my university is monitored in a personalized manner, for example, so I could route most of my connections through my raspberry pi to avoid snooping. The university network is good for accessing papers though, so I need to learn how to specify that the browser should access academic papers through the uni network directly and everything else via VPN.

  • I’m running 2 OpenVPN server. One on a VPS in Canada and one in Germany. The main purpose is to lock admin pages to a fix IP to increase security.
    I always avoid the supposedly secure, paid VPN services, because you never know what is really recorded there. At least, you run your entire Internet traffic over it. And with these prices, you can almost lease a small VPS, install OpenVPN and browse through it.

    • The main purpose is to lock admin pages to a fix IP to increase security.

      What does that mean? Do you mean that you do this to have a static IP pointing to an admin page? Why does that increase security? Please forgive my ignorance 😅

      At least, you run your entire Internet traffic over it. And with these prices, you can almost lease a small VPS, install OpenVPN and browse through it.

      I spun an OpenVPN server today using the Nyr OpenVPN install script and it took less than 5 minutes. It is very easy to do! Now I am trying to decide whether it is worth keeping it.

      • Do you mean that you do this to have a static IP pointing to an admin page? Why does that increase security?

        Exactly this. You can configure nginx/apache this way, that specific pages, like an admin interface, are only reachable from a specific IP range. If it comes from another one, you can return whatever you want.
        It increases security in this way, that crawler don’t even get known about such administrative pages and there’s no way to brute-force the login.

        Edit: Thanks for the tip with Nyr OpenVPN.

        • Exactly this. You can configure nginx/apache this way, that specific pages, like an admin interface, are only reachable from a specific IP range. If it comes from another one, you can return whatever you want.

          Aah, that’s very smart. Thanks for explaining!