And yet eve with that pitfall there is a valid benefit of using a shared VPN over the hotspot. Specifically making your data look like it’s coming from the phone so it isn’t throttled by the carrier as tethered data. The failure scenario being the data goes slower.
I recognize the problems you list as valid, and yet there is still a beneficial tradeoff decision to be made.
No need to insult me, I both read the GitHub and understand how VPNs work.
There is no point in using a vpn if you don’t care if your data leaks outside the tunnel.
Sharing VPN from a phone over a hotspot, means all of that traffic looks like it’s coming from the phone.
True, but don’t let perfect be the enemy of good.
Sharing VPN from a phone over a hotspot, means all of that traffic looks like it’s coming from the phone. Admittedly if the VPN dies, the routing will bypass it. But the benefit here is immense, if you use visible, you have unlimited data from the phone, but very slow data on tethering. Sharing the VPN from the phone, gives you unlimited data on the hotspot. That’s a pretty good trade-off
I use a calyxos device to share VPN, as of a few months ago.
Hotspot & Tethering
- Allow clients to use VPNs
https://calyxos.org/features/list/#network
Perhaps your confusing GOS? If not, can you cite the design decision to disallow this feature? I’d be curious to learn about it
If openwrt can do it, gli-net can do it
Honestly, for your use case, you should just get a older cell phone. Put lineage OS on it, or calyxos… share your VPN over hotspot, these are the only two ROMs that I’m aware of that allow you to do that. This has the benefit that the VPN traffic looks just like for traffic from the phone, and you don’t have to do any gymnastics to modify the TTL, or the operating system signature of the traffic.
Boom, travel router. Very portable, has a built-in battery etc etc etc etc etc
I like GLI-net, they are great, they have great hardware. If you want to buy it I endorse it. If you’re paranoid flash your own firmware. If you use an end-to-end VPN from your device it doesn’t matter what your mobile router uses. However the killer feature here, I think is better supplied by an older phone running the ROMs I mentioned above. It’s just more portable. And you have a backup phone when you’re traveling
The general topic was about self-hosting. IPv6 is very useful for self-hosting,… connections.
I’ll admit there is a critical mass problem with torrenting clients, but if you’re trying to set up a wire guard tunnel with your friends, IPv6 is a absolute banger
In most environments ipv6 bypasses cgnat (because, why would you need a nat with ipv6).
I stand by what I said. If you examine who supports those organizations, they are getting a benefit.
The US Navy supports tor more than anybody else. Not to mention all of the government-run exit notes. Now you’re the product here, is the product watching your data? Or is the product providing noise for their clandestine operations? Tor is a great thing, 100%, but it is being supported by people who get a benefit from it.
I’m sure you can find a counter example, but the point is it’s about incentives. If the incentives aren’t aligned you can’t trust it. Not for mission critical objectives
If you don’t pay money for something, you are the product. In this case it would be your net flow data. It’s not a good idea to use a free service if you’re worried about privacy
I wish it were that easy, there’s a lot of shared architecture in CPU design. So maybe there’s cache lines that are shared, those have to be disabled.
Architecturally, maybe memory tagging for cash lines that in addition to looking at the TLB and physical addresses also looks at memory spaces. So if you’re addressing something that’s in the cache Even for another complete processor, you have to take the full hit going out to main memory.
But even then it’s not perfect, because if you’re invalidating the cache of another core there is going to be some memory penalty, probably infotesimal compared to going to main memory, but it might be measurable. I’m almost certain it would be measurable. So still a side channel attack
One mitigation that does come to mind, is running each program in a virtual machine, that way it’s guaranteed to have completely different physical address space. This is really heavy-handed, and I have seen some papers about the side channel attacks getting leaked information from co guest VMs in AWS. But it certainly reduces the risk surface
Wow. patient commenter too! Very meta
I’m afraid as long as you have shared architecture you will always have side channel data leaks. The only true mitigation is dedicated resources per compute item. So dedicated cores, dedicated cache etc
https://www.privacyguides.org/en/advanced/payments/
Monero is the only privacy digital cash equivalent I’m aware of. There are a limited number of vendors who will accept it, and any of your friends who you can convince to take monero will also accept it
Here’s a list of known services that accept it. Things like VPNs, web hosting, email hosting, game hosting, internet services basically
Any of the other payment systems, the bank systems like zelle, PayPal, etc … They all have the problem of introducing a third party into your transactions. Who will then almost certainly sell your data
I set this up a while ago, so the services are a little dated there might be something better.
I also use speedify, and I use 10, yes 10, different mullvad VPN connections.
I have three internet connections at home. Each of the three connections has a wire guard connection to my two closest mullvad cities and one connection across the Pacific.
Speedify sees the wireguard tunnels, and each of the three uplinks. And I can use that to aggregate all the different pathways and do a first pass the post race for every packet.
Every packet gets replicated 13 times, and it races across the ocean, and the first one there gets delivered to the destination.
It’s great for gaming! I was able to shave off 65 milliseconds of latency to game servers across the ocean.
Is this wasteful? Absolutely, but it’s fun! The reason I use 10 mullvad connections is just because you get 5 simultaneous logins per account.
There’s a couple different ways to set this up, Linux network name spaces, really intricate wire guard configurations, VLANs. I went with VLANs, it was the most robust and portable across different devices.
https://support.speedify.com/article/918-openwrt
Oh well, I had no idea that speedified now supports Open WRT directly. That’s great
What’s not great is the new router plan, three terabytes per month limitation, 5x the price of the individual plan…
Discord’s main killer feature is Discovery of who is currently voice chatting in a room.
I’ve not seen any alternative platform that has the same level of voice discovery that discord does. Discord makes it easy to have a community, oh I see Bob’s online, let’s jump in and say hi.
It really is the local bar, you can just walk up and talk to anybody. That is absolutely critical. It’s open discovery, it’s effortless communication of status.
Here’s an open source company that provides you a different circuit for each socket. So a new IP for every link…
A refrigerator uses a compression cycle to pump heat from one place to another place. In addition to the heat that is moved, the work itself generates heat.
So refrigerator in a heated house is producing extra heat, which is the goal currently in the heated house…
What an I missing?
That’s a really good point I didn’t consider.
Adding heat to a place you want to make warm isn’t a problem.
Even if it only works sometimes, there is still a use case with a benefit. I.e. speed throttling on tethering