180
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 14 Feb 2024
180 points (100.0% liked)
technology
23275 readers
124 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 4 years ago
MODERATORS
Any body know of any good ones that use wireguard? I have PIA (didn't do anything I needed to be actually secure on fortunately) since I get amazing performance with wire guard vs openvpn, or least it seems to be a lot less picky when the underlying connection is weird or unreliable.
Also, for anyone who needs to hear it, a VPN alone will not protect you and you shouldn't use both at the same time unless you know what you're doing and the security consequences.
I don't think wireguard is recommended yet for privacy reasons, but mullvad has always been solid AFAIK. You can even pay in cash if you like.
The other reply is correct about wireguard and privacy. If you have concerns about the connection to the vpn server being traced back to you, don’t use wireguard.
Wireguard uses perfect forward secrecy, which means that no one can see the private keys and none of your information is ever revealed to a man in the middle. A man in the middle would, though, be able to see that a connection was made between the vpn server and your ip.
It’s worth investigating why that would be a concern and I’ll outline an example here:
You connect your computer to the vpn and go do some stuff. Unbeknownst to you, someone’s been packet sniffing the vpn server you use for along ass time and has accumulated enough information to say for certainty that you were connected right before the stuff was done. Based on recent examples, that’s enough to get a warrant!
How would you mitigate that? Key and server rotation! For example, if you created a wireguard config for a bunch of vpn servers and switched them up from time to time and/or deleted your old config and made a new one with a new key. Easy peasy.
There’s a good overview of some of the problems wireguard can face here. Some of them are shared by other protocols and some are much different than what we’re talking about. Generally though wireguard is very good and almost all concerns are alleviated by key/server rotation.