Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.

Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.

  • Phoenix3875@lemmy.world
    link
    fedilink
    English
    arrow-up
    172
    ·
    6 months ago

    The Chinese Great Firewall (GFW) has already been using machine learning to detect “illegal” traffics. The arms race is moving towards the Cyberpunk world where AIs are battling against an AI firewall.

      • oce 🐆@jlai.lu
        link
        fedilink
        English
        arrow-up
        47
        arrow-down
        4
        ·
        6 months ago

        You can conviniently block a whole instance from your account now, it reduces this kind of disagreement a lot.

        • Phoenixz@lemmy.ca
          link
          fedilink
          English
          arrow-up
          62
          arrow-down
          8
          ·
          6 months ago

          Should you though?

          I get it, it’s annoying, but the entire “let’s block people with opinions I don’t like” is probably the single source of pillerization and increased extremism on the internet.

          If I’m not allowed to have a discussion or disagreement with you, and get kicked out instead, I’ll just go to places where they will talk with me and where it’s chock full of other idiots like me who are much more extreme and in our safety bubble we can all continue not beat the same dead horse and circle jerk and make eachother more extreme because there are no dissenting voices, there are no voices or reason and calm, there are no cooler heads around.

          This entire moderation where we simply started dumping people with who we disagree has made the world a.much, much worse place.

          Granted, it sucks to have to deal with crazies and extremists, but at least whilst they’re in the group we can all keep them grounded in reality.

          • oce 🐆@jlai.lu
            link
            fedilink
            English
            arrow-up
            28
            arrow-down
            2
            ·
            edit-2
            6 months ago

            If I’m not allowed to have a discussion or disagreement with you, and get kicked out instead, I’ll just go to places where they will talk with me

            I actually tried to, and if it was possible to have rational and polite discussion, without straw man arguments, dog pilling, personal attacks and finally threats of violence, I would have continued to try. But sadly all of this happen, multiple times.

            At some points I considered leaving Lemmy, thinking that this federation as a whole was not safe for debating. But then I started understanding patterns, either it was from the users from a specific instance, or it was communities from a specific instance that turned like that. Overall the pattern seem to be that if the instance mentions extreme political ideologies in its description or if the profiles of its admins do, then debating is not possible.

            If they want to stay connected to people to avoid the circle jerk, they have to work on themselves too (ex: learning to debate politely), you can’t except us to absorb all the damages to help them avoid radicalization. It’s like walking towards a terrorist group with flowers while they are shooting around and expecting them to be inspired by your pacifism.

            I do enjoy debating and questioning my own beliefs, but I am not on Lemmy to consume my mental health, so I need to take some actions to protect it.

            • Phoenixz@lemmy.ca
              link
              fedilink
              English
              arrow-up
              0
              ·
              6 months ago

              not safe debating

              Sorry, just to comment on this one: I really dislike that phrase, its use is part of the reason why we are where we are. You ARE safe, all the time. It’s not like you talking in a lemmy instance puts you at risk of being shot in the head.

              You may encounter assholes, and opinions that you don’t like but that doesn’t make you unsafe. Uncomfortable, mayby, for having to read information you oppose?

              A black man driving and stopped by US police can claim he feels not safe. We lemmies are perfectly fine. I think many people need to grow a little thicker skin in that regard.

              • oce 🐆@jlai.lu
                link
                fedilink
                English
                arrow-up
                0
                ·
                edit-2
                6 months ago

                Uncomfortable, mayby, for having to read information you oppose?

                dog pilling, personal attacks and finally threats of violence […] I am not on Lemmy to consume my mental health

                Not all violence is physical.

                I think many people need to grow a little thicker skin in that regard.

                Are you blaming me for not having a tick enough skin instead of blaming the behavior of attackers? Please reconsider that thought.

                • Phoenixz@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  5 months ago

                  not all violence is physical

                  Yeaaahhh, no. Though there is verbal abuse out there, whenever people start talking about verbal violence they’re basically tslkit about any opinion they don’t like.

                  Blaming you for not having a thick enough skin instead of blaming the behaviour of the attacker

                  I would not blame you if someone hits you without provocation, but in my admittedly personal experience, people tend to talk shit, then get told off and claim violence, or they may hear an opinion they don’t like and start talking about attackers, somehow.

          • Kedly@lemm.ee
            link
            fedilink
            English
            arrow-up
            24
            arrow-down
            3
            ·
            6 months ago

            I’m not on the internet or lemmy to make the world a better place, I’m on here to kill time/enjoy myself/learn some things. I dont have the mental space to deal extremists, and particularly extremists that have a world view thats incompatible with itself if taken at face value, and I certainly dont have anything valid that I can learn from tankies, and as such, my block list has gotten quite large, and my general mood has increased because of it

            • thrawn@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              6 months ago

              This is my thinking for using .world. I don’t get all my news or interaction from Lemmy or the internet as a whole, and Lemmy is small enough that it has an almost zero impact on broader society. I respect those who try, but if my internet experience was antagonistic or frustrating I’d probably just stop using it.

              I also feel that conversations of that nature are best had in person, where there’s a higher chance of changing minds. I’ve no proof but it feels like internet discussions are taken less seriously and thus merely end before any opinion changing can occur.

              • Kedly@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                6 months ago

                You also have far less info on internet conversion on whether or not its being had in good faith, which is an extra hurdle on opinion change

            • Phoenixz@lemmy.ca
              link
              fedilink
              English
              arrow-up
              1
              ·
              5 months ago

              Maybe, but your list is, in part, so large because we keep pushing people out to let them become extremists

          • KairuByte@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            14
            arrow-down
            2
            ·
            6 months ago

            I “blocked” hexbear, because a mod didn’t take the time to use their brain, labeled me a “pedophile apologist” and banned me from the entire instance. If they moderate based on “I don’t care what actually happened, I’m mad” then I’m not going to bother interacting with them.

            • Phoenixz@lemmy.ca
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 months ago

              And that’s the problem from both sides. You both need to continue talking. I got banned from Reddit subs too for literally asking questions or wrong think.

              People need to grow skin

          • Cavemanfreak@lemm.ee
            link
            fedilink
            English
            arrow-up
            11
            arrow-down
            1
            ·
            6 months ago

            I was planning to, but ultimately didn’t. I have handed out personal blocks to obvious trolls and a brunch of hexbear users that spammed gifs in every single thread though.

              • Cavemanfreak@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                6 months ago

                Nope. I have filtered both grad and hexbear out of my feed though, I don’t need their shit there. And don’t forget that many instances already are defederated with them, so there’s also fewer of them through that!

          • FiniteBanjo@lemmy.today
            link
            fedilink
            English
            arrow-up
            16
            arrow-down
            7
            ·
            6 months ago

            This operates under the assumption that there are good decent people on every instance, but instances like Hexbear and Lemmy.ml are inherently corrupt and run by people who want to sow misinformation and chaos to negatively impact western powers. I’m not saying the whole thing is a Chinese operation, but if it were then it would be run exactly the same way it is now.

            • yolo@r.nf
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              5
              ·
              6 months ago

              I don’t think your whole thought process differs from a tankie. They think the same in a “my team is better, other one is sowing misinformation” way.

              • FiniteBanjo@lemmy.today
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                2
                ·
                edit-2
                6 months ago

                Lmao, Tribalism is certainly a problem with our society, but ignorance of people clearly acting against your interests is no solution.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            5
            ·
            6 months ago

            Yeah, I don’t block instances, just individuals that have proven to not act in good faith. I try to expose myself to as many diverse opinions as possible, but know if the people holding those opinions can back it up with facts, or are at least willing to consider the possibility that they’re wrong, and I try my best to do the same.

            • Melvin_Ferd@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              6 months ago

              Problem I see with this is that a lot of “I block people who act in bad faith” have hair triggers when it comes to what they consider bad faith. I see their comments all over the place where its a disagreement and 6 comments in they’re claiming the other person is acting in bad faith and they’re blocking them

          • Texas_Hangover@lemm.ee
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            6 months ago

            Being able to block what you want is great, having other people decide what to block for you is not.

            • Phoenixz@lemmy.ca
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              5 months ago

              I would argue it’s not. It caused people to become more and more extreme, locked in their own echo rooms where they just become more distant from a common center…

          • fuckingkangaroos@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            6 months ago

            “let’s block people with opinions I don’t like”

            I don’t think a lot of them are actually people, but rather LLMs. Also, does it count as “people with opinions” when it’s shills paid to spread authoritarian propaganda?

            I do agree we should limit personal blocking, but that’s because we need to collectively manage the Fediverse. There’s no budget for countering misinformation campaigns, just us.

            Instances blocking propaganda instances, on the other hand, is fantastic. It’s what we need for the Fediverse to survive instead of going the way of Voat and other extremist communities.

          • A_Random_Idiot@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            5
            ·
            edit-2
            6 months ago

            Because engaging in discussion with certain groups, does nothing but legitimize and amplify their messages of hatred and bigotry you fucking genius.

            You don’t engage in polite discussion with people that want you dead, that want to seize power and implement fascist authoritarianism, and who want to purge the “impure”.

            How you deal with it is by aggressively reacting to and putting down their bullshit, and denying them platforms which to spread their messages and hatred.

            People like you, who want to wring your hands and play nice and polite with nazis and their ilk, are doing nothing but pushing their agenda for them. People like you are nothing but collaborators, and people like you will end up on the wrong side of the stick alongside everyone else once you’ve outlived your usefulness.

            I eagerly await your reply of “oh well that just means you’re intolerant and that makes you worse than the (insert authoritarian flavor of choice) that i want to politely talk with!”

            • Phoenixz@lemmy.ca
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 months ago

              Funny how you call everyone hateful while being so full of hatred. You literally talk about becoming violent once outlived my usefulness, yet other are the violent ones?

              YOU, my man, are the problem hwre., you are the authoritarian here, not others.

              Hence me talking to you because I prefer to keep the discussion going. Noone is beyond saving. Do some reading up on Daryl Davis, he would be a good influence on you.

              Most extremists, like you, are not inherently violent, bad, or beyond saving. You’re simply a bit lost and maybe need to do some talking, have someone listen to you and validate you. Some different points of view can be very helpful to get rid of that hate that you feel inside you

              • A_Random_Idiot@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                edit-2
                5 months ago

                Yes, I’m the bad guy for being mean to nazis and not legitimizing their arguments with engagement.

                and replying to a month old post so you can hide from the inevitable replies you’d get for your soft handed “plz wont you think of the nazi’s and legitimize them with engagement and discussion” propaganda is fucking bullshit, and cowardice.

                You were a nazi enabler a month ago, and you’re a nazi enabler now. Now Fuck off.

                • jet@hackertalks.com
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  5 months ago

                  Ahh the ‘war only’ no diplomacy strategy.

                  Your belligerence invites fascism, because anything you disagree with you will meet with violence. Even if your group starts off fighting the good fight ethnically they will fall to fascism over time.

                • Phoenixz@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  arrow-down
                  1
                  ·
                  5 months ago

                  Bullshit

                  You are the guy who gets in a disagreement, call your opponent a Nazi and then punch him, excusing yourself with “he was a Nazi”

                  You quite literally are the same as Nazis, just that you have a different reason for your behavior than they have.

                  So yeah, now fuck off, Nazi

            • fuckingkangaroos@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              6 months ago

              I didn’t vote on your post, but want to say that you’re not going to convince many people with an antagonistic approach.

          • oce 🐆@jlai.lu
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            6 months ago

            Lemmygrad and Hexbear are the most obvious ones, sadly lemmy.ml is also part of them in my experience despite not being obvious about it (you have to check the admins and mods profile to see the link) and having some good content when it’s not about politics such as tech. There may also be some defederated by my home instance admins that I may not be aware of.

      • Phoenixz@lemmy.ca
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        3
        ·
        6 months ago

        HI WINNIE POOH! How have you been, have you had your daily dose of honey yet?

      • Linkerbaan@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        31
        ·
        edit-2
        6 months ago

        One day those tankies people here keep talking about are going to show up.

        One day.

        I always check under my bed each night to make sure there’s no tankies.

    • Socsa@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      I have some first hand experience with this. Brand new XMPP server, never before seen by anyone in the world, blocked within about 12 hours. Wireguard VPN on AWS lasts for a few hours on some networks, more on others. Never longer than a few days though.

        • Dempf@lemmy.zip
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          I was there in 2017 or 2018 and set up a Shadowsocks server before I went with whatever the latest mitigations were that I could find at the time. My server wasn’t completely blocked, but ended up getting throttled to hell after a few days.

  • impure9435@kbin.run
    link
    fedilink
    arrow-up
    97
    arrow-down
    1
    ·
    6 months ago

    That’s one of the reasons why I love Mullvad, they actually care about their customers, not just about their bottom line

    • Dojan@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      3
      ·
      6 months ago

      I wonder how much of a bottom line they actually have given how cheap their service is.

      • Linkerbaan@lemmy.world
        link
        fedilink
        English
        arrow-up
        60
        arrow-down
        3
        ·
        6 months ago

        Mullvad is 5 bucks a month and never has promos.

        Weigh that against Nord which often has a year for like 15 bucks…

        But Mullvad is one of the few that actually seems to care about privacy.

        • Dojan@lemmy.world
          link
          fedilink
          English
          arrow-up
          14
          arrow-down
          1
          ·
          6 months ago

          Oh wow, I had no idea Nord could go that cheap. To me €5 a month felt really inexpensive.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            5
            ·
            6 months ago

            I feel like every week someone on Lemmy says they would use mullvad except it’s too expensive. It’s refreshing to see somebody say oh yeah that’s fine.

            • sparkle@lemm.ee
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              6 months ago

              €5 a month for a VPN is expensive compared to others? I always saw Mullvad as one of the least expensive options other than like protonvpn and very few other open source ones. Most VPNs are hella expensive

              Personally I use Mullvad because it’s simple, very usable, open-source, and I can trust it the most (not to say some of the other open-source privacy-oriented options aren’t trustable). Ever since I got into programming, I’ve only ever used completely open-source options when I had the chance – if it’s not open source, I won’t use it. I make very few exceptions, like for games, because open source isn’t as successful there for the most part

            • Dojan@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              6 months ago

              I suppose it’s all a matter of perspective. When put next to a lot of other subscription services (like Netflix 😩) it’s pretty cheap. Compared to other VPNs maybe not so much? I’ve honestly never looked at a VPN-only service before, like Nord etc. as VPNs have never been something I’ve prioritised.

              Still, knowing what little I know about Mullvad, €5 a month for a VPN that prioritises privacy seems fair to me. Again, it’s less than any of the streaming services and if privacy is important then it seems a fair price to pay.

              • jet@hackertalks.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                6 months ago

                I think with all things globally, we apply an intrinsic sliding scale. Down to how many hours of labor that represents for us. So if $5 is a few minutes of labor fine. But if it’s 5 hours of labor then people are less likely to jump on it.

                • Dojan@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  6 months ago

                  Oh yes, absolutely. I am privileged to be middle-class (which I can appreciate even more as I grew up a povvo bitch) in Sweden where €5 while not nothing (for me in my economic situation) is a reasonable expense for an interest. I could rent a film for that money, or take the bus to the nearby town. I also happen to know people for whom €5 is a significant sum of money, so like previously said it depends entirely on your perspective.

      • impure9435@kbin.run
        link
        fedilink
        arrow-up
        36
        arrow-down
        1
        ·
        6 months ago

        I’m pretty sure they are profitable, considering they were founded in March of 2009. You can’t really run a company without profits for 14 years, right? Just routing network traffic isn’t that expensive after all. They are the only ones being honest about it, other VPNs charge way more because they only want to extract money from their customers.

        • Dojan@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          6 months ago

          Cheers. Network related stuff isn’t my forte so I really have no idea about the costs. I just figured that the moment you start adding a decent amount of users the costs will go up, and €5 seems like a really fair price.

          • impure9435@kbin.run
            link
            fedilink
            arrow-up
            14
            ·
            6 months ago

            It’s actually the other way around, the more users you have the cheaper everything eventually becomes

              • impure9435@kbin.run
                link
                fedilink
                arrow-up
                5
                ·
                6 months ago

                Yes, there’s no reason this wouldn’t apply to a VPN provider. It’s also the reason NordVPN or Surfshark is so incredibly cheap.

                They have lots of users -> They can pay lots of money for advertising -> They get more users -> Everything becomes cheaper -> They can pay more for advertising

                You get the point

  • MigratingtoLemmy@lemmy.world
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    4
    ·
    6 months ago

    I love these guys. Let’s see if somebody can just bootstrap the FOSS framework directly on TCP to work on the internet without a VPN. Fantastic project

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      6 months ago

      I’m afraid just generating random traffic from your IP address won’t do anything against traffic flow analysis. Because most internet traffic is point to point, people who are interested in the flow, just follow the traffic moving between various points. So if you’re sending extra traffic to other random sites, it doesn’t interfere with point-to-point flow analysis.

      In the context of a VPN, because all of your traffic is encrypted, you have to work harder to determine what traffic is going where. Because all traffic is going from your network to another virtual network. So an outside observer just sees the size and frequency of traffic but not the destinations. In this context since they don’t see the destinations, it makes sense to add random traffic flows, because that’ll obscure the signal that the observers are looking for.

      • MigratingtoLemmy@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        Considering that VPNs are Point-to-point too (home->VPN), I was wondering if one could use DAITA with TCP directly instead of having to use a VPN. Imagine if TCP had DAITA baked in.

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          6 months ago

          Even if you baked in variable packet size into TCP. It would be trivial for anybody monitoring network flow, to see you who you’re talking to. There would be no ambiguity.

          The only reason this makes sense for a VPN, is there’s a lot of traffic bundled together, so a third party doesn’t actually know where your traffic flow is going.

          Consider the example if you ran your own personal VPN endpoint. So you were the only user on the VPN. Even with randomized traffic flow injected into your VPN connection, it would be trivial for any third party who’s monitoring traffic flow to know that traffic is yours. Because you’re the only VPN connection talking to the VPN server. This thought experiment applies when you don’t have a VPN at all.

          • MigratingtoLemmy@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            If I were to send packets to a single entity over time, I’d have no use for DAITA. I agree with you on this.

            However, let’s say that I run a bunch of VPN endpoints across VPSes, and the entity trying to track me doesn’t know about all of these IP ranges. I could be renting from a colo, the cloud and even a a bunch of friends who have their ports open. If I were to mix this in with my usual internet traffic, it becomes significantly harder for third-parties to figure out what I’m doing connecting to all of these different IPs. A state actor could put the resources behind it, but the average third-party will have a hard time with it. I can certainly see use-cases for it.

            • jet@hackertalks.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              6 months ago

              I think we’re mixing up vocabulary.

              Every IP you talk to is visible to anybody monitoring your network. The sale of net flow data is commonly acknowledged by ISPs. So every computer you talk to is common knowledge for sale.

              In your scenario, let’s say you have five VPN connections set up to go to five endpoints that you control. But if nobody else is using those same endpoints. Your net flow data still exposes exactly what you’re doing. There’s no ambiguity. Your traffic is plainly obvious to anybody observing the network. Even if those VPN connections are adding randomized traffic onto the links.

              • MigratingtoLemmy@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                6 months ago

                Except that I will not necessarily be connecting to the exact same IPs over time, just going to do so in specific ranges which the VPS/colo owns. There’s plenty of people who are going to be renting VPSes and will have their traffic originate from the same IP range as mine, which means that if everybody using TCP had their traffic anonymized like so, the third party wouldn’t actually know that MigratingToLemmy specifically was connecting to AWS at a certain time and from a certain location, so to speak. This hypothesis doesn’t include correlation through other data in the threat model. But it could definitely prevent correlation with traffic across locations, which is similar to what Mullvad states

  • nivenkos@lemmy.world
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    1
    ·
    6 months ago

    No port forwarding really kills the utility though - I mainly use the VPN to do port forwarding (e.g. for video games, Plex, etc.) as my ISP is shit.

    Like I’m not worried about state-level de-anonymisation, I just want to be able to share services remotely and have a minimum level of anonymity.

    • far_university1990@feddit.de
      link
      fedilink
      English
      arrow-up
      32
      arrow-down
      1
      ·
      6 months ago

      Port forwarding removed because hosting threatened to kick mullvad out. Lot of shit hosted through that. No hosting, no vpn, so needed to remove to continue operate.

      • ForgotAboutDre@lemmy.world
        link
        fedilink
        English
        arrow-up
        16
        arrow-down
        11
        ·
        6 months ago

        Port forwarding means torrents. People using a VPN to torrent likely have much more traffic, especially those that seed (which is why they want port forwarding). Not enabling port forwarding means mullvlad can operate at a higher profit to cost ratio, and less risk.

          • ForgotAboutDre@lemmy.world
            link
            fedilink
            English
            arrow-up
            23
            arrow-down
            4
            ·
            6 months ago

            That’s what mullvlad say. It’s not necessarily the reason why they don’t offer port forwarding.

            It was always possible for them to continue allowing port forwarding. They could use separate servers for those that want port forwarding, stopping any impact port forwarding had on those customers.

            • sramder@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              1
              ·
              6 months ago

              Hum… this was one of the original reasons I signed up with them. I totally missed them dropping support. I’m not mad about it because I don’t torrent much anymore, but it’s still a pretty lame excuse.

              I want all my services supporting maximum fuckery at all times as a matter of general principle.

              Any alternatives that you know of?

              • Aceticon@lemmy.world
                link
                fedilink
                English
                arrow-up
                6
                ·
                6 months ago

                Torrenting works fine with Mullvad in my personal experience, and will pretty much up to my current ISP speed limits (which is 200Mbps download).

                Can’t really guarantee you that it will be as good if you’re hosting your own seedbox over their VPN (then again if you’re doing that you should probably pay for a proper seedbox hosted elsewhere) but if you’ve downloade something and the just leave it seeding, it seems fine.

                • sramder@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  6 months ago

                  I can’t honestly say I’ve ever had much trouble with it either. No trouble receiving files at least… there wasn’t much outbound traffic, but that could just have been a lack of interest :-)

                  I’m happy with Mulvad’s service and now that the initial shock and indignation is wearing off I’ll probably stick with them.

                  Besides I read about their new traffic obfuscation and I’ve got to give that a try. We need proactive innovation like that, now more than ever.

              • Salix@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                4
                ·
                edit-2
                6 months ago

                I personally like AirVPN. Pretty good speeds depending on the server. You can port forward and have up to 5 devices connected simultaneously. Make sure you’re using the Wireguard protocol.

                Only issue is that Eddie (their GUI) kinda sucks. Works okay on Linux, and probably same on Windows. The Android one just really sucks.

                I personally just download the wireguard configs to use.

            • MigratingtoLemmy@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              3
              ·
              6 months ago

              You should be using a seedbox to torrent in this age. Let the company run their business, if they don’t want to be a part of the group that allows torrents, so be it.

              • ForgotAboutDre@lemmy.world
                link
                fedilink
                English
                arrow-up
                7
                ·
                6 months ago

                There are plenty of other options in the market, including ones with port forwarding. It’s a very saturated market.

        • Aceticon@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          edit-2
          6 months ago

          That sounds strange given that Mullvad works fine for torrenting in my personal experience and even up to quite a good speed (it can use the full 200Mbps download speed from my ISP)

          Also modern NAT will do deep packet inspection on common well known protocols to automatically adjust the port of your machine listed on any “here I am” protocol messages being sent out from your side to be an actual port on the VPN Router and to have an internal association of that port in the Router with the actual port in your machine so that connections of that port can be sent to your own machine and the actual port in it that are used.

          It’s only the pure listenner services (such as webservers and e-mail servers) were the port is pre-defined by convention and not a variable one sent out on any “here I am message” that require explicitly configured port-forwarding on the VPN Router side, plus because the port is fixed by convention for each type of service (such as port 25 for SMTP and port 80 for HTTP), off all the clients connected by VPN to that VPN Router at any one time, only 1 will be able to get that specific port.

          • ForgotAboutDre@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            6 months ago

            You need port forwarding to connect on torrents. Your able to torrent because everyone you torrent from has port forwarding enabled. If you want to access more seeders, and more commonly leechers you need port forwarding. This is useful for people using private trackers that want to maintain a ratio.

            • Aceticon@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              6 months ago

              I can download at the maximum rate my ISP supports and I can seed after downloading (probably only to those clients which my own client has connected to).

              However I cannot seed in a brand new session during which I did not download that specific torrent (as I just tested).

              I expect this is because, as I explained, the NAT implementation actually tracks which IP addresses your client connected to and through which VPN Router port that went so that subsequent connections from those IPs to that port get sent to the right port in your own machine, but it doesn’t support uPNP/NAT-PMP port forwarding so the bitttorrent client cannot configure on that VPN Router a static port-forwarding so that it can listen for connections from any random client.

              So if I understand it correctly it totally screws self-hosted seedboxes and if you want to give back to the community you have leave it seeding immediatelly after downloading and it’s not going to be seeding anywhere as fast since its limited to peers connected to during the dowload stage.

    • qjkxbmwvz@startrek.website
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 months ago

      Someone else pointed out Tailscale; I’ve had luck with free tier VPS+WireGuard.

      I have an Oracle one which has worked well. Downside is I did link my CC, because my account was getting deactivated due to inactivity (even using it as a VPN and nginx proxy for my self hosting wasn’t enough to keep it “active”). But I stay below the free allowance, so it doesn’t cost.

      That said: as far as anonymity goes, it’s not the right tool. And I fully appreciate the irony of trying to self-host to get away from large corporations owning my data…and relying on Oracle to do so. But you can get a static IP and VPS for free, so that’s something.

      • thatsnothowyoudoit@lemmy.ca
        link
        fedilink
        English
        arrow-up
        14
        ·
        6 months ago

        The Option 121 attack is a concern on networks where you don’t.

        Exactly where you’d want a VPN. Cafes, hotels, etc.

        • DefederateLemmyMl@feddit.nl
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          6 months ago

          True that. Hadn’t thought of that as it’s not my typical VPN use case.

          I’m not sure what a VPN provider could do about that though, they don’t control the operating system’s networking stack. If the user or an outside process that the user decides to trust (i.e. a dhcp server) adds its own network routes, the OS will follow it and route traffic outside of the tunnel.

          The defenses I see against it are:

          • Run the VPN and everything that needs to go through the VPN in a virtualized, non-bridged environment so it’s unaffected by the routing table.
          • Put a NAT-ing device in between your computer and the network you want to use
          • Modify the DHCP client so that option 121 is rejected

          Edit: thinking about it some more, on Linux at least the VPN client could add some iptables rules that block traffic going through any other interface than the tunnel device (i.e. if it’s not through tun0 or wg0, drop it). Network routes can’t bypass iptables rules, so that should work. It will have the side effect that the VPN connection will appear not to work if someone is using the option 121 trick though, but at least you would know something funny was happening.

      • Pyrosis@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        Of course but you don’t control rogue dhcp servers some asshat might plug in anywhere else that isn’t your network

  • linearchaos@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    6 months ago

    I swear the defense against the dark arts teacher just keeps getting weirder and weirder.

  • MTK@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 months ago

    I can tell you that this exists way before AI, I wish that there was more awareness earlier but it’s good that now its starting

  • MashedTech@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    6 months ago

    Windscribe had something similar already? Not exactly this, but they had a feature to add other random traffic to your network specifically to work against systems like these.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      6 months ago

      Not just tor. Tor plus random traffic.

      Let’s say across your VPN you always sent one megabyte per second of traffic even if you had nothing to say. And then everybody connected to the VPN endpoint did the same thing. Then it gets very difficult to actually follow the traffic flows of the encrypted packets. You don’t see a large chunk of data passing through the network

            • Aceticon@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              ·
              edit-2
              6 months ago

              The point is that for a state actor which can watch (or at least buy detailed traffic data for) both ends, a certain pattern of packets happenning from your side to a known Tor entry node and the exact same pattern between a specific server being watched and a known Tor exit node on the other side will indicate that it’s your machine connecting to that end server, the more such patterns spotted the higher the level of confidence.

              This is quite independent of how much your data is mixed with other data inside the Tor network and how many nodes it has been routed around, because this kind of analysis doesn’t care about the IP address your machine is sending requests to or the IP address the watched server is receiving request from, it only cares about your pattern of data requests and responses matching that server’s pattern of received requests and returned responses.

              Whatever protocol is in the middle is wholly irrelevant. At best if the website is heavilly used and you’re lucky, the specific end node (be it the router on the other side of your VPN connection or the exit node of your Tor connection) sending your requests to that server might have other users also sending requests to that server hence you’re all disguising each other’s pattern, but this is to do with popularity of the service more than the protocol itself being good at defeating this kind of analysis.

              Edit

              This is not entirelly true - if the protocol changes the exit node between requests to the server then it can disguise your pattern. However given that changing the IP address from were the request comes breaks all the keep-alive performance optimizations in HTTP since v1.1, performance would be horrible at least for web browsing in modern websites (which have tons of additional content associated with a typical webpage).

              /Edit

              It’s all there in the Mullvad post (so you need to actually read it) and it helps if you have a background in IT Security and Cryptography since there are kinds of attack using similar mathematical principles in other areas (such as the statistical analysis of unchained symetrical encryption protocols to derive the text from the encrypted text based on the probability of the words and letters occuring in a specific pattern or the power consumption analysis of cryptographic microchips such as those in smartcards to derive the encryption keys based on the way power was drawn by the ALU during encryption and decryption, a weakness which was funnilly enough also defeated by adding noise in the form of junk operations).

              It’s all pretty obvious, really ;)

              • Possibly linux@lemmy.zip
                link
                fedilink
                English
                arrow-up
                2
                ·
                6 months ago

                I just think VPNs are over hyped. At the end of the day if someone is monitoring both sides it was game over a long time ago. Also there is no way to know what is on the other side of a VPN.

                What would be interesting is a paid I2P or Tor exit proxy.

                • Aceticon@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  6 months ago

                  Oh yeah, people thinking that VPNs are the end-all of Privacy and Security against eavesdropping in the Internet aren’t really informed enough to understand that there are quite a lot more attack vectors than just a person’s IP address.

                  That said no-logging VPNs do remove one from the “low lying fruit” category for things like legal companies sending “gimme money because we detected you infringing our copyright” letters to people doing file sharing using things such as bittorrent. This is because they remove the easy way for such companies to get a person’s information when detecting file sharing from a specific IP address: one thing is getting the target by a process as simple as sending an e-mail to a local ISP demanding the identification of a user using a certain IP at a certain time due to copyright infringement (using the laws made for just that purpose during the last couple of decades in several countries), a whole different ball game is to first having to get a Court Order in an altogether different jurisdiction to force the VPN provider to install some kind of wiretap-equivalent to catch such a user at a later time for a case of Copyright Infringement - it costs way too much, takes way too much time and has way too much risk of being laughed out of court (methaphorically speaking) to be worth it for a case of non-commercial Copyright Infringement, especially if there is an overabundance of easier targets.

                  As with everything else in this world, VPNs are good tools for certain jobs, not some kind of silver bullet for Privacy and Security against eavesdropping.