New report that Kape Technologies has now also bought ExpressVPN:
I would suggest creating one’s own vpn. The risk that you face is that the cloud service tracks you outgoing ip addresses.
Doesn’t that come with some disadvantages, though? https://torguard.net/blog/rolling-your-own-vpn-vs-paid-vpn-which-one-is-better/
There seem to be two major ciriticisms:
-
It’s a Lot of Hard Work
It is not. Algo is incredibly easy to set up. I replace my vpn’s once a month and it takes me about five minutes per vpn to do so (litterally the time for the vpn set up script to spin up the server and install the software). I always go to spamhouse to make sure that my new ip address is not problemattic. -
It’s Less Private Than You May Think
This is the risk that I mentioned already. One can solve that quite easily by writing a python script that polls a diverse list of urls to add entropy to the log files of the cloud provider.
For my purposes, the rest of the criticisms are irrelevant (although they may not be for others) as I am not going out of my way to try to protect myself from three letter agencies or their foreign equivalents.
Is it surprising that a web site for a company that offers a VPN service would conclude that not rolling-your-own is the best option and would perhaps exaggerate some of the disadvantages of rolling-your-own?
Some comments on points made in the article:
You Only Have One Location
That seems a fair point. While a typical VPN service can offer you at least dozens of countries for the end-point and potentially hundreds of different end-points, you are very unlikely to match that with a roll-your-own solution. Sometimes (e.g. when bypassing geoblocking) you really do need specific control over the end-point country.
A Comparison of Costs
The cost of roll-your-own depends on whether you would have your own VPS anyway (on which to run the VPN end-point). The incremental cost may be negligible.
No VPN service offers “unlimited bandwidth” (how ridiculous!) and even a low end VPS gives a fair amount of traffic as monthly quota. In either case the bandwidth is definitely shared, definitely finite, and it isn’t usually possible to quantify in advance whether the resulting speed is good or bad.
I don’t know that that fully solves the problem. Another amusing option is just to send out UDP packets to random IP addresses.
Cute idea.
I think whether one implements an idea like this depends upon what one is trying to achieve: prevent commercial organizations from expropriating your personal data without compensation or confusing three letter organizations. With respect to the former, the work to sort through the myriad of cloud servers with different operating goals to find individuals is quite daunting if not impossible. This is obviously not the case if your goal is the latter one.
Just trying to achieve: add entropy to the (hypothetical) log files of the provider, as you originally raised.