Good day to you,
I was attempting to figure out VPN usage on the L5 byzantium(and eventually I want to try it on Crimson) but for now I want to figure out how this works. I attempted to DL openVPN onto my phone and my phone showed me GNOME project as already installed, great but how do I actually use the VPN?
Settings → Network → VPN.
It just says “from file” and I had found that part, how do I add a VPN?
You press it to open a file dialog prompt, then select the .opvn file to import the OpenVPN connection profile. See also:
“Obtain the .ovpn file from the VPN server or provider.” Let’s start with that, how do I find a safe server?
Safe is dependent on your threat model, but if you want my suggestion, self-hosting an OpenVPN server allows you to configure it to your exact specification(s) and use case(s).
That sounds like a fantastic idea but that is another step that I don’t know how to do. I have heard VPNs scramble data by mixing many peoples’ data together, but since I am not a network engineer we are going to need to make these steps a bit more procedural.
Lets pretend that I have been using android for years which does everything except make me toast. How do I get a VPN working on my phone which is running byzantium so that creepy companies and governments aren’t able to spy on me?
That threat model is not achievable to defend against with a VPN alone:
The main issue is that VPNs are not private nor anonymous by design, relying on trusting privacy policies and possibly warrant canaries to compensate.
Chemistry was easier. So you think I should use whonix instead because it smears my data across multiple entities rather that one server? And if I did use it how would I implement it on* my L5?
Whonix is not supported on the Librem 5, so I suggest diverting any sensitive activities with surveillant-resistant requirements elsewhere instead.
I don’t really have any sensitive activities, but I don’t like being spied on which it seems like people like to do these days.
My general approach to mass surveillance is a local digital archive/library I peruse on my own time. Kiwix is an example tool:
Use the VPN service from Purism?
You can probably find other discussion in this forum about reputable VPN service providers / with good customer service, support, documentation / whatever. You can probably find similar discussions in many other places on the web.
For some customers the geographical choice is an important factor i.e. where the VPN endpoint servers are located (and that may also be relative to where you yourself are located).
As Frankly perhaps implies, if you use someone else’s service there is always an element of trust.
On the other hand, running your own service may be a poor choice for such reasons as a) insufficient skills to set it up and keep it running b) insufficient skills to set it up securely and keep it secure c) if it’s a service that is used solely by you then it is really just a surrogate for you (e.g. if Surveillance Capitalism wants to target you then targeting your VPN service is equivalent) and provides no mixing / no ability to hide your traffic / DNS lookups / whatever among the herd’s traffic etc…
Bottom line: You have to choose a provider before you worry about how to access the service from any given platform.
I tend to use a wikireader but I kind of feel like we have ceded too much authority to bad actors in governments and corperations, I am more of an old school guy and thought that the fourth amendment was supposed to protect people from unlawful searches and seizures and people have the right to the presumption of innocence. I am unsatisfied, I admit with searching for normal things offline, the internet is supposed to be for the people, not sure if you know what I mean.
There are relatively few independent VPN providers these days, as others are constantly being bought up by large profit-seeking companies which then continue to market them all as though they were independent. Those companies also own many of the VPN review sites, where they pretend to offer unbiased reviews of their own products.
If you want to subscribe to a commercial VPN service, there are a few that are well-known, and reported to be independent and reputable, namely:
AirVPN
Mullvad
Windscribe (I think)
Proton VPN
You can find their websites and decide which you like. Once you have a subscription, find and download one of their configuration files (not their client software, which is unlikely to work on the Librem 5). I recommend the service’s Wireguard config file for a server (location) of your choice.
Then use the Advanced Network Manager app on the Librem 5 to add the Wireguard connection and public/private keys. (The app should already be installed.)
There might be a couple of terminal commands to issue as well.
In any case, for better - but not bulletproof privacy - you want a service that doesn’t keep identifying logs.
Surveillance Capitalism!!! What a term, that’s it. That is exactly it. They’re creepy is what.
In the interests of honesty, that term was not invented by me. That credit belongs to Shoshana Zuboff or even earlier than her work. Refer: Surveillance capitalism - Wikipedia
Having read the articles you sent me I see what you are saying now. Thank you