I using Windows 10 and F-Secure Freedome VPN. Now I want to migrate to Debian and Librem 5 and looking for a VPN that I can mostly trust and use on both, because Freedome is only available as an application for Windows, Mac… they are using openVPn in the background. I don’t won’t to use a self created solution with the openVPN data for Linux, because they are not available by default In the end I’m looking for another good VPN solution.
I use PIA on Linux Mint. https://www.privateinternetaccess.com/
It’s not bad, but the client version in the repositories is old, so you should download the latest version from their website, if you go with them.
Bruh, just go to https://privacytools.io and see for yourself. Install Mullvad already. They are the #1 choice to go for. NordVPN is not legit, they log. PIA is not to be trusted anymore. Anything else these people say, ignore.
Not to go into the touchy subject area of “which VPN is best”, but assuming they all could be broken and you always have to (unfortunately) trust the service provider, and assuming building your own service is either beyond capabilities/resources or would lack something (like number of exit nodes), here is my question: is there a way to mitigate this and not have a potential single point of failure scenario? Can I have multiple VPN service providers (do they conflict in settings) and cycle connections between them (and also cycle servers) securely (think frequency hopping, for analogy)? Or something else? Or would it even help? How many would be needed for adequate protection?
What “failure” are you specifically talking about?
If “failure” means that the provider is compromised and cannot be trusted to maintain your privacy then it isn’t entirely obvious that using multiple providers mitigates that risk. It might make it worse, not better.
Putting that aside, fair question.
My concern would be that by constantly changing VPN provider, you are changing public IP address and that will break any persistent connection and that could break any protocols that are actively being used that might temporarily depend on the IP address.
So before you contemplate “frequency hopping” you would need to analyze your usage, and the protocols and applications that you are using, to see how they might be impacted.
How frequently were you going to cycle? Daily? You can ignore my point. Every 15 seconds? You would need to analyze your usage.
Seeing as this topic got necrod, we ought at least mention Librem Tunnel.
Might have to calculate transferred data and how big of a chunks would be spread to each service provider. A once per second, between 5-10 services, could probably be considered ridiculous (and probably technically unrealistic) and offending side would have to have (off the top of my head) at least 60% (preferably 80%) of those services compromised (or owned) to create a meaningful pattern/data. With longer time between hops (hours), the arrangement would probably lose ability to anonymize as even one or two services would have enough of a pattern to approximate behavior. Not that it wouldn’t have some impact never the less. It would probably be more important then to prefer using separate VPNs for separate apps/services, so that those are could not be connected. Then again, for just wanting to make one’s opponent guess and frustrated about the gaps in the data (like only having connection data for two hours every sixth hours or only every third day), that could be worth it as well. And I’m not even going to go to randomizing the pattern or piping VPNs now.
More serious reply: I was thinking closer to hours or just days (out of convenience, but if automated, could be more frequent), but also manual resetting or resetting when idle.
I had many different VPN providers in the last years. I have positive experience with AirVPN which has already been mentioned here. Currenctly I would recommend AzireVPN because it’s one of only very few providers which let you connect via Wireguard and OpenVPN. Wireguard doesn’t drain the battery as much as OpenVPN because the connection does not have to be kept alive all the time. This is a great advantage for mobile phones. Plus the speed is better than OpenVPN.