I feel this is misleading because it's actually just an advertisement for the author's software. But keep in mind that the entire point of using a VPN is plausible deniability. You aren't anonymous because any sufficiently sophisticated adversary can monitor your traffic and the VPN's traffic and correlate the two. Your defense comes from being able to claim that another user was controlling the VPN at that time. So rolling your own VPN isn't a good idea unless it also generates false traffic.
Well, my script is free + open source, so I think "advertisement" has some connotations that aren't quite fair :-) It's not really "my" software - all the real work is done by OpenSSH, which is heavily reviewed, supports NAT traversal, and you probably already have it installed. All credit to OpenSSH, all faults are my own. I would love it if this prompted a discussion of this "VPN" strategy, and my script's functionality found its way into core SSH.
It's definitely not appropriate for doing something illegal or where you want plausible deniability for other reasons. I point that out fairly clearly in the README, though I should have made it clearer in the blog.
I would wager though that many VPNs don't actually offer much more security than this. The good ones (LavaBit, CryptoSeal) did. How do you verify that your VPN provider isn't handing over this information just as readily as this approach does?
Generating false traffic is a good idea, but I don't think you should rely on that if you want to use this for illegal purposes.
Nah, I didn't read it that way. It seems to me it says "hey, OpenSSH can already do tunnels very effectively, but it's not very easy, so here's a quick script I wrote to make it easier".
The author gain to reader gain is really, really low in this case, so I don't think it's content-free linkbait.
No worries! I'm sorry you felt the title was unrelated; I like more "flowery" titles, and we have the "same title" rule on HN.
The point I was trying to make with the title is that OpenSSH does a lot of what a full "VPN" does, yet is a _lot_ easier to configure than anything else I've encountered. Apart from PPTP, which is apparently the "rlogin" of VPNs ;-)
free652 posted an even easier approach here, which sets up a SOCKS proxy with no extra configuration. If SOCKS is good enough, you should use that! If you want full tunneling, hopefully we can make my script easier / unnecessary.
But keep in mind that the entire point of using a VPN is plausible deniability.
Err.. no it's not.
The point of using a VPN is protection against eavesdropping.
Some may use it for plausible deniability, but that isn't even the most frequent use case (I'd imagine the most frequent use is access to corporate networks).
Sorry, the entire point of using a VPN for privacy.
"Privacy" yes - as in avoiding eavesdropping. NOT for plausibly deniability.
To quote the post:
I use VPNs not for illegal purposes, but (1) to get IPv6 wherever I am, (2) to prevent casual snooping on my web traffic (the Firesheep scenario) and (3) to get onto a ‘private’ network.
None of those purposes require plausibly deniability.
> But keep in mind that the entire point of using a VPN is plausible deniability
People usually reach for a VPN when they do not trust the link they are using. e.g. it's coffee shop wireless. A VPN obscures the traffic travelling over the dangerous link and delivers it to the endpoint where it is usually on-routed.
On the whole, VPN's do NOT provide anonymity, they provide privacy. VPN connections always need a fixed endpoint which likely has some sort of billing relationship with you.
If you really want to help with privacy and stuff and also think long term, it would certainly be better to invest in an internet router where you can directly install TOR (as relay). If a lot of people would do this you could solve the slowness and make it even harder to identify users.
Imagine some ISPs start rolling out such routers per default.
VPN is used for telecommuting. Without VPN, the company would have to expose a lot of intranet services to the internet for us to be able to work from home, and to be on call at night would entail staying at the office all night.
The fact that the first (only) use for VPN you can think of is to hide criminal activity says a lot about you, really.
Because it can protect the sensitive (internal corporate network) information while its travelling over untrusted networks, with the destination being none the wiser.
Bridging two networks (or a host and a network) together securely over the internet has far more applications than merely telecommuting and is so effective and easy to apply, why not use it to protect your Facebook session while you're at the coffee shop?
