Previous Page

nihilist@mainpc - 2024-06-27

How to get privacy from your ISP using a VPN

OPSEC Recommendations:

  1. Hardware : PC / Laptop / Homeserver / Remote Server

  2. Host OS : Linux

  3. Hypervisor: libvirtd QEMU/KVM

  4. VM : Linux

I recommend to use that setup as part of your Privacy Use online, to hide what you are browsing online from your ISP

Why does Bob need a VPN to begin with ?

Bob now has Linux as his host operating system on his computer, with a debian private VM setup thanks to the QEMU/KVM hypervisor. Now as per his private internet usage in his debian VM, he was thinking: "My Debian VM only has open source software, but who else may spy on me?"

As he browsed the web from his linux laptop he realised one thing; He's paying for an internet connection. A company is offering the internet service to his house.

Meaning, that when Bob is browsing the web on google.com; youtube.com or duckduckgo.com, his internet service provider can see that he's connecting there!

That doesn't sit well with Bob. Bob decides that his ISP shouldn't be aware of what he's doing with his internet usage. Therefore, he wants to use a VPN.

But thing is, Bob realises that the VPN market is over-saturated, there's a lot of choice. He wants to know what's the best VPN out there. After browsing for some time, he found this article from Privacy Guides where they compare popular VPN services according to their standards. From there, Bob decides he's going to try to use Mullvad VPN.

Purchasing a VPN



Bob goes on mullvad.net to purchase the VPN (which is 5 euros monthly)

Here Bob can pay with various means. For ease of use he can pay using his credit card for example, but as we'll see in later tutorials on decentralised finances, Monero is the ideal payment choice for financial privacy.

So Bob pays for the VPN, then his account has time added:


# Download the Mullvad signing key
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc

# Add the Mullvad repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Or add the Mullvad BETA repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list

# Install the package
sudo apt update
sudo apt install mullvad-vpn
	
# Connect to Mullvad VPN
mullvad account login
Enter an account number: 91320912809328832
Mullvad account "91320912809328832" set

# Connect to the VPN:
mullvad lockdown-mode set on
mullvad connect

curl ifconfig.me
194.127.199.92

From there, Bob can launch the VPN from his desktop:

And he can see that his IP got changed accordingly to the location he picked:

The VPN is also protecting against DNS and WebRTC leaks, according to https://mullvad.net/en/check

Now that you are using Mullvad as a VPN, you can also use their Mullvad Browser, which is basically a Hardened Firefox based off the Tor Browser:


[ mainpc ] [ /dev/pts/3 ] [~/Nextcloud/blog]
→ apt search mullvad
Sorting... Done
Full Text Search... Done
mullvad-browser/unknown,now 13.5.1-1 amd64
  Mullvad Browser

mullvad-vpn/unknown,now 2024.4 amd64 [installed]
  Mullvad VPN client

[ mainpc ] [ /dev/pts/3 ] [~/Nextcloud/blog]
→ apt install mullvad-browser -y

[ mainpc ] [ /dev/pts/3 ] [~/Nextcloud/blog]
→ mullvad-browser

And from there you can browse the web using the same VPN connection:

From there, just like on the Tor Browser, you can protect against fingerprinting by setting the security level here:

If you want to reduce your fingerprinting attack surface as much as possible, you can choose to disable javascript by selecting the "Safest" security level, but it may break some websites functionnality.

Conclusion



So now currently, Bob has managed to setup a Debian VM (with only open source software) with a VPN in order to use it and gain privacy from his ISP.

Currently, Bob's setup is suitable for Public use (thanks to his windows VM), AND suitable for Private use too (thanks to his debian VM with the VPN setup).

However you can also setup the VPN from the Host OS directly, so that every VM in it goes through the VPN.

Next, Bob can setup KeepassXC to implement proper Password Management.

Nihilism

Until there is Nothing left.



Creative Commons Zero: No Rights Reserved

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@contact.nowhere.moe (PGP)