blog-contributions/opsec/vpn/index.html

266 lines
12 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>How to get privacy from your ISP using a VPN</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-06-27</ba></p>
<h1>How to get privacy from your ISP using a VPN </h1>
<p><h2><u>OPSEC Recommendations:</u></h2></p>
<ol>
<li><p>Hardware : PC / Laptop / Homeserver / Remote Server</p></li>
<li><p>Host OS : <a href="../linux/index.html">Linux</a></p></li>
<li><p>Hypervisor: <a href="../hypervisorsetup/index.html">libvirtd QEMU/KVM</a></p></li>
<li><p>VM : <a href="../hypervisor/index.html">Linux</a></p></li>
</ol>
<p>I recommend to use that setup as part of your <a href="../privacy/index.html">Privacy Use</a> online, to hide what you are browsing online from your ISP</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Why does Bob need a VPN to begin with ? </b></h2>
<p>Bob now has <a href="../linux/index.html">Linux</a> as his host operating system on his computer, with a debian private VM setup thanks to the <a href="../hypervisorsetup/index.html">QEMU/KVM hypervisor</a>. Now as per his private internet usage in his debian VM, he was thinking: <b>"My Debian VM only has open source software, but who else may spy on me?"</b></p>
<p>As he browsed the web from his linux laptop he realised one thing; He's paying for an internet connection. A company is offering the internet service to his house.</p>
<img src="0.png" class="imgRz">
<p>Meaning, that when Bob is browsing the web on google.com; youtube.com or duckduckgo.com, his internet service provider can see that he's connecting there!</p>
<p>That doesn't sit well with Bob. <b>Bob decides that his ISP shouldn't be aware of what he's doing with his internet usage.</b> Therefore, he wants to use a VPN.</p>
<img src="1.png" class="imgRz">
<p>But thing is, Bob realises that the VPN market is over-saturated, there's a lot of choice. He wants to know what's the best VPN out there. After browsing for some time, he found this article from <a href="https://www.privacyguides.org/en/vpn/">Privacy Guides</a> where they compare popular VPN services according to their standards. From there, Bob decides he's going to try to use <a href="https://kycnot.me/service/Mullvad">Mullvad VPN</a>.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Purchasing a VPN</b></h2> </br> </br>
<p>Bob goes on mullvad.net to purchase the VPN (which is 5 euros monthly) </p>
<img src="2.png" class="imgRz">
<img src="3.png" class="imgRz">
<img src="4.png" class="imgRz">
<img src="5.png" class="imgRz">
<p>Here Bob can pay with various means. For ease of use he can pay using his credit card for example, but as we'll see in later tutorials on <a href="../finances/index.html">decentralised finances</a>, <a href="../monero2024/index.html">Monero</a> is the ideal payment choice for financial privacy.</p>
<p>So Bob pays for the VPN, then his account has time added:</p>
<img src="6.png" class="imgRz">
<img src="7.png" class="imgRz">
<pre><code class="nim">
# Download the Mullvad signing key
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
# Add the Mullvad repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Or add the Mullvad BETA repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Install the package
sudo apt update
sudo apt install mullvad-vpn
# Connect to Mullvad VPN
mullvad account login
Enter an account number: 91320912809328832
Mullvad account "91320912809328832" set
# Connect to the VPN:
mullvad lockdown-mode set on
mullvad connect
curl ifconfig.me
194.127.199.92
</code></pre>
<p>From there, Bob can launch the VPN from his desktop:</p>
<img src="8.png" class="imgRz">
<p>And he can see that his IP got changed accordingly to the location he picked: </p>
<img src="9.png" class="imgRz">
<p>The VPN is also protecting against DNS and WebRTC leaks, according to <a href="https://mullvad.net/en/check">https://mullvad.net/en/check</a></p>
<p>Now that you are using Mullvad as a VPN, you can also use their Mullvad Browser, which is basically a Hardened Firefox based off the Tor Browser:</p>
<pre><code class="nim">
[ mainpc ] [ /dev/pts/3 ] [~/Nextcloud/blog]
→ apt search mullvad
Sorting... Done
Full Text Search... Done
mullvad-browser/unknown,now 13.5.1-1 amd64
Mullvad Browser
mullvad-vpn/unknown,now 2024.4 amd64 [installed]
Mullvad VPN client
[ mainpc ] [ /dev/pts/3 ] [~/Nextcloud/blog]
→ apt install mullvad-browser -y
[ mainpc ] [ /dev/pts/3 ] [~/Nextcloud/blog]
→ mullvad-browser
</pre></code>
<p>And from there you can browse the web using the same VPN connection:</p>
<img src="11.png" class="imgRz">
<img src="12.png" class="imgRz">
<p>From there, just like on the Tor Browser, you can protect against fingerprinting by setting the security level here:</p>
<img src="13.png" class="imgRz">
<p>If you want to reduce your fingerprinting attack surface as much as possible, you can choose to disable javascript by selecting the "Safest" security level, but it may break some websites functionnality.</p>
<img src="14.png" class="imgRz">
<br><br><br><br>
<h2><b>Mobile Setup</b></h2> </br> </br>
<p><h2><u>OPSEC Recommendations: </u></h2></p>
<ul>
<li><p>Hardware: Google Pixel</p></li>
<li><p>Host OS: <a href="../graphene/index.html">Graphene OS</a></p></li>
<li><p>Configuration: Can be set in the Private or Anonymous Profile</p></li>
</ul>
<p>
Of course, Bob can set Mullvad up on mobile as well. He searches for Mullvad in the F-Droid store and then clicks Install. Leaving the default Network permission, he clicks Install on the pop-up.
<img src="m1.png" class="imgRz">
</p>
<p>
Once the app is downloaded, Bob opens it up. Bob agrees to the Mullvad's privacy policy and then grants notification permissions. Finally, he enters his account information and clicks Login.
<img src="m2.png" class="imgRz">
</p>
<p>
Mullvad will alert Bob to the fact that the connection is unsecured. Bob clicks Secure my connection to connect. If it is Bob's first time using Mullvad, he will need to grant it permission to establish a VPN connection. Bob should now be connected!
<img src="m3.png" class="imgRz">
</p>
<p>
To verify the mobile connection, Bob navigates to <a href="https://mullvad.net/en/check">https://mullvad.net/en/check</a> and ensures the connection is not leaking any information.
<img src="m4.png" class="imgRz">
</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Conclusion</b></h2> </br> </br>
<p>So now currently, Bob has managed to setup a Debian VM (with only open source software) with a VPN in order to use it and gain privacy from his ISP.</p>
<img src="10.png" class="imgRz">
<p>Currently, Bob's setup is suitable for Public use (thanks to his windows VM), AND suitable for Private use too (thanks to his debian VM with the VPN setup).</p>
<p>However you can also setup the <a href="../vpnqemu/index.html">VPN from the Host OS directly</a>, so that every VM in it goes through the VPN. </p>
<p>Next, Bob can setup KeepassXC to implement proper <a href="../passwordmanagement/index.html">Password Management</a>.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>