SoylentNews is people
SoylentNews
I'm about to move and at my new address I'd like to start out more secured against my ISP and doxers/stalkers. Basically I think I should use a VPN/VPS for personal related traffic (email, shopping), another VPN/VPS for online communities, and then regular net access for random browsing (is all that overkill?). There's been articles in the past about VPN providers (feel free to recommend someone), but there's less about how to configure your network and computer to use them. I'd prefer to be able to use all three at once, but I've heard most people recommend configuring their routers to a single VPN to prevent leakage. But then one company could be logging all your traffic again or it would be easy to forget to switch to/from the VPNs. Is that necessary? Is there Linux-based software which completely restricts applications to certain networks or is that something I should manually setup through iptables and /etc network scripts? My primary OS is LMDE (Linux Mint Debian Edition) and my current router runs DD-WRT, though that might change with the new ISP.
In summary, what's a good strategy to keep the different parts of your online life segregated from each other other than simply using different user names?
Thanks for your insights.
(Score: 2) by Ramze on Monday October 02 2017, @04:26PM
Great question. I suppose the answer depends on just how serious you are about separating activities and/or privacy. To tackle this, you need to know who your enemies are. Your ISP sees all of your traffic unless you have a VPN and/or use encrypted connections. Pretty much anyone you connect TO or that can run a query to an application you are running can see your IP address... so a VPN or proxy can help there. Your web browser's default setting is likely to give away your hardware and software profile to any site that asks. That info usually is enough to track the specific device you're using, so even if you visit the same site from different IP addresses and using different user/login data and even different user profiles so you get different tracking cookies, statistically the site could still figure out that you are still you -- or at least that different people are sharing the same device. That's easier to do with custom built PCs than from factory default built laptops, but it's still doable.
Perhaps the cleanest way would be to run a different virtual machine for each activity and use a VPN service to a different location for each (assuming the places you visit don't block VPN/proxy traffic). Each VM could have a different OS (even set them to different time zones), different browser, and by using a different IP address for each through the VPN, it'd be difficult to tie them together. Don't forget to run your favorite browser extensions like adblock or ublock and noscript or even user agent switchers to help fight against malicious code and tracking... and clean cookies when possible, too.
You could even create a static router VPN to one location and then use software VPNs to launch from there.
TOR is a poor alternative, but a VPN and TOR can be useful if you're in an oppressive country and need to discuss subversive topics. I highly suspect most TOR nodes are run by government agents and can use various techniques to discover IP addresses, but a VPN should help with that. Even still, most government run TOR nodes won't care about you using TOR to browse web sites -- they're after black market TOR users, not general privacy users.
You could also simply use different physical devices for different purposes and use a VPN at the router level to shift IPs, but... one slip with that, and your IP will be detected by different sites. I know Amazon and most banking services know when you log in from a new device or location based on IP and they log that... and once it's logged, it's tied to your acct which defeats the purpose.