SoylentNews is people
SoylentNews
I'm about to move and at my new address I'd like to start out more secured against my ISP and doxers/stalkers. Basically I think I should use a VPN/VPS for personal related traffic (email, shopping), another VPN/VPS for online communities, and then regular net access for random browsing (is all that overkill?). There's been articles in the past about VPN providers (feel free to recommend someone), but there's less about how to configure your network and computer to use them. I'd prefer to be able to use all three at once, but I've heard most people recommend configuring their routers to a single VPN to prevent leakage. But then one company could be logging all your traffic again or it would be easy to forget to switch to/from the VPNs. Is that necessary? Is there Linux-based software which completely restricts applications to certain networks or is that something I should manually setup through iptables and /etc network scripts? My primary OS is LMDE (Linux Mint Debian Edition) and my current router runs DD-WRT, though that might change with the new ISP.
In summary, what's a good strategy to keep the different parts of your online life segregated from each other other than simply using different user names?
Thanks for your insights.
(Score: 2) by Grishnakh on Monday October 02 2017, @04:47PM (2 children)
Again, I just haven't looked into this very hard, so if there's a really simple explanation, I'm sorry for the dumb question. But in Ktorrent, there is actually a setting where you can direct your traffic to go over a specific network interface (e.g., "tun0"). But what I haven't seen (again, I haven't looked that hard) is how to direct *the rest* of your traffic (namely Firefox) back to the non-tunneled interface: it *all* just goes over the tunnel by default. A very quick look at Firefox's settings yields a "connection settings" selection under "advanced", but the only thing that seems to allow is setting it up to use proxies, not to select network interfaces. I haven't looked into the mess that is about:config.
Yes, ideally, having 3 instances of the browser each running over a different VPN seems to be ideal, and also seems to be exactly what the OP is asking for. The question is, how do you do this? Do you need to set up 3 proxy servers, each connected to a different tunnel? And is it even possible to have one browser with multiple instances, each connected to a different proxy or interface?
(Score: 2) by bzipitidoo on Monday October 02 2017, @05:20PM (1 child)
The easiest way can be separate systems. Separation is possible on many different levels. As mentioned, could run multiple instances of the same browser. Or, could run different browsers, using Firefox for one set of websites, Chrome for another set, and Vivaldi for yet another. Of course there aren't that many different browsers around.
Better to run multiple instances of your favorite browser under different user accounts, which is relatively easy to do in Linux. One barrier to this is XWindows, which by default will not let apps from more than one user run in the same GUI, but an easy (and I suppose not too secure) way to work around that is the command "xhost +". In a command line terminal, switch to the root user ("su" in many Linux distros, "sudo su" in Ubuntu flavors), issue the command "xhost +", then switch to whatever user account you've set up ("su - userb"), run your browser, and enjoy. I do not know, but it must surely be possible and even fairly easy to configure iptables to route traffic based on user ID, so traffic from different user accounts could go through different VPNs if desired.
For greater separation, could set up one or more virtual machines, and run browsers inside them. One advantage is each can have its own VPN. Makes configuration even easier. Of course, could also do that with real, physical machines.
(Score: 2) by frojack on Monday October 02 2017, @05:48PM
The problem isn't in HIS machine.
The problem is in His upstream provider.
A properly sequestered web browser [pr0gr4mm3r.com] running in a jail, or even a different machine, can most certainly send its display and via X11.
This is a long solved problem, and not exactly what the OP was trying to solve.
The problem is that everything done by that browser is going through a single upstream that he does not trust, even with encrypted connections.
No, you are mistaken. I've always had this sig.