I'm about to move and at my new address I'd like to start out more secured against my ISP and doxers/stalkers. Basically I think I should use a VPN/VPS for personal related traffic (email, shopping), another VPN/VPS for online communities, and then regular net access for random browsing (is all that overkill?). There's been articles in the past about VPN providers (feel free to recommend someone), but there's less about how to configure your network and computer to use them. I'd prefer to be able to use all three at once, but I've heard most people recommend configuring their routers to a single VPN to prevent leakage. But then one company could be logging all your traffic again or it would be easy to forget to switch to/from the VPNs. Is that necessary? Is there Linux-based software which completely restricts applications to certain networks or is that something I should manually setup through iptables and /etc network scripts? My primary OS is LMDE (Linux Mint Debian Edition) and my current router runs DD-WRT, though that might change with the new ISP.
In summary, what's a good strategy to keep the different parts of your online life segregated from each other other than simply using different user names?
Thanks for your insights.
(Score: 2, Disagree) by VLM on Monday October 02 2017, @06:44PM (1 child)
Kind of annoyed no one answered anon's question about HOW to configure this and use multiple things at the same time.
OK anon heres how something similar works for me.
Web browser connects to privoxy. privoxy routes out different directions based on if the URL ends in .onion or .i2p or whatever.
You anon are going to set up privoxy to route out based on URL ending in facebook.com vs gmail.com or WTF
For a VPN-ish connection that doesn't do socks, you have privoxy config lines like
forward .i2p the-ip-addrs-of-your-i2p-node:4444
For a VPN-ish connection that DOES do socks, you have privoxy config lines like
forward-socks4a .onion ip-addrs-of-your-tor-node:9050 .
Be careful about information leakage aka privoxy is quite handy. It doesn't "really" help if you connect to facebook.com over the vpn and get ad tracking and cookies over clearnet. Security is not a binary yes/no. This is safe enough for me for what I do which frankly isn't very exciting. I don't think the dream of "use all three at once" is possible in one browser.
I have virtualization infrastructure and run all this stuff on different isolated backed up heavily firewalled machines. So if the i2p network gets powned, the local node has access to basically nothing interesting and I could wipe and restore the vmware image from backup in a couple minutes. Likewise if there were a buffer overflow exploit in privoxy, theres nothing interesting on my privoxy machine to infect or copy.
A better system is probably run chrome in one vmware instance for normie browsing, firefox in another vmware instance for darknet, safari or something in another vmware instance for social media. One vmware instance gets infested, wipe and restart from a gold copy. Or your local equivalent of vmware, kvm or virtualbox or whatever you like.
I wonder what i2p outproxies see for tracking packets and stuff, probably some icky/interesting stuff.
(Score: 0) by Anonymous Coward on Monday October 02 2017, @11:58PM
When using Tor with a web browser, it's advantageous to use Tor Browser most of the time. If you're using (or appearing to use) Chrome or whatnot, you'll stick out. For web stuff that can't be done in Tor Browser, yes, forward-socks5 / 127.0.0.1:9050 . in the privoxy config will work.