Sorry if this is not the high brow discussion this com is for.
I travel a lot between different countries in the Middle East which have restrictive laws, and I live in one that is slowly becoming more competent technologically. I have to stay for an extended time in different places, so I’ve been connecting through always-on VPN out of the same place and it’s been working fine for now. But Digital ID laws are quickly going to close things off from me.
My risks that I’m trying to avoid are as follows: Locally, I want to make sure my IPs aren’t connected to public accounts. I don’t say anything online that can put me in jail for the most part, but I don’t trust that this will always be the case. I also would appreciate being a bit separated from the local internet. Elsewhere, I also don’t want my traffic to be monitored or my accounts to be tied back to my personal identity. For example, I don’t want to land in Dubai and to have my Steam account permanently affected by having “Spec Ops the Line” (banned game there) in my account (silly thing to worry about, but this is one tiny example out of many small issues that pile up). Plus, a lot of the internet is not accessible from these places, and I don’t like that, regardless of whether or not I want to peruse inaccessible internet stuff from there.
This has come with some serious downsides (online services are more expensive in Europe, where I have historically exited from), but it was/is worth the cost for me. Ironic that many VPN users seem to be trying to connect in the opposite direction than me (out of rich countries rather than in).
I’ve just been permanently using a single reputable VPN and single exit city for all of my traffic for the past while. Digital ID laws in the UK and EU will make this increasingly infeasible and I will probably have to exit out of somewhere new like Switzerland. I don’t know if those servers might be more trouble due to increased abuse for example.
Just want to know how others are dealing with this. Is just stomaching the wave of verifications after logging into all my emails from a new country the only price to pay? Is the world going to shit and should I rethink “just” using a VPN? Is it VPS time now that more and more things are being blocked from VPN access? Do I give up on the internet a decade ahead of schedule and chop wood in the woods until Israel’s AI mistakes my shack for a children’s hospital and drops heavy munitions on me?
I’m really hesitant to start using two sets of devices, some for insecure local traffic and some for encrypted traffic. I don’t think carrying like four laptops through airport security would keep eyes off of me.
OpenWRT has a package called mwan3 that in tandem with dnsmasq can allow you set the IP addresses associated with a DNS entry to a particular VPN/country.
Finding a unicorn country where everything works and all traffic is routed is getting increasingly difficult. For example, if a US news site didn’t want to implement GDPR, it geolocates all users outside the US and blocks them, whilst other US services start to require ID/age verification to post content for non-US users so accessing both easily requires switching location.
I suspect we will see more services and technology to be able to deal with this complex cat and mouse game of destinations (websites/services) and origin counties. You can typically get by with a few rules/countries today, but I think that is getting harder.
CDN’s may pose a problem if the DNS resolves to a shared IP address, so IPv6 can help, but many VPN’s do not support it. For some services we may just have to accept there is no easy way to use them unless tools improve (e.g. the browser/application auto-selecting from multiple interfaces)
You’ve hit the nail on the head, my own post is a bit meandering and this is what I was going for. I hate how many hoops one needs to jump through for basic anonymity online nowadays.
I think this would be infeasible outside of very narrow use cases, but I don’t know. I don’t have an advanced networking setup, but the way I see it, if I, say, route service A and B to connection 1 and service C to connection 2, I only have control over individual IP ranges/DNS entries. So if my bank IP is routed to connection 1 and one new security background service their app/site uses goes to connection 2, something can get flagged, and I could face an unpleasant with the bank/law. I’ve been trying to avoid things like this. (I have a very rudimentary understanding of networking, I’m not super comfortable doing all of this manually).
I feel as though the most logical way about it would be to compartmentalize connections by application, but I wasn’t able to find an easy way to do this. For example, splitting off a browser window and having that exit from somewhere else. I know split tunneling exists in the basic Mullvad client, and I guess I can just throw my whole network on Connection 1 and route Connection 2 through it (meaning when I split tunnel I find myself on connection 1) but in that scenario I’m doing myself even less favors re: latency and headroom and all that good stuff.
And that’s just the computers. I use a phone as well.
@deffard@lemmy.world mentioned getting a openwrt travel router as the last and kind of most extreme thing on the list. But its the easiest thing to do. Glinet has good ones with a custom (proprietary) openWRT variant on it with a simpler GUI but they are compatible with plain openWRT if you are able to manage it its probably better.
You can do much of that other stuff on the router then connect from other devices and have it follow the rules.
I use multiple gluetun containers with connections to various endpoints, each provides a proxy and I use foxyproxy firefox addon to switch between the proxies manually (as well as setting up rules), works pretty well for me.
As to phone, wireguard to your computer will minimize duplicating effort.