Sorry if this is not the high brow discussion this com is for.
I travel a lot between different countries in the Middle East which have restrictive laws, and I live in one that is slowly becoming more competent technologically. I have to stay for an extended time in different places, so I’ve been connecting through always-on VPN out of the same place and it’s been working fine for now. But Digital ID laws are quickly going to close things off from me.
My risks that I’m trying to avoid are as follows: Locally, I want to make sure my IPs aren’t connected to public accounts. I don’t say anything online that can put me in jail for the most part, but I don’t trust that this will always be the case. I also would appreciate being a bit separated from the local internet. Elsewhere, I also don’t want my traffic to be monitored or my accounts to be tied back to my personal identity. For example, I don’t want to land in Dubai and to have my Steam account permanently affected by having “Spec Ops the Line” (banned game there) in my account (silly thing to worry about, but this is one tiny example out of many small issues that pile up). Plus, a lot of the internet is not accessible from these places, and I don’t like that, regardless of whether or not I want to peruse inaccessible internet stuff from there.
This has come with some serious downsides (online services are more expensive in Europe, where I have historically exited from), but it was/is worth the cost for me. Ironic that many VPN users seem to be trying to connect in the opposite direction than me (out of rich countries rather than in).
I’ve just been permanently using a single reputable VPN and single exit city for all of my traffic for the past while. Digital ID laws in the UK and EU will make this increasingly infeasible and I will probably have to exit out of somewhere new like Switzerland. I don’t know if those servers might be more trouble due to increased abuse for example.
Just want to know how others are dealing with this. Is just stomaching the wave of verifications after logging into all my emails from a new country the only price to pay? Is the world going to shit and should I rethink “just” using a VPN? Is it VPS time now that more and more things are being blocked from VPN access? Do I give up on the internet a decade ahead of schedule and chop wood in the woods until Israel’s AI mistakes my shack for a children’s hospital and drops heavy munitions on me?
I’m really hesitant to start using two sets of devices, some for insecure local traffic and some for encrypted traffic. I don’t think carrying like four laptops through airport security would keep eyes off of me.
OpenWRT has a package called mwan3 that in tandem with dnsmasq can allow you set the IP addresses associated with a DNS entry to a particular VPN/country.
Finding a unicorn country where everything works and all traffic is routed is getting increasingly difficult. For example, if a US news site didn’t want to implement GDPR, it geolocates all users outside the US and blocks them, whilst other US services start to require ID/age verification to post content for non-US users so accessing both easily requires switching location.
I suspect we will see more services and technology to be able to deal with this complex cat and mouse game of destinations (websites/services) and origin counties. You can typically get by with a few rules/countries today, but I think that is getting harder.
CDN’s may pose a problem if the DNS resolves to a shared IP address, so IPv6 can help, but many VPN’s do not support it. For some services we may just have to accept there is no easy way to use them unless tools improve (e.g. the browser/application auto-selecting from multiple interfaces)
Finding a unicorn country where everything works and all traffic is routed is getting increasingly difficult. For example, if a US news site didn’t want to implement GDPR, it geolocates all users outside the US and blocks them, whilst other US services start to require ID/age verification to post content for non-US users so accessing both easily requires switching location.
You’ve hit the nail on the head, my own post is a bit meandering and this is what I was going for. I hate how many hoops one needs to jump through for basic anonymity online nowadays.
OpenWRT has a package called mwan3 that in tandem with dnsmasq can allow you set the IP addresses associated with a DNS entry to a particular VPN/country.
I think this would be infeasible outside of very narrow use cases, but I don’t know. I don’t have an advanced networking setup, but the way I see it, if I, say, route service A and B to connection 1 and service C to connection 2, I only have control over individual IP ranges/DNS entries. So if my bank IP is routed to connection 1 and one new security background service their app/site uses goes to connection 2, something can get flagged, and I could face an unpleasant with the bank/law. I’ve been trying to avoid things like this. (I have a very rudimentary understanding of networking, I’m not super comfortable doing all of this manually).
I feel as though the most logical way about it would be to compartmentalize connections by application, but I wasn’t able to find an easy way to do this. For example, splitting off a browser window and having that exit from somewhere else. I know split tunneling exists in the basic Mullvad client, and I guess I can just throw my whole network on Connection 1 and route Connection 2 through it (meaning when I split tunnel I find myself on connection 1) but in that scenario I’m doing myself even less favors re: latency and headroom and all that good stuff.
And that’s just the computers. I use a phone as well.
I feel as though the most logical way about it would be to compartmentalize connections by application, but I wasn’t able to find an easy way to do this. For example, splitting off a browser window and having that exit from somewhere else
I use multiple gluetun containers with connections to various endpoints, each provides a proxy and I use foxyproxy firefox addon to switch between the proxies manually (as well as setting up rules), works pretty well for me.
As to phone, wireguard to your computer will minimize duplicating effort.
Digital ID laws in the UK and EU will make this increasingly infeasible
Sorry I might have missed something… Is this Tony Blair’s little hobby horse for the past 30 years or is a more substantial plan in the works?
TBH I am getting discouraged on the VPN thing. I have been using it 100% of the time for years. I used to get ads corresponding to the exit location. But now I occasionally get ads corresponding to my actual location (down to the neighborhood).
But of course I do all sorts of online business where my address is provided, and when I do that I can easily be fingerprinted I assume. So somehow, it’s gotten linked up in the back end.
Have you tried checking for leaks? You might be having IP or DNS leaks that’s contributing to it.
Disable IPv6 on your router or primary interface, and enable it on your VPN. If anything can discover an Internet IP on your PC, the link can be formed. Worst case, you are not using the VPN for IPv6 at all.
As of right now, Nexus Mods and Reddit are enforcing these new laws. I don’t use either site very often (the latter not since the API exodus). My understanding is that it’s mandatory for platforms of a certain size in the UK after the 25th of July.
The UK is kind of a perfect exit node country (everything is in English!)
What about somewhere closer like Singapore? Stuff is mostly still in English and their network is fast.
Not sure I follow the problem here. Is it easier in the countries you are in to get blocked for using vpns? I mean if the goal is to access games and stuff i would just use a good vpn , mullvad is the only one i still have good trust in.
Start using onion sites for sensitive stuff. If you use a always on vpn , then you dont have to worry about state actors seeing that you are using tor.
The thing you really should watch it for is your phone. If you can the best is to use a phone without sim card and with GOS on it, preferably with a broken papertrail and no sim card use previously. If you need internet on the go use a sim card in a travel router and connect that via vpn to your devices. But no tech solution would save you from user error of course.
And use a secure email service , I use tuta wich never complaints about my vpn. Other stuff sure but i dont miss those sites. Good ones will lift any blocks if you ask.
VPS is of course an option , but it does have the downside of not being able to blend in with the crowd.
For the legal issues yeah UK is a bad option. But any EU country should be fine even if they in the eyes programme. Germany have decent privacy laws still. Iceland as well. But for me I just use another closer to home. I trust mullvad enough (and they dont know anything about me in form of payments or identification)
And stop using services that blocks you. There are alternatives for a lot.
I don’t think you need separate laptops, but a separate router may be useful.
If you use Linux, you can have apps isolated to their own lightweight network namespaces (like containers), using different VPNs. Otherwise VMs can serve a similar purpose on Windows and Macs.
Iptables can also be used to block traffic, and force it through proxies (which can be whitelisted by uid/gid) or VPNs.
If you want a more secure VPN setup, I’d even recommend having the VPN(s) running on the router (eg. portable OpenWRT setup) so your laptop never gets offered a public IP / connects directly to network. Put a proxy on it for special (eg. DNS based) routing exceptions, like banking from real IP, reddit via the US, etc.
