 And welcome to the homelab show episode 49. Do you need a VPN and One while we're almost to 50 and do you need a VPN is gonna be a Topic that's a little bit complicated because you may have noticed if you follow me and Jay's channels We don't shill for a lot of VPN companies. They're not like the Sponsor of choice for us because well, we got opinions and We're we're very careful about who will take on a sponsor so I will admit full disclosure Yes, there is an affiliate code I do have for PIA and I I've said the same joke when I've done videos that if you'd like to sign up and you insist on Signing up anyways, even though I said this is probably not a good use case There's an affiliate link. I mean if you're gonna sign up using affiliate link, but It's not not the same as being sponsored and paid for by VPN company And I don't have to do the silly ad reads that are everywhere We'll be talking about that in this one before we get into this video We do have to think a sponsor because we you know So got to keep pay the bills and we like this sponsor and you can use them for VPN We'll talk about this use case is the node They are still sponsoring a show since the beginning and they have been great to work with inner a great service If you're listening to this and downloaded off your favorite podcast app You will have downloaded this from a Linode server. They are very Linux user friendly Which is also, you know, one of the reasons we like them But they have a lot of different things you can run lots of pre-built packages or one of the many packages and things and processes We've talked about on here frequently can be done and spun up in a Linode server So if you don't want to run all this stuff at home run it on the node Why not? And of course, there's no use case if you want to have a VPN that hides things from your You know ISP well, Linode's a good place to Traverse that traffic over and you can set a VPN up into Linode server I even got a video where I break down how to do that how to build a server in a cloud with wire guards There's all kinds of fun things you can do with Linode. We thank them for being a sponsor to show and let's jump into the topic Let's do it. All right. Oh also for anyone watching this live J J fancied up the studio a bit. I think it's pretty cool. So yeah It's it's not completely done because I think anyone that's eagle-eyed will see like a strip of white that you know Still has yet to be done, but Yeah, it's part of the transformation I spent like an entire Saturday between that and a ceiling tile. Yeah, how is it guilty after that? But I think it's paying off Yeah, me and him both I remodeled first and then now Jay's getting around remodeling So then you start noticing the differences in our videos You're like, hey wait that was some of the new studio And he also realized that Jay already had some pre-recorded content because you'd be like wait He just reads the video today, but it looks like the old studio. Oh, yeah It's gonna be back and forth for a while because I have some videos done a month ahead in various stages of the office So it's kind of one of those things eventually the older content ages out and then the newer contents all that's left So you'll see kind of like back and forth between the two So it's kind of interesting like continuity errors and YouTube, you know Yeah Now we should probably start with the different types of VPN because the question of whether you need to VPN You first have to define what you're using a poor or what types of VPN there are and the two First major types are gonna be is this a privacy VPN? Or is this a I want to connect to my home VPN. So there's still VPNs But there's often conflation that goes around when people think they need a VPN And this comes to the fact that especially in the non-technical space the overselling of a lot of these VPNs Have people misunderstanding it people who don't understand tech are advertising it through different social media or podcast or YouTube or wherever You see this and it makes people start completing what they need the VPN for now Let's cover real quick though first the What I consider extremely legitimate most common uses for VPNs Obviously business is going to be kind of a given we're not going to spend too much time on it But you're often VPN, you know my wife VPNs because she works from home. So she VPNs into a work computer Technically I kind of work from home now My studio has been moved to my house. So I VPN back into my office where the servers are that's kind of the same use case Those are really going to be just something you need because if you're not going to expose all your Services whether they're at your home or your business and you want to be at a different location in those services You want access to VPNs are good secure way to do this I've commented before when I did some my farewell videos I said look at the lack of ports Tom has open at his house because he uses wire guard on his phone to access The things locally that he cares about which is mostly just looking at the Synology surveillance station cameras Why expose it if there's a flaw found that would be scary less scary is just having wire guard exposed and you know as long as they don't find a flaw in wire guard I can just VPN in and so those are common VPNs for those two different types Now then we get a little bit more confusion because there's kind of subtypes of the VPN transport protocols themselves IP sec exists. We're aware of it But we're not going to spend a lot of time talking about it because obviously use greatly in the commercial space for site to site Less used in the homelab environment, which is more our target audience for that Then we can narrow it down further to say wire garter open VPN. Now. There's a lot of interesting things because it's a Watching the horse races essentially here. Who's the winner and no one's gonna start just clamoring away going Oh, definitely wire guard wire guards the newer faster fancier protocol Until you look at what they're doing at open VPN There's a lot of changes coming down the pipe out of scope to dive into the details of them But the modern versions of open VPN with a lot of the way they're changing it is gonna end up being really really fast So open VPN for whatever reason people tell me they think it's kind of dead It's not dead and it's actually being very actively developed and revamped to support much faster transfer speeds Because of a lot of you know reworking of code enhancements though right now in today and the normal versions Yes, you can find generally speaking you'll get a little bit more performance than a wire guard But by the way wire guard is a VPN protocol versus open VPN is a VPN protocol plus a framework for authentication Keep that in mind because if you do need authentication not everyone in a homelab does it's just you Managing user authentication can be Well, it's an add-on for a wire guard. It's not natively built into it functionally Right. Yep. Yep total agreement another use case We probably won't go into this but I'll mention it just so you know, everybody knows that it's a thing In businesses, especially those that work with the cloud They might have a VPN to their local ear Excuse me from their local data center to the cloud provider like Amazon web services or something like that that way their servers can You know hit the cloud servers as if they were also local That's very common that what we're going to be talking about today but of course that's another business use case and Yeah, open VPN is still going to be a thing for the foreseeable future And I don't really see it as one replacing the other but I see this choice If you like where guard better use it if you like open VPN better use that I don't think anyone's gonna come to your house and say shame on you for using the wrong thing They will do that online though in the comments any discussion forums But as long as you filter those out just do whatever is right for you, right? That's that's what that's all that matters. Yeah an important part both are well vetted secure protocols that have been kept up to date now kind of The other by the way use case and we'll throw a note in there if you are building a series of things in linoad and you want to treat it Like local that's another absolute use case to have a persistently tied Maybe you set up your firewall to be persistently tied to your linoad instances. So they're always online now We're not gonna forget about overlay VPNs essentially overlay networks or overlay VPN The is kind of a new category and the two really big popular products in this space is going to be tail scale and Zero tier they're both awesome. I'll run her up I guess you could say is nebula nebula is pretty awesome. It's more focused on DevOps. I've done a video on it I'm actually friends with the developer and Define networking the name of the company that supports it's an open source one and I Seen someone comment that they didn't think it scaled. I'm like you realize this is what slack He's just to manage all of their back-end servers So it's definitely a cool protocol in terms of scale, but it's also the most complicated one to set up So it's not necessarily for everyone in the homelab, but the other ones are definitely good and they solve the problems differently because the Zero tier and overlay VPNs in general solve it by building what the word mesh is not exactly correct But you're dealing with a network where you're just adding extra network adapters that puts you Adjacent without having to actually go for the site to site But this also then involves third parties in the case of tail scale if you're using Their servers it bounces off of their servers to get the connectivity rolling that way two different devices They you have to have a public essentially third party not to be able to intercept in the traffic But to be able to coordinate the traffic to figure out where all the nodes are and make all the connections as they need to be So those are just so we covered the breadth of the different types of VPNs. Yep All right now VPNs don't sponsor our channels because and this is where me and Jay We believe this and that's actually we titled this those part of the show notes was that and we just I Don't like the overselling of pretending that if you don't use a VPN, you're not secure This is implied maybe not directly said but as I said earlier you have so many people Especially in the non-technical space, you know, I watch different YouTube videos or whatever I even was listening to a podcast where you know, I'm just completely unrelated topics They're just talking about some so show biz stuff But the repose for an ad for a privacy VPN and I'm like really you guys are the most non-technical group of people you're talking about, you know performance arts and show business, but you got a VPN ad in here and Because of that, it's a dry ad read and it doesn't completely have the context because these persons not technical This is because VPNs are easy to sell online. They're really cheap You set up a subscription and it's easy money. So because with any market where there's money There's almost always overselling of that product even when you don't need it. So this is The number of people and this is going back to that broad audience a podcast and in people who are creating content Advertising for it. I mean you could have and this isn't a legit Symptom of this problem. We've had business owners that we manage and my day job You know owning a company and managing it where they go Hey, do I need a VPN at work so I can connect to my bank? I'm like, why? well, I was listening to this show unrelated to tech at all of course and They keeps advertising this VPN. So I signed up for it, but I'm really not understanding how that made me more secure Or should I be using it? I'm like, no and stop quit loading extra things in your computer and tunneling it and Causing problems that you know at their home. So but yeah, yeah, it just drives me nuts And it's just this overselling of it. Yeah, it's blanket overselling now. We'll get to times I'm not gonna say you never should use a privacy VPN But the overselling of it kind of irks me a little bit It's one of the reasons you haven't heard me do ad reads for VPN companies and you haven't heard J do it either Right, and I'll say this too. I feel very strongly that There's only one thing when it comes to security that's worse than bad security hygiene And that is a false sense of security. That's worse because that at that point you think you have a Secure system and you're good, but you're apparently not if you get hacked or something happens If people are selling a false sense of security, I really don't like that because I mean think of it this way If you have let's just say your next cloud server Is is available through a VPN that that's great, but if your password is ABC 1 2 3, it doesn't matter, right? It's not going to help anything because that thing's going to be brute-forced because it's successful to the internet Eventually, it's just they've been out terminating at home. It's somewhere else But more importantly these companies. Yeah, a lot of them don't say Or won't over exaggerate but some do they'll say you'll be 100% effective and protected and Everything's great. And I think that that's anytime you hear anything that Anybody says about security and they sell it like you'll be 100% secure. You'll be hack-proof immediately your BS detector should go up right then and there and in the elaborate more on the you know on the sponsorship thing my Sponsorship rules are very clear and I tell everybody this and you know, literally everyone I have to have this whole pitch where you know if they have a security breach and They get owned and it's their fault that I will delete their ads tomorrow and I will not give a refund Every single person that sponsors my channel has to agree to that because if I'm you know, let's just say VPN solution a right now is great It passes all my tasks. I think it's it's implemented very well and then tomorrow they get they get owned Well, if I have a bunch of videos how fair about VPN or about that per particular provider Then I'm recommending that to people and that's my reputation. No, no, no delete delete delete I will cut that out of everything and I feel like VPNs have a high likelihood of that type of thing happening whether it's revealed that they're Revealing things that you know to the authorities that they said they wouldn't do or they said they're not logging But they are, you know, we we see these types of things in the news all the time. So that's why Really, I mean, I'm not saying you'll never see a VPN ad but it's very unlikely that that's gonna happen because they have to go through it's right on my website to what people have to agree to and Yeah, VPNs are useful for some, you know certain situations, but We got to stop perpetuating this 100% secure thing to everybody because it's doing a massive disservice to pretty much everybody in tech Yes, and I seen people posting in the comments. They see plenty of non-tech related YouTube channels and this happening The reason is really simple as I said because it's easy to sell But let me add some context for that large YouTube channels and even with mine not being that big These VPN companies are willing to shell out four or five thousand dollars to us to do an ad read Yes, and then pay us commission on all the people to do it. So paid for the ad read So just to give you some perspective now that scales upwards some of these people if you're a big enough, you know Million plus subscriber channel you could easily get up in there of ten and twenty thirty thousand dollar offers For different types of ad reads and VPNs in that category really depends on how much they want to push that So this is it's really interesting and it's because there's so much and of course if someone says hey You read this and you'll get future commissions plus this Well, you know upfront money it's very compelling for these people They're like well, I don't know and if they don't know tech whatever it's just it's it's just another ad read to them They were selling you some mattress company last week this week's ad read is whatever VPN is on there next week Is some food company wanting you to subscribe to food ship to your house, you know It's just it's it's all treated the same to them But us being in tech we think differently about this and the overselling of it on there I don't really have an opinion on mattresses and food I don't I don't I don't like to food or buy on subscription online things So I love eating on those I have some opinions. I mean, I'm really good at sleeping and I'm also really good at eating And I know it tastes good, but no on the last thing I'll say on this part to get back to the subject though is I've had No less than two VPN providers reach out to learn Linux TV for wanting to become sponsors neither one of them became a sponsor One of them And I won't say which ones the these two were but one of them I was I think I spent like two months testing it out like literally two months and it's not that it Failed any tests. It's like yeah, I don't really want to work You know studying or auditing something for two months just to find out if I'm gonna let them sponsor They were offering me like I think $45 a sign up or something like that I'm like that's decent money But I don't really want money that kind of money right now because it's I mean this particular company They were not in the news or anything like that nothing was bad yet and as far as I know they still haven't but then I had another company reach out to me and You know, they sent me an email and they said, you know, we'd like to sponsor your channel and my reply was literally You do realize you're in the news last week for breach, right? And they never responded again Like that was it they never sent another email out and they never replied to that one and they literally were Now this is some time ago wasn't recently but they were literally Breached the week prior and then they're contacting me for a sponsorship. I'm like, yeah, I don't think that's gonna happen Yeah, someone did ask if they can use the Linode for the VPN and yes, as I said earlier and it's so absolutely you can We do have an offer code you just signed up for that now the other thing we're gonna mention on the Conside it's just going to be the fact that it can cause you to have to click a lot of Different I'm a robot things Because you know, not another country or I had someone messaged us because they my website had blocked them Well, I said well, no I blocked an IP address that I was attacked from if you came through that same shared IP now These are little minor inconveniences you can always disconnect reconnect and Get a new IP address to sign to you and that should work And that'll help you with some of that side of the VPN where now you pop up somewhere else as long as no one else Is used that it's you know a little bit better now the Last little I guess last one minor mention I'm not gonna dive deep in this because we didn't pull a bunch of news articles because I didn't want to rant about it if you do look up there's plenty of VPN companies that have been less than trustworthy and actually were the Just selling your data not just cooperating authorities or anything like that But literally mining and selling data using their software to install it There was some can it's some things that happen if you head over to Reddit You can find the controversy in there So I guess that I don't want to get too off topic on it But some of them were less than honest overall Everyone's probably going oh, I'm shocked and it's really hard to trust these companies They all go through we have been independently audited. Have you I don't know I hear that in an ad How do I really it's a very difficult thing to prove because do you operate these VPN companies with certain restrictions? They operate at different levels of kind of anonymity where they have it registered outside the US They make themselves hard to get which is something you want But then the other side of it is it's also hard to validate a lot of things with it Their data centers are located wherever so there's a lot of fuzziness around there So nonetheless this now we can probably swing over to the pros on the VPN now I just want to get all the bad stuff out of the way There are good reasons to use it because I was just using one for two of the demos I did on my channel recently Right and there are some other restriction. I mean some other downsides, but we've really we don't want this to be overly Yeah downer of an episode because you know, I think the the thing here. I think you have this Oh, I know you have the same mindset Is is is that we add for we advocate for what works Not the technology, okay, so we're not going to advocate a technology being used somewhere where it doesn't make sense or You know pitch something that it'll do a thing that it doesn't do so that that's very important But there's some things that VPN does do and that does help so I'll use myself as an example I don't use VPN often, but When would I so if I take my laptop to a coffee shop and I want to do online banking? I mean, honestly, is there anybody at that restaurant that's technically advanced enough to get into my system? It's possible unlikely, but it is possible. So yeah, if I'm doing something like that like checking my bank account I will use VPN when I'm out and about for that reason Because it's there and why not I mean, I'm not gonna feel like I'm 100% protected obviously, but it's I think it's some search way situations. It's better than nothing and then we also have The fact that there's regional restrictions and censorship out there and about legitimate use case especially nowadays about getting into politics and Drama and unfortunate unfortunate things are going on in the world right now This is especially important and it's not fail-safe It's not like you can't be detected that you're on a VPN You can but has the service that you're connecting to have they gone through the trouble to put in something to detect That maybe maybe not But there's some people out there that have no way around regional or censorship restrictions without using a VPN So for those individuals that could be a valid use case Yeah, and so if you have regional things you need to get around and this is this is where it's not that the companies Necessarily are doing anything more than complying with whatever regional laws that they have to comply with if you are the one And this is what the onus is when they do this They're like well our rules that we are under under this jurisdiction says we have to block this content from coming from where you are your Region and then VPN gets around it and you're basically doing a whole the companies doing a whole harmless going Hey, we did we complied with our regional jurisdiction that said yes We have to block this content from people coming from here and you being from that place goes Well, I'm just gonna use a VPN around it and they're like, oh cool We didn't really want to block our content We just wanted to comply with the jurisdictional laws. So the region blocking one is kind of a weird one because of the complexities Related to especially streaming content and things like that. So those that's you know I see as a legit reason to use a VPN the other legit reason But this is also something if you seen recently in the news Torrenting there's a legit reason to torrent and a lot of the ISPs just don't like when they see torrent trapping This was a very controversial topic because there are wonderfully legit reasons to torrent stuff I mean, you got to seed the latest a bunch of ISOs. You got to help them out Matter of fact, even when it came to some of the things that were going on a defcon There was a big file that could go around to help people get a lot of the content that was available defcon I made sure I took my time to seed that the ISP frowns upon that type of traffic They it's not necessarily That they're inspecting it more so is just looking at it and go that's torrent traffic And I mean by I'm just meaning you're not putting a deeper inspection to try and determine what it actually is They say torrent equals bad versus what are you torrenting? They're blaming the technology because can you use torrents or are torrents frequently used who grab movies? Well, yeah, I mean I live in a real world I know that's what a frequent use case is but you know not all torrenting is bad But you still have to then hide that from your ISP because they may throttle your connection They may give you a letter they may have problems they have about it And it's another business anyways, and they lead just to another good reason to have a privacy VPN It's not their business, but this is where it's kind of edgy so let's say you have Comcast or AT&T or insert name of your ISP and We know those companies are looking at ways to monetize data that traverses their network So can they gather statistics based on the data you have because they have a couple interesting things They have your IP address because they gave it to you. They know your IP They can then look at that traffic and go what do we know about Tom and what goes on at Tom's IP address at his house That we is assigned to him and can we monetize that data in some way and sell it? Well, sometimes they do here's the thing Do you want to spend money with somebody else to cut them out and the only information they have is That person really likes this particular VPN company and they use this much data over it You've blinded them from the details of what goes over it, but they just have a different statistic They can tell that you're using a VPN. They just don't know what's transported within it. I'm kind of iffy I'm Because who knows and as I mentioned before some VPN companies can't also be selling your data So now you've paid for the privilege to have someone else selling your data So I don't know I'm mixed on that use case of it. Hi. I'm a little mixed on that too for the same reason But I mean I feel like if people want to disrupt the ad agencies out there They leave the whole ad business if that's what they want to do Or they just want to you know disrupt some you know the eavesdropping I mean the internet people on the internet can get together make some really cool things happen I mean you could just have a campaign if enough people would do it where you like the most random Weird things possible that you know, you didn't know you'd be into unicorn slippers I don't know just liking random things and everyone did that and then everyone hid the ads and their feeds that That they might be interested in but you know just randomly all across the world I mean the whole whole companies they'd be at their knees basically But yeah VPN is not going to disrupt anything it might disrupt their eavesdropping on you But all they're doing is I mean this could be something like user 17895 300 likes Metallica Okay, it's not like John likes Metallica It's although there's probably companies out there that will get the name too, but for the most part It's not as egregious as people think but if you don't want that to happen then well Yeah, maybe that might help you but is there a guarantee well There's web browser fingerprinting too that they can still use even with a VPN Yes, and web browser fingerprinting is a way more effective way to do ads the cookies you store the site You're logged into is way more effective in for a couple simple reasons The IP address is actually becoming a less effective indicator of who you are it may give you a regional idea of who the person is Don't get me wrong. It's not Without value at all, but it's less valuable than it used to be because well, you know many people are here in my house Logged in it's not like we can go identify all of them Ideally ad companies they will send my son ads based on his gaming browsing habits and things like that They send me ads based on I was looking at keyboards and as Jay mentioned we were in that discussion We had before the show I got keyboard ads in in different places now because I allowed it to be because that's actually how I find things on sale I turn off ad blocker if I don't want to buy things by the way Which people are gonna find weird but tell you I'm I'm all in on the discounts and the That is it's only one piece and also people who are behind CG that which people complain about a lot of your wireless ISPs IP address They only see the the IP you came out with ISP because you're signed a private IP on the inside So they don't know you distinguish on there So people who have CG and I'm like don't why are you adding a VPN if you're worried about your ISP I mean, yes, you could be but at some point you're you already you're already hiding it from a lot of the advertisers Really your ISP is are they really trying to do something at the wisp? I don't know But it just wanted to cover that part as a topic on there So people think more concisely about it Back to a pro use case though that I mentioned I used in my videos I did a series of some ransomware and deployment tests when I did my videos on Huntress and s1 great uses for VPN because one I knew I had these demo machines locked up in my lab But I didn't want them traversing out my public IP. I wanted them traversing out a VPN IP It also made it easier what I'm doing the video. I didn't have to obscure anything I could show all the public IP addresses of where these machines were beginning from easily so for Aspects like that now obviously everyone's gonna be using it for demos But when you're setting up certain lab environments and maybe you're into Cybersecurity testing and things like that. You don't always want that coming from your IP address When you do forum posts and things like that if there's some worry that someone will come back and DDoS you personally Yeah, you might want to you know hide your IP It's like it's not to me is big of a security problem is more of an inconvenience problem as opposed to describe it By knowing my public IP address someone will go Hey, let's drop the hammer on that public IP address and be annoying and DDoS it because that's still a thing here in 2022 and yes people do it So if those are concerns and because you're participating in gaming forums and boy the gaming forums are Definitely a place where some of this shenanigans start this Listen to the latest called dirty comms Darknet Diaries episode and you'll get a better idea of of the current hacker scene and the kids and the DDoS thing and Silliness that goes on but nonetheless. Those are all good legitimate reasons to use like a privacy VPN Yep, and speaking of gaming I you know as I talk about every now and then I'm a retro game collector and Sometimes I play the newer stuff too. I like a lot of Japanese games because you know They have some of the coolest games and not all of them come out here So I literally sometimes have to use a VPN to purchase digitally the digitally purchase a Japanese game that wasn't released here because Actually have to create like a Japanese like store account on the game system and then VPN. It's crazy But I've done that it works and it gives me what I need for for that But sometimes it's not all about security sometimes and yeah, there's mischief of gaming I won't get into because you know gaming gaming is gaming It's not anything like it was when I was you know when I was a kid obviously, but yeah, there's definitely pros and cons there, too for sure now someone asked and this is actually in our list here pro and con of having a kill switch and In setting up a whole home VPN and I bring up the kill switch ones I've already had a video on this topic and I did it with PF sense But I've done it before with untangle those are two popular firewalls that make this relatively Well, it's a little more complicated and PF sense untangles got Pretty much just drag and drop your username password in there and set a few policies But either way Those are two popular firewalls that have the ability to instead of loading the VPN software on your computer for a privacy VPN You can actually have it controlled by the firewall now where the kill switch and policy routing comes in first The idea to sake all of your data and encapsulate it and send it a VPN is not always practical It's a bandwidth limitation. It's going to be more taxing on the firewall if it's running in frequently These run open VPN, but yes some of them support wire guard as well And if you send everything out that way Well, it may not work Especially if you need to change around like you need to be in Japan to buy a video game Maybe you don't want all of your traffic coming from Japan because then that starts setting up anything that does look at Your IP address is suddenly giving you the weather in Japan Maybe you want to know that weather in Japan, but maybe you don't this is where a more advanced setup in PF sense For example to video on it. It's referred to as VPN with policy routing I do have a complete video on my channel for this PF sense is great for setting this up and it has the option for a kill switch. There's different ways to implant the kill switch I show one of the ways I think is a good way to do it But as Jay may remind us again and he's he pointed this out and he's very correct about this Yes, if you screw it up, you accidentally especially if you're doing something and we've had people do this They invert it and actually end up sending all their data out there when instead There's you have to be careful setting this up. You have to test it thoroughly too because it's so easy for I mean if you have a race condition or some kind of a problem if Enough packets leak before it reconnects if the kill switch isn't fast enough isn't implemented Well, then your ISP is getting everything they need to know or anything in there I mean, it's just we've seen this happen where you know, I think it was unified that Yes, someone yeah, their IP or they've had some packets leak they found out that it's allegedly an inside job Or I mean, it's just crazy that whole story just took this weird kind of entertaining but Unfortunate turn and it all in the person may have gotten away with what that person was allegedly doing if they had a proper Kill switch that didn't leak anything. So I think we keep going back to the you know, don't be overconfident thing because You got to be really careful with this stuff and it's so easy to implement something wrong Even if it by design would more than likely serve the goal Implementation is everything if you have weak security hygiene, it doesn't matter Yeah, that's you it's one of the reasons when I set it up. It's Test you set it up. You test and verify And hopefully you're not doing anything illegal that would get you caught Because we're actually really happy that person's VPN dropped and they were caught because they were doing something very illegal And they were extorting their employer for money, etc But it's one of those things that you want to make sure that you have everything in place This is just good op sec if you're doing it and the same thing with myself Even though I'm the one doing the tutorials and I'm fairly knowledgeable on this before I did my ransomware demo I reached out to one of my own staff. I said, please audit this configuration. I want to double check I did all my own testing. It looks good. Let's go ahead and have you look at it and they go Tom You did it, right? I said, great. So that's You got to be really careful if you're doing it for something that is More risque like doing your environment and setting up your lab to deploy ransomware And you don't want to track back to your personal IP address. So that's exactly And then there's a possibility DNA DNS leaks, you know, yeah much the data is the DNS They know where you've been they might not know what you're saying, but they know where you've been So depending on if you have that secured or not could also be another issue So I think what it comes down to for the most part is just like everything else I mean, I don't like the mentality when you know, like I was going to say earlier that when you learn in technology You know a specific tool everything becomes a nail. I just that's like my biggest pet peeve in IT It's just like people you have to cloud all the things cloud is a way to go even when it's not the way to go for every Use case you have to containerize everything Even when containers might not work for specific use case and then these ads will have you VPN all the things Yeah, but it might not make sense in certain use cases. These tools are great There's a reason why these technologies exist But no technology is perfect if someone advertises that it is they're wrong 100 of the time. They're wrong There's no perfection in IT. There never has been there never will be it's all about how you use the tool I mean, you could have a really awesome hammer and you know, you're building a shed and you just Go right through a board. Well, it's not the hammers fault. You just need to aim better For you hit your thumb or something which would be even worse. But yeah, I mean you just we have tools It's all about how they're used that determines how effective they are and there's A question that keeps coming up in the chat room that we have not responded to at all I think several people have asked this some variation of how is this vpn provider? Is this vpn provider good? And there's a reason why you know, I think you probably have the same opinion tom But I don't want to answer that because if a vpn company is good today Well, great. That's awesome. But people are going to be listening to this podcast episode I mean, this is evergreen it could be like five years from now and people are listening to this episode And what's good today? Well, it might not be good tomorrow next week next year. We just don't know what's going to happen Who's going to be breached who's going to be caught logging things that they say that they're not logging And if we go on this episode and say yes, try this vpn company. They're the current best Yeah, they might be today, but again, we really don't know so It's one of those things that i'm really cautious about I don't want to recommend a vpn provider In a video or content that's going to be evergreen and listen to or watched for years down the line because That could lead people astray Unfortunately, if they were to follow our advice and our advice no longer applies Yes, now a couple safety tips here and kind of related at one the vpn companies seem to be Conglomerating and getting bought up That is something that is going on in the back end if you follow that as I seem people are upset and this is actually just It's a venture capital thing There's a lot of vc money out there and they're going hold on these companies make how much money Well, why don't we start buying them all up and then we can get better buying power and do better blanket ads? So They're changing hands a lot is something that seems to be going on in the back end of the marketplace It's not it doesn't seem a hundred percent clear because if they're not publicly traded They're also not necessarily going to disclose whether or not they were purchased by someone But another thing to keep in mind When you sit up one of these privacy bpns you would like to use Who would ever when you like to use so you have no we have no partial recommendations for any of them In particular, but one thing to consider is do not load their software This is to me a big no no a lot of them do open vpn great load the Free and open free open vpn client and set it up or someone a lot of them start supporting wire guard Load the wire guard client and set it up now It is obviously more convenient to use your software But this is where things come into a fuzziness of their software may have something in it And this is where as I mentioned earlier is a company that caught kind of injecting ads or adding extra things into their software This can be a concern now you're weighing the convenience of your trust to load a third party program on your computer I especially if that program is safe today, but then a company buys them. Is it safe when there's an update? I don't know It's a level of trust you're placing in some company that claims to be privacy oriented So anytime I use it and for me It's not even an option most of the time for the software to use these privacy vpns because I'm using linux. There is no loader I just get the ovpn file and run it. So it's not a big deal Let's import the profile Yeah, I just import the profile inside a gnome and hey look it's another one added Actually, I usually import a few of them so I can bounce around between different locations and Depending on what my purpose is for what I'm connecting But you can do the same thing in windows It's not like you need to use their software and if you find a vpn company it says it only works with our software I'm going to recommend at least don't use that company. So Yeah, I don't like any kind of lock-in and it's just not good at all um And also I think it's important to understand that at least in my opinion This isn't like an industry analysis that I've done. I'm just going by what I've seen The majority of the vpn providers I've seen are money focused not security focused But they will all say that they're security focused every single one of them because if they were to You know advertise like our vpn software is awesome We're really focused on just maximizing our our income and security is something that we do also But yeah, it's a great vpn. I mean no one's going to be that honest, right? Uh, that's why they get bought up so often because you give them enough money They'll do it if you give them enough money They might consider starting to log when they haven't been doing that before or maybe put some spyware or some kind of Mellware in their installer. You don't know a lot of these companies. I mean they'll they'll all say the same thing They're security focused. Maybe they've been audited. They've been independently audited like I mentioned earlier I mean, they're not telling you that their best friend's cousin steps son Who's 14 and got an a and his high school computer class was the one that audited it That was an independent auditor But probably not somebody with the industry experience unless they're a prodigy to do a thorough audit So that claim can go somewhere. I don't really think that means anything They all say the same thing But when it comes down to it when enough money is is you know waved it from their face They're probably going to go for it. And that's why you know, if I'm using a vpn today I know full well I might cancel my subscription tomorrow If there's something I don't like about it and go a different direction at a moment's notice That's kind of the way it is right now. I really wish there was a you know Security focused vpn that was so amazing that we could give a unanimous recommendation But I'm still kind of cautious about that. So I agree with that completely now back to a positive note We do recommend as we said if you're setting this up at home and you want to connect to your house Absolutely great way to use a vpn great way to not expose services This is even as I mentioned earlier to show this is how I connect even to my home things like my Any resources I want at home? I have my phone connected so I can have my Synology And it's why I don't expose it This is something I repeat whenever people ask is I try to expose the minimum number of services unless I need Absolutely need it publicly exposed for whatever reason But I first try to whittle down all the ways I could probably get around it if possible This is just trying to reduce threat surface. And this is where you're having a home vpn also of note If you have a public ip address available to you and you have something like pfSense Using when you're out of your house using it just to reroute all your traffic back to your house is not a bad idea That's actually a nice way to Not have to spend any extra money so to speak so you're wandering around you found yourself at some coffee house or some place with public Wi-Fi you would like to connect your laptop. You're like, yeah, I don't know if I trust these people around me And this is just an open wi-fi So yeah, they could be someone trying to see where I'm going or trying to DNS hijack me Let me tunnel back to my house and then from my house. I pivot and go out This is a great way to encapsulate all your data So this is that's a really solid use case and also saves you some money You don't have to pay the subscription piece of bpns Unfortunately, we know some people are behind cgnat and as I mentioned earlier Uh, I'm trying to remember. I believe it's called the stri sand project man. Yeah, I've heard of it And I've seen it. I haven't had a chance to really check it out But I friend Tony's reviewed it before when we were back when we were doing the um smr podcast I imagine the project's only gotten bigger But you can find a few different projects out there on linode That you can run so if you're behind something cgnat or whatever you can't spin up a linode one and linode's got some pretty inexpensive What's the lowest charge one they have right now? $5 and $5 a month. Yeah, I know the bpns services do it a lot cheaper But you'd end up with your own ip address that would be less likely to be blocked Because of other people sharing that ip address on there now granted when you're using a vpn You're hiding in the noise so think about what what you're actually wanting to hide from is it local threats or Is it something more remote? But nonetheless you tie it to linode and pivot off of that not to mention linode's kind of disposable So to speak so if you set up a container uh and build it it's not an ip address and you go Well, nope. I just want to destroy this one Well, you can then just destroy that one and rebuild it again in another area Maybe another region of linode uh to pop out somewhere else So you just trade an image of it and then once it's set up properly and you could just deploy it wherever Another thing that i'll mention as a recommendation Is um not to buy the annual subscription Um, and I you'll usually save a lot of money by doing that Um, but the thing is you don't know what that vpn provider is going to be like in a year So once they have your money they have your money So if they get breached the next month, well, guess what you you're missing out on the rest of your abuse for that And I mean could you get a refund maybe but I mean probably most likely not so Yeah, even though it's more expensive to do a monthly Fee for that Well, you don't know you just don't know and if you're using a cloud provider like linode Well, I mean if anyone, you know, if there's a policy change Um, it's your fault right if you're sending your your you know connection logs to slash dev slash null Which is probably the best place to send them But you know something happens and the sim link goes away. Well, guess what it's your fault that is logging now If it goes down, it's your fault as well but that being said it's a good learning experience and You know who's involved you you know the mindset of the person that's involved with that vpn provider because it's you So basically you call all the shots and there is some power to be had with Something like that. Yeah Someone asked I what's the quickest way to do this j if you had a connection in the linode one What's the way to turn off all logging you can set logs to at zero there's I've never thought about it depends on Well, if you want to it depends on what logging you want to get rid of because um If it's just the vpn log you could set it in the config file for the vpn You know platform that you're using just you know tell it, you know disable it if it has that ability Your logs are dev null send all your logs dev null There might be some logs that you might want because if like you're having like a system failure And you want to know like what's the error message you might need that log But you have to be careful because a lot of the linux logs You know logging from other services can you know be in other logs? So you have to really kind of audit that yourself and know which logs you want For example, if it's ubuntu the dpkg log Probably doesn't matter if someone steals that they're just going to know what packages you've installed That's probably not something you want everyone to know, but it's not the end of the world The authorization log could be a big problem because you know that shows some actual data that could you know be against you The vpn log itself Absolutely the dns provider if it's using like local a local resolver For example Or an external dns provider. It could be the external dns provider less logging and you didn't even think of that right? Well, if you're not responsible for dns Well, I mean who is so you have to think about those things And it's a good learning experience in that manner too because it forces you To really think about the information on your instance and where it's saved and what information in particular is saved And you'll learn a lot during that process and just take your time. Don't rush You know, don't try to get it set up tomorrow Um, because the more you rush it the more mistakes you're probably going to make and we're all human So take your time with it. Look at the config file Look at the at your log. See what information is there and then um, you should be fine Yep So it's absolutely a project that's fun and a great learning experience building your own vpn server So these are all for cool to know to do that my last shout out for a sponsor We do like an out of vpn company Well, yeah, and that that makes a lot of sense in multiple ways. It's just, you know, just speak in general terms even Um, cloud providers, they make the best emz, right because you have things at home You don't really want people logging into your home network But you don't know and why expose something in your home network that people can get into and then Traverse into other things if you have if you want to start up a blog or something Just run it in the cloud somewhere outside of your network because you know Look if your website gets taken over, but at least they're not in your home lab You know putting stuff on your or a crypto locker on your desktop So there's that it's a really great DMZ and you know, there's all kinds of use cases for that But whether or not you've spin up your own vpn it depends on your um, your use case so Or your agitation levels how easily frustrated are you? Um, do you have a temper? Yeah But it's still fun. I mean if you're just calm and approach it with care and attention It's it's a good. It's a fun project. It's a fun project. All right. I think we beat this horse to death or this vpn to death So we we've certainly uh round around this topic. Hopefully you have a better understanding that those privacy vpns In privacy is not necessarily the same as security with them. We've covered that topic and uh Now you know why people show them as much as they do and whether or not you need one So it can be up to you. I always my goal is always to have people making informed decisions about what they do when it comes to technology So that's what me and j here do is just to throw some education out there and have you thinking about it But uh, and hopefully it leads to a project. It gives you a better understanding of learning as well So and don't be a white paper reader only like do actual research those white papers about that those marketing people put out for VPN companies and all these other things I deeper they look fine to a cto, but come on guys. We know better. It's not always that cut dry Absolutely. All right. Well, check out both of our channels We've got lots of topics that are fun and fun projects we talk about if you have first time here Check out all of our previous episodes because we even me and j are in shock that we've already got 40 This is the 49th episode we've done looking forward to 50 if you have q&a send it over to and head over to the homelab.show and you can uh Ask us some questions and we do our q&a episodes. We love answering people's questions for that So thank you everyone who joined us and see you next time