wunderbar 26 Posted ... I believe that passing as few hops as possible on the Internet is a good thing in terms of privacy, security and stability. So I was thinking about developing a setup where I would route traffic to IPs in to country X to the VPN exit node in country X, and traffic to country Y to a VPN exit node in country Y, and so on... This could easily be setup in a router like pfSense etc. I would love to hear your reflections/comments on the security and privacy in such a setup. BR Quote Share this post Link to post
zhang888 1066 Posted ... You will probably create more problems than you are trying to solve, for examples with CDNs.This will make you have the same amount of captchas as a Tor user. I also don't see how it will reduce hops.1) Your ISP > AirVPN > destination2) Your ISP > AirVPN > VPN in destination country > destination So even if AirVPN have 20 countries covered, you will need at least 20 more in order to reachthe majority of the internet, and of course more VPN accounts. Not sure why this is a good idea. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
wunderbar 26 Posted ... Thanks for commenting. Regarding the hops: The number of hops from source-IP to destination-IP would most likely be fewer the shorter the distance (when only looking at hops from the exit node where the traffic will be unencrypted). If I access a server in HK and I use an exit node in DE, my traffic is more exposed to tapping than if I used the exit node in HK. Edward Snowden talked about this in his keynote in LibrePlanet 2016, so I started thinking about this issue. Quote Share this post Link to post
zhang888 1066 Posted ... Can you please link to a post/video where Snowden, or anyone else for this matter,states that it is better to setup country based policy routing and multiple VPN endpointsin order to avoid or minimize survellience? The idea is to decentralize as much as possible, not to use the same nodes over andover again in order to connect to same destinations. Unless you have specific needs:Sounds feasible if you are a CDN or an internet exchange point, and might potentiallyreduce transit costs, but for an individual user I see no benefit of this scheme, quitethe opposite.Complexity is always the "silent enemy" of security. Such setup would require keepingdozens of VPN accounts and sessions, setting up complex rules and having a very longrouting table. And the troubleshooting of a failed node will be only possible after connectivityloss, which might find you at the wrong time. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
wunderbar 26 Posted ... I have already given you an exact reference to Edward Snowdens talk that can easily be looked up on Youtube etc. However, here is a link to the original video : https://media.libreplanet.org/u/libreplanet/m/libreplanet-2016-the-last-lighthouse-3d51/ Quote Share this post Link to post
Not connected, Your IP: 18.188.227.64
Online: 25199 users - 288206 Mbit/s total BW