Rotate through various VPNs as your initial portal, and throw tor in there as well.
Share your VPN with friends and family to provide some 'noise' (although that may be worth little overall - maybe VPN through friends and family home connections as well).
It really depends on what you want or what your personal situation is. I'll give my thoughts on a few possible adversaries.
- 1. An individual attempting to perform an MITM attack on you. The classic free wifi adversary you've probably heard about. There's little risk of this individual using the sites you visit against you so you only care that they can't manipulate your usage of said sites: Use HTTPS and you'll be fine.
- 2. Your ISP. You don't want them to see where any of your traffic is going because you don't trust them: Use a VPN. Shift the trust to either a VPN provider or a cloud-hosting provider by running your own VPN.
- 3. Your Government. Let's assume they can see all of the traffic within the country and you don't want them to associate your traffic with you: This is the step where it becomes challenging, you want to blend in, not just add more security steps. Ideally you want your traffic to leave the governments jurisdiction and if needed reenter looking like normal traffic from other countries. Tor is a good option here, there's a reasonable amount of traffic on the Tor network to hide in and your traffic is almost guaranteed to leave your country at some point. Alternatively choose a VPN provider that resides legally outside of your country and choose a server that resides physically outside of your country. Both options will move your traffic outside of the jurisdiction of your government, so this should be sufficient within the confines of the current example.
- - What about a self-hosted vpn in a region outside my country? If you ever connect to a server inside your country the full path of your traffic will be able to be seen by your government.
- - What about multiple self-hosted VPNs outside my country? This is an improvement on the previous issue, but it's unlikely to prevent your traffic from being correlated to you on timing alone.
- 4. God's Eye. Your adversary can see all internet traffic everywhere on Earth: Good luck. Maybe use Tor over a popular VPN service to increase the difficulty of correlating your traffic to you? Hope the Nym mixnet becomes popular?
Some additional considerations:
- What if I don't trust a VPN provider? You probably want to hide your traffic in their traffic so pick a VPN provider that requires no user info to sign up and let's you pay with a cryptocurrency or cash. I know of Mullvad that fits this requirement, there are probably others as well. Self host a VPN and to the VPN service through your VPN, now neither the VPN service or the cloud provider has a full view of your traffic (wireguard makes multihop VPNs easy). You could do the same by use 2 vpn providers.
As a telecoms engineer predominantly selling Asterisk for the last 4 years and Asterisk experiance extending back to 2006 it's shocking to see this finally put right. For so many years, I have avoided the e1000 Intel controllers after a very public/embarassing situation when a conferencing server behaved in a wierd manner disrupting core services. Not having the expertise the author has, I narrowed it down to the Eth. Controller, Immediately replaced the server with IBM Hardware with Broadcom chipset and resumed our services in providing conferencing to some of the top FTSE100 companies.
Following this episode, I spend numerous days diagnosing the chipset with many conference calls with Digium engineers debugging the server remotely. In the end, no solution, recommendation to avoid the e1000 chipset and moved on.
For those interested, Prestel was a great service too. Early days of investing and retriving historical data on companies via 4tel's Shares 3000 pages was the only way for private investors to get data freely. Investing could be done by dial-up using the prestel platform.
For those interested, this was a great service too. Early days of investing and retriving historical data on companies via 4tel's Shares 3000 pages was the only way for private investors to get data freely!
I already have Asterisk/FreePBX running on my Pi and had setup an RPi Wiki page ready for some notes, but work was curtailed due to hospitalization so would you consider popping in some something, or a link, from your excellent guide. I was just working on getting DAHDI going to support conferencing and see how the board coped with that - did you get that far?
Running Telegram, over multiple VPN's?
Accessing Gmail over multiple VPN's so Google doesnt get to know where you are 'really' logging on from?
Making your own VPN network over a combination of AWS, G-Cloud, Azure, DO and Aliyun to 'hide' your actual location?
Peoples thoughts?