HN gets regular "what VPN should I use?" questions and my answer is always the same: Algo [1]. It is designed to be simple to set up, simple to tear down, and usable with numerous cloud providers or your own Linux server.
In terms of privacy, doesn't it kind of let the cat out of the bag if you host your own VPN server? It's not your home address, but it's still just as much an address associated with you, isn't it?
Indeed it doesn't provide anonymity against the sites you visit - quite the opposite, it makes it even easier to correlate your browsing regardless of device/location.
But many (the undersigned for example) use VPNs for many other purposes:
Unencrypted WiFi (airport, hotel, etc)
Secure connectivity but provided by someone you aren't willing to trust (your employer?)
Fooling Geo-IP based restrictions (hello Netflix/BBC)
Not having your VoIP traffic mangled by a shitty carrier who's trying to extort protection money from you in the form of some "VoIP-optimized" expensive plan
It's less private for some forms of traffic, but for me, my main goal is to avoid ISP tracking and provide encryption on potentially malicious networks, which it works well enough for.
I think you misunderstand the reason for using a VPN. Privacy is not the same as anonymity.
Let me try to explain. You use a VPN to protect your connection from MiM attacks, for example if you connect to a public wifi-hotspot, or even when you are connected from home. It also gives you some privacy, because nobody can sniff your traffic, but it does not give you anonymity, well it can, but you'll not be able to verify that it does.
Sure, you hide from your ISP, but you can't verify that your VPN-provider is more trustworthy than your ISP. They might actually log everything and send it on to a third party and you'll never know. Hell, they might even be funded by the NSA...
Use Tor if you want anonymity, even though that's not 100 % sure either.
It just shifts your traffic egress location to a cloud provider, but this is valuable because all of the last mile Internet providers in the US colluded with the government to get permission to use your internet traffic to sell ads, so if you care about privacy, and not allowing your ISP to inspect your traffic, it's a huge benefit.
AWS will make no secondary use of customer data. The ISPs have told us they will, and the FCC gave them permission to do so. Which one will you trust? I know I would trust AWS any day over the ISPs...
I strongly agree with this, with the one caveat that right now algo doesn't provide seamless integrated support yet for a VPS provider that offers a flat bandwidth cap (like OVH or Scaleway) vs a high burstable data cap oriented offering like DigitalOcean. The flat bandwidth (generally 100 Mbps on the cheap plans) tends to come at the expense of burst/cpu/disk storage, but none of those matter in VPN vs reliability and not having to ever think about going over limits, even if you want to let family members for example use it. While for a lot of general projects I'd definitely agree with their current easy cloud choices, for this particular application, for most people, I think the likes of OVH or Scaleway or similar would be a far better fit, though I realize the major holdup is Ansible support. Of course, it can still be setup wherever, just without the same ease of use for someone only mildly technically oriented which is how it truly excels right now.
Still, I think it creams every general public offering. I agree with fictioncircle above that the "anonymity" thing is a total red herring. VPNs in this application are fundamentally about creating a hack to let individuals change their Internet access from a natural monopoly situation to a strongly competitive and customer oriented market situation via virtual end point shifting. That's "it", though it's a big deal. But "anonymity" is a far, far trickier problem, requiring not just extensive infosec but also significant opsec. At a bare minimum most people would need to use something like the Tor browser, not just for the "tor" part but for the hardening they put into the browser to make it somewhat harder to get tracked anyway regardless of IP address. I think a lot of the "anonymity" marketing claims some public VPNs make verge on not merely disingenuous but outright dangerous to the extent they can create a totally false sense of security.
No VPN can reliably anonymize you against government agents so I think the con is a non-issue. VPNs are only really useful when the local network is hostile and/or you want some degree of privacy from the sites you visit.
Anyone with sigint capability is going to figure out who you are with a VPN. (i.e. Government agents)
This isn't about pretending to be James Bond, and "hostile" networks with "government agents" and all their "sigint" coming for your secrets.
In the real world, VPN are mostly used to download copyrighted material. They have a pretty much perfect track record in that regard. Running a cloud VPS, on the other hand, is no more secure than your ISP: they have records, and will share them when ordered to do so.
This is a trade I'm willing to accept. I trust a VPS provider more with those records than I trust either Verizon or Comcast, both of which are motivated by advertising.
Does not install OpenVPN or other risky servers: so what's risky about OpenVPN? And Algo is properly describe as IKEv2/IPSEC? I've read L2TP is recommended over PPTP, but the Algo read me says it does not use L2TP, considering it legacy, along with IKEv1.
There are a few main purposes for a commercial VPN:
- accessing non-encrypted stuff on an untrusted network
- firewall bypassing
- Torrenting
- IP ban bypassing (pretty popular for people writing scrapers or trolling)
Anonymous anything is garbage - many of them log and all can be logged by government agencies or datacenter owners ahead of you. Tor or similar is the best option there. Running something like Algo on your own server is pretty bad for both torrenting and IP ban bypassing as you only have a single IP and many cloud providers will accept DMCA and abuse reports.
All in all if you're looking for either torrenting or IP ban bypassing a commercial VPN solution is going to be a better bet. More IPs for cheaper and with lower risks.
I'm really interested in trying this but nervous with how much a cloud service will cost. Is there a free option for a cloud hosting service that I can start with?
Google has a lifetime free tier, AWS has a 1-year free tier, and Digital Ocean referral links for $10 (2 months on the cheapest server) are easy to find.
[1] https://github.com/trailofbits/algo