Recent change in online practice regarding personal data privacy
Intention of this article
To share the information regarding the change in configuration and practice I made recently. Also as a starting ground of my next article regarding potential monitoring app we might be soon be compulsory use in H K.
Disclaimer: I am not professional expert in network security and privacy, I read quite some amount of articles online from some reliable sources like followings, and I would configure some tools myself. Some of the description is just based on my limited understanding (and limited brain horsepower)
Reliable references
My new online practice
On mobile
I am 24/7 using Outline VPN (which setup on a server owned by myself)
Sometimes I would use Tor for some data
On desktop
Given my work in IT field, I cannot be too paranoid on all network communication on my PC (or else I cannot work at all), so I do simpler measures:
- Switch from Chrome to Firefox as my default browser
- Switch from Google.com to Startpage.com as default search engine
- Follow recommendation on https://www.privacytools.io/browsers/
VPN
VPN does not guarantee total privacy, one can choose to deploy your own or use commercial available VPN.
My choice is using Outline VPN.
Pros
- I own the server so I am not worrying about my traffic being peek by the VPN provider
- Consider very straight forward to setup (even for non IT professionals)
- Outline VPN is developed on the sole purpose of regaining data privacy for people, they are actively maintained and follow security report, and by design does NOT record/log any of my traffic
Cons
- Need to setup and host on my own
- Would re-setup in regular basis as the IP address on VPN (server) is consider static (most cloud provider for server can assign a dynamic IP address, but by design most of them are only handling incoming traffic, meaning the outgoing IP address from your VPN is kind of static, and recreate a server can get a new IP address in most case)
Other technology as alternative
Recently there are “better” options like V2Ray and Trojan, which is much better in region that the network is under great censorship.
There are very good article from some of those countries that have great network censorship (search online with keywords “shadowsocks V2Ray Trojan”) [I intentionally do not include links to those sites here, in order to reduce traffic to those sites and hopefully they can stay longer on the internet].
My take on keeping Outline VPN (for now)
Even though V2Ray and Trojan have some pre-configured script available online to ease the setup, it’s very important to understand the choices of configuration.
Also V2Ray and Trojan would require registration of domain (for V2Ray, this is required when Web Socket + TLS is used, mainly the TLS part need a cert and domain), that induce an additional trouble.
Outline VPN on the other hand follow the security suggestion to make the platform better.
Tor
At some point, I would want to use Tor to browse the internet more securely, there are alot of good articles about Tor, here are some:
https://www.gdatasoftware.com/guidebook/what-is-the-darknet-exactly
VPN and Tor
There have been some thought about mixing usage of VPN and Tor, my current way is:
Desktop — Use Tor browser directly (with bridges)
Mobile — Use Tor browser over Outline VPN (with bridges)
I have been trying to find online about using both VPN and Tor together, so far I does not see people saying it’s a obvious no, even one famous VPN provider promote about it).
My current setup for mobile is considered Tor over VPN, which the ISP only knows I am connecting to my VPN (which I would re-setup from time to time to change the IP address), then the VPN route the traffic to Tor entry network.
I believe the down side might be, if censorship want to block Tor connection, they would see a consistent connection between my VPN server IP connect to Tor network, and it’s consider easy to discover and block with statistical analysis.
But on the other hand, the flaw is not only connect to Tor, but also my persistent pattern my ISP seeing me connecting to my VPN for all network and they can easily block me, down side of hosting my own VPN instead of using commercial VPN service that have a lot of server nodes).
