Sorry if this is not the high brow discussion this com is for.

I travel a lot between different countries in the Middle East which have restrictive laws, and I live in one that is slowly becoming more competent technologically. I have to stay for an extended time in different places, so I’ve been connecting through always-on VPN out of the same place and it’s been working fine for now. But Digital ID laws are quickly going to close things off from me.

My risks that I’m trying to avoid are as follows: Locally, I want to make sure my IPs aren’t connected to public accounts. I don’t say anything online that can put me in jail for the most part, but I don’t trust that this will always be the case. I also would appreciate being a bit separated from the local internet. Elsewhere, I also don’t want my traffic to be monitored or my accounts to be tied back to my personal identity. For example, I don’t want to land in Dubai and to have my Steam account permanently affected by having “Spec Ops the Line” (banned game there) in my account (silly thing to worry about, but this is one tiny example out of many small issues that pile up). Plus, a lot of the internet is not accessible from these places, and I don’t like that, regardless of whether or not I want to peruse inaccessible internet stuff from there.

This has come with some serious downsides (online services are more expensive in Europe, where I have historically exited from), but it was/is worth the cost for me. Ironic that many VPN users seem to be trying to connect in the opposite direction than me (out of rich countries rather than in).

I’ve just been permanently using a single reputable VPN and single exit city for all of my traffic for the past while. Digital ID laws in the UK and EU will make this increasingly infeasible and I will probably have to exit out of somewhere new like Switzerland. I don’t know if those servers might be more trouble due to increased abuse for example.

Just want to know how others are dealing with this. Is just stomaching the wave of verifications after logging into all my emails from a new country the only price to pay? Is the world going to shit and should I rethink “just” using a VPN? Is it VPS time now that more and more things are being blocked from VPN access? Do I give up on the internet a decade ahead of schedule and chop wood in the woods until Israel’s AI mistakes my shack for a children’s hospital and drops heavy munitions on me?

I’m really hesitant to start using two sets of devices, some for insecure local traffic and some for encrypted traffic. I don’t think carrying like four laptops through airport security would keep eyes off of me.

  • deffard@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    3 个月前

    OpenWRT has a package called mwan3 that in tandem with dnsmasq can allow you set the IP addresses associated with a DNS entry to a particular VPN/country.

    Finding a unicorn country where everything works and all traffic is routed is getting increasingly difficult. For example, if a US news site didn’t want to implement GDPR, it geolocates all users outside the US and blocks them, whilst other US services start to require ID/age verification to post content for non-US users so accessing both easily requires switching location.

    I suspect we will see more services and technology to be able to deal with this complex cat and mouse game of destinations (websites/services) and origin counties. You can typically get by with a few rules/countries today, but I think that is getting harder.

    CDN’s may pose a problem if the DNS resolves to a shared IP address, so IPv6 can help, but many VPN’s do not support it. For some services we may just have to accept there is no easy way to use them unless tools improve (e.g. the browser/application auto-selecting from multiple interfaces)

    • ggtdbz@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      6
      ·
      3 个月前

      Finding a unicorn country where everything works and all traffic is routed is getting increasingly difficult. For example, if a US news site didn’t want to implement GDPR, it geolocates all users outside the US and blocks them, whilst other US services start to require ID/age verification to post content for non-US users so accessing both easily requires switching location.

      You’ve hit the nail on the head, my own post is a bit meandering and this is what I was going for. I hate how many hoops one needs to jump through for basic anonymity online nowadays.

      OpenWRT has a package called mwan3 that in tandem with dnsmasq can allow you set the IP addresses associated with a DNS entry to a particular VPN/country.

      I think this would be infeasible outside of very narrow use cases, but I don’t know. I don’t have an advanced networking setup, but the way I see it, if I, say, route service A and B to connection 1 and service C to connection 2, I only have control over individual IP ranges/DNS entries. So if my bank IP is routed to connection 1 and one new security background service their app/site uses goes to connection 2, something can get flagged, and I could face an unpleasant with the bank/law. I’ve been trying to avoid things like this. (I have a very rudimentary understanding of networking, I’m not super comfortable doing all of this manually).

      I feel as though the most logical way about it would be to compartmentalize connections by application, but I wasn’t able to find an easy way to do this. For example, splitting off a browser window and having that exit from somewhere else. I know split tunneling exists in the basic Mullvad client, and I guess I can just throw my whole network on Connection 1 and route Connection 2 through it (meaning when I split tunnel I find myself on connection 1) but in that scenario I’m doing myself even less favors re: latency and headroom and all that good stuff.

      And that’s just the computers. I use a phone as well.

      • layzerjeyt@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        1
        ·
        3 个月前

        @deffard@lemmy.world mentioned getting a openwrt travel router as the last and kind of most extreme thing on the list. But its the easiest thing to do. Glinet has good ones with a custom (proprietary) openWRT variant on it with a simpler GUI but they are compatible with plain openWRT if you are able to manage it its probably better.

        You can do much of that other stuff on the router then connect from other devices and have it follow the rules.

      • MalReynolds@slrpnk.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 个月前

        I feel as though the most logical way about it would be to compartmentalize connections by application, but I wasn’t able to find an easy way to do this. For example, splitting off a browser window and having that exit from somewhere else

        I use multiple gluetun containers with connections to various endpoints, each provides a proxy and I use foxyproxy firefox addon to switch between the proxies manually (as well as setting up rules), works pretty well for me.

        As to phone, wireguard to your computer will minimize duplicating effort.

  • layzerjeyt@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    12
    ·
    3 个月前

    Digital ID laws in the UK and EU will make this increasingly infeasible

    Sorry I might have missed something… Is this Tony Blair’s little hobby horse for the past 30 years or is a more substantial plan in the works?

    TBH I am getting discouraged on the VPN thing. I have been using it 100% of the time for years. I used to get ads corresponding to the exit location. But now I occasionally get ads corresponding to my actual location (down to the neighborhood).

    But of course I do all sorts of online business where my address is provided, and when I do that I can easily be fingerprinted I assume. So somehow, it’s gotten linked up in the back end.

    • ggtdbz@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      7
      ·
      3 个月前

      As of right now, Nexus Mods and Reddit are enforcing these new laws. I don’t use either site very often (the latter not since the API exodus). My understanding is that it’s mandatory for platforms of a certain size in the UK after the 25th of July.

      The UK is kind of a perfect exit node country (everything is in English!)

      • layzerjeyt@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        2
        ·
        3 个月前

        I use reddit via the Firefox extension LibRedirect which sends you to a mirror instead. Between VPN, ublock and attempting to access dodgy mirrors, sometimes I have to reload a few times but it eventually works.

      • scytale@lemmy.zip
        link
        fedilink
        arrow-up
        1
        ·
        3 个月前

        What about somewhere closer like Singapore? Stuff is mostly still in English and their network is fast.

    • Joe@discuss.tchncs.de
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      3 个月前

      Disable IPv6 on your router or primary interface, and enable it on your VPN. If anything can discover an Internet IP on your PC, the link can be formed. Worst case, you are not using the VPN for IPv6 at all.

    • scytale@lemmy.zip
      link
      fedilink
      arrow-up
      4
      ·
      3 个月前

      Have you tried checking for leaks? You might be having IP or DNS leaks that’s contributing to it.

    • irotsoma@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      3
      ·
      3 个月前

      What kind of device are you using? There was recently there was a leak that Meta is using technology to have web browsers talk to the Facebook and Instagram apps on your phone without your permission and link your identity to every website you visit that has any Meta plugins. I’m sure other companies are doing the same or similar like Amazon and Google. I’ve been using GrapheneOS on my Android Pixel phone which isolates apps. There are other ways to do this as well if your phone is unlockable. And I use IronFox web browser wherever possible to reduce the capabilities of the browser to do things without my knowledge. And use ReThink and a pihole to reduce the cross site communication where possible. I also left all Meta platforms, but still am migrating away from Google, Amazon, and some other platforms. And make sure your advertising ID is disabled at the OS level.

      Those are where I’ve found most of the targeted ads were coming from. Not from the IP address alone.

      • layzerjeyt@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        2
        ·
        3 个月前

        I agree it’s not only the IP because there are other people on it.

        I don’t have any meta apps or google accounts for years. I buy on amazon very rarely. I have no apps of any of that type installed. 98% of my apps are f-droid and I flashed a rom. I use tracker blocker to sift through all traffic and limit to only what seems required.

        I think it’s very difficult to control what the phone is doing. Using the tracker blocker app has made me aware of how much data is flying all around at all times.

        I should set up a pihole. It’s been on my list of 5 or 6 years.

        • irotsoma@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          2
          ·
          3 个月前

          Yeah there’s a lot that apps are doing to uniquely identify you. Not just the apps themselves, but the advertising systems and unfortunately, the telemetry systems which were originally meant only for tracking errors and how apps are used so they could be improved. And often you can’t block those systems without blocking the app from working, usually by design, but sometimes more because developers don’t understand how their customers’ data is at risk by using those systems. Often because their told it’s not used that way, but actually is, just in a convoluted way so it’s technically true. It’s quite confusing as someone who used to develop apps myself.

  • hankthetankie [none/use name]@hexbear.net
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    3 个月前

    Not sure I follow the problem here. Is it easier in the countries you are in to get blocked for using vpns? I mean if the goal is to access games and stuff i would just use a good vpn , mullvad is the only one i still have good trust in.

    Start using onion sites for sensitive stuff. If you use a always on vpn , then you dont have to worry about state actors seeing that you are using tor.

    The thing you really should watch it for is your phone. If you can the best is to use a phone without sim card and with GOS on it, preferably with a broken papertrail and no sim card use previously. If you need internet on the go use a sim card in a travel router and connect that via vpn to your devices. But no tech solution would save you from user error of course.

    And use a secure email service , I use tuta wich never complaints about my vpn. Other stuff sure but i dont miss those sites. Good ones will lift any blocks if you ask.

    VPS is of course an option , but it does have the downside of not being able to blend in with the crowd.

    For the legal issues yeah UK is a bad option. But any EU country should be fine even if they in the eyes programme. Germany have decent privacy laws still. Iceland as well. But for me I just use another closer to home. I trust mullvad enough (and they dont know anything about me in form of payments or identification)

    And stop using services that blocks you. There are alternatives for a lot.

  • Joe@discuss.tchncs.de
    link
    fedilink
    arrow-up
    2
    ·
    3 个月前

    I don’t think you need separate laptops, but a separate router may be useful.

    If you use Linux, you can have apps isolated to their own lightweight network namespaces (like containers), using different VPNs. Otherwise VMs can serve a similar purpose on Windows and Macs.

    Iptables can also be used to block traffic, and force it through proxies (which can be whitelisted by uid/gid) or VPNs.

    If you want a more secure VPN setup, I’d even recommend having the VPN(s) running on the router (eg. portable OpenWRT setup) so your laptop never gets offered a public IP / connects directly to network. Put a proxy on it for special (eg. DNS based) routing exceptions, like banking from real IP, reddit via the US, etc.

  • stupid_asshole69 [none/use name]@hexbear.net
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    3 个月前

    Wipe before you leave and restore when you arrive. Carry a second, minimal device with limited smartphone features for when you need to contact someone between those times.

    While in some place that worries you, audit and change your behavior and the way your software works in order to be more secure and less convenient. Limit computer use.

    Figure out what method of storing data remotely works for you and use it, but don’t treat it as a backup.