this post was submitted on 07 May 2024
147 points (92.0% liked)

Technology

59648 readers
2648 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.

Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 39 points 6 months ago (6 children)

No port forwarding really kills the utility though - I mainly use the VPN to do port forwarding (e.g. for video games, Plex, etc.) as my ISP is shit.

Like I'm not worried about state-level de-anonymisation, I just want to be able to share services remotely and have a minimum level of anonymity.

[–] [email protected] 32 points 6 months ago (2 children)

Port forwarding removed because hosting threatened to kick mullvad out. Lot of shit hosted through that. No hosting, no vpn, so needed to remove to continue operate.

[–] [email protected] 7 points 6 months ago (2 children)

Port forwarding means torrents. People using a VPN to torrent likely have much more traffic, especially those that seed (which is why they want port forwarding). Not enabling port forwarding means mullvlad can operate at a higher profit to cost ratio, and less risk.

[–] [email protected] 18 points 6 months ago (1 children)
[–] [email protected] 20 points 6 months ago (3 children)

That's what mullvlad say. It's not necessarily the reason why they don't offer port forwarding.

It was always possible for them to continue allowing port forwarding. They could use separate servers for those that want port forwarding, stopping any impact port forwarding had on those customers.

[–] [email protected] 5 points 6 months ago (3 children)

Hum… this was one of the original reasons I signed up with them. I totally missed them dropping support. I’m not mad about it because I don’t torrent much anymore, but it’s still a pretty lame excuse.

I want all my services supporting maximum fuckery at all times as a matter of general principle.

Any alternatives that you know of?

[–] [email protected] 7 points 6 months ago (1 children)

Torrenting works fine with Mullvad in my personal experience, and will pretty much up to my current ISP speed limits (which is 200Mbps download).

Can't really guarantee you that it will be as good if you're hosting your own seedbox over their VPN (then again if you're doing that you should probably pay for a proper seedbox hosted elsewhere) but if you've downloade something and the just leave it seeding, it seems fine.

[–] [email protected] 3 points 6 months ago

I can’t honestly say I’ve ever had much trouble with it either. No trouble receiving files at least… there wasn’t much outbound traffic, but that could just have been a lack of interest :-)

I’m happy with Mulvad’s service and now that the initial shock and indignation is wearing off I’ll probably stick with them.

Besides I read about their new traffic obfuscation and I’ve got to give that a try. We need proactive innovation like that, now more than ever.

[–] [email protected] 5 points 6 months ago* (last edited 6 months ago) (1 children)

I personally like AirVPN. Pretty good speeds depending on the server. You can port forward and have up to 5 devices connected simultaneously. Make sure you're using the Wireguard protocol.

Only issue is that Eddie (their GUI) kinda sucks. Works okay on Linux, and probably same on Windows. The Android one just really sucks.

I personally just download the wireguard configs to use.

[–] [email protected] 2 points 6 months ago

Thanks for the tip, I’ll check them out.

[–] [email protected] 3 points 6 months ago (1 children)

ProtonVPN has it, and Wireguard support.

[–] [email protected] 2 points 6 months ago

Thank you. It’s good to know I have a few options.

[–] [email protected] -1 points 6 months ago

You should be using a seedbox to torrent in this age. Let the company run their business, if they don't want to be a part of the group that allows torrents, so be it.

[–] [email protected] -3 points 6 months ago (1 children)

If so easy to fix issue, why not make company and fix it?

[–] [email protected] 8 points 6 months ago

There are plenty of other options in the market, including ones with port forwarding. It's a very saturated market.

[–] [email protected] 5 points 6 months ago* (last edited 6 months ago) (1 children)

That sounds strange given that Mullvad works fine for torrenting in my personal experience and even up to quite a good speed (it can use the full 200Mbps download speed from my ISP)

Also modern NAT will do deep packet inspection on common well known protocols to automatically adjust the port of your machine listed on any "here I am" protocol messages being sent out from your side to be an actual port on the VPN Router and to have an internal association of that port in the Router with the actual port in your machine so that connections of that port can be sent to your own machine and the actual port in it that are used.

It's only the pure listenner services (such as webservers and e-mail servers) were the port is pre-defined by convention and not a variable one sent out on any "here I am message" that require explicitly configured port-forwarding on the VPN Router side, plus because the port is fixed by convention for each type of service (such as port 25 for SMTP and port 80 for HTTP), off all the clients connected by VPN to that VPN Router at any one time, only 1 will be able to get that specific port.

[–] [email protected] 1 points 6 months ago (1 children)

You need port forwarding to connect on torrents. Your able to torrent because everyone you torrent from has port forwarding enabled. If you want to access more seeders, and more commonly leechers you need port forwarding. This is useful for people using private trackers that want to maintain a ratio.

[–] [email protected] 2 points 6 months ago

I can download at the maximum rate my ISP supports and I can seed after downloading (probably only to those clients which my own client has connected to).

However I cannot seed in a brand new session during which I did not download that specific torrent (as I just tested).

I expect this is because, as I explained, the NAT implementation actually tracks which IP addresses your client connected to and through which VPN Router port that went so that subsequent connections from those IPs to that port get sent to the right port in your own machine, but it doesn't support uPNP/NAT-PMP port forwarding so the bitttorrent client cannot configure on that VPN Router a static port-forwarding so that it can listen for connections from any random client.

So if I understand it correctly it totally screws self-hosted seedboxes and if you want to give back to the community you have leave it seeding immediatelly after downloading and it's not going to be seeding anywhere as fast since its limited to peers connected to during the dowload stage.

[–] [email protected] 5 points 6 months ago

ProtonVPN has it though, which is what I'm using now.

[–] [email protected] 6 points 6 months ago (2 children)

How does port forwarding help with videogames?

[–] [email protected] 5 points 6 months ago

Opens up your NAT for matchmaking

[–] [email protected] 3 points 6 months ago

I host a server, I forward the port, my friends can connect to the open port on the VPN side.

My ISP does not offer port forwarding.

[–] [email protected] 6 points 6 months ago

Someone else pointed out Tailscale; I've had luck with free tier VPS+WireGuard.

I have an Oracle one which has worked well. Downside is I did link my CC, because my account was getting deactivated due to inactivity (even using it as a VPN and nginx proxy for my self hosting wasn't enough to keep it "active"). But I stay below the free allowance, so it doesn't cost.

That said: as far as anonymity goes, it's not the right tool. And I fully appreciate the irony of trying to self-host to get away from large corporations owning my data...and relying on Oracle to do so. But you can get a static IP and VPS for free, so that's something.

[–] [email protected] 4 points 6 months ago

Zerotier could also work for you

[–] [email protected] 4 points 6 months ago

Alternative maybe i2p or tor network. Or make vpn to anon vps and host from there.

[–] [email protected] 4 points 6 months ago

You can use Tailscale for this