A weekly live show covering all things Freedom Tech with Max, Q and Seth.
TO DONATE TO ROMAN'S DEFENSE FUND: https://freeromanstorm.com/donate
IMPORTANT LINKS
VALUE FOR VALUE
Thanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.
You can support this episode using your time, talent or treasure.
TIME:
- create fountain clips for the show
- create a meetup
- help boost the signal on social media
TALENT:
- create ungovernable misfit inspired art, animation or music
- design or implement some software that can make the podcast better
- use whatever talents you have to make a contribution to the show!
TREASURE:
- BOOST IT OR STREAM SATS on the Podcasting 2.0 apps @ https://podcastapps.com
- DONATE via Monero @ https://xmrchat.com/ugmf
- BUY SOME STICKERS @ https://www.ungovernablemisfits.com/shop/
FOUNDATION
https://foundation.xyz/ungovernable
Foundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.
As a sovereign computing company, Foundation is the antithesis of today’s tech conglomerates. Returning to cypherpunk principles, they build open source technology that “can’t be evil”.
Thank you Foundation Devices for sponsoring the show!
Use code: Ungovernable for $10 off of your purchase
CAKE WALLET
https://cakewallet.com
Cake Wallet is an open-source, non-custodial wallet available on Android, iOS, macOS, and Linux.
Features:
- Built-in Exchange: Swap easily between Bitcoin and Monero.
- User-Friendly: Simple interface for all users.
Monero Users:
- Batch Transactions: Send multiple payments at once.
- Faster Syncing: Optimized syncing via specified restore heights
- Proxy Support: Enhance privacy with proxy node options.
Bitcoin Users:
- Coin Control: Manage your transactions effectively.
- Silent Payments: Static bitcoin addresses
- Batch Transactions: Streamline your payment process.
Thank you Cake Wallet for sponsoring the show!
[00:00:00]
Unknown:
Welcome to freedom tech Friday For those of you that might be new here. Allow me to briefly explain what this is all about and why the hell we are here Freedom tech Friday is a weekly live and interactive show hosted on the Ingovenable Misfits X Nosta, and YouTube feeds. Yes. We do have a full house again this week as far as I can see. We go live one hour every Friday at 9AM eastern and 2PM UK time, but you can also catch up later on the Ungovernable Misfits podcast feed. On Freedom Tech Friday, we like to cover the latest news and trends for anything relating to Freedom Technologies. We this could be anything from Bitcoin or Monero, encrypted messengers, privacy tools, and everything in between. Essentially, if there's a news item, tool, or topic that can help you take back some control in today's digital panopticon, we want to talk about it. My name is q and a. I'm head of customer experience at Foundation, where we build Bitcoin focused sovereignty tools. And as always, I am joined by my good friend, Max, the head honcho over at the Ungovernable Empire, and Seth, who is VP at Cake Wallet.
As I mentioned, this show is live and interactive, and we really do rely on you guys to steer us towards the topics you want us to cover or send us the Freedom Tech related questions you want answering. There are many ways in which you can get involved, all of which really helps spread awareness for the show. These include commenting or asking questions in the live chat. I can see some of you hopping in already. Welcome, everybody. Submitting topics or questions before the show on X or Nosta, boosting the show on Fountain or any of the other podcasting two point o apps, sending in questions or tips via, XMR chat, or just sharing the show on X or Nosta with your friends.
Aside from the awesome, very active active, lost the live chat last week, you guys know who you are. There's no baller boost for support on Fountain for last week's show. Top support come from Rog at SC Bitcoin who sent 500 and said, I've used LastPass for a long time. No problems with it, but I'm gradually moving to Proton Pass. I love it, and it's reassuring to hear that I'm doing the right thing. Well, thanks for supporting the show, Raj. And, yeah, we we're all big fans of Proton Pass here as we discussed last week. Okay. Without further ado, let's dive into the show. Max, Seth, how are you doing, gentlemen?
[00:02:08] Unknown:
Very well, mate. I'm just reading through the,
[00:02:11] Unknown:
comments, and it looks like, BTC wrestle might be becoming XMR wrestle. Seth's, sending him some picots. Is that right? Wrong person, but close. I was gonna send him to Bob. Yeah. Because he was on I'm I'm focusing on x chat today. I know. I'm I'm a heathen. I guess YouTube's no better, but, yeah. Okay. Trying to trying to convert some people over to, to Monero here.
[00:02:33] Unknown:
Keep my my frequent label going. Okay. Well, yeah. So in answer to your question, Q, very good. Still dyslexic. Can't read what's going on in the chat, but trying. And good to hear you are in sunny,
[00:02:45] Unknown:
sunny Spain. Are you enjoying it? I certainly am, and emphasis on the sunny. I left, about a 10 degree centigrade UK and landed, yesterday evening to nearly 30 degrees. So it was a bit of a shock to the system, a nice shock, to be honest. So, yeah, I had a lovely day. Went for a little run early this morning, and I've just been sat in a coffee shop doing doing some work and, heading over to, the first day and meet some of the the guys from the conference basically straight after this. So, yeah, looking forward to an exciting weekend here in Madrid.
[00:03:19] Unknown:
For those of us who haven't been to that conference, do you mind kinda just telling a little bit about what it is? I'm sad I haven't made it out yet, but I I keep hearing fantastic things over the year. So kinda curious what were your your highlights and main things you do like about it are. Yeah. So this is the first time I've ever been. So everything I'm about to say is purely hearsay, and I'm just going off what the people tell me.
[00:03:40] Unknown:
But, yeah, I'm head I'm attending Watch Out Bitcoin, which is, basically just a group of really based Bitcoiners. The the Mick Max and I were talking about how cool the Spanish community is in in and around Bitcoin on last week's Bitcoin brief. Very, very big privacy focus. And, yeah, it's a very kind of or much smaller, close knit conference than than the likes of, Vegas, etcetera, which I'm is why one of the main reason I'm really kinda looking forward to it because, I don't know, I think you'll probably at least have the the smaller conferences tend to be a lot more insular. You you know, you can a lot more enjoyable. You can kind of speak to to everybody, and there's much less of a kind of corporate feel to them. So, I believe that Watch Out Bitcoin is is very similar. But, yeah, my thing I'm looking forward to the most, as always, with most of these conferences is, you know, just meeting up with Bitcoiners, especially some of the the, very based Spaniards that I've spoken to online for a number of years.
[00:04:35] Unknown:
Nice. Yeah. It seems like a really fantastic one, and you're definitely hit the nail on the head that these these smaller ones are they're definitely my jam. I mean, there's there's obviously a lot of, like, value in Bitcoin Vegas and the the nuts ones from a business perspective. But the, the ones like that, the ones like, dark prog that just kicked off, which I'm not at either, unfortunately, but in the past has been called Hacker's Congress. The Aragon has been one of one of my favorites. Those were, like like you said, it's small enough you can actually, like, see familiar faces, have time to talk to them, and not just be Is that the parallel Nicholas one? Yeah. Yeah. They just rebranded hackers congress to dark prog, and then Mhmm. Parallel Nicholas is now called second culture.
But same a a lot of the same people involved, a lot of the same ideas, just a a bit of a a restart refresh with dark prod versus hacker hackers congress.
[00:05:27] Unknown:
We've also got,
[00:05:28] Unknown:
Lightning plus plus going on this weekend as well, I believe, in Berlin. There's a lot going on in the big space this weekend. Yeah. You're right. It's a busy one. For that one too. Yes. Always. I love I love what Nifty puts on with those conferences and all the other people who help her. They're just so immensely useful for bringing together, like, all of the technical devs in the space to have conversations that just wouldn't happen otherwise. They do a fantastic job with the programming, and, yeah, they absolutely nail it. Yeah. For sure. Alright, guys. Time's getting on.
[00:05:57] Unknown:
Today, we are gonna be diving into network level privacy, more specifically VPNs. We're gonna be talking about what network level privacy even is and why so many people immediately kind of think of VPNs, but also, you know, what other options there are out there that you can use to to protect your network privacy. We'll, explore the good, the bad, and the ugly of commercial VPN services. We'll compare the most popular kind of privacy first providers like Proton, MOLVAD, IVPN, and Obscura. And then, hopefully, if time permits, I wanna look at some of the alternatives like Tor, WireGuard, Tailscale, and maybe even, again, if time permits, some of the kind of more tertiary product projects like NIM, and hole punching kind of where they fit in with that.
But before we do that, as always, I'd like to cover the basics. So, Max, I'll hit you with this one first. Let's start literally network privacy one zero one. What is a VPN? Why would you wanna use one to kind of bolster up your network level privacy?
[00:07:04] Unknown:
K. A VPN is a virtual private network, or it's short for. You would wanna use one to keep yourself private from either your ISP or if you're in a coffee shop using public Wi Fi. What it does or just generally, most of the time, what it does is it sends your data encrypted to a tunnel to your VPN provider. So rather than giving all your information and IP address and everything and and what you're browsing, You then are sharing that with your VPN provider. You're putting your trust in them. If you use one correctly, you don't have to give all your personal details, and you can pay in cryptocurrency. You can pay Monero or Bitcoin at some of these. It's just a layer of protection.
And the other reason you might use one is if you wanted to access websites or services that aren't available in your current location. So you could look as though you are in America when actually you are in The UK, and then you could actually, you know, access things that you wouldn't be able to in The UK as things get tighter and tighter and tighter. Is that a good description? I don't know what else to say
[00:08:22] Unknown:
about it. No. That that's good. I wanted to keep it basic first off before kind of diving in elsewhere. So, Seth, I'll hand this one to you. What does what specific types of information does using a VPN shelter or or hide? Who does it hide it from? And, like, when you're not using a VPN, like, what kind of information are you sharing with, with your kind of Internet service provider or whoever provides your your kind of cell connection?
[00:08:45] Unknown:
Yeah. I mean, the, the the biggest thing that you're protecting is just generally information about your activity online. Like, there's a a pretty common misconception that once we switch to using HTTPS for all of our websites, that suddenly we didn't need to trust our our, ISP with info about what we're doing online. Because in theory, HTTPS does hide what pages you're visiting. It hides, a lot of information about what info you put into fields on those forms, that sort of thing. It does protect it from, your ISP and anyone else kinda in between you and the website that you're visiting or the app you're using. But the main problem that quickly developed, and this is something that I, had the privilege, for lack of a better word, of getting a lot of insight into when I was in the cybersecurity world, is that even if the the contents of exactly what you're doing on a website are not easily visible to an ISP, a lot of the the specifics of what you're doing can be determined or at least very, very properly guessed at by looking at broader metadata for your connections. So that's looking at things like DNS requests, seeing when you request what DNS, entries, for specific things on each website can reveal a lot of information about you.
That's, looking at things like, seeing how long you're connected to different IP addresses, what kind of packets you're sending back and forth, how big the packets are. That could be something as intensive as, what's called deep packet inspection, which is actually looking at each of the packets and trying to glean as much information as possible out of them, potentially even trying to break HTTPS to enable the ISP to to see more info about what you do. But the vast majority of of information about what you actually do online is visible by just looking at metadata about the connections that you're making, the network connections themselves. So VPNs allow you to shift that trust, and I think that's a very important point that I'm sure we'll keep coming back to is VPNs don't remove trust. They let you shift trust from an ISP that knows everything about you. They know your home address. They know your name. They know your credit card info. They probably know some purse some other personally identifiable information.
Shifting trust from them also having access to all of your network activity to now trusting a third party that hopefully you're able to pay in Bitcoin or Monero or Lightning to not get any personal info or to to not give your home address to, and then having that visibility. There are some further steps you can take to even remove that network visibility from the VPN, but those are a lot more advanced. And, normally, you are just kinda shifting trust. But, yeah, it's generally about protecting the information about what you're actually doing when you're online
[00:11:21] Unknown:
from your ISP. Love that. Thank you. Alright. So so, what I'm claiming from this is that we're we're kind of removing the ability for our ISP to kinda see a certain degree of what's going on on our in our online online activity. But does that are we not just kind of shifting the goalpost then over to the to the VPN provider? Would would you guys consider that as a a trusted relationship? If if you do, what can we do to kind of mitigate that trust in the VPN provider and, you know, minimize what, you know, what information we're sharing with a different entity, the VPN provider in this scenario.
[00:11:58] Unknown:
Well, like I said, you are moving the trust across to the VPN provider from your ISP, but the difference is the VPN provider, as long as you're doing things properly and going with the kind of options that are mentioned in the chat and you're paying with cryptocurrency and not giving your personal details, at least it's separated. So they might know what your traffic is, but they don't have the ability to necessarily link that to your name and your address and your payment details and all the other stuff that your ISP has. So you're just separating data that could be much more harmful if it's all in one place,
[00:12:39] Unknown:
as far as I understand it anyway. Yeah. It's one of those interesting things where VPNs to me were practically useless except for the, like, getting around geo restrictions before we could pay in cryptocurrency. Because, like, it doesn't really help me much to shift my trust from my ISP who I at least have, like, a a contract with that has some sort of a privacy policy that I could make legally binding to shifting my trust to a VPN. New, I just trust with all the same info. Like, if I had to pay with my credit card and give them my billing address, like, there's not there's not a lot of benefit to doing that, but that completely changed with Bitcoin, Lightning, Monero, where now you can separate payment privacy from network privacy and have the best of both worlds. It that really is, like, that's the critical piece.
If you're ever paying with for a VPN with credit card, I think there's almost no point. Now there are some advantages, like, if you have a specific and you're you're in a specific jurisdiction where a VPN is, like, life or death access level, that's getting around blocks that would be extremely problematic. But, for especially, like, the average person, it doesn't really make much sense unless you're paying with crypto. So it's one of those, like, perfect product market fit things for crypto to enable you to to get the most out of a VPN. The the other thing you can really do, like, to get around or to mitigate some of this trust and there's a lot of different perspectives on this. I'm sure we can we can get into it more as well as this kind of relatively recent idea of separating out the visibility of your network activity from the entity you're actually paying. So, like, an example of this would be Obscura.
Their whole model is basically this what they call a two entity model where your first the first portion of your connection and here paying is Obscura. But then you essentially use a second hop, which is an an exit node of sorts through Molebot. They're separate entities. There's no ability to share logs unless they actually collude and work together. Like, there's no nat native ability for either of them to be able to know either where you're coming from or what you're doing online. And it provides a really good kind of in between set of protections for you. It's not perfect.
Obviously, those entities do have a business relationship. They could collude. But that type of approach, I think, is probably the the way forward because there's, at worst, it's the same as the current single hot VPN model that everyone's already using. And at best, you're getting much better privacy, without really adding in much, if any, latency or delay in your actual connection.
[00:15:13] Unknown:
Yeah. Yeah. I'm glad you mentioned that, that kind of too hot model, which we've seen. I think Apple do something very similar as well. I think they may have even been the ones that kind of pioneered and inspired something like Obscura. It made me think of that, that exhibit meme, where it's like, yo, dog. I I heard you like VPN, so I got a VPN for your VPN.
[00:15:34] Unknown:
Nope. Pretty much. Pretty much. Pretty much. Double muted. I'm too slow. Too slow on the drop. Yeah. I was I was also having a little chuckle while muted.
[00:15:42] Unknown:
Thanks for leaving me hopping high and dry there. That's alright.
[00:15:46] Unknown:
Could you could you also do something like run your own, virtual private server? Like, you could have your own infrastructure, and then from that, it connects out somewhere else. So you could, have a server that you're paying for with cryptocurrency that your traffic goes to that you own, and then that goes out to another VPN. You could kind of do it yourself,
[00:16:14] Unknown:
or does that help? It it possible. Yes. But advisable for most people, probably not for for two reasons for me. First one will be just a bit of a headache to have to run and manage in a VPS. And secondly, like, if you're hosting your own and it's just a singular server, then you completely lose that hiding in the crowd aspect that a commercial VPN offers you.
[00:16:40] Unknown:
Why? Like so for example, I'm sure I'm wrong, but as an example, if if I'm if I'm paying for, a server with, like, my Nimbox or a service like that, and I'm paying cryptocurrency, and they don't have any of my details, and I've got that set up, that that connects to Mullvad or one of those others, then wouldn't it be that my ISP no longer knows, doesn't have access to my browsing history and information. It's actually my virtual private server, which is encrypted. And then that is connecting to my MOLVAD, which means that MOLVAD also don't have my proper details. So it's kind of like there's there's this thing in the middle which you also own.
[00:17:31] Unknown:
Yeah. I mean, again, absolutely possible. I would say why go through all that hassle when something like obscure already exists?
[00:17:39] Unknown:
Fair. Yeah. Fair. Wasn't it only available for Mac, though?
[00:17:44] Unknown:
I'll leave that one for Seth to answer. I'm not sure.
[00:17:47] Unknown:
They only have official clients right now for iOS and macOS, but they have a WireGuard config generator. So in theory, you can use the, the WireGuard apps on Android and other platforms to be able to do it. It is gonna be not as enjoyable because clients being good is a very important part of VPNs being reliable and useful. But they're they are they are bringing support for other platforms ASAP. You know, that's their top priority, alongside adding Monero support.
[00:18:16] Unknown:
Vibrant made a great comment on Twitter. He said a a VPS option similar to what you've just described, Max, is can be a good option if you don't wanna be hit with the classic VPN discrimination where, you know, there's there's kind of known IP address ranges for Proton, etcetera. So that's a good point. And, also, quick question for you, Seth. I know you may have covered this, briefly earlier, but, as an obscure user, he's he's asking if it's slower?
[00:18:42] Unknown:
Yeah. It is definitely not slower in my experience. You said that's how it's done. If anything is the same, I honestly feel like it's been faster and more seamless to me. But this is where I think the difference comes down to clients. Like, the actual client you're using for the VPN makes a huge difference. Like, the speed at which it reconnects, the speed at which it rotates WireGuard keys, and the way that it handles network changes really makes a difference in how, like, the perceived speed of the VPN is. But I I can I can say in my testing from before they officially launched, that's all I've been using across all of my devices? It's, at worst, the same as using mobile directly, which I know it makes no sense, but often feels better. But I think that comes down to the the clients themselves being absolutely top tier. So I'm that's also one of the reasons why I'm totally fine that it's taken them a while to bring out clients for other platforms because I know that they're they're definitely up to variety who do things right, do things very thoroughly, and make them very bulletproof.
So I know that their their Android client, Windows, Linux, etcetera, are gonna be, are gonna be fantastic.
[00:19:52] Unknown:
Good to know. Gents, I I see a lot of free or advertised as free VPNs floating around, mainly in, questionable YouTube adverts. What's your thoughts on those? Should we should we avoid, like, the plague? Does it seem too good to be true? Like, what's the Yes. What's your take on those and why? It's,
[00:20:13] Unknown:
it's that you are the product. If it's free Mhmm. There's a reason it's free. You're giving your data to someone. I I doubt it's gonna be open source. I doubt, you're actually gonna, be protected, and I would personally stay well clear. That would be my take.
[00:20:36] Unknown:
Yeah. I mean, Max nailed it. If if you're not paying with money, you're paying with data. There there are some minor exceptions where there's a, like, a freemium model like Proton does where there's a very restricted free tier just to let you try it before you actually use it. But, generally, you should be very, very wary of anything that's free as a VPN or, unfortunately, anything that you see slathered all over random YouTube channels. They're probably not gonna be trustworthy. There's a lot of really well documented stuff about how single entities own multiple of the most popular VPNs. Not the good ones that we'll talk about later, but multiple multiple of the most popular VPNs like NordVPN, and they spend millions upon millions upon millions of dollars getting every influencer on the planet to shell a VPN, and random videos have nothing to do with that. So that's also generally a red flag. I will say Mobod has a really cool campaign that they've been doing, like, on in physical media in, like, New York City and on subways and buses and stuff. Yeah.
So it's not always a bad thing to see advertising, obviously, but it is, like, like, one of those things where if you see them everywhere, you should probably be a little wary. And if they're free, you should definitely be very, very wary.
[00:21:52] Unknown:
Good to know. It always makes me laugh when it's like some of the ones I see, it's like, oh, if you use this code, you can get an extra 88% off. I'm like, they've literally given it away for free again. Alright. Before we get into the the comparison of the popular tools, two slightly more technical question, but we don't need to go too deep on these. But, first one is, I hear a lot of chatter around like the two major kind of frameworks or protocols that most VPNs operate under or on WireGuard and OpenVPN. Is is the differences here should that be something that the end user is concerned about?
Or is it kind of just are they much of a muchness? Do do you guys have any, hot takes on those?
[00:22:38] Unknown:
The short answer is don't use OpenVPN. Use Wirecard. It's the superior protocol in every way, for privacy, but more importantly, for speed and latency. It is wildly better and more well maintained and has much broader, support. It's just it's the no brainer answer. The only reason you would ever use OpenVPN, and you'll see that even, like, mobile ad, etcetera, are killing off OpenVPN support slowly. The only reason you would use it is some older, like, routers and hot spots and stuff that have native VPN support where you can, like, connect in your router to a VPN to have whole home VPN, that sort of thing. Some of them only have open VPN because WireGuard requires some kernel level stuff that can be a little tricky on embedded devices. So that's really the only scenario where you would use it, but, generally, don't use OpenVPN. And you'll notice any of these good VPNs, the defaults are always going to be, WireGuard. They're they're not gonna be open VPN if they even allow you to do open VPN at all. Okay. Cool. Alright. I'm I'm very glad you mentioned,
[00:23:46] Unknown:
routers there. Because the final question I had was, obviously, you can run a VPN on your client, like your laptop or your phone, but you can also run one at your router level. Max, I'll hand this to you quickly first before letting Seth come in. But why would somebody do one versus the other? Are there kind of privacy trade offs, or is it just a a personal preference thing here? Like, can you kind of spell out the differences?
[00:24:12] Unknown:
Yeah. I I think well, you could do both. For a start, you could, like, belt and braces. You could have one running, like, a a router level one in case there's, something disconnects on one of your devices or just a more simple way to protect
[00:24:30] Unknown:
That's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that
[00:24:37] Unknown:
The first time I ever ran one was actually what was I trying to do? I think, that's what I was trying to do. I was trying to set up a new node that I built on my laptop, and I couldn't download a VPN before downloading the Bitcoin blockchain and or the Monero blockchain. I can't remember which one it was, but I didn't want to download that without running a VPN, and I couldn't run a VPN on that device. So I was like, fine. I'll get a a router with a and have a VPN at the router level before downloading because I don't want my ISP to know that because I lived in The UK at the time, and I thought, you know, they might come and knock my door down or something at some point. So, that was why I first ran one, and I don't know whether that was really necessary or not. But, yeah, I saw it as belt belt and braces. And then I liked the fact that the router a wasn't that expensive. I used a flint too.
It's about a £150 or £200 maybe. The connection was better than the router I used with the from the ISP. It gave me lots of extra protections, and I could adjust things. And then I had, like, a separate network for guests who came as well. So, yeah, I don't know. That's that's my experience with that anyway.
[00:25:58] Unknown:
Any advances on that, Seth? What what's your take?
[00:26:03] Unknown:
For me, it it very much depends on you specifically. If I was single, I would absolutely be using a router level VPN, and then also using it on clients that I travel with. I wouldn't double up, so I wouldn't, like, on my desktop, also be using a VPN, as well as router level. The thing that I run into is that a router level VPN, if you have, like, a wife or kids or roommates that aren't as hardcore as you, it's gonna cause a lot of problems. Specifically, streaming services are gonna lose their minds. So if you use any streaming services, prepare for it to just not work or to be very intermittent. So it it just kinda depends. To me, the more useful split is using VPNs on all devices where, like, I'm doing a lot of things. So desktop, laptop, phones, etcetera, and then using router level DNS for blocking as much as I can.
So that's gonna be a lot less painful. That's gonna allow you to block most of the built in telemetry, tracking, etcetera, ads, for your smart TV, for your, IoT devices, that sort of thing. It's gonna do a lot of the leg work for that. Yes. It won't be quite as good as providing privacy from the ISP as a home like a router level VPN, but it gets you a lot of the way. And it's a better, like, quality of life Can't you Choice between two.
[00:27:31] Unknown:
I'm sure with, like, the Flint two one when I set mine up, I have the guest network that wasn't running the VPN, I'm pretty sure. So the VPN was only on the network that only I connected to with all my devices, and then the TV and all the stuff the kids and missus and everything just ran, separately. The DNS stuff, you could also change within there. So, like, having that device, I think, anyway
[00:27:58] Unknown:
Mhmm.
[00:27:59] Unknown:
You can have your cake and eat it and do everything that you wanna do and have the DNS changes and stuff, which I think wouldn't be as simple on, hardware that you get from your ISP.
[00:28:12] Unknown:
You you are correct. You can do, like, split tunneling or, splitting out subnets to do that. The main thing that I kinda came to, the main conclusion was, at that point, the number of devices I want to use VPN on, I already have the clients installed on. I could just do client side VPN. Like, we're talking a laptop, a desktop, and a phone for me versus a lot of other devices for others. So just the headache of setting up and doing the split tunneling properly and making sure the devices stay on the right networks and all that didn't actually help to me rather than just doing client side VPN on the devices I knew I was gonna use VPN on anyways. But, again, that's all gonna depend on your split. If the vast like, let's say there's one person in your household, your teenager, who or whoever who can't use a VPN, but everyone else can and all your devices can, then, yeah, router level with just, like, split tunneling off their traffic would be by far the best solutions. You don't have to do VPNs and everything else, but it's all gonna come down to to personal preference. But that is a good call out that routers you can normally choose, especially good ones with good software, so you can easily do this. You can choose what devices are going to be going through the VPN and what devices are not. Oh, I just thought of one final one as well. If you're doing something like mining,
[00:29:23] Unknown:
you have an operation like that, you have many, many, many, ASICs running and and different devices running, then presumably, it would make sense to do that because you're not exactly gonna go and install, like, Mulvad on an s nine. So you you you're gonna have to do it at the router level.
[00:29:41] Unknown:
Yep. Agreed. There yeah. There's lots of clients. IoT devices, smart TVs as well. There's gonna be a lot that you can't possibly do, client side if you do want a router on. Yeah. So yeah. You're right.
[00:29:52] Unknown:
Okay. We we've got loads of awesome questions coming through in various different chats and presubmitting, and I wanna make sure we've got time to to get to those. So, most of the listeners here are gonna be well versed in in all of the the popular choices among the privacy circles, Proton, Molvad, IVPN, Obscura. Sixty seconds each if you don't need any less than that. Which one do you use and why do you use it? Let's just highlight all the good parts so people got something actionable to take away if they don't already run one or use one of these mentioned, and then we can move forward, finish off the the kind of preamble chat, and then get to these awesome questions. Seth, you can go first.
[00:30:29] Unknown:
Anybody who's been listening to Freedom Tech Friday is gonna know what my answer is. Definitely an obscure a shell these days. Carl, the founder's fantastic. Their clients are the best in the business, and their two entity solution, I think, is what every VPN should be doing. So, to me, they're they're the best option right now, but that clear caveat that they don't have clients for non Apple, ecosystem yet, but those will be coming. Beyond that, I think you can't go wrong with either Proton, Mobod, or IVPN with Mobod having the slight edge over the other two, in my opinion. But, really, any of those four, whatever one suits your needs best, all can be paid with Bitcoin.
Some can be paid with Lightning. Some can be played paid with Monero. You have a lot of choice there, and all of them are are really good with really good track records and really good teams. And I know the team's behind all four, so that's another thing that goes a long way when, again, you're shifting trust. You're not removing it.
[00:31:24] Unknown:
Max, I'm I'm gonna, assume that you're probably fairly aligned with what Seth just said, but anything else to add?
[00:31:30] Unknown:
Yeah. Yeah. Basically, except that I use Mullvad rather than Obscura because I do have, different devices that wouldn't run on it, like a mix of, like, Apple and, everything else. So, that's one reason. Second reason is I've used Mylfadd for a long time. It works. I can pay in cryptocurrency. I can pay monthly. It's really simple setup, really clean. And if something works for me, I don't like to change it because it's so rare that it works, and this works.
[00:32:01] Unknown:
Yeah. Wise idea. Wise idea. Alright. Appreciate the the recommendations there. Again, both aligned with both of you guys. I I use both of the ones mentioned regularly. Alright. Final question, before we get to the actual questions or or the one that I had aligned up. Where does Tor fit into all of this? Do you need to use Tor if you use a VPN? Do you need to use a VPN if you do everything on Tor, you know, the the flip side to that? Do you need to use both? What scenarios would you need to use both? Like, what's your what's your take on on this one? Max, I'll hand this to to you first.
[00:32:37] Unknown:
This is really a Seth question, but, I tend to use VPNs, generally over Tor just because of the reliability and speed. If you're gonna try and use Tor for everything, you quite often can have a hard time. Things won't load. You can't connect or at least that's been my experience. I also think there's, like, a time and a place. So for most things that really matter, I'll be using Tor. I use Tor on connections to my nodes. I use, Tor when I'm doing anything like Bitcoiny. But, you know, if I'm shopping on Amazon or whatever, I'll be using a VPN.
It just just for the the speed and the how much of a pain in the ass things can be. Yeah. I mean, that's that's pretty much it. The the key to me is that a VPN
[00:33:27] Unknown:
really should be everyone's always on everyday solution. I think there are very, very few circumstances where you shouldn't be using an always on VPN, whereas Tor is very much a sit a situational solution. So there are lots of specific situations or uses for it, like your Bitcoin node. There are a lot of good reasons to run your Bitcoin node either exclusively over Tor using it for transaction propagation, same with Monero and others. There's a lot of good reasons to use Tor for, like, p two p trading Bitcoin. That's why Bisc uses it. That's why Robosats uses it. There's some really good specific use cases, but it's really when you need anonymity, not privacy.
And it that's not to say that tour doesn't provide privacy. Obviously, it does, but the key use of tour is to ride anonymity. A VPN is something you can use even when you're not trying to be anonymous, which is most of the time on the Internet, honestly. So when you go to your bank, there's no reason to use Tor, but a VPN is still very useful. Although, unfortunately, some banks also hate VPNs kind of case by case basis, but many of them are okay with VPNs, but you're gonna get a lot of red flags if you use Tor and then log in with your real name and everything, and there's no benefit there. Awesome. Thank you, gents.
[00:34:36] Unknown:
Before we hit the questions, just a quick reminder, guys, if you're in any of the the various live chats, please do drop some questions in there if you, have got any network related stuff to do with VPNs at all. But before we do that, quick shout to to the Nosta live chat. We've got some zaps coming through. We've got WarTime with 333 sats. We've got Neo with 210 sats, Nostigang with 21 sats, Bon with 3,456 sats, and Banana Man with 2,100 sats. Oh, and, Filthy Fiat Wallet with 420. Thank you for your support on the show, guys. Thank you very much. Right. Onto some questions.
Let me bring up the first one that was presubmitted. This one's from Rob g on, on Twitter. He said, I've heard people say VPNs do not make you anonymous, and I agree. The biggest benefit is not letting your ISP see every every site you visit via DNS question mark. Is there a way outside of a VPN to mask the IP address you visit from your ISP? I'm gonna guess the obvious one here is gonna be Tor. That would be the the easiest way. Although I did see an additional comment from Max Tannehill, that introduced me to something called Warp for desktop.
I don't know whether you guys have heard about this. It's basically a a Cloudflare service, which I've never heard of before, that seems to operate in a similar way to a to a VPN, but it connects only to to Cloudflare servers. So that it doesn't necessarily give you the the kind of privacy guarantees that the tools we've been talking about before, but it would potentially, have the same, kind of solution that Rob's asking for here where it would mask, you know, the websites that you visit from your ISP because you're routing it through, you know, another server. But I don't know whether you guys have got any anything else to add other than the the two solution I've just mentioned.
[00:36:26] Unknown:
No. Yeah. I mean, not to if the specific interest is hiding your IP address or hiding the IP addresses of what you visit from your ISP, then no. You can hide a lot of further information by using a different DNS than the one your ISP offers you, and that's something everyone should do. It doesn't have to be some DNS you pay for. You you can easily use Cloudflare's DNS. You can use open DNS. There's a few others that, I think nine what is it called? Next 90. No. I can't I'll I'll look at what it is, but there's another one that has a nine in the name, where they provide DNS list that not only provides some form of, ad blocking, but also mean that you're not sending your DNS request to your ISP, where DNS is one of the the most important pieces of data that you should not be providing to your ISP. So even if you're not gonna do router level VPN, you should be doing router level DNS and changing it to something other than the default, which is a a really important piece there. It is important to know a lot of routers will use their own custom DNS.
So, like, if you're using, like, Google's routers or, Amazon's routers, whatever that company is called. A lot of times, they'll use they'll have their own custom DNS setting that you can override, but they won't use your ISPs. But it's it's an important thing to check on, especially when you get a new router to see what DNS is being used and change that because that's a a huge data leak.
[00:37:50] Unknown:
Alright. Thanks. Question from Banana Man on Nosta. Any recommendation on how to use a VPN with a self hosted services, e g, Node, Electrum Server, etcetera, that want you to be publicly accessible, for example, Bitcoin port eight three three three exposed to allow incoming connections. It seems like some VPN providers like Mullvad used to allow forwarding ports. Any other solutions like it? I would probably, first and foremost, push back around, especially around opening ports on your your home router unless you absolutely need to. For me, Tor seems to fit the bill most of the time for connecting to things like Electrum servers.
Most people tend to do most of their cryptocurrency activities in their home location where their nodes are so they can just collect collect connect locally. And then for me, Tor seems to fit the bill outside of those. For the very few scenarios where I, can't or are unable to use Tor when I'm away from my nodes and I need to access my services, I do have a backup kind of tail scale, solution, which is, installable on definitely on Umbrel. I don't know whether Star nine has it as well. But what's your guys' take on on this question here and, you know, and maybe let's look at the trade offs of doing something like tail scale. Seth, I'll let you, take this one.
Yeah. I'll start. If you don't mind bringing up the question or maybe just repeating it again. Yeah. Yeah. It's on the office, so I can't bring it up. But any recommendations on how to use a VPN with a self hosted services, for example, sorry, services that want you that you want to be publicly accessible. Mhmm. Then you mentioned about port opening ports and, do some do some VPN providers support port forwarding.
[00:39:37] Unknown:
Yeah. So the short answer is you you will not be able to use a VPN and do any sort of port forwarding. This used to be possible on most of them. Mulvad was one of those, but evil people do evil things with good technology, and that port forwarding got abused. And so they had to shut it down. And as far as I know, every VPN provider, does not allow port forwarding anymore. So it's it's one thing where you will not be able to mix those two things. That's where a lot of the choice will come down to, are you doing router level VPN, or are you doing client side? And if you're doing either one, generally, you can make exceptions for specific traffic. So there are ways that you could still do port forwarding by skipping the VPN for that traffic or that device.
Obviously, there are pros and cons to each of those, but that's also maybe another good reason to have a separate server that hosts your public things, or separate that network traffic out at least, so that you can you can still kinda have what you want through VPN, what you don't want through VPN split separately. But, it it will get it will get a little tricky if you're trying to use a VPN for those. But there are a lot of reasons why you wouldn't use a VPN anyways on something that you're self hosting to make publicly accessible. So again, a lot of times just kinda some separation is is useful there.
The main caveat, I would say, and you hit this on the, you hit this nail on the head q and a's. If you're just thinking publicly accessible for yourself, you can do that with a VPN while then using Tailscale to actually get into your home network and reach things as if you were inside your own network. Tailscale plays really well with most VPNs. Like, that was one of the things I loved about Obscura was the moment I started using Obscura. It just worked out of the box with Tailscale because I use Tailscale to access all of my servers, all of my home services, so that I don't have to expose those to the Internet, but I can still access them as if they're exposed to the Internet. So that's a fantastic, like, middle ground solution that a lot of people should use. And it seems really daunting at first, but it's actually quite straightforward to use.
[00:41:38] Unknown:
Alright. Thank you. We have a tangential follow-up question as well, which I'm gonna bring up on screen just now. It comes from VMVD on, and he said, I love what ops go is doing, but on I iOS, it doesn't seem to work when Tailscale is used. Is using the paid mobile exit node service directly in tails Tailscale an adequate alternative, or are there any downsides? So I've never actually heard of this before, but, I guess what what VMVD is is alluding to is the fact that, obviously, Obscure and Tailscale will be kind of conflicting VPNs on on the phone, which is why they kind of put heads and what you work at the same time. But, yes, having the Tailscale be the active connection, but then having a MoleVOD exit node service, which, again, I didn't know existed, seems like it could be, a good combination. You ever heard of that one?
[00:42:26] Unknown:
Yeah. They partnered with MoleVOD a few years ago so that you can if you're a heavy Tailscale user, you can actually choose to use Mobile to tunnel all your traffic out through. Because one of the things that Tailscale has had for a long time is you can choose one of your servers and your Tailscale network as an exit node. So, like, you could you could act as if you're always reaching the Internet from your own home or something like that, which I know some people use to be able to actually do VPN with tail scale on mobile is that you have a router level VPN on your in your home, and you Tailscale into your home and then exit from your home so you're going through the VPN. It's a little messy. It is a possible solution, but, yeah, you you can use mobile within there. I I don't have a specific reason why you shouldn't. It's It's always just felt a little bit odd to me, but, it's it seems like it would be a good solution because, like you mentioned, if you're on mobile, there's very strict restrict very strict limitations to only doing one VPN at a time, so you'll not be able to do Tailscale scale and VPN at the same time on Android or iOS, as far as I've seen. The exception would be on Android with GrapheneOS in a separate profile. You could do tail scale in one profile and your VPN in another and use that other profile only for tail scale stuff, but that also is pretty, pretty advanced.
[00:43:45] Unknown:
I like it. Yeah. I'm gonna go and check that one out myself. That's, very interesting to me. This is, an interesting one. Does anybody use Android Auto? It won't allow connection with a VPN on, even with a cable. I still sometimes get the VPN notification. I've never had any issues with Android Auto and a VPN being active on any of my Pixel devices. So it seems like it could be a configuration issue to do with your phone, but I wanted to put it to you guys as well just to see if you've ever had a similar sort of issue. I'd be honest. I don't even know what Android Auto is. So there we are. It's when you plug your phone into your car and you basically have a an Android screen on your car so that you can, like, have apps and stuff and open up your podcast player and things like that rather than just using the default Bluetooth connection. Right. Right. Right. Right. Right. Okay.
[00:44:34] Unknown:
Yeah. I, unfortunately, have never been able to use Android Auto. The only car that I ever had that had it, I don't have anymore. And when I did have it, GrapheneOS didn't support Android Auto. So I unfortunately have nothing to add here, but it I I know that it should work with VPN on. I'm not sure why it wouldn't
[00:44:50] Unknown:
Definitely did in in my, my case. Sorry, uncle Swan on Nosta. Can't help you there. Next question comes from sovereign stack on Nosta. Thoughts around VPN company ownership. Any red flags or signs to look out for when choosing a VPN provider? What about VPN hosting providers such as m two four seven? Never heard of them. How can they pose a potential risk? I'll hit this one first and just state some of the obvious ones. Look for companies that have open source clients. Look for companies that have been around for quite a while. Look for companies that don't basically give their services away for free. Look for companies that promise no lot, a no logging policy, but also look for companies that have actually been to court and proven that they are unable to give any logs, when in a court of law.
On the m two four seven, I've never heard of that, so I can't, kind of give any more information there. But, guys, have I have I kinda ticked all the the obvious boxes? Have you got anything to add in terms of science to look for when choosing a a VPN provider? Oh oh, sorry. I missed one. Can you pay for the cryptocurrency? Exactly. Yes. Thank you. Yeah.
[00:46:00] Unknown:
No. I think I think those are the main ones. I mean, don't just like with any other privacy preserving service or really any other service, probably don't be the first one to use it. If you don't know of anyone else that's that's using something or recommending it, probably not something you wanna be the first to use unless you have the wherewithal to actually, like, do your own research and get to the bottom of any potential problems. But it's not something to rush into using the the latest and greatest thing most often.
[00:46:26] Unknown:
Okay. Cool. I've just noticed Black Coffee, who's just sat up to 6,431 sats, by the way. Thank you, sir. Also commented in the Nostra chat to say that he also has the Android Auto VPN issue. So maybe it's a a recent thing. I've I've not tried it for quite a while. So I've put that down to user error, most likely. No. I mean, he is he is a bit of an idiot, so maybe it's just, You've got to plug it in at both ends. The The cable has two ends. One one bit goes in the phone, and the other bit goes into the cigarette lights a bit. It's like a boxy thing. I, I think we might have covered this one, but, he submitted it ahead of time. So I just wanted to give credence to it. Rev Huddl on Noster. What information can a phone provider still see when using Tor or VPN, and is there any major differences between Android and iOS?
I seem to remember something somewhere in recent history to do with iOS, maybe not doing full device level VPN even when it's active. Seth, any recollection of that, or am I just talking out my ass?
[00:47:29] Unknown:
Yeah. Yeah. So I am a bit foggy on the details, so I'll see if I can find the link. But the the short answer is Android does a better job of making sure that all of your traffic goes through a VPN. Now this has had exceptions and bugs in the past. I know some specific VPNs have had issues. Mobile and IPN VPN both had some some problems where on Android, specific data was not going through the VPN, that they both sorted. But then there's also something on iOS where there's some, like, OS level stuff that sometimes isn't properly routed through VPN. Again, it's not the majority of your traffic or anything like that, but the way iOS handles VPNs is not quite as hardcore as, on Android. And I believe it's the same for for macOS, where it's a lot more complex to actually do a VPN the right way. Some VPN clients don't do it the right way, and so it's much more susceptible to leaking things like DNS, outside of the VPN.
But, yeah, I'd I'm not I I don't remember the details 100% off the top of my head, so I'll see if I can track down that link.
[00:48:35] Unknown:
Alright. No problem. Alright. Next question comes from Sean O'Brien. And this could be a deep one, so let's try and keep it high level. But, I'd I'd like to hear your thoughts on ITP versus NIM versus Tor, but not like a battle royale, just where they differ and the strengths, of each. I'm I'm fairly foggy on both I2P and NIM. Obviously, you know, we're all well versed in Tor here. But, guys, any any hot takes here on why you might wanna use NIM, which I believe works on something called a mix net, which in my head sounds a little bit like Tor, and then something like ITP, which I believe has been around for for much longer, and may or may not be the backbone of torrenting.
Again, I might be talking out my ass there, but, guys, have you got any hot takes here?
[00:49:27] Unknown:
My only take is, I try to use what is used where it's absolutely mission critical, and Tor seems to be the one that, is used by most of the most critical, places and people who really care about, keeping things private. So I use that. But outside of that, I don't know. Don't know the technicals.
[00:49:50] Unknown:
Yeah. The the quick comparison for me would be Tor uses under onion routing, which is good for latency compared to mix nets like NIM, but worse for privacy. And Tor has explicitly made quite a focus on exit node usage. So Tor understood that they really want the traffic of people who are just trying to access clear net sites to cover traffic that are that is that are not using clear net sites and that a lot of users are only gonna wanna use Tor if you can access things that are not within the Tor network itself. So that's been Tor's focus. I two p, you can think of it very similarly to Tor even though under the hood, it uses quite a different mechanism for privacy.
I think the strengths to me for I two p are that the number of hops and the level of privacy provided is configurable. And that may sound weird because why would you want less privacy? But one of the really cool things you can do with I two p is you can use it to reach services within the I two p network without adding any hops for doing things like hosting at home and reaching those things where you you don't actually care about adding in anonymity between you and the thing you're connecting to. You just care about making it easier to access those services without port forwarding or that sort of thing. Along with that, you actually were were right there, q and a. I two p well, it doesn't I wouldn't say it underpins, like, torrenting in general. I two p has kind of been designed from the ground up to be able to do torrenting well and that it actually supports UDP packets, which are the the faster but less reliable way to transfer information over the Internet versus TCP. So IGP works really well for torrenting, whereas Tor is basically never going to work for for torrenting well.
The TLDR for NIM, it's hard because they have NIM, and then they have NIM VPN. NIM VPN is basically like a two hop VPN. It's interesting, but so far hasn't been fantastic in my, experience, but it's kind of them trying to find a good product market fit. But NIM, the mix net is a really interesting technology with very specific use cases. You're not gonna use a mix net to reach a website or watch a video or listen to music or anything like that. But what you would use it for would be anything that's messaging related, things like transaction propagation for cryptocurrencies. It's fantastic at those things.
So it's still not widely supported, but mix nets in general would be really good for a lot of things that we do day to day that don't require low latency or high speed where you just want max privacy and don't mind if there's a few seconds delay in that thing getting through because it's just a signal message or it's just a transaction you're propagating to the network.
[00:52:26] Unknown:
Very, in-depth. Yeah. You know that. Tam Tam Bam says, what's Orbart actually doing? And Bon responds, not working is usually what it's doing.
[00:52:39] Unknown:
I have, two two quick questions just to sign this off, guys, because we're almost at the time again, believe it or not. I am Salmon in the Nostra chat. Says thoughts on Sentinel dVPN. It's an old coin that's been around for years. Their solution has always worked well for me. Never heard of it. The fact that it's got a coin attached to a VPN service is a bit of a red flag for me, but, guys, never heard of it. Likely gay.
[00:53:04] Unknown:
I have heard of it and have had received lots of messages from their team trying to convince me of its merit. I I'm just very hesitant in general on, quote, unquote, decentralized VPNs. Most of them, the way that they're designed doesn't ensure civil resistance in any way. Even if there is a coin, you can just buy more of the coin, and then you have more of the nodes on the network, and then you can re remove or reduce the privacy. And there's been some really good investigations. I'm gonna post a link in the x chat. Maybe you can copy that over to YouTube and Noster, Q. But I VPN who are a fantastic VPN provider, they did some some research on dVPNs as well. That has a lot of good info in there. But the the short of it for me is you're you're shifting trust. You're not removing trust even in a decentralized VPN in theory.
And I want to know who's actually running the soft the services versus having it be an anonymous set of users that is drastically smaller and more attackable than something like Tor. Like, to me, a decentralized VPN is kind of the worst of both worlds where you have increased latency and lowered speed and lowered reliability, but you're not part of the massive amounts of traffic flowing through the Tor network. So it's quite it's quite likely it's gonna be easier to de anonymize your traffic if you're being targeted. But then a VPN, you're getting it's just it's kind of a middle ground that I don't think needs to needs to be used by most people.
But it it isn't something I've gone super deeply into. That article has a lot of really good info, from the guys behind iVPN. And while, of course, they run their own centralized VPN, so you could say they're biased, I even know the person who actually wrote this. He's a fantastic person and and did his research really well on it. So I think it's a good article to at least use it as a jumping off point to, to think about decentralized VPNs.
[00:54:52] Unknown:
Alright. Thanks for the input. Alright. Final question, comes from two places. First one was Bitcoin in space on Nosta says, a lot of websites refuse to work with VPNs, especially banking websites. Typically, I have to turn off my VPN to log in. Is there any workaround for websites like this? And, basically, Vibrant, as you can see on screen, that's the the the same thing. What do you do when you face VPN discrimination? I'll answer what I do first of first and foremost is if it's something like banking where, you know, I'm logging in with my personal ID, etcetera, then I'll just turn the VPN off and just log in. If it's something else where I would really favor accessing that site with the VPN active, I will try switching to different servers, within the same VPN provider, may even switch to a different VPN provider because I'm a weirdo that has multiple.
[00:55:41] Unknown:
Other than that, yeah, it's just turn it off and and go ahead, basically. But, any advances on on those guys? Same here. Yeah. The only, like, minor addition I would say is, like, there are a couple things that I use that just, like, have complete blanket bans on VPNs that I've never been able to work around by using different VPNs or using different servers. So if I absolutely have to do those, I will do a fresh restart of the device I'm going to access them from. I will shut down every service that I can find to make sure that nothing's making background queries, and then I'll disable the VPN, open a new browser window with just that tab, and do what I need to do and then close it and get back to the VPN. But it is really hard, like, when you do need to disable that v p VPN, you don't wanna disable it for everything most of the time. And that's one area where there's not really a lot of capability on mobile or desktop that I know of to, like, just allow that one website through VPN. Normally, it's one app.
But there are some ways maybe you could use a separate browser that you have installed just for doing that sort of thing and use split tunnel that separate browser out, so that you can use that browser for those things, the hate VPN. So maybe that's an option there. I actually haven't thought of that until I started rambling.
[00:56:52] Unknown:
Yeah. Good call out. Great way to sign it off. Yeah. Can't believe we're at time already. The hour has flown by. Thank you for all the awesome questions. I think you got through everything in the live chat and certainly most of the the presubmitted ones. Appreciate everybody, taking part, supporting the show, commenting, sharing, and zapping us over on Nosta. And, Yeah. Guys, that was a fun one, and, we'll be back to do it at exactly the same time, next week, 9AM eastern, 2PM UK time. Have a good one. Bye.
[00:57:27] Unknown:
Thank you for listening to Freedom Tech Friday. To everyone who boosted, asked questions, and participated in the show, we appreciate you all. Make sure to join us next week on Friday at 9AM EST and 2PM London. Thanks to Seth, Max, and Q for keeping it ungovernable. And thank you to Cake Wallet, Foundation, and my NIM box for keeping the Ungovernable Misfits going. Make sure to check out ungovernablemisfits.com to see mister Crown's incredible skills and artwork. Listen to the other shows in the feed to hear Kareem's world class editing skills.
Thanks to Expatriotic for keeping us up to date with Boost's XMR chats and sending in topics. John, great name and great guy, never change and never stop keeping us up to date with mining news or continuing to grow the mesh to Dell. Finally, a big thanks to the unsung hero, our Canadian overlord Jordan, for trying to keep the ungovernable in check and for the endless work he puts in behind the scenes. We love you all. Stay ungovernable.
Welcome to freedom tech Friday For those of you that might be new here. Allow me to briefly explain what this is all about and why the hell we are here Freedom tech Friday is a weekly live and interactive show hosted on the Ingovenable Misfits X Nosta, and YouTube feeds. Yes. We do have a full house again this week as far as I can see. We go live one hour every Friday at 9AM eastern and 2PM UK time, but you can also catch up later on the Ungovernable Misfits podcast feed. On Freedom Tech Friday, we like to cover the latest news and trends for anything relating to Freedom Technologies. We this could be anything from Bitcoin or Monero, encrypted messengers, privacy tools, and everything in between. Essentially, if there's a news item, tool, or topic that can help you take back some control in today's digital panopticon, we want to talk about it. My name is q and a. I'm head of customer experience at Foundation, where we build Bitcoin focused sovereignty tools. And as always, I am joined by my good friend, Max, the head honcho over at the Ungovernable Empire, and Seth, who is VP at Cake Wallet.
As I mentioned, this show is live and interactive, and we really do rely on you guys to steer us towards the topics you want us to cover or send us the Freedom Tech related questions you want answering. There are many ways in which you can get involved, all of which really helps spread awareness for the show. These include commenting or asking questions in the live chat. I can see some of you hopping in already. Welcome, everybody. Submitting topics or questions before the show on X or Nosta, boosting the show on Fountain or any of the other podcasting two point o apps, sending in questions or tips via, XMR chat, or just sharing the show on X or Nosta with your friends.
Aside from the awesome, very active active, lost the live chat last week, you guys know who you are. There's no baller boost for support on Fountain for last week's show. Top support come from Rog at SC Bitcoin who sent 500 and said, I've used LastPass for a long time. No problems with it, but I'm gradually moving to Proton Pass. I love it, and it's reassuring to hear that I'm doing the right thing. Well, thanks for supporting the show, Raj. And, yeah, we we're all big fans of Proton Pass here as we discussed last week. Okay. Without further ado, let's dive into the show. Max, Seth, how are you doing, gentlemen?
[00:02:08] Unknown:
Very well, mate. I'm just reading through the,
[00:02:11] Unknown:
comments, and it looks like, BTC wrestle might be becoming XMR wrestle. Seth's, sending him some picots. Is that right? Wrong person, but close. I was gonna send him to Bob. Yeah. Because he was on I'm I'm focusing on x chat today. I know. I'm I'm a heathen. I guess YouTube's no better, but, yeah. Okay. Trying to trying to convert some people over to, to Monero here.
[00:02:33] Unknown:
Keep my my frequent label going. Okay. Well, yeah. So in answer to your question, Q, very good. Still dyslexic. Can't read what's going on in the chat, but trying. And good to hear you are in sunny,
[00:02:45] Unknown:
sunny Spain. Are you enjoying it? I certainly am, and emphasis on the sunny. I left, about a 10 degree centigrade UK and landed, yesterday evening to nearly 30 degrees. So it was a bit of a shock to the system, a nice shock, to be honest. So, yeah, I had a lovely day. Went for a little run early this morning, and I've just been sat in a coffee shop doing doing some work and, heading over to, the first day and meet some of the the guys from the conference basically straight after this. So, yeah, looking forward to an exciting weekend here in Madrid.
[00:03:19] Unknown:
For those of us who haven't been to that conference, do you mind kinda just telling a little bit about what it is? I'm sad I haven't made it out yet, but I I keep hearing fantastic things over the year. So kinda curious what were your your highlights and main things you do like about it are. Yeah. So this is the first time I've ever been. So everything I'm about to say is purely hearsay, and I'm just going off what the people tell me.
[00:03:40] Unknown:
But, yeah, I'm head I'm attending Watch Out Bitcoin, which is, basically just a group of really based Bitcoiners. The the Mick Max and I were talking about how cool the Spanish community is in in and around Bitcoin on last week's Bitcoin brief. Very, very big privacy focus. And, yeah, it's a very kind of or much smaller, close knit conference than than the likes of, Vegas, etcetera, which I'm is why one of the main reason I'm really kinda looking forward to it because, I don't know, I think you'll probably at least have the the smaller conferences tend to be a lot more insular. You you know, you can a lot more enjoyable. You can kind of speak to to everybody, and there's much less of a kind of corporate feel to them. So, I believe that Watch Out Bitcoin is is very similar. But, yeah, my thing I'm looking forward to the most, as always, with most of these conferences is, you know, just meeting up with Bitcoiners, especially some of the the, very based Spaniards that I've spoken to online for a number of years.
[00:04:35] Unknown:
Nice. Yeah. It seems like a really fantastic one, and you're definitely hit the nail on the head that these these smaller ones are they're definitely my jam. I mean, there's there's obviously a lot of, like, value in Bitcoin Vegas and the the nuts ones from a business perspective. But the, the ones like that, the ones like, dark prog that just kicked off, which I'm not at either, unfortunately, but in the past has been called Hacker's Congress. The Aragon has been one of one of my favorites. Those were, like like you said, it's small enough you can actually, like, see familiar faces, have time to talk to them, and not just be Is that the parallel Nicholas one? Yeah. Yeah. They just rebranded hackers congress to dark prog, and then Mhmm. Parallel Nicholas is now called second culture.
But same a a lot of the same people involved, a lot of the same ideas, just a a bit of a a restart refresh with dark prod versus hacker hackers congress.
[00:05:27] Unknown:
We've also got,
[00:05:28] Unknown:
Lightning plus plus going on this weekend as well, I believe, in Berlin. There's a lot going on in the big space this weekend. Yeah. You're right. It's a busy one. For that one too. Yes. Always. I love I love what Nifty puts on with those conferences and all the other people who help her. They're just so immensely useful for bringing together, like, all of the technical devs in the space to have conversations that just wouldn't happen otherwise. They do a fantastic job with the programming, and, yeah, they absolutely nail it. Yeah. For sure. Alright, guys. Time's getting on.
[00:05:57] Unknown:
Today, we are gonna be diving into network level privacy, more specifically VPNs. We're gonna be talking about what network level privacy even is and why so many people immediately kind of think of VPNs, but also, you know, what other options there are out there that you can use to to protect your network privacy. We'll, explore the good, the bad, and the ugly of commercial VPN services. We'll compare the most popular kind of privacy first providers like Proton, MOLVAD, IVPN, and Obscura. And then, hopefully, if time permits, I wanna look at some of the alternatives like Tor, WireGuard, Tailscale, and maybe even, again, if time permits, some of the kind of more tertiary product projects like NIM, and hole punching kind of where they fit in with that.
But before we do that, as always, I'd like to cover the basics. So, Max, I'll hit you with this one first. Let's start literally network privacy one zero one. What is a VPN? Why would you wanna use one to kind of bolster up your network level privacy?
[00:07:04] Unknown:
K. A VPN is a virtual private network, or it's short for. You would wanna use one to keep yourself private from either your ISP or if you're in a coffee shop using public Wi Fi. What it does or just generally, most of the time, what it does is it sends your data encrypted to a tunnel to your VPN provider. So rather than giving all your information and IP address and everything and and what you're browsing, You then are sharing that with your VPN provider. You're putting your trust in them. If you use one correctly, you don't have to give all your personal details, and you can pay in cryptocurrency. You can pay Monero or Bitcoin at some of these. It's just a layer of protection.
And the other reason you might use one is if you wanted to access websites or services that aren't available in your current location. So you could look as though you are in America when actually you are in The UK, and then you could actually, you know, access things that you wouldn't be able to in The UK as things get tighter and tighter and tighter. Is that a good description? I don't know what else to say
[00:08:22] Unknown:
about it. No. That that's good. I wanted to keep it basic first off before kind of diving in elsewhere. So, Seth, I'll hand this one to you. What does what specific types of information does using a VPN shelter or or hide? Who does it hide it from? And, like, when you're not using a VPN, like, what kind of information are you sharing with, with your kind of Internet service provider or whoever provides your your kind of cell connection?
[00:08:45] Unknown:
Yeah. I mean, the, the the biggest thing that you're protecting is just generally information about your activity online. Like, there's a a pretty common misconception that once we switch to using HTTPS for all of our websites, that suddenly we didn't need to trust our our, ISP with info about what we're doing online. Because in theory, HTTPS does hide what pages you're visiting. It hides, a lot of information about what info you put into fields on those forms, that sort of thing. It does protect it from, your ISP and anyone else kinda in between you and the website that you're visiting or the app you're using. But the main problem that quickly developed, and this is something that I, had the privilege, for lack of a better word, of getting a lot of insight into when I was in the cybersecurity world, is that even if the the contents of exactly what you're doing on a website are not easily visible to an ISP, a lot of the the specifics of what you're doing can be determined or at least very, very properly guessed at by looking at broader metadata for your connections. So that's looking at things like DNS requests, seeing when you request what DNS, entries, for specific things on each website can reveal a lot of information about you.
That's, looking at things like, seeing how long you're connected to different IP addresses, what kind of packets you're sending back and forth, how big the packets are. That could be something as intensive as, what's called deep packet inspection, which is actually looking at each of the packets and trying to glean as much information as possible out of them, potentially even trying to break HTTPS to enable the ISP to to see more info about what you do. But the vast majority of of information about what you actually do online is visible by just looking at metadata about the connections that you're making, the network connections themselves. So VPNs allow you to shift that trust, and I think that's a very important point that I'm sure we'll keep coming back to is VPNs don't remove trust. They let you shift trust from an ISP that knows everything about you. They know your home address. They know your name. They know your credit card info. They probably know some purse some other personally identifiable information.
Shifting trust from them also having access to all of your network activity to now trusting a third party that hopefully you're able to pay in Bitcoin or Monero or Lightning to not get any personal info or to to not give your home address to, and then having that visibility. There are some further steps you can take to even remove that network visibility from the VPN, but those are a lot more advanced. And, normally, you are just kinda shifting trust. But, yeah, it's generally about protecting the information about what you're actually doing when you're online
[00:11:21] Unknown:
from your ISP. Love that. Thank you. Alright. So so, what I'm claiming from this is that we're we're kind of removing the ability for our ISP to kinda see a certain degree of what's going on on our in our online online activity. But does that are we not just kind of shifting the goalpost then over to the to the VPN provider? Would would you guys consider that as a a trusted relationship? If if you do, what can we do to kind of mitigate that trust in the VPN provider and, you know, minimize what, you know, what information we're sharing with a different entity, the VPN provider in this scenario.
[00:11:58] Unknown:
Well, like I said, you are moving the trust across to the VPN provider from your ISP, but the difference is the VPN provider, as long as you're doing things properly and going with the kind of options that are mentioned in the chat and you're paying with cryptocurrency and not giving your personal details, at least it's separated. So they might know what your traffic is, but they don't have the ability to necessarily link that to your name and your address and your payment details and all the other stuff that your ISP has. So you're just separating data that could be much more harmful if it's all in one place,
[00:12:39] Unknown:
as far as I understand it anyway. Yeah. It's one of those interesting things where VPNs to me were practically useless except for the, like, getting around geo restrictions before we could pay in cryptocurrency. Because, like, it doesn't really help me much to shift my trust from my ISP who I at least have, like, a a contract with that has some sort of a privacy policy that I could make legally binding to shifting my trust to a VPN. New, I just trust with all the same info. Like, if I had to pay with my credit card and give them my billing address, like, there's not there's not a lot of benefit to doing that, but that completely changed with Bitcoin, Lightning, Monero, where now you can separate payment privacy from network privacy and have the best of both worlds. It that really is, like, that's the critical piece.
If you're ever paying with for a VPN with credit card, I think there's almost no point. Now there are some advantages, like, if you have a specific and you're you're in a specific jurisdiction where a VPN is, like, life or death access level, that's getting around blocks that would be extremely problematic. But, for especially, like, the average person, it doesn't really make much sense unless you're paying with crypto. So it's one of those, like, perfect product market fit things for crypto to enable you to to get the most out of a VPN. The the other thing you can really do, like, to get around or to mitigate some of this trust and there's a lot of different perspectives on this. I'm sure we can we can get into it more as well as this kind of relatively recent idea of separating out the visibility of your network activity from the entity you're actually paying. So, like, an example of this would be Obscura.
Their whole model is basically this what they call a two entity model where your first the first portion of your connection and here paying is Obscura. But then you essentially use a second hop, which is an an exit node of sorts through Molebot. They're separate entities. There's no ability to share logs unless they actually collude and work together. Like, there's no nat native ability for either of them to be able to know either where you're coming from or what you're doing online. And it provides a really good kind of in between set of protections for you. It's not perfect.
Obviously, those entities do have a business relationship. They could collude. But that type of approach, I think, is probably the the way forward because there's, at worst, it's the same as the current single hot VPN model that everyone's already using. And at best, you're getting much better privacy, without really adding in much, if any, latency or delay in your actual connection.
[00:15:13] Unknown:
Yeah. Yeah. I'm glad you mentioned that, that kind of too hot model, which we've seen. I think Apple do something very similar as well. I think they may have even been the ones that kind of pioneered and inspired something like Obscura. It made me think of that, that exhibit meme, where it's like, yo, dog. I I heard you like VPN, so I got a VPN for your VPN.
[00:15:34] Unknown:
Nope. Pretty much. Pretty much. Pretty much. Double muted. I'm too slow. Too slow on the drop. Yeah. I was I was also having a little chuckle while muted.
[00:15:42] Unknown:
Thanks for leaving me hopping high and dry there. That's alright.
[00:15:46] Unknown:
Could you could you also do something like run your own, virtual private server? Like, you could have your own infrastructure, and then from that, it connects out somewhere else. So you could, have a server that you're paying for with cryptocurrency that your traffic goes to that you own, and then that goes out to another VPN. You could kind of do it yourself,
[00:16:14] Unknown:
or does that help? It it possible. Yes. But advisable for most people, probably not for for two reasons for me. First one will be just a bit of a headache to have to run and manage in a VPS. And secondly, like, if you're hosting your own and it's just a singular server, then you completely lose that hiding in the crowd aspect that a commercial VPN offers you.
[00:16:40] Unknown:
Why? Like so for example, I'm sure I'm wrong, but as an example, if if I'm if I'm paying for, a server with, like, my Nimbox or a service like that, and I'm paying cryptocurrency, and they don't have any of my details, and I've got that set up, that that connects to Mullvad or one of those others, then wouldn't it be that my ISP no longer knows, doesn't have access to my browsing history and information. It's actually my virtual private server, which is encrypted. And then that is connecting to my MOLVAD, which means that MOLVAD also don't have my proper details. So it's kind of like there's there's this thing in the middle which you also own.
[00:17:31] Unknown:
Yeah. I mean, again, absolutely possible. I would say why go through all that hassle when something like obscure already exists?
[00:17:39] Unknown:
Fair. Yeah. Fair. Wasn't it only available for Mac, though?
[00:17:44] Unknown:
I'll leave that one for Seth to answer. I'm not sure.
[00:17:47] Unknown:
They only have official clients right now for iOS and macOS, but they have a WireGuard config generator. So in theory, you can use the, the WireGuard apps on Android and other platforms to be able to do it. It is gonna be not as enjoyable because clients being good is a very important part of VPNs being reliable and useful. But they're they are they are bringing support for other platforms ASAP. You know, that's their top priority, alongside adding Monero support.
[00:18:16] Unknown:
Vibrant made a great comment on Twitter. He said a a VPS option similar to what you've just described, Max, is can be a good option if you don't wanna be hit with the classic VPN discrimination where, you know, there's there's kind of known IP address ranges for Proton, etcetera. So that's a good point. And, also, quick question for you, Seth. I know you may have covered this, briefly earlier, but, as an obscure user, he's he's asking if it's slower?
[00:18:42] Unknown:
Yeah. It is definitely not slower in my experience. You said that's how it's done. If anything is the same, I honestly feel like it's been faster and more seamless to me. But this is where I think the difference comes down to clients. Like, the actual client you're using for the VPN makes a huge difference. Like, the speed at which it reconnects, the speed at which it rotates WireGuard keys, and the way that it handles network changes really makes a difference in how, like, the perceived speed of the VPN is. But I I can I can say in my testing from before they officially launched, that's all I've been using across all of my devices? It's, at worst, the same as using mobile directly, which I know it makes no sense, but often feels better. But I think that comes down to the the clients themselves being absolutely top tier. So I'm that's also one of the reasons why I'm totally fine that it's taken them a while to bring out clients for other platforms because I know that they're they're definitely up to variety who do things right, do things very thoroughly, and make them very bulletproof.
So I know that their their Android client, Windows, Linux, etcetera, are gonna be, are gonna be fantastic.
[00:19:52] Unknown:
Good to know. Gents, I I see a lot of free or advertised as free VPNs floating around, mainly in, questionable YouTube adverts. What's your thoughts on those? Should we should we avoid, like, the plague? Does it seem too good to be true? Like, what's the Yes. What's your take on those and why? It's,
[00:20:13] Unknown:
it's that you are the product. If it's free Mhmm. There's a reason it's free. You're giving your data to someone. I I doubt it's gonna be open source. I doubt, you're actually gonna, be protected, and I would personally stay well clear. That would be my take.
[00:20:36] Unknown:
Yeah. I mean, Max nailed it. If if you're not paying with money, you're paying with data. There there are some minor exceptions where there's a, like, a freemium model like Proton does where there's a very restricted free tier just to let you try it before you actually use it. But, generally, you should be very, very wary of anything that's free as a VPN or, unfortunately, anything that you see slathered all over random YouTube channels. They're probably not gonna be trustworthy. There's a lot of really well documented stuff about how single entities own multiple of the most popular VPNs. Not the good ones that we'll talk about later, but multiple multiple of the most popular VPNs like NordVPN, and they spend millions upon millions upon millions of dollars getting every influencer on the planet to shell a VPN, and random videos have nothing to do with that. So that's also generally a red flag. I will say Mobod has a really cool campaign that they've been doing, like, on in physical media in, like, New York City and on subways and buses and stuff. Yeah.
So it's not always a bad thing to see advertising, obviously, but it is, like, like, one of those things where if you see them everywhere, you should probably be a little wary. And if they're free, you should definitely be very, very wary.
[00:21:52] Unknown:
Good to know. It always makes me laugh when it's like some of the ones I see, it's like, oh, if you use this code, you can get an extra 88% off. I'm like, they've literally given it away for free again. Alright. Before we get into the the comparison of the popular tools, two slightly more technical question, but we don't need to go too deep on these. But, first one is, I hear a lot of chatter around like the two major kind of frameworks or protocols that most VPNs operate under or on WireGuard and OpenVPN. Is is the differences here should that be something that the end user is concerned about?
Or is it kind of just are they much of a muchness? Do do you guys have any, hot takes on those?
[00:22:38] Unknown:
The short answer is don't use OpenVPN. Use Wirecard. It's the superior protocol in every way, for privacy, but more importantly, for speed and latency. It is wildly better and more well maintained and has much broader, support. It's just it's the no brainer answer. The only reason you would ever use OpenVPN, and you'll see that even, like, mobile ad, etcetera, are killing off OpenVPN support slowly. The only reason you would use it is some older, like, routers and hot spots and stuff that have native VPN support where you can, like, connect in your router to a VPN to have whole home VPN, that sort of thing. Some of them only have open VPN because WireGuard requires some kernel level stuff that can be a little tricky on embedded devices. So that's really the only scenario where you would use it, but, generally, don't use OpenVPN. And you'll notice any of these good VPNs, the defaults are always going to be, WireGuard. They're they're not gonna be open VPN if they even allow you to do open VPN at all. Okay. Cool. Alright. I'm I'm very glad you mentioned,
[00:23:46] Unknown:
routers there. Because the final question I had was, obviously, you can run a VPN on your client, like your laptop or your phone, but you can also run one at your router level. Max, I'll hand this to you quickly first before letting Seth come in. But why would somebody do one versus the other? Are there kind of privacy trade offs, or is it just a a personal preference thing here? Like, can you kind of spell out the differences?
[00:24:12] Unknown:
Yeah. I I think well, you could do both. For a start, you could, like, belt and braces. You could have one running, like, a a router level one in case there's, something disconnects on one of your devices or just a more simple way to protect
[00:24:30] Unknown:
That's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that's that
[00:24:37] Unknown:
The first time I ever ran one was actually what was I trying to do? I think, that's what I was trying to do. I was trying to set up a new node that I built on my laptop, and I couldn't download a VPN before downloading the Bitcoin blockchain and or the Monero blockchain. I can't remember which one it was, but I didn't want to download that without running a VPN, and I couldn't run a VPN on that device. So I was like, fine. I'll get a a router with a and have a VPN at the router level before downloading because I don't want my ISP to know that because I lived in The UK at the time, and I thought, you know, they might come and knock my door down or something at some point. So, that was why I first ran one, and I don't know whether that was really necessary or not. But, yeah, I saw it as belt belt and braces. And then I liked the fact that the router a wasn't that expensive. I used a flint too.
It's about a £150 or £200 maybe. The connection was better than the router I used with the from the ISP. It gave me lots of extra protections, and I could adjust things. And then I had, like, a separate network for guests who came as well. So, yeah, I don't know. That's that's my experience with that anyway.
[00:25:58] Unknown:
Any advances on that, Seth? What what's your take?
[00:26:03] Unknown:
For me, it it very much depends on you specifically. If I was single, I would absolutely be using a router level VPN, and then also using it on clients that I travel with. I wouldn't double up, so I wouldn't, like, on my desktop, also be using a VPN, as well as router level. The thing that I run into is that a router level VPN, if you have, like, a wife or kids or roommates that aren't as hardcore as you, it's gonna cause a lot of problems. Specifically, streaming services are gonna lose their minds. So if you use any streaming services, prepare for it to just not work or to be very intermittent. So it it just kinda depends. To me, the more useful split is using VPNs on all devices where, like, I'm doing a lot of things. So desktop, laptop, phones, etcetera, and then using router level DNS for blocking as much as I can.
So that's gonna be a lot less painful. That's gonna allow you to block most of the built in telemetry, tracking, etcetera, ads, for your smart TV, for your, IoT devices, that sort of thing. It's gonna do a lot of the leg work for that. Yes. It won't be quite as good as providing privacy from the ISP as a home like a router level VPN, but it gets you a lot of the way. And it's a better, like, quality of life Can't you Choice between two.
[00:27:31] Unknown:
I'm sure with, like, the Flint two one when I set mine up, I have the guest network that wasn't running the VPN, I'm pretty sure. So the VPN was only on the network that only I connected to with all my devices, and then the TV and all the stuff the kids and missus and everything just ran, separately. The DNS stuff, you could also change within there. So, like, having that device, I think, anyway
[00:27:58] Unknown:
Mhmm.
[00:27:59] Unknown:
You can have your cake and eat it and do everything that you wanna do and have the DNS changes and stuff, which I think wouldn't be as simple on, hardware that you get from your ISP.
[00:28:12] Unknown:
You you are correct. You can do, like, split tunneling or, splitting out subnets to do that. The main thing that I kinda came to, the main conclusion was, at that point, the number of devices I want to use VPN on, I already have the clients installed on. I could just do client side VPN. Like, we're talking a laptop, a desktop, and a phone for me versus a lot of other devices for others. So just the headache of setting up and doing the split tunneling properly and making sure the devices stay on the right networks and all that didn't actually help to me rather than just doing client side VPN on the devices I knew I was gonna use VPN on anyways. But, again, that's all gonna depend on your split. If the vast like, let's say there's one person in your household, your teenager, who or whoever who can't use a VPN, but everyone else can and all your devices can, then, yeah, router level with just, like, split tunneling off their traffic would be by far the best solutions. You don't have to do VPNs and everything else, but it's all gonna come down to to personal preference. But that is a good call out that routers you can normally choose, especially good ones with good software, so you can easily do this. You can choose what devices are going to be going through the VPN and what devices are not. Oh, I just thought of one final one as well. If you're doing something like mining,
[00:29:23] Unknown:
you have an operation like that, you have many, many, many, ASICs running and and different devices running, then presumably, it would make sense to do that because you're not exactly gonna go and install, like, Mulvad on an s nine. So you you you're gonna have to do it at the router level.
[00:29:41] Unknown:
Yep. Agreed. There yeah. There's lots of clients. IoT devices, smart TVs as well. There's gonna be a lot that you can't possibly do, client side if you do want a router on. Yeah. So yeah. You're right.
[00:29:52] Unknown:
Okay. We we've got loads of awesome questions coming through in various different chats and presubmitting, and I wanna make sure we've got time to to get to those. So, most of the listeners here are gonna be well versed in in all of the the popular choices among the privacy circles, Proton, Molvad, IVPN, Obscura. Sixty seconds each if you don't need any less than that. Which one do you use and why do you use it? Let's just highlight all the good parts so people got something actionable to take away if they don't already run one or use one of these mentioned, and then we can move forward, finish off the the kind of preamble chat, and then get to these awesome questions. Seth, you can go first.
[00:30:29] Unknown:
Anybody who's been listening to Freedom Tech Friday is gonna know what my answer is. Definitely an obscure a shell these days. Carl, the founder's fantastic. Their clients are the best in the business, and their two entity solution, I think, is what every VPN should be doing. So, to me, they're they're the best option right now, but that clear caveat that they don't have clients for non Apple, ecosystem yet, but those will be coming. Beyond that, I think you can't go wrong with either Proton, Mobod, or IVPN with Mobod having the slight edge over the other two, in my opinion. But, really, any of those four, whatever one suits your needs best, all can be paid with Bitcoin.
Some can be paid with Lightning. Some can be played paid with Monero. You have a lot of choice there, and all of them are are really good with really good track records and really good teams. And I know the team's behind all four, so that's another thing that goes a long way when, again, you're shifting trust. You're not removing it.
[00:31:24] Unknown:
Max, I'm I'm gonna, assume that you're probably fairly aligned with what Seth just said, but anything else to add?
[00:31:30] Unknown:
Yeah. Yeah. Basically, except that I use Mullvad rather than Obscura because I do have, different devices that wouldn't run on it, like a mix of, like, Apple and, everything else. So, that's one reason. Second reason is I've used Mylfadd for a long time. It works. I can pay in cryptocurrency. I can pay monthly. It's really simple setup, really clean. And if something works for me, I don't like to change it because it's so rare that it works, and this works.
[00:32:01] Unknown:
Yeah. Wise idea. Wise idea. Alright. Appreciate the the recommendations there. Again, both aligned with both of you guys. I I use both of the ones mentioned regularly. Alright. Final question, before we get to the actual questions or or the one that I had aligned up. Where does Tor fit into all of this? Do you need to use Tor if you use a VPN? Do you need to use a VPN if you do everything on Tor, you know, the the flip side to that? Do you need to use both? What scenarios would you need to use both? Like, what's your what's your take on on this one? Max, I'll hand this to to you first.
[00:32:37] Unknown:
This is really a Seth question, but, I tend to use VPNs, generally over Tor just because of the reliability and speed. If you're gonna try and use Tor for everything, you quite often can have a hard time. Things won't load. You can't connect or at least that's been my experience. I also think there's, like, a time and a place. So for most things that really matter, I'll be using Tor. I use Tor on connections to my nodes. I use, Tor when I'm doing anything like Bitcoiny. But, you know, if I'm shopping on Amazon or whatever, I'll be using a VPN.
It just just for the the speed and the how much of a pain in the ass things can be. Yeah. I mean, that's that's pretty much it. The the key to me is that a VPN
[00:33:27] Unknown:
really should be everyone's always on everyday solution. I think there are very, very few circumstances where you shouldn't be using an always on VPN, whereas Tor is very much a sit a situational solution. So there are lots of specific situations or uses for it, like your Bitcoin node. There are a lot of good reasons to run your Bitcoin node either exclusively over Tor using it for transaction propagation, same with Monero and others. There's a lot of good reasons to use Tor for, like, p two p trading Bitcoin. That's why Bisc uses it. That's why Robosats uses it. There's some really good specific use cases, but it's really when you need anonymity, not privacy.
And it that's not to say that tour doesn't provide privacy. Obviously, it does, but the key use of tour is to ride anonymity. A VPN is something you can use even when you're not trying to be anonymous, which is most of the time on the Internet, honestly. So when you go to your bank, there's no reason to use Tor, but a VPN is still very useful. Although, unfortunately, some banks also hate VPNs kind of case by case basis, but many of them are okay with VPNs, but you're gonna get a lot of red flags if you use Tor and then log in with your real name and everything, and there's no benefit there. Awesome. Thank you, gents.
[00:34:36] Unknown:
Before we hit the questions, just a quick reminder, guys, if you're in any of the the various live chats, please do drop some questions in there if you, have got any network related stuff to do with VPNs at all. But before we do that, quick shout to to the Nosta live chat. We've got some zaps coming through. We've got WarTime with 333 sats. We've got Neo with 210 sats, Nostigang with 21 sats, Bon with 3,456 sats, and Banana Man with 2,100 sats. Oh, and, Filthy Fiat Wallet with 420. Thank you for your support on the show, guys. Thank you very much. Right. Onto some questions.
Let me bring up the first one that was presubmitted. This one's from Rob g on, on Twitter. He said, I've heard people say VPNs do not make you anonymous, and I agree. The biggest benefit is not letting your ISP see every every site you visit via DNS question mark. Is there a way outside of a VPN to mask the IP address you visit from your ISP? I'm gonna guess the obvious one here is gonna be Tor. That would be the the easiest way. Although I did see an additional comment from Max Tannehill, that introduced me to something called Warp for desktop.
I don't know whether you guys have heard about this. It's basically a a Cloudflare service, which I've never heard of before, that seems to operate in a similar way to a to a VPN, but it connects only to to Cloudflare servers. So that it doesn't necessarily give you the the kind of privacy guarantees that the tools we've been talking about before, but it would potentially, have the same, kind of solution that Rob's asking for here where it would mask, you know, the websites that you visit from your ISP because you're routing it through, you know, another server. But I don't know whether you guys have got any anything else to add other than the the two solution I've just mentioned.
[00:36:26] Unknown:
No. Yeah. I mean, not to if the specific interest is hiding your IP address or hiding the IP addresses of what you visit from your ISP, then no. You can hide a lot of further information by using a different DNS than the one your ISP offers you, and that's something everyone should do. It doesn't have to be some DNS you pay for. You you can easily use Cloudflare's DNS. You can use open DNS. There's a few others that, I think nine what is it called? Next 90. No. I can't I'll I'll look at what it is, but there's another one that has a nine in the name, where they provide DNS list that not only provides some form of, ad blocking, but also mean that you're not sending your DNS request to your ISP, where DNS is one of the the most important pieces of data that you should not be providing to your ISP. So even if you're not gonna do router level VPN, you should be doing router level DNS and changing it to something other than the default, which is a a really important piece there. It is important to know a lot of routers will use their own custom DNS.
So, like, if you're using, like, Google's routers or, Amazon's routers, whatever that company is called. A lot of times, they'll use they'll have their own custom DNS setting that you can override, but they won't use your ISPs. But it's it's an important thing to check on, especially when you get a new router to see what DNS is being used and change that because that's a a huge data leak.
[00:37:50] Unknown:
Alright. Thanks. Question from Banana Man on Nosta. Any recommendation on how to use a VPN with a self hosted services, e g, Node, Electrum Server, etcetera, that want you to be publicly accessible, for example, Bitcoin port eight three three three exposed to allow incoming connections. It seems like some VPN providers like Mullvad used to allow forwarding ports. Any other solutions like it? I would probably, first and foremost, push back around, especially around opening ports on your your home router unless you absolutely need to. For me, Tor seems to fit the bill most of the time for connecting to things like Electrum servers.
Most people tend to do most of their cryptocurrency activities in their home location where their nodes are so they can just collect collect connect locally. And then for me, Tor seems to fit the bill outside of those. For the very few scenarios where I, can't or are unable to use Tor when I'm away from my nodes and I need to access my services, I do have a backup kind of tail scale, solution, which is, installable on definitely on Umbrel. I don't know whether Star nine has it as well. But what's your guys' take on on this question here and, you know, and maybe let's look at the trade offs of doing something like tail scale. Seth, I'll let you, take this one.
Yeah. I'll start. If you don't mind bringing up the question or maybe just repeating it again. Yeah. Yeah. It's on the office, so I can't bring it up. But any recommendations on how to use a VPN with a self hosted services, for example, sorry, services that want you that you want to be publicly accessible. Mhmm. Then you mentioned about port opening ports and, do some do some VPN providers support port forwarding.
[00:39:37] Unknown:
Yeah. So the short answer is you you will not be able to use a VPN and do any sort of port forwarding. This used to be possible on most of them. Mulvad was one of those, but evil people do evil things with good technology, and that port forwarding got abused. And so they had to shut it down. And as far as I know, every VPN provider, does not allow port forwarding anymore. So it's it's one thing where you will not be able to mix those two things. That's where a lot of the choice will come down to, are you doing router level VPN, or are you doing client side? And if you're doing either one, generally, you can make exceptions for specific traffic. So there are ways that you could still do port forwarding by skipping the VPN for that traffic or that device.
Obviously, there are pros and cons to each of those, but that's also maybe another good reason to have a separate server that hosts your public things, or separate that network traffic out at least, so that you can you can still kinda have what you want through VPN, what you don't want through VPN split separately. But, it it will get it will get a little tricky if you're trying to use a VPN for those. But there are a lot of reasons why you wouldn't use a VPN anyways on something that you're self hosting to make publicly accessible. So again, a lot of times just kinda some separation is is useful there.
The main caveat, I would say, and you hit this on the, you hit this nail on the head q and a's. If you're just thinking publicly accessible for yourself, you can do that with a VPN while then using Tailscale to actually get into your home network and reach things as if you were inside your own network. Tailscale plays really well with most VPNs. Like, that was one of the things I loved about Obscura was the moment I started using Obscura. It just worked out of the box with Tailscale because I use Tailscale to access all of my servers, all of my home services, so that I don't have to expose those to the Internet, but I can still access them as if they're exposed to the Internet. So that's a fantastic, like, middle ground solution that a lot of people should use. And it seems really daunting at first, but it's actually quite straightforward to use.
[00:41:38] Unknown:
Alright. Thank you. We have a tangential follow-up question as well, which I'm gonna bring up on screen just now. It comes from VMVD on, and he said, I love what ops go is doing, but on I iOS, it doesn't seem to work when Tailscale is used. Is using the paid mobile exit node service directly in tails Tailscale an adequate alternative, or are there any downsides? So I've never actually heard of this before, but, I guess what what VMVD is is alluding to is the fact that, obviously, Obscure and Tailscale will be kind of conflicting VPNs on on the phone, which is why they kind of put heads and what you work at the same time. But, yes, having the Tailscale be the active connection, but then having a MoleVOD exit node service, which, again, I didn't know existed, seems like it could be, a good combination. You ever heard of that one?
[00:42:26] Unknown:
Yeah. They partnered with MoleVOD a few years ago so that you can if you're a heavy Tailscale user, you can actually choose to use Mobile to tunnel all your traffic out through. Because one of the things that Tailscale has had for a long time is you can choose one of your servers and your Tailscale network as an exit node. So, like, you could you could act as if you're always reaching the Internet from your own home or something like that, which I know some people use to be able to actually do VPN with tail scale on mobile is that you have a router level VPN on your in your home, and you Tailscale into your home and then exit from your home so you're going through the VPN. It's a little messy. It is a possible solution, but, yeah, you you can use mobile within there. I I don't have a specific reason why you shouldn't. It's It's always just felt a little bit odd to me, but, it's it seems like it would be a good solution because, like you mentioned, if you're on mobile, there's very strict restrict very strict limitations to only doing one VPN at a time, so you'll not be able to do Tailscale scale and VPN at the same time on Android or iOS, as far as I've seen. The exception would be on Android with GrapheneOS in a separate profile. You could do tail scale in one profile and your VPN in another and use that other profile only for tail scale stuff, but that also is pretty, pretty advanced.
[00:43:45] Unknown:
I like it. Yeah. I'm gonna go and check that one out myself. That's, very interesting to me. This is, an interesting one. Does anybody use Android Auto? It won't allow connection with a VPN on, even with a cable. I still sometimes get the VPN notification. I've never had any issues with Android Auto and a VPN being active on any of my Pixel devices. So it seems like it could be a configuration issue to do with your phone, but I wanted to put it to you guys as well just to see if you've ever had a similar sort of issue. I'd be honest. I don't even know what Android Auto is. So there we are. It's when you plug your phone into your car and you basically have a an Android screen on your car so that you can, like, have apps and stuff and open up your podcast player and things like that rather than just using the default Bluetooth connection. Right. Right. Right. Right. Right. Okay.
[00:44:34] Unknown:
Yeah. I, unfortunately, have never been able to use Android Auto. The only car that I ever had that had it, I don't have anymore. And when I did have it, GrapheneOS didn't support Android Auto. So I unfortunately have nothing to add here, but it I I know that it should work with VPN on. I'm not sure why it wouldn't
[00:44:50] Unknown:
Definitely did in in my, my case. Sorry, uncle Swan on Nosta. Can't help you there. Next question comes from sovereign stack on Nosta. Thoughts around VPN company ownership. Any red flags or signs to look out for when choosing a VPN provider? What about VPN hosting providers such as m two four seven? Never heard of them. How can they pose a potential risk? I'll hit this one first and just state some of the obvious ones. Look for companies that have open source clients. Look for companies that have been around for quite a while. Look for companies that don't basically give their services away for free. Look for companies that promise no lot, a no logging policy, but also look for companies that have actually been to court and proven that they are unable to give any logs, when in a court of law.
On the m two four seven, I've never heard of that, so I can't, kind of give any more information there. But, guys, have I have I kinda ticked all the the obvious boxes? Have you got anything to add in terms of science to look for when choosing a a VPN provider? Oh oh, sorry. I missed one. Can you pay for the cryptocurrency? Exactly. Yes. Thank you. Yeah.
[00:46:00] Unknown:
No. I think I think those are the main ones. I mean, don't just like with any other privacy preserving service or really any other service, probably don't be the first one to use it. If you don't know of anyone else that's that's using something or recommending it, probably not something you wanna be the first to use unless you have the wherewithal to actually, like, do your own research and get to the bottom of any potential problems. But it's not something to rush into using the the latest and greatest thing most often.
[00:46:26] Unknown:
Okay. Cool. I've just noticed Black Coffee, who's just sat up to 6,431 sats, by the way. Thank you, sir. Also commented in the Nostra chat to say that he also has the Android Auto VPN issue. So maybe it's a a recent thing. I've I've not tried it for quite a while. So I've put that down to user error, most likely. No. I mean, he is he is a bit of an idiot, so maybe it's just, You've got to plug it in at both ends. The The cable has two ends. One one bit goes in the phone, and the other bit goes into the cigarette lights a bit. It's like a boxy thing. I, I think we might have covered this one, but, he submitted it ahead of time. So I just wanted to give credence to it. Rev Huddl on Noster. What information can a phone provider still see when using Tor or VPN, and is there any major differences between Android and iOS?
I seem to remember something somewhere in recent history to do with iOS, maybe not doing full device level VPN even when it's active. Seth, any recollection of that, or am I just talking out my ass?
[00:47:29] Unknown:
Yeah. Yeah. So I am a bit foggy on the details, so I'll see if I can find the link. But the the short answer is Android does a better job of making sure that all of your traffic goes through a VPN. Now this has had exceptions and bugs in the past. I know some specific VPNs have had issues. Mobile and IPN VPN both had some some problems where on Android, specific data was not going through the VPN, that they both sorted. But then there's also something on iOS where there's some, like, OS level stuff that sometimes isn't properly routed through VPN. Again, it's not the majority of your traffic or anything like that, but the way iOS handles VPNs is not quite as hardcore as, on Android. And I believe it's the same for for macOS, where it's a lot more complex to actually do a VPN the right way. Some VPN clients don't do it the right way, and so it's much more susceptible to leaking things like DNS, outside of the VPN.
But, yeah, I'd I'm not I I don't remember the details 100% off the top of my head, so I'll see if I can track down that link.
[00:48:35] Unknown:
Alright. No problem. Alright. Next question comes from Sean O'Brien. And this could be a deep one, so let's try and keep it high level. But, I'd I'd like to hear your thoughts on ITP versus NIM versus Tor, but not like a battle royale, just where they differ and the strengths, of each. I'm I'm fairly foggy on both I2P and NIM. Obviously, you know, we're all well versed in Tor here. But, guys, any any hot takes here on why you might wanna use NIM, which I believe works on something called a mix net, which in my head sounds a little bit like Tor, and then something like ITP, which I believe has been around for for much longer, and may or may not be the backbone of torrenting.
Again, I might be talking out my ass there, but, guys, have you got any hot takes here?
[00:49:27] Unknown:
My only take is, I try to use what is used where it's absolutely mission critical, and Tor seems to be the one that, is used by most of the most critical, places and people who really care about, keeping things private. So I use that. But outside of that, I don't know. Don't know the technicals.
[00:49:50] Unknown:
Yeah. The the quick comparison for me would be Tor uses under onion routing, which is good for latency compared to mix nets like NIM, but worse for privacy. And Tor has explicitly made quite a focus on exit node usage. So Tor understood that they really want the traffic of people who are just trying to access clear net sites to cover traffic that are that is that are not using clear net sites and that a lot of users are only gonna wanna use Tor if you can access things that are not within the Tor network itself. So that's been Tor's focus. I two p, you can think of it very similarly to Tor even though under the hood, it uses quite a different mechanism for privacy.
I think the strengths to me for I two p are that the number of hops and the level of privacy provided is configurable. And that may sound weird because why would you want less privacy? But one of the really cool things you can do with I two p is you can use it to reach services within the I two p network without adding any hops for doing things like hosting at home and reaching those things where you you don't actually care about adding in anonymity between you and the thing you're connecting to. You just care about making it easier to access those services without port forwarding or that sort of thing. Along with that, you actually were were right there, q and a. I two p well, it doesn't I wouldn't say it underpins, like, torrenting in general. I two p has kind of been designed from the ground up to be able to do torrenting well and that it actually supports UDP packets, which are the the faster but less reliable way to transfer information over the Internet versus TCP. So IGP works really well for torrenting, whereas Tor is basically never going to work for for torrenting well.
The TLDR for NIM, it's hard because they have NIM, and then they have NIM VPN. NIM VPN is basically like a two hop VPN. It's interesting, but so far hasn't been fantastic in my, experience, but it's kind of them trying to find a good product market fit. But NIM, the mix net is a really interesting technology with very specific use cases. You're not gonna use a mix net to reach a website or watch a video or listen to music or anything like that. But what you would use it for would be anything that's messaging related, things like transaction propagation for cryptocurrencies. It's fantastic at those things.
So it's still not widely supported, but mix nets in general would be really good for a lot of things that we do day to day that don't require low latency or high speed where you just want max privacy and don't mind if there's a few seconds delay in that thing getting through because it's just a signal message or it's just a transaction you're propagating to the network.
[00:52:26] Unknown:
Very, in-depth. Yeah. You know that. Tam Tam Bam says, what's Orbart actually doing? And Bon responds, not working is usually what it's doing.
[00:52:39] Unknown:
I have, two two quick questions just to sign this off, guys, because we're almost at the time again, believe it or not. I am Salmon in the Nostra chat. Says thoughts on Sentinel dVPN. It's an old coin that's been around for years. Their solution has always worked well for me. Never heard of it. The fact that it's got a coin attached to a VPN service is a bit of a red flag for me, but, guys, never heard of it. Likely gay.
[00:53:04] Unknown:
I have heard of it and have had received lots of messages from their team trying to convince me of its merit. I I'm just very hesitant in general on, quote, unquote, decentralized VPNs. Most of them, the way that they're designed doesn't ensure civil resistance in any way. Even if there is a coin, you can just buy more of the coin, and then you have more of the nodes on the network, and then you can re remove or reduce the privacy. And there's been some really good investigations. I'm gonna post a link in the x chat. Maybe you can copy that over to YouTube and Noster, Q. But I VPN who are a fantastic VPN provider, they did some some research on dVPNs as well. That has a lot of good info in there. But the the short of it for me is you're you're shifting trust. You're not removing trust even in a decentralized VPN in theory.
And I want to know who's actually running the soft the services versus having it be an anonymous set of users that is drastically smaller and more attackable than something like Tor. Like, to me, a decentralized VPN is kind of the worst of both worlds where you have increased latency and lowered speed and lowered reliability, but you're not part of the massive amounts of traffic flowing through the Tor network. So it's quite it's quite likely it's gonna be easier to de anonymize your traffic if you're being targeted. But then a VPN, you're getting it's just it's kind of a middle ground that I don't think needs to needs to be used by most people.
But it it isn't something I've gone super deeply into. That article has a lot of really good info, from the guys behind iVPN. And while, of course, they run their own centralized VPN, so you could say they're biased, I even know the person who actually wrote this. He's a fantastic person and and did his research really well on it. So I think it's a good article to at least use it as a jumping off point to, to think about decentralized VPNs.
[00:54:52] Unknown:
Alright. Thanks for the input. Alright. Final question, comes from two places. First one was Bitcoin in space on Nosta says, a lot of websites refuse to work with VPNs, especially banking websites. Typically, I have to turn off my VPN to log in. Is there any workaround for websites like this? And, basically, Vibrant, as you can see on screen, that's the the the same thing. What do you do when you face VPN discrimination? I'll answer what I do first of first and foremost is if it's something like banking where, you know, I'm logging in with my personal ID, etcetera, then I'll just turn the VPN off and just log in. If it's something else where I would really favor accessing that site with the VPN active, I will try switching to different servers, within the same VPN provider, may even switch to a different VPN provider because I'm a weirdo that has multiple.
[00:55:41] Unknown:
Other than that, yeah, it's just turn it off and and go ahead, basically. But, any advances on on those guys? Same here. Yeah. The only, like, minor addition I would say is, like, there are a couple things that I use that just, like, have complete blanket bans on VPNs that I've never been able to work around by using different VPNs or using different servers. So if I absolutely have to do those, I will do a fresh restart of the device I'm going to access them from. I will shut down every service that I can find to make sure that nothing's making background queries, and then I'll disable the VPN, open a new browser window with just that tab, and do what I need to do and then close it and get back to the VPN. But it is really hard, like, when you do need to disable that v p VPN, you don't wanna disable it for everything most of the time. And that's one area where there's not really a lot of capability on mobile or desktop that I know of to, like, just allow that one website through VPN. Normally, it's one app.
But there are some ways maybe you could use a separate browser that you have installed just for doing that sort of thing and use split tunnel that separate browser out, so that you can use that browser for those things, the hate VPN. So maybe that's an option there. I actually haven't thought of that until I started rambling.
[00:56:52] Unknown:
Yeah. Good call out. Great way to sign it off. Yeah. Can't believe we're at time already. The hour has flown by. Thank you for all the awesome questions. I think you got through everything in the live chat and certainly most of the the presubmitted ones. Appreciate everybody, taking part, supporting the show, commenting, sharing, and zapping us over on Nosta. And, Yeah. Guys, that was a fun one, and, we'll be back to do it at exactly the same time, next week, 9AM eastern, 2PM UK time. Have a good one. Bye.
[00:57:27] Unknown:
Thank you for listening to Freedom Tech Friday. To everyone who boosted, asked questions, and participated in the show, we appreciate you all. Make sure to join us next week on Friday at 9AM EST and 2PM London. Thanks to Seth, Max, and Q for keeping it ungovernable. And thank you to Cake Wallet, Foundation, and my NIM box for keeping the Ungovernable Misfits going. Make sure to check out ungovernablemisfits.com to see mister Crown's incredible skills and artwork. Listen to the other shows in the feed to hear Kareem's world class editing skills.
Thanks to Expatriotic for keeping us up to date with Boost's XMR chats and sending in topics. John, great name and great guy, never change and never stop keeping us up to date with mining news or continuing to grow the mesh to Dell. Finally, a big thanks to the unsung hero, our Canadian overlord Jordan, for trying to keep the ungovernable in check and for the endless work he puts in behind the scenes. We love you all. Stay ungovernable.
Welcome, format of the show, and intros
Travel chat: Q in Madrid and conference vibes
Weekend in crypto: Dark Prague, Lightning++ and community
Main topic kickoff: Network-level privacy and VPNs
VPN 101: What is a VPN and why use one?
What a VPN hides, metadata, and shifting trust
Mitigating VPN trust: pay with crypto and two-entity models
DIY setups, VPS hops, and Obscura client support
Are free VPNs safe? Red flags and advertising
WireGuard vs OpenVPN: which protocol to choose
Router-level vs device VPNs, split tunnelling, DNS blocking
Mining and IoT considerations for router VPNs
Top providers: Obscura, Mullvad, Proton, IVPN
Where Tor fits: anonymity vs everyday privacy
Listener Q&A: masking from ISP, DNS choices, Cloudflare Warp
Self-hosting with VPNs: port forwarding, Tailscale, Tor
Mobile constraints: Obscura + Tailscale, exit nodes
Ownership and trust signals when choosing a VPN
What can phone providers still see? iOS vs Android leaks
I2P, Nym, and Tor: routing models and use-cases
dVPNs skepticism and security trade-offs
Banking and VPN discrimination: practical workarounds
Wrap-up and next week’s schedule
