Anyone know if a self-hosted VPN is 100% secure?

  • ~sunblocker
    link
    fedilink
    03 years ago

    It depends on what kind of threat you want to protect yourself against. VPN technology was never meant to do what most every day people are using it for these days.

    A self hosted VPN will encrypt your network traffic between your device (laptop, smartphone, you name it) and your VPN server. So that cute hacker chick in the internet café can’t see what websites you’re browsing. But from your VPN server to the final destination, you’ll have the rely on TLS (as in, HTTPS for example) which is secure but then the question is, what do you need the VPN for in the first place?

    An argument can be made that websites have a harder time following your smartphone around the real world by tracking the changes of your IP address. Because the VPN server has a fixed IP address and websites will only see this one IP address when you use your VPN instead of seeing “oh, now they’re using their home router’s IP address after having used their mobile internet provider’s IP address, so they must be home now”. But then again, using this fixed IP address as the only user, websites can easily identify that it’s you because nobody else uses your VPN server’s IP address.

    A commercial VPN service lets many different people use the commercial VPN server’s IP address so there’s much noise and it’s hard for websites to make conclusions just based on the IP address.

    But there’s a catch: beyond masking your IP address no VPN service (self hosted or not) can add additional protection. There are so many more things besides your IP address that websites use to track your every move across websites and even across different devices you use. A VPN cannot protect you from cookies, fingerprinting techniques, malicious downloads, hackers, …

    So what can you take away from all this? While a VPN can be one part of your online security strategy, it alone isn’t enough for privacy or security online. I’d recommend you do your own research on the topic and get a feeling for the evil things that websites and other actors can and will do to you, what data they collect and what they can learn from it. Armed with that knowledge you can evaluate what you see as the greatest risk in your situation/circumstances and protect yourself effectively using the measures you really need. Maybe you’ll come to the conclusion that a VPN will help you achieve your goals, most likely you will need additional measures on top of or independent from a VPN.