[lug] neat trick with gnome + network manager + VPN

Simos blug at chinesetearoom.com
Fri Sep 15 13:14:32 MDT 2017 

Hi,

I used NoScript for years but finally got tired of exceptions so I gave up
on it (though I still use it on my work laptop). I've sinced used Ghostery
and now uBlock Origin and haven't seen ads in years. I also use the Self
Destructing Cookies extension for some additional tracking protection,
though these days that's not nearly enough - see:

https://www.eff.org/privacybadger

Funny enough, the other day uBlock failed after a Firefox upgrade and I was
amazed to see how the few sites I usually browse actually look without ad
blocking (and how long they take  load...) And this was for the BBC, never
mind something like the Daily Camera!

Simos

On Fri, 15 Sep 2017 10:58:53 -0600
Bear Giles <bgiles at coyotesong.com> wrote:

> I have noscript. Unfortunately there's so many exceptions to get these
> sites to do what I went there for some of these ads sneak through anyway.
> 
> On Fri, Sep 15, 2017 at 10:46 AM, Davide Del Vento <
> davide.del.vento at gmail.com> wrote:  
> 
> > > poorly written javascript that cause my browser to slow down and crash  
> >
> > For this issue, the right solution is https://noscript.net/ not VPN + DNS
> > hijacking.
> >
> > On Fri, Sep 15, 2017 at 9:47 AM, Bear Giles <bgiles at coyotesong.com> wrote:
> >  
> >> ​I've used HideMyAss in the past but I'm switching to my own servers on
> >> Digital Ocean and AWS. ​ The cost with a nano instance is about the same as
> >> the cost of a decent commercial offering - about $60/year. I know there are
> >> cheaper sites but I just don't trust their economic model.
> >>
> >> I found an ipad app that takes openvpn config (and in fact it comes from
> >> a site that seems to be a commercial offering from the openvpn group) but
> >> haven't set it up yet since I don't have an imac and getting the .ovpn file
> >> onto the ipad requires a little more work.
> >>
> >> I also need to regenerate my keys. I've been using a test set that don't
> >> require a password - I want to switch to per-host keys with passwords.
> >>
> >> The funniest thing is that one of the biggest reasons for running your
> >> own VPN is that you don't have to worry about the VPN logging your
> >> activity. Running your own VPN is simultaneously less anonymous - someone
> >> doing a reverse IP address lookup will find your hosting company and they
> >> can identify what account has that IP address - but it's also more
> >> anonymous since you own the logs. The big guys can put in  network tap and
> >> see all the sites you go to but marketers can't get any information.
> >>
> >> So what's one of the first things I'm thinking of adding? My own caching
> >> DNS server. Something that will keep a log of every site I visit - and that
> >> means all of the ad servers, etc., not just the sites that appear in the
> >> address bar.
> >>
> >> The reason to do this is to blackhole abusive ad sites. I'm not opposed
> >> to ads at an abstract level, just the scammy ads and the ones that have
> >> poorly written javascript that cause my browser to slow down and crash.
> >> With the DNS server logs I can toss in my own DNS records that redirect
> >> these sites to my own server that immediately returns either a 404 or a
> >> blank page. Of course that now means that there's a nice handy list of all
> >> of the sites I visited (but not the URLs) if someone does get into the
> >> system.
> >>
> >> On Fri, Sep 15, 2017 at 8:16 AM, Quentin Hartman <qhartman at gmail.com>
> >> wrote:
> >>  
> >>> Good trick! Thanks for sharing. What VPN service are you using?
> >>>
> >>> I just started using TunnelBear and it's working pretty well so far.
> >>> They don't "officially" support linux in that they don't build a client for
> >>> it, but they have instructions available for using standard VPN tools to
> >>> connect to their endpoints. The experience on my phone with their client is
> >>> very seamless.
> >>>
> >>> Q
> >>>
> >>> On Thu, Sep 14, 2017 at 7:58 PM, Bear Giles <bgiles at coyotesong.com>
> >>> wrote:
> >>>  
> >>>> I came across this when playing with the VPN configurations.
> >>>>
> >>>> 0. install network-manager-openvpn-gnome.
> >>>>
> >>>> 1. right-click on network icon and go to bottom of menu - select Edit
> >>>> Connections.
> >>>>
> >>>> 2. create your VPN entry. (This lets you easily select it by
> >>>> right-clicking on the network icon and then selecting VPN Connections.) You
> >>>> can import a .ovpn file, or just read the configuration and figure out what
> >>>> values to use.
> >>>>
> >>>> 3. edit your wired and wifi connections. On the 'General' tab one of
> >>>> the last items is "Connect to this VPN...". You can specify one of your VPN
> >>>> connections.
> >>>>
> >>>> The wifi connections that launch without forcing me to a login page
> >>>> work fine - they launch with the VPN enabled.
> >>>>
> >>>> I haven't had a chance to try it on a wifi connection that requires a
> >>>> login page. It might be smart enough to recognize the private IP address
> >>>> range and not route through the VPN for those connections.
> >>>>
> >>>> This solves one of my annoyances - I might have a VPN account but a lot
> >>>> of traffic goes out between when I establish the connection and when I can
> >>>> right-click on the network icon and turn on the VPN. Not everything uses
> >>>> https. This should eliminate that window.
> >>>>
> >>>> _______________________________________________
> >>>> Web Page:  http://lug.boulder.co.us
> >>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >>>> Join us on IRC: irc.hackingsociety.org port=6667
> >>>> channel=#hackingsociety
> >>>>  
> >>>
> >>>
> >>> _______________________________________________
> >>> Web Page:  http://lug.boulder.co.us
> >>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >>>  
> >>
> >>
> >> _______________________________________________
> >> Web Page:  http://lug.boulder.co.us
> >> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >>  
> >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >

More information about the LUG mailing list