https://www.privacyguides.org/en/email/

they said it had widgets in the announcement blot

I have seen the tuta news… That really did annoy me, I emailed them every time I get one of them asking them not to do it anymore. It should just be a regular email. Not some special fake email.

I don’t see any ads

Even if it only works sometimes, there is still a use case with a benefit. I.e. speed throttling on tethering

And yet even with that pitfall there is a valid benefit of using a shared VPN over the hotspot. Specifically making your data look like it’s coming from the phone so it isn’t throttled by the carrier as tethered data. The failure scenario being the data goes slower.

I recognize the problems you list as valid, and yet there is still a beneficial tradeoff decision to be made.

No need to insult me, I both read the GitHub and understand how VPNs work.

There is no point in using a vpn if you don’t care if your data leaks outside the tunnel.

Sharing VPN from a phone over a hotspot, means all of that traffic looks like it’s coming from the phone.

True, but don’t let perfect be the enemy of good.

Sharing VPN from a phone over a hotspot, means all of that traffic looks like it’s coming from the phone. Admittedly if the VPN dies, the routing will bypass it. But the benefit here is immense, if you use visible, you have unlimited data from the phone, but very slow data on tethering. Sharing the VPN from the phone, gives you unlimited data on the hotspot. That’s a pretty good trade-off

I use a calyxos device to share VPN, as of a few months ago.

Hotspot & Tethering

• Allow clients to use VPNs

https://calyxos.org/features/list/#network

Perhaps your confusing GOS? If not, can you cite the design decision to disallow this feature? I’d be curious to learn about it

If openwrt can do it, gli-net can do it

Honestly, for your use case, you should just get a older cell phone. Put lineage OS on it, or calyxos… share your VPN over hotspot, these are the only two ROMs that I’m aware of that allow you to do that. This has the benefit that the VPN traffic looks just like for traffic from the phone, and you don’t have to do any gymnastics to modify the TTL, or the operating system signature of the traffic.

Boom, travel router. Very portable, has a built-in battery etc etc etc etc etc

I like GLI-net, they are great, they have great hardware. If you want to buy it I endorse it. If you’re paranoid flash your own firmware. If you use an end-to-end VPN from your device it doesn’t matter what your mobile router uses. However the killer feature here, I think is better supplied by an older phone running the ROMs I mentioned above. It’s just more portable. And you have a backup phone when you’re traveling

The general topic was about self-hosting. IPv6 is very useful for self-hosting,… connections.

I’ll admit there is a critical mass problem with torrenting clients, but if you’re trying to set up a wire guard tunnel with your friends, IPv6 is a absolute banger

Some loyalty programs high status will give you 24 hours in a room, any 24 hours you want…

But you would be spending crazy money to get that status anyway, cheaper to just book two nights when you want more time in the room.

In most environments ipv6 bypasses cgnat (because, why would you need a nat with ipv6).

https://www.wireguard.com/netns/

Here is a good how to for wireguard. Most commercial VPNs let you connect directly with wireguard.

Basically crate the interface in your clearnet namespace and then move it to your vpn namespace

100% this, plus it’s very easy to measure.

For individuals the tg/HDL ratio is promising as a great marker for insulin resistance (lower is better). But it requires a blood test, for academic purposes it’s also good because most checkup blood tests have these two markers recorded.

I stand by what I said. If you examine who supports those organizations, they are getting a benefit.

The US Navy supports tor more than anybody else. Not to mention all of the government-run exit notes. Now you’re the product here, is the product watching your data? Or is the product providing noise for their clandestine operations? Tor is a great thing, 100%, but it is being supported by people who get a benefit from it.

I’m sure you can find a counter example, but the point is it’s about incentives. If the incentives aren’t aligned you can’t trust it. Not for mission critical objectives

If you don’t pay money for something, you are the product. In this case it would be your net flow data. It’s not a good idea to use a free service if you’re worried about privacy

I wish it were that easy, there’s a lot of shared architecture in CPU design. So maybe there’s cache lines that are shared, those have to be disabled.

Architecturally, maybe memory tagging for cash lines that in addition to looking at the TLB and physical addresses also looks at memory spaces. So if you’re addressing something that’s in the cache Even for another complete processor, you have to take the full hit going out to main memory.

But even then it’s not perfect, because if you’re invalidating the cache of another core there is going to be some memory penalty, probably infotesimal compared to going to main memory, but it might be measurable. I’m almost certain it would be measurable. So still a side channel attack

One mitigation that does come to mind, is running each program in a virtual machine, that way it’s guaranteed to have completely different physical address space. This is really heavy-handed, and I have seen some papers about the side channel attacks getting leaked information from co guest VMs in AWS. But it certainly reduces the risk surface

Everything you said is true, but I don’t think it’s the complete answer the OP would like.

For instance if somebody goes to Google, on the raw network, and on the VPN. They would correctly expect that traffic to take two different routes, and come from different IP addresses

I’m afraid as long as you have shared architecture you will always have side channel data leaks. The only true mitigation is dedicated resources per compute item. So dedicated cores, dedicated cache etc