On Tunnels and who we trust.

Jun 23
On Tunnels and who we trust.

Do YOU use a VPN? It’s a question you hear a lot from time to time. VPN’s used to be for people who wanted to tunnel back to the office to access a boring spreadsheet on some slow fileserver or print their daughters birthday invitations on the company dime. It used to be about tunneling « in ».

These days most people use a VPN to tunnel « out » of somewhere. Vpn’s have become commercialised services with beacons somewhere in the cloud where we all connect to. Promising us privacy and anonymity from whatever snoops might prowl the network we connected to. But what do we have to hide, who do we hide it from and who do we share it with?

So where do I use a VPN

Well, that all depends. Whenever I need to connect to a « foreign network » I consider using a vpn tunnel. And with « a foreign network » I mean one where I don’t have the admin password of the wifi router.

Public Wifi’s are like public urinals

A shared wifi hotspot in a coffee shop (which I seldom use anymore) is a place where I definitely try to use a VPN to obscure my traffic. Although I have to say that I’m more worried about some hipsters malware infested Windows 7 machine giving my machine computer-gonorrhea across the local wifi network. I feel like i’m putting my donut on a urinal so… Shields up.

Corporate IT networks with Nosy neighbours

Ah, those sweet networks managed by overzealous IT staff at corporate offices. I DON’T TRUST THEM. If I have to hop « on their network » to do my thing, I am always careful to make sure my outgoing traffic is obscured. All of it. I don’t feel making my network traffic the passe-de-temps of some 20 something junior IT sysadmin who loves nothing more than snooping logs (or get those logs thrown in my face as part of a shitstorm during a payment issue with a client). No way.

So who do we trust ?

Well, that is a hard one isn’t it. I’ll never go for one of those commercial-but-free services that they offer. The business model here is that they sell off your traffic to advertising agencies. (When you don’t pay you aren’t the client, you are the product). But the « payed » services are kinda the same. Sure NordVpn has quite a good reputation but … in the end i’ll trust my own home network and tunnel out from there via my ISP .. just like with all my other traffic.

So I take the Space SSHuttle

There are a couple of VPN services you can self host. They give you the added joy of connecting to your home network. I’m an avid user of Tailscale to interconnect my devices over the internet (Check out the podcast episode I did on that), but when I want to tunnel ALL my traffic including my DNS queries I resort to using SSHuttle and use a machine running Tailscale at home as an endpoint. Yeah I know, that’s double encapsulation and that might give me some slower speeds, but what do I care .. the guest networks i’m on have money to burn.

T.N.O. ?

Trust no-one. Very true. But its not practical to set yourself up like Edward Snowden and only use your computer with Tails and Tor and hiding under a blanket (tried it, it gets very hot). At some point you have to trust somebody. In my case I draw the line at my ISP because thats where for me security and practicality balance out. At least I don’t have Hipsters licking my firewall or IT-Wanna-Be-Snoops snickering at my URL traffic.


Podcast: Tunneling with Tailscale

SSHuttle (Available on Windows, Mac, Linux and in WSL)

Related Posts

  • No Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *