Wouldn't blocking IPv6 and using a kill-switch prevent leaking?

I strongly suggest you disable ipv6, as nothing will break by disabling it but many things break with it enabled.

mullvad is the only normie vpn worth using. worth every penny

Even Mullvad give out ULA addresses. You can hardly call that a proper implementation :(

Do you know if it's supported using OS-native VPN client implementations as well (i.e. Wirecard, IKEv2, or maybe OpenVPN), or only using their official client?

Pretty sure i've had ipv6 on Proton. How do I check if it's "proper"?

Solid dev + OSS ecosystem + Flat rates

I'm satisfied!

SwissVPN provides a /64.

[dead]

I'm not surprised, given that I received 140% cashback(!) on their 2 year plan a while ago. Unless the hope is that most users forget to cancel before it renews, I'm assuming that I'm paying with my personal information.

It still does the trick for accessing bank and other websites from abroad (that somehow consider a VPN IP more trustworthy than a residential ISP in a Western European country, but that's a different story), but I wouldn't use it for anything sensitive.

I also definitely wouldn't run their client locally, and their Wireguard configurations are annoyingly only valid for 15 minutes after creation. (Weirdly, there doesn't seem to be any limitation on IKEv2.)

It's because the primary function of VPNs isn't privacy, it's to connect to a remote network and treat it as your LAN. Any privacy or security stuff is completely orthogonal.

As surveillance of social media ramps up, either by the government or by angry mobs, they're rapidly growing to be essential to use any unencrypted platform.

I just built the same thing using `systemd-nspawn --directory=/ -b`. The nice part about using nspawn is that you have access to all of the normal network configuration tools like systemd-networkd to configure the devices and networks, rather than using a python script. It also provides a nice place for running services inside of the container, since process management is also included.

> If you can't see your VPN's source code, you can almost safely assume that they're broken in some way.

This is definitely true insofar that you better be able to see client code. That said, since you cannot see what the server is running, even if they release their code, you will still end up with a trust actor or two (vpn operator or sometimes multiple vpn operators in double hop cases).

That’s exactly the reason we introduced deterministic and verifiable VPN technology on https://VP.NET which allows you to actually see the code the VPN servers are running. Instead of trust in a non deterministic human actor you can now trust deterministic and verifiable code.

It is the end of privacy theater!

[1] I am a co-founder of VP.NET

Even if you could, there's no way to guarantee it's the same code that's actually pushing your packets around.

Even vp.net which says they use SGX to verify the code that is running on a box... yea you are verifying a box, somewhere, not necessarily the one forwarding your packets. And those packets can still be monitored/modified outside the system at some other part of the network anyways.

And even if you could verify all that, eBPF swoops in and lets you modify code at runtime with no evidence trails.

If you can see it you can also almost safely assume it’s broken in some way.

They separate each other by spending money on YouTube ads and sponsorships and jacking up prices to offer 50%, no 70% no NINETY PERCENT DISCOUNT if you subscribe for 17 years using my promo code MisterSandman!

They are one of the few VPN providers that give out public IPv4 addresses, and you can even get a static one. So, if you are using them for having a public IP, not for privacy, please continue doing so.

I wouldn't trust either, for different reasons.

Both of them really advertise too much (IMHO) to be trusted. They rely on introductory pricing and hoping people don't realize and get billed at a much higher rate, a model I personally hate.

But ExpressVPN has an additional reason: ties between it, its founder and Israel. There's a BDS argument against right there but additionally, there are accusations that ExpressVPN traffic is or can be monitored by Israeli intelligence.

That last one is a risk of many VPNs, which is why you have to be careful about who the owners are and where the company is incorporated. I personally prefer VPNs that are located in more privacy-focused jurisdictions (eg Iceland, Switzerland).

Mullvad is a popular option on HN. I'm also relatively positive on PrivadoVPN (located in Switzerland). Some Redditors question the quality of the service. So far it's been fine for me.

Given their need to advertise with pretty much any YouTube channel willing to take their money, I'd be inclined to question the quality the likes of NordVPN and SurfShark.

It boggles me how one can see them as anything but sus after tops 30 minutes of looking into it. You get that all those "top 5 vpn" sites and youtube recs are sponsored, right?

Both are proprietary and require personal information to register and pay so obviously no.

Trustworthy enough to shitpost behind? Sure.

Trustworthy to break some actual laws behind? Absolutely not.

Define trustworthy? In my experience, no.