GekkoP wrote: ↑Tue Feb 22, 2022 8:07 am
On this note, do you have any hint to a proper guide to do it in the right way?
I have to say I am just using the OpenVPN set up my VPN provider offers, but I am open to suggestion do it as you it should be done.
I wasn't referring to client/protocol setup when I said "using it the right way". That's on you and your provider's documentation.
What I meant was how people tend to overestimate a VPN and assume they're protected 100% of the time. Sure, having a desktop Linux setup mitigates some of those risks (hence why I said "most people", meaning not the 1-2% market share we belong in), but it still kinda applies to us as well.
People forget the only thing they're doing is shifting trust from their ISP/telco to the VPN provider. That alone does virtually nothing on the modern web filled with browser fingerprinting, geolocation tracking and all other forms of javascript identifier voodoo. If you don't take the same additional steps you would on a non-tunnelled setup, you're effectively cloning the fingerprint you had on your ISP's IP pool to the VPN provider's IP pool, and every corporation will know it. Not like they even care about your IP address, since they've got so many other ways of identifying you. Most people don't know this and end up falling for buzzwords like "complete anonymity" or "military grade encryption" at many VPN websites, ignoring how those same websites employ google-analytics or googletagmanager or some Cloudflare or Fastly CDN.
Just look around you. Notice how so many people connect to their VPN while still being logged into their Google or Facebook accounts. Or how people on mobile devices are connected to some VPN while the WhatsApp or Gmail app is installed on their device and allowed to run in the background. Or how people have location services enabled while connected to a different country IP via their VPN. Or how some people configure their VPN at router level and have every device tunnel through it thinking they're protected, but are actually just adding more vectors for identification to their connection. I could go on...