Private Home Networking [Part 1]

Digital Security Operational Security Privacy

This training guide includes instructions for setting up your own private VPN server in the cloud, with a small network device that sits behind your internet connection at home and handles the tunneling for the household, including desktops, mobile devices, tvs, etc.

What protection does this provide?

The primary objective is to separate your internet activity from your residential IP address, by adding one additional secure hop in the chain. Your ISP does not need to know about the contents of your internet activity. Nor do any of the administrators of the websites you visit need to know about the proximate details of your residence, like your neighborhood location and ISP provider. This is accomplished with a "Virtual Private Networking" server, which relays your traffic. All internet activity can only be traced back to the VPN server in the cloud, and not directly to your residence.

The secondary objective is maintain ownership and control over your own VPN server, and not funnel your internet activity through another commercial entity, which would also be able to perform detailed analytics, just like your ISP. This first hop which you would direct all your traffic through represents a profitable choke point. For the same cost of a commercial VPN service, you could run your own and ensure privacy regarding your internet activity.

What are the trade offs for this protection?

I have found by taking the step beyond commercial VPN services into truly private VPN territory, that this puts you in rarified internet traffic territory. This class of traffic occasionally gets confused with bots and malicious actors, who use cloud-based data centers. Choosing a reputable cloud provider is an important decision here. Sometimes logging in to websites with your IP originating in the cloud brings extra captcha requirements, some more than others depending on the cloud provider's reputation and history. High security environments like banks and concert ticket brokers will outright block your activity. In this case, I will disable wifi and tether directly over the cellular network, which reverts the traffic to normal-looking.

Other considerations

It's important to understand that certain information can be derived from your residential IP address, like your internet service provider and geographic location, with the precision at the level of your town. Fortunately, your exact physical address is not publicly linked to your IP address, although this linking relationship is sitting in a database with your internet provider, accessible to employees or otherwise motivated actors.

Using a web browser is your best bet in terms of having a standardized interface which releases relatively little info about your originating environment, when combined with a VPN server. Compare this with native apps on mobile devices, which if given access to your GPS sensor, can send off your exact GPS coordinates — sometimes in the background without using the app, given an "always allow" sensor access provisioning. In practice, I will only access social media platforms using a browser on a desktop computer, and do not have the apps installed on any mobile device. This method also makes it easy to filter out ads from the user experience.

Finally, using a VPN only provides personally-identifiable protection when browsing websites anonymously or with basic accounts that require an email address. Nowadays, most commercial websites have long lists of third-party suites that provides tracking and analytics, which this method helps against. However, that informational veil is pierced once you place an order with an e-commerce site where you're submitting shipping and billing info.

Instructions

Coming soon...