What are people's thoughts around vpns for select devices at home for nafarious activity?
So most traffic goes through open net, and tv (for example) goes through a privacy first vpn provider with an exit in, say, Switzerland. And Proton mail for a small amount of email with the rest via apple.
I do this the other way around. All my traffic goes through a privacy-first multi-hop VPN provider, and data from things I don't trust and don't care about (set-top boxes, smart TVs [which I detest!], games consoles, house guests, etc) goes through the clearnet and provides a reasonable degree of cover. Literally everything else gets onion routed to some degree, to frustrate correlation analysis. I know that TOR users are logged specifically; I don't know about VPNs directly. All I want is for people to not spy on me. I'm not a criminal and I do nothing wrong(!) -- apparently an impossibly hard ask!
Something someone on HN might be able to answer is this: is there a reason why you couldn't try to configure Wireguard to have a constant bandwidth mode? Continually transmit UDP packets and again frustrate timing or correlation analysis -- if every client spoke to the server on one of a predetermined number of speeds continually then the burstlike connections coming from that server to a potentially identity leaking service (e.g. gmail.com) could not easily be correlated with the origin of the traffic. I imagine that would make it easier to have some stronger degree of privacy protection in aggregate.
Interesting idea. It would only be effective against timing analysis if all clients connected to the wg server use this constant bandwidth mode (otherwise your traffic could be identified through negative correlation against other connections).
It would also have to be aggressively rate limited to make it practical for anything with a battery over wifi, even a constant 2Mbit is not ideal for wifi and will cause a lot of battery drain since radios are most efficient when they can do burst communication. Or maybe it could be limited to bursts at some interval for better bandwidth, or better efficiency (but not both)... that would also make it easier to manage the traffic since it's no longer real-time.
I doubt there is any way to configure wireguard to behave like this, it has quite a specific purpose and wireguard's design focus is performance and security rather than obfuscation from traffic analysis. Maybe it's not necessary to modify WG if the traffic can be manipulated just before the WG interface...
[edit]
Talking of timing analysis, this was the side channel in specter/meltdown that was demonstrated to extract cryptographic keys from JS in the browser. Browser responded by just lowering the resolution of JS timers and introducing noise.
Maybe this would also be sufficient for a wireguard connection at the cost of slightly worse latency performance. The tricky part is how the timing resolution would be tied to activity on the WG server, i.e you would need the packets to be spread out further and further the less activity there is on the server, so you actually end up with better performance the busier the server is.
It would also come at a performance cost to routing which would be forced to hold on to packets artificially.
I actually don't care if I'm honest. I will be a good citizen, use all the normal services and blend in with the noise. Data about you looks much more suspicious if there is none.
If I wanted to do something nefarious I'd do it completely offline.
Who cares if it looks suspicious though? You're still innocent unless proven guilty. I'm not giving up mine (and to be fair I do use it for Torrents mostly :) )
I'm not in the UK though, and I refuse to even visit it for work now since Brexit. Google had some convention there a while ago and I just refused to go. If they don't want us I don't want them.
Actually everyone is moving towards guilty unless caught out. In the Netherlands they fight crime with an unaccountable organisation called the RIEC that doesn’t need any evidence to carry out what it calls interventions against even completely innocent people.
So if they choose to (as opposed to they suspected something) they can steal from you, have you attacked and more and they just pervert the course of justice to cover it up. Such as informing the police they are not allowed to response to your calls. Forbidding you to send in police reports. I know because it happened to me. Because I lived next to someone that they wanted to fuck up and I complained.
So most traffic goes through open net, and tv (for example) goes through a privacy first vpn provider with an exit in, say, Switzerland. And Proton mail for a small amount of email with the rest via apple.
Essentially - would it be less of a flag.
And would they even care about a bit of streaming