zlacker

Since it's about VPNs - what are good VPNs for someone looking for safety/privacy but not anonymity or even IP hiding?

Not even for streaming. But for general "safety while on the Internet" when the devices (Mac, iPhone) are mostly on public or not-so-secure WiFi (at the residence or on the go). Plan is to keep it always ON or almost always ON.

Not necessarily for the UK.

(Other than Mullvad)

>>crossr+(OP)
This sounds more like a task for NextDNS than a VPN, tbh. Or are you worried about no TLS?

>>crossr+(OP)
The best VPN is to host your own. I used Digital Ocean. They have preconfigured droplet images for OpenVPN access server. The droplet even serves a client pre-configured with the connection settings.

It took me all of 10 minutes to set up.

>>crossr+(OP)
if you're on apple... iCloud Private Relay.

though you may need to be more clear on the safety / privacy benefits you expect to gain

>>jnwats+K1
In the year of our lord 2025, don't use OpenVPN. Use wireguard.

>>arccy+M1
iCloud Private Relay has the benefit of more accepted by payment processors etc, but the downside is that because it doesn't mask your country of origin the UK censorship rules still apply whilst using it.

I've found that Mullvad generally has the best privacy reputation, but I've also been blocked by a lot of sites whilst using it.

The mainstream consumer VPNs like Nord, Proton etc aren't as great for privacy but I suspect they're less likely to be blocked. I'd love to have more data to justify this though.

>>TheDon+d3
Please give a bit more detail and justification when you give opinions like this.

Otherwise it sounds like you’re saying everybody already knows which one is good and which one is bad -- but if everybody knew, you wouldn’t need to say anything, right?

>>jnwats+K1
Oh god. I should have said "other than self-hosted". I swear to god I thought about it but forgot and added only Mullvad. I can't edit it now.

And thank you for saying this but I have tried. Both on DigitalOcean and on a VPS bought from a deal on LET - didn't do it for me. It was a pain unless I left it literally untouched, un-updated, un-upgraded forever and ever. I know, I know - I must have done something wrong or I need more patience or both. But sadly it didn't cut it for me. It made it hate the entire thing.

Other self-hosted option could be one of those sites where you can use one service and pay for it like pikapods or so but then if I am doing that then why not just use a VPN because anyway I would have to sign up for different services and then pay for it too while not having the control a droplet or vps will offer (talked about above)

>>lan321+M
I have tried NextDNS and I think I should try it again but the last few experiences ended in a lot of sites breaking. Maybe this time I will try someone from country who has written a tutorial about it.

But a VPN would have been more appropriate for this task and if ever I needed to use a different IP from a different country (that would be rare and mostly to access websites for a short period) I could just do it easily.

>>arccy+M1
Yes that Safari only? Has that changed? Though I don't think it offers much - esp if you compare it to a VPN or even NextDNS or so.

>>crossr+(OP)
Can I ask - why not Mullvad?

>>jnwats+K1
A personal cloud VM is very bad VPN for some purposes.

The static IP address, recorded by every site you visit, is directly linked back to you personally, and only you.

>>Xiol32+sr
Connectivity and IP blockage (I assumed) issues last time I tried it.

But the main reason is — it’s the default recommendation on HN. So I would prefer to know what else good there that people are using. Because it would be really sad if it’s the only one. I kind of refuse to believe that.

That’s all.

>>iainme+0n
I am not the original poster, but there are a few reasons to pick Wireguard.

Performance is better due to the in-kernel drivers, UDP design and crypto choices. If you're simply looking for the fastest option wireguard is it.

Openvpn's protocol is somewhat more janky than wireguard. It looks tls-like but then does its own transport thing. It has a lot of flexible options and ciphersuite choices meaning you could very well pick something less than ideal. The complexity of the code makes an undiscovered bug slightly more likely.

The downside of wireguard, mitigated by some VPN providers, is that it is UDP-only. You may find environments where you cannot tunnel out this way, even if you try to impersonate QUIC by running the remote port on 443. Mullvad has a udp-to-tcp proxy as part of their client and server to work around this.

>>jlokie+jv
You can recreate the instance every 60 minutes, I've tried such approach once. But such setup is useless anyway, most services block datacenter traffic by default.

>>crossr+3B
It's the only one. It's technically difficult, and there are lots of things to do to sell out the user in the name of not leaving money on the table or bowing to authority, or other excuses for bad behavior. Principle in anything is rare, we're lucky to have mullvad.

Next best option is self hosting. Beyond that, it's a thoroughly enshittified marketplace.

>>crossr+Qn
Setup wireguard on VPS is very easy, you can put it on docker if you scare to screw up something. LLM is perfect for this task.

>>crossr+vo
For me, it doesn't break anything with their filters. Using it on both phone and PC and I don't manage to hit the free limit for the month. (unless I forget to close the GOG launcher, which for some reason is pinging all the time and blows through the monthly usage limit in a week)

Mullvad, however, leads to Captcha City and is straight up blocked on a couple of sites, namely McGearHub and, for a time, Runescape. Btw, if you have a friend using it, you can likely mooch off their sub. I share mine with 2 other people since the device limit is 5, and I only have my phone and PC on it.

I'm guessing the captcha city situation might be better with more "casual" VPNs but I doubt it makes much of a difference once you have a bunch of people on the same IP.