For practical purposes the only people who can penetrate a simple vpn service are potentially a government order to start recording your traffic that is legal based on jurisdiction or a dedicated hacker.

It looks to me that NEITHER would be prevented by you using a colocated machine. It's not like your colocation provider is incapable of compromising you and probably would if ordered to do so in a jurisdiction where this act would be legal.

A hacker presumably isn't concerned about whether they are attacking a machine on your desk or in Nebraska.

Over a 5 year time frame your colocated machine would presumably run you between $6600 and $19000 and would have bought you zero additional privacy compared to paying $360 for a vpn in the same jurisdiction.

These guys say they'll colo a raspberry pi for $9 a month: https://www.endoffice.com/picolo.html

That is pretty neat.

Still almost twice the price though....

The problem is more that a commercial VPN changes the threat model from an individual one to a collective one.

Very likely, no one cares about me enough to put effort towards specifically monitoring or hijacking my internet traffic.

However, someone puts out a shingle as NordVPN or Mullvad or whatever else, and starts advertising VPN services to the world.

That VPN provider has a finite number of endpoints / egress nodes, and those become a very high value target. Now my threat model has to include not just targeted attacks at me, but general attacks on the VPN provider.

An analogy would be, if you have 1 million dollars worth of real-world valuables (artwork, say), it's better to store it in a nondescript warehouse than a warehouse with a neon billboard out front that says "BOB'S HIGH-SECURITY WAREHOUSE FOR EXPENSIVE VALUABLES". The latter is painting a giant target on itself for anyone interested in stealing stuff.

I think the analogy fails because thats valuable isn't a good that it is simply retained or lost. If your vpn usage for example is downloading movies the fact that bob the hacker knows you downloaded inception isn't very worrisome. Likewise with keeping your personal traffic personal instead of having it show up on your bosses network who cares if bob has it.

If the vpn provider doesn't keep any logs your total exposure is that they may start collecting logs of traffic for the duration during which they are compromised. If they are attentive and competent this either will never happen or it will be for a short duration. Again this breaks the example of valuables in storage.

In fact a VPS or indeed any host actually has the same problem you describe in that a host is a bigger target than you and therefore more valuable.

On the other hand for most people the differential between know how between you and professionals is probably sufficiently useful that you are less likely to get hacked with them than on your own. After all nobody has to actually target you in particular they can look for vulnerable hosts in an automated fashion.

I don't think you have provided any substantial argument for most commercial vpn users to switch. I feel like for most threat models its a more than acceptable tool.

If you're serious, you use tor.

If just you want to torrent the last season of game of thrones (why would you?) then a reasonably reputable no-log vpn service will probably do a perfectly fine job.

If you want to access non-https websites from coffee shops, buy a $5/mo vps from amazon/prgmr/digitalocean/whomever and tunnel through it.

I don't see a situation in which the dedicated colocated hardware is the right choice.

If you're super super serious, can you even trust Tor? I personally give it better than 50% chance that some consortium of goverments control the majority of tor exit points but won't reveal it for small cases so as not to reveal this trick.

> some consortium of goverments control the majority of tor exit points

Probably yes, but it does not necessarily break your anonymity for https websites.

I find tor is usually just fine for coffee shop browsing. I went to a couple that blocked it someway or other though. Most are no issue.

Yes but tor is slow, making it slightly less practical than the tunnel through the VPS. It also doesn't hide your traffic from the exit nodes, who may be less trustworthy than a VPS provider if you are doing strictly legal things.

(On the other hand, if you want to perform a public service, using tor is a good way of masking the traffic of people who actually want to use it to disseminate sensitive information.)

The premise of Tor is exactly that you need not trust any of the nodes. The only exception being, all of the nodes in your path being controlled by the same entity. But an exit node knowing that an anonymous user has an encrypted connection to a specific site is usually not a privacy concern.

I said:

> non-https websites from coffee shops

If the website you are accessing is unencrypted then the exit node knows the entirety of your communication with it. (It doesn't know your IP; but small consolation. You're still vulnerable e.g. to injection.)

This is far less anonymous than sending cash in the mail to Mullvad. There is a paper trail leading back to you when you register the corporate entity.

From a security perspective, this is equivalent to renting a dedicated server. Once it leaves your possession, it isn't really "your hardware" anymore from a data security standpoint.

Also, as others have pointed out, all you have to do is sniff the traffic going in to the machine, something both the colo and ISP and upstreams are trivially able to do to obtain your residential or GSM IP, linked to your name/identity.

This is bad advice. Mullvad is like five bucks and offers equivalent privacy.

I think it's at least conceptually possible to pre-load a machine with software that doesn't pass any plaintext between you and it, and which the software image can't be modified without you knowing it.

I don't know about obscuring the fact of the connection between you and it though. Tor isn't enough by itself.

> which the software image can't be modified without you knowing it.

Nah. If you're worried about the kind of attacks that necessitate sending your own hardware, then, regardless of who owns title to the device, the firmware being replaced to snoop on or alter what is actually in RAM is in-bounds.

There are lots of ways of hiding persistence on a system, and decades of research along these lines. Once it leaves your possession, there's not much you can do to ensure that it still has unmodified code on it (assuming standard PC hardware).

Really though this isn't the threat model at all for someone who just wants to use a VPN, I only went there because the comment senselessly advised shipping your own hardware to the colo. That's the same privacy as using the colo-owned machine, which, for a VPN, is the same privacy as using a generic $5/mo VPN service, as in all cases the upstream can be trivially monitored (even in the case where it's your own, tamper-evident HSM-whatever remote attestation hardware).

Then why can't the entire FBI break in to an ordinary iphone, except by virtue of finding errors in implementation rather than the fundamental invalidity of the concept of secure hardware?

Why don't they just desolder the cpu and wire up an emulator and laugh at all those secure enclaves and encryption?

That whole thing was farce; the FBI got the unencrypted backup data from Apple. iCloud Backup is on by default for every iPhone, and is effectively unencrypted, and sends pretty much the entirety of the device's data to Apple every night when plugged in (using Apple keys).

Apple can decrypt the whole thing without any input from the user: they don't need their phone, they don't need their password, they don't need their keys.

The whole thing was a carefully orchestrated media dance designed to make it seem like the feds can't get the data off of iPhones. Not only do they have access to almost all of the data on almost every iPhone, they have access to it without a warrant or probable cause thanks to the FISA Amendments Act. Apple compromised over 30,000 accounts for the US government without a warrant in 2019, per Apple's own transparency report.