mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-07-02 09:42:35 +00:00
style: Enable vscode spellcheck and fix typos/style (#2888)
Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
28
docs/vpn.md
28
docs/vpn.md
@ -96,11 +96,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
|
||||
|
||||
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
|
||||
|
||||
Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
|
||||
Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Anti-Censorship
|
||||
|
||||
Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
|
||||
Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
|
||||
|
||||
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
|
||||
|
||||
@ -110,11 +110,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Additional Notes
|
||||
|
||||
Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
|
||||
Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
|
||||
|
||||
##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
|
||||
##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
|
||||
|
||||
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
|
||||
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
|
||||
|
||||
### IVPN
|
||||
|
||||
@ -180,7 +180,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
|
||||
|
||||
#### :material-check:{ .pg-green } Anti-Censorship
|
||||
|
||||
IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
|
||||
IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
|
||||
|
||||
#### :material-check:{ .pg-green } Mobile Clients
|
||||
|
||||
@ -188,7 +188,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Additional Notes
|
||||
|
||||
IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
|
||||
### Mullvad
|
||||
|
||||
@ -257,7 +257,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
|
||||
|
||||
Mullvad offers several features to help bypass censorship and access the internet freely:
|
||||
|
||||
- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
|
||||
- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
|
||||
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
|
||||
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
|
||||
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
|
||||
@ -283,19 +283,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
|
||||
|
||||
### Technology
|
||||
|
||||
We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
|
||||
We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
|
||||
- Support for strong protocols such as WireGuard & OpenVPN.
|
||||
- Killswitch built in to clients.
|
||||
- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
|
||||
- Kill switch built in to clients.
|
||||
- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
|
||||
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
|
||||
- Censorship resistance features designed to bypass firewalls without DPI.
|
||||
|
||||
**Best Case:**
|
||||
|
||||
- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
|
||||
- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
|
||||
- Easy-to-use VPN clients
|
||||
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
|
||||
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
|
||||
@ -313,7 +313,7 @@ We prefer our recommended providers to collect as little data as possible. Not c
|
||||
**Best Case:**
|
||||
|
||||
- Accepts multiple [anonymous payment options](advanced/payments.md).
|
||||
- No personal information accepted (autogenerated username, no email required, etc.).
|
||||
- No personal information accepted (auto-generated username, no email required, etc.).
|
||||
|
||||
### Security
|
||||
|
||||
@ -355,7 +355,7 @@ With the VPN providers we recommend we like to see responsible marketing.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
|
||||
- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
|
||||
- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
|
||||
|
||||
Must not have any marketing which is irresponsible:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user