Sonney's Blog

On the Ethics of VPN

If you know the industry I'm in, you'd guess I believe in regulating the internet to some extent.

I have to exist in this space where I'm surrounded by people who think any form of regulation is going to strangle our livelihoods, and then on the other side there is probably a boat load of nasty content on the internet that would all be better if it went away – videos of beheadings, public executions, revenge porn, child porn. I'm sure there exists a content that we can all unanimously agree needs to be removed from the internet, even if you are a fringe thinking person.

The United Kingdom set into effect the expectation for all websites managing NSFW content to verify the age of its users. Some of them ask for photo ID's, others federate with Google.

There is a good argument that giving our personal biometric data to third parties is risky, especially if you are then going to browse a porn site where a data breach could lead to much embarrassment.

There is soon the point where I explain how to setup a VPN on a private server. Its cheaper (I think), than paying for a subscription.

The objective of a VPN is to encrypt internet traffic, but also mask your location. Now, services will think you're “elsewhere” and since you're “not in the UK”, they won't ask you to identify yourself, because this is a UK only thing to ask for one's facial ID to visit a porn site.

But Why?

I think rules are important. The Online Safety Act is not so prescriptive that it's demanding websites capture information about you, it just wants to ensure children are not able to see offensive content. The problem I have is how its being implemented.

How to Install WireGuard on a Linux Server

I haven't messed around with spoofing locations just yet, but my private server is deployed in an EU country. You can tell by opening up terminal, typing in ifconfig, taking the ip address and pasting into a “wheremyIp.com” style website in order to find out where you allegedly are. (You can even try with your own computer if you run a UNIX style system).

Install Wireguard

sudo apt update
sudo apt install wireguard

Before doing any Linux work, its good practice to update your system, remove outdated libraries etc.

Enable IP Forwarding

 echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

This enables your server to act like a router. It would allow it to receive information and forward it to other destinations. In our case, with VPN enabled, your computer can ask your server for Google.com, and instead of dropping the packet (if IP forwarding was disabled), it would pass it to Google for a response.

Configure the firewall

sudo ufw allow 51820/udp

I found out about ufw, its simple and easy to understand as firewalls go. (To be honest, prior to doing this, I had no idea how firewalls actually worked)

51820 is the port most VPNs work off so that needs to be enabled. UDP is the protocol and is beyond the scope of this post.

Generate Server Keys

sudo nano /etc/wireguard/wg0-client.conf

In there, place the following configuration:

[Interface]
PrivateKey = [CLIENT_PRIVATE_KEY]
Address = 10.0.0.2/24

[Peer]
PublicKey = [SERVER_PUBLIC_KEY]
Endpoint = [SERVER_IP]:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

I found these were quite helpful. Place these in your .bashrc or .zshrc and call them when you want to use vpn

alias vpn-up='sudo wg-quick up wg0-client'
alias vpn-down='sudo wg-quick down wg0-client'
alias vpn-status='sudo wg show'

Verification

To verify your vpn works, you can execute curl ifconfig.me

You should notice a difference between when vpn-up or vpn-down

I realised first hand that setting up VPN didn't disrupt my other services, say this website, since they operate on completely different ports, this makes sense.

Final Thoughts

I think building my own VPN server provided good privacy benefits whilst giving me complete control over my internet traffic routing. The setup process, while initially complex, resulted in a robust solution that cost me only the price of my server hosting – which I pay for anyway. The key advantage over commercial VPNs is trust – I know exactly where my data is going and who has access to it. For anyone with basic Linux skills and a cloud server, it's definitely worth the effort.

I'm still personally debating how I feel about using perfectly legal tools to sidestep age verification on online platforms.