Security Advice -- Residential Family

Hello, i have family in HK and in North America.

We sometimes torrent, we sometimes read the news we could get in trouble and we also have fears of mass surveillance and the possibility that things that are okay to think and say become illegal tomorrow. Even in North America.

I have started on a path, first using Cyberghost thinking this was enough (its horrible btw breaks Macbooks) then getting aguard professional for all devices.

Adguard was a huge plus, but then learned about DOT and DOH and the leaking issues with these.
SNI issues with browsers, so slapped on DNSCRYPT.

However, these VPNs are just as scammy as hosting reviews, its horrible.

I want to protect torrent traffic and our identities into the future - preventative.
What is the best way we can do this?

  • Should we use tor browsers?
  • Should we use protonVPN + stealth / multihop ?
    – Are their any VPNs that are better for privacy today?
    – Are there SPNs services for mac, ios yet?

What would be the best process for us to have privacy and block anoyying ads ?

In addition the guide says VPNs dont help, but there are new features such as stealth for proton vpn and the tor network, so with these newer systems consider is it viable to use one?

Also, i noticed that the only 3 vpns are shown are quite expensive, are there any low cost solutions for vpns that give similar features?

They don’t have the same privacy guarantees. Essentially large “VPN corporations” like Kape, own a number of brands like Cyberghost. They aggressively market, and have not had third party public audits. None of their apps are open source either.

They also spend a huge amount on third party marketing, that is paying a company to run around to various sites on the internet and offer them to pay them to say good things about the product. Typically those reviewers will focus on lame “speed tests” and not evaluate absolutely anythign else.

Companies like Cyberghost will then submit a pamphlet with the exact things they want parroted, that are in line with their marketing, essentially creating facade of a lot of people saying the same things. I know this because I have personally received such material, in particular from Cyberghost and it is in fact more frequent around “sale periods” like Black Friday.

Yes, they do a lot of that, and it’s something we evaluate in our listings.

Thank you,

Also does ESNI (ECH), Encrypted Client, Hello – does this provide anonymity? Will it protect from Mass Surveillance? Great Firewall?

Ive been able to get ECH working on chrome, but want to know where this is positioned on your website in terms of security, as you only have SNI discussions.

It’s not widespread, and unfortunately servers are not yet configured to refuse fallback connections which expose this information. It is discussed on this page:

It’s an important part of TLS 1.3 support unfortunately it’s not mandatory, and many webservers will fall back to regular connections.