Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

For people using wireguard, it was not designed to provide anonymity. Otherwise it is fine for use in Countries with decent protections for their citizens. If you need privacy, you should use OpenVPN.

Quote:

>WireGuard is highly secure, but it’s not designed with privacy in mind.

from

https://www.tomsguide.com/how-to/is-the-new-wireguard-protoc...



> WireGuard is highly secure, but it’s not designed with privacy in mind.

I'm sorry, but I must inform you that the Toms guide contains affiliate links to OpenVPN services. However, it is important to note that neither OpenVPN nor WireGuard can guarantee your safety if you are being targeted by government agencies. The guide's attempt from TFA is to promote these VPN services as a solution for anonymity and censorship (deep packets inspection can block all VPN protocols) avoidance is misleading. VPNs are primarily useful for accessing corporate or home resources and viewing geo-blocked streaming content (say from your home network) on insecure networks like hotel or cafe WiFi.


Parts of this article are just downright wrong

At time of writing, the biggest privacy weakness that WireGuard has is how it assigns IP addresses. When you connect to a VPN service using OpenVPN or IKEv2, you’re assigned a different IP address each time. WireGuard instead gives you the same IP address each time. This is faster, but it means the VPN server must keep logs of your real IP address and connection timestamps.

The address assigned inside the tunnel has nothing to do with your real address, and definitely does not have anything to do with whether or not the VPN server is keeping logs of your real IP address and timestamps of your connection.

OpenVPN and charon keep far more logs of those things by default that wireguard and you have to trust your VPN provider turned them off.


Almost nothing was created with privacy in mind. Security and privacy are different things.

I hate that people think that a VPN is private as in anonymous. But then again, those providers had great marketing.. So now devs and sysops need to call VPNs "tunneled networks".


You're not wrong, but there are VPN services that add on privacy to their wireguard offerings, such as PIA (private internet access). They open sourced the connection code so you can see how they do it[1] using an API that initializes a temporary wireguard connection for you. I've been really pleased with PIA's wireguard setup, which even includes forwarding of an incoming port!

[1]: https://github.com/pia-foss/manual-connections/blob/master/c...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: