lsquare

Yea, it's the same thing with ExpressVPN. I forgot which bank off the top of my head, but it's probably Citi.

Boraxo

Considering Mullavad, Nord and Proton. Any thoughts?

I would have installed this by now but the last one I tried seemed to slow my web browsing. But need something that will:

(1) protect my uploads while traveling (one of my amex accounts got hacked on my last trip when I had to login)
(2) stop amazon, netflix and apple from blocking playback of downloads when traveling (if I login over wifi they block playback when I open the app, even if not connected)
(3) privacy protection, because none of us need more government snooping

lsquare

Is it just me or it seems like FT is blocking lots of ExpressVPN servers?

GUWonder

It's not just you -- it's a lot of people. Courtesy of Cloudflare. FT/IB uses Cloudflare. And Cloudflare is very blocking happy and seems to be on blacklisting kicks for IP addresses and who knows what else.

VPN and TOR users find work arounds to Cloudflare's kicks, but Cloudflare is very much into making sure this remains a cat and mouse game with Cloudflare as the wannabe cat.

gfunkdave

1. Virtually all sites these days (and certainly any reputable financial site) uses TLS to encrypt everything between you and them. A VPN doesn't add any more security for what you're describing (preventing hacks) unless your financial provider's site is grossly misconfigured (in which case time for a new bank).
1a. It's likely that someone either cloned your card or guessed random card numbers and hit on yours. If you're saying that your amex dot com login was hacked, then it's probably because you reused the password from another site that was hacked, and the hackers then used that username and password to log in to your account. The solution here is to use a random unique password for each site. This is what password managers are for.
2. For this use case, I would run speed tests on the various VPNs to verify they can give you a high enough throughput to stream. I think most of the big ones probably can.
3. I'm not sure what problem you're trying to solve here. Which government is snooping? What are they snooping? How are they snooping? All you do by using a VPN is to trust the VPN provider with the same information that you had been trusting your ISP with. Unless their privacy policy states otherwise (and I'd be surprised if they do) then your VPN provider probably keeps copious logs of your activities (even if they claim not to!) that they will be happy to give to any police force that asks for them, perhaps even without a court order depending on jurisdiction. The government and Big Tech already have tons of information on you, including which sites you visit, what you search for, and much much more. A VPN won't help you here. It's an unavoidable consequence of being online, unless you are exceptionally diligent about avoiding leaving trails, using privacy-centric browsers and search engines, and essentially having the opsec of an undercover agent.

A commercial VPN provider is useful IMO for exactly two reasons: 1) pretending to be somewhere you're not so you can do something like stream Netflix, or 2) being able to access sites that are blocked by your local ISP.

I personally don't have a commercial VPN provider, but I do have a VPN server in my home router that I can use in case of either of the above two needs, or if I need to access something on my home network.

Also, I seem to recall several articles from a while back that all but proved that several free VPN services were fronts for various countries' intelligence agencies.

bocastephen

I'll need to find the thread, I think it's in the general Omni if you want to search for it, where I was coached by another member on setting up a VPN device at home, chained to my ATT home internet. It was a little challenging setting up, but after paying $27 for the actual VPN device itself, OpenVPN is now free, and I'm at low to zero risk of being blocked by Netflix, etc. because the IP is not associated with any known VPN service - and no monthly payments. I even put a second device in my Mother's apartment in Canada and she now watches USA Roku content, free of the Canadian censors, at full HD resolution and no speed hiccups.

der_saeufer

This right here. You get zero security advantage from using a commercial VPN in any use case that's relevant.

Commercial VPNs are good to beat geoblocking for expats and immigrants who often need to access services in the "old" country that may not allow foreign connections for "security" reasons, e.g. E-ZPass in the U.S. They can also be useful if you really want to watch some other country's streaming content.

If you just want to beat geoblocking while traveling, setting up a VPN server at home is absolutely the way to go--Netflix et al try to block commercial VPNs with varying degrees of success, but by VPN-ing back home you look like you're connecting from your own living room and you won't run into any of the problems you get with commercial VPNs.

scubadu

I mean, in fairness, that is probably the exact use cases for like 95% of the people that use a commercial VPN service...

I've actually thought about taking this route on several occasions, but have just been too lazy to pursue it. I'm curious what the performance impact on streaming is when taking this route. For example, my home internet is cable modem, so very, very asymmetrical performance, ~300 Mbps down stream, but only ~11-15 Mbps upstream. That is fine for our home usage model but I fear would be problematic from streaming from abroad.

If I setup a home VPN server and attempt to route all streaming traffic while abroad through the home server, it would seem my performance will be constrained by the very low upstream bandwidth I have?

This may show my lack of understanding on this topic; I have a technical background, but not so much on the networking front (at least not with any depth). Its unclear to me, if when streaming from abroad though a home VPN, if the actual video stream has to "download" to the home server, then "upload" back out to my remote client (hope that makes sense). If that is correct, it seems like that would be some pretty poor performance for streaming video. But I may very well be missing an understanding of how this traffic is actually routed.

Regards

Zorak

Yep -- IB will try to work with you if you can give them an IP to unblock, but, well, there's a 13-page thread and counting in the tech support forum: Consolidated "Problems Accessing FlyerTalk When Using A VPN" thread

You're correct that VPNing means all the traffic will first go to your home, then back out through the same connection (this doesn't matter much though; unlike a water pipe the down/up directions are largely independent of each other) so the smaller upload bandwidth will be the limiting factor. But FWIW I only have ~20 Mbps up and it provides tolerable VPN streaming.

I found it on Google so it must be reliable : "0.5 Mbps is just enough to start a video stream, but anything below 1.5 Mbps leads to poor video quality. As recommended by Netflix, Standard definition (SD) requires 3 Mbps, High definition (HD) 5 Mbps and 4K/Ultra HD at least 25 Mbps."

gfunkdave

That's correct; you're constrained by 3 things:
1. Your local connection's downstream bandwidth
2. Your VPN server's upstream bandwidth
3. The VPN appliance's capability to encrypt data

You can't do much about #1. For #2 the best you can do is buy a connection with a higher upload bandwidth from your local ISP. Cable connections tend to have a big disparity between download and upload speeds but some cable companies provide 30+ Mbps upload...on their most expensive plans. If you can get fiber, those connections are usually symmetric (same upload and download speeds). We have 300 Mbps up and down from AT&T fiber.

#3 is a complicated little bear, though. It depends on the hardware you're running the VPN on and the type of VPN. Running the server on a router is not optimal because routers typically are designed to route and have otherwise limited resources. Running the server on a dedicated computer (even a Raspberry Pi) can be better, but more complicated to set up.

OpenVPN is popular but also cumbersome to set up and can be rather slow depending on the encryption algorithms you select and whether the hardware you're running on supports hardware offload of those algorithms. IPSec is also very popular but also difficult to set up and configure securely, but some routers support offloading the encryption work to dedicated hardware which can make it quite fast. I personally use WireGuard, which has the benefit of being fast, easy to set up, and still able to run with decent performance on even unoptimized hardware. I use WireGuard on a Ubiquiti Edgerouter X, which is quite a limited little box all considered, but I can still get 50+ Mbps from it over the VPN connection. With OpenVPN I got more like 5-10Mbps.

scubadu

I don't want to restart that thread here, but this Cloudflare stuff w/FT drives me crazy. It is literally the only site on well... the Internet... that I have issues with. IB acts as though they are Fidelity or Charles Schwab or something. It's a traveler site where probably 90% of users are anonymous anyhow...

Thanks for verifying my understanding. I'd always thought that to be the case, but hadn't really sat down and thought it through too much. Contrary to what some in this thread are saying, that performance, at least to me, might provide some justification for VPN providers. And they do seem to be pretty good at getting around geo-blocking. It's a cat and mouse game for sure but these providers are well aware that streaming outside the US is really the only reason most users are paying them.

It terms of video streams, I can tell you that every once in awhile our service goes tapioca and speeds will drop substantially, even to single digit Mbps (a modem reset immediately cures it) and when that happens we notice a very distinct difference in streaming quality, often dropping to SD (which is not a joy to see on a 65" OLED TV) or even stuttering. So while I acknowledge the theoretically numbers for "starting a stream" I really have zero interest in watching anything in SD these days.

Regards

scubadu

Yes, I'm aware I could mitigate the upstream issue. However, I've had my service for a very long time and surprisingly they have never raised the rate and generally, for our use case, I'm very happy with what we get for the dollars we spend. Fixing the issue (e.g. switching to fiber, etc.) will likely increase my bill in order to solve a problem that is like, 0.75% of my use case, so really just not worth it (at least to me).

Yes, I've done a good bit of reading on all this and did setup and play with OpenVPN many years ago. If I do decide to pursue again I'd definitely go with Wireguard, no question.

Regards

lsquare

I agree with you and wish FT would do something about it. I have VPN(s) on all the time as I have to access work email and to protect my connection when on public WiFi. It makes no sense for a travel site like FT to behave like this. Not very customer friendly.

gfunkdave

Post your concerns in the Tech Support forum if you haven't.

Cloudflare is mostly a CDN (content delivery network). They maintain points of presence throughout the world on the internet with cached copies of sites that are their customers. This provides faster load times no matter where you are physically located, because you get a copy of what you're looking for from a location nearest you. I don't know why Flyertalk's admins have set Cloudflare to block VPNs...I suspect they noticed abuse coming from VPN IPs.

scubadu

Sorry, given that the thread on VPN issues began in 2014, I'm not going to waste my breath. IB is aware, they just don't care.

I don't really use a VPN to access FT, but for awhile was still running into very annoying Cloudfare issues. That seems to have cleared up. Additionally, I'm well aware of what Cloudfare/CDNs do and how they can add value. My broader point is that I literally don't run into significant issues with, well, any other sites on the internet. IB is acting like FT is a CIA site or something. It's just ridiculous and shows a stunning lack of technical incompetence. Plenty of sites on the internet have figured how to deal with spammers without annoying their legitimate users multiple times per day...

Regards