Hi folks. Fortressa creator here. Friends and family kept asking me about VPNs, and I didn’t have any good suggestions to offer, so I built a solution I felt comfortable recommending. You can learn more about my motivation in my announcement post:
Forgive me perhaps I read the landing page too quickly but it looks like any other VPN service... I pay a stranger money and my traffic goes through that stranger’s servers?
No offense but why would I trust that stranger?
Isn’t the best choice for the privacy conscious to set up a VPN on a machine they themselves have physical control over?
Thanks for the comments. I don't think it's quite like any other VPN service, at least not that I'm aware of. Fortressa provisions a distinct server, with its own OS, and sets it up as a VPN for you -- and only you.
I anticipated questions like those you raised and tried to answer them ahead of time in the FAQ, which admittedly isn't very easy to find at the moment. Having a look at it, does it help answer some of the questions you asked? https://fortressa.com/faq/
This is slightly different, as far as I can tell. You're essentially paying for a layer that does the work of setting up Algo[1] on a [digitalocean, EC2, azure, GCE] instance for you before sending you the certificates. You pay them, then they pay the VPS instance, an 'admin fee' of sorts and a donation to Algo's ongoing development.
The FAQ-cited difficulty of 'setting up your own VPN' basically relies on the end user not realising or feeling comfortable that they could provision Algo directly. You're paying for that, essentially.
One thing I'm curious about (and I could be missing the details) is how you guarantee privacy of the certificates generated by Algo being sent to me, the consumer? Do I just have to trust you that you don't keep a copy?
> Isn’t the best choice for the privacy conscious to set up a VPN on a machine they themselves have physical control over?
perhaps I am missing something, but it seems like having physical control over the machine breaks several important use cases for VPNs.
if I understand correctly, the privacy that you get from a VPN comes from encrypting the traffic itself, hiding your actual IP, and mixing your traffic with other clients using the same exit point. although it is a matter of record that you are a subscriber, no intercepted traffic can actually be traced back to the IP you own (assuming your provider doesn't keep logs, of course).
I don't really see how these qualities could be retained by operating your own VPN server. unless you are doing some black ops shit, your identity would have to be connected to the VPN server itself, so the fact that it masks your computers IP doesn't matter. plus you probably don't have many other people using your server, so you lose that plausible deniability.
I would be quite glad to be corrected, as I certainly don't love trusting my provider when they say they don't keep logs.
A VPN can also be useful for security -- for instance, if you're on an unencrypted wifi and someone wants to sniff your packets. Or if you're in countries such as the UK or china and want to circumvent censorship.
What does this give me over PIA? Other than over double the price? I can't seem to see any features this offers me over any of the other VPN's.
It says it works on "Ready to protect your Mac computers, iPhones, and iPads?" how does even work? It would be one thing if they provided apps but I can't seem find links to their apps so why would this be limited to Mac/iOS?
* the VPN is yours, and only yours -- not shared with thousands of other users
* VPN detection is becoming a problem, and Fortressa is harder to detect as a VPN (unlike other providers)
* uses stronger, more trusted protocols than OpenVPN and others commonly used by most providers
* no software to install, so no apps are necessary
The VPN service itself is not limited to Mac/iOS in any way. The configuration steps on Android, Linux Desktop, and Windows are a bit more involved, so I simply haven't had time to properly document those steps. Thank you for reminding me that I need to add that to the FAQ, which is here: https://fortressa.com/faq/
10 comments
[ 2.6 ms ] story [ 28.5 ms ] threadhttps://justinmayer.com/posts/introducing-fortressa/
I wanted to share this with the community in hopes of getting constructive feedback. Many thanks in advance, and please be kind! (^_^)
No offense but why would I trust that stranger?
Isn’t the best choice for the privacy conscious to set up a VPN on a machine they themselves have physical control over?
I anticipated questions like those you raised and tried to answer them ahead of time in the FAQ, which admittedly isn't very easy to find at the moment. Having a look at it, does it help answer some of the questions you asked? https://fortressa.com/faq/
The FAQ-cited difficulty of 'setting up your own VPN' basically relies on the end user not realising or feeling comfortable that they could provision Algo directly. You're paying for that, essentially.
One thing I'm curious about (and I could be missing the details) is how you guarantee privacy of the certificates generated by Algo being sent to me, the consumer? Do I just have to trust you that you don't keep a copy?
[1]: https://github.com/trailofbits/algo
perhaps I am missing something, but it seems like having physical control over the machine breaks several important use cases for VPNs.
if I understand correctly, the privacy that you get from a VPN comes from encrypting the traffic itself, hiding your actual IP, and mixing your traffic with other clients using the same exit point. although it is a matter of record that you are a subscriber, no intercepted traffic can actually be traced back to the IP you own (assuming your provider doesn't keep logs, of course).
I don't really see how these qualities could be retained by operating your own VPN server. unless you are doing some black ops shit, your identity would have to be connected to the VPN server itself, so the fact that it masks your computers IP doesn't matter. plus you probably don't have many other people using your server, so you lose that plausible deniability.
I would be quite glad to be corrected, as I certainly don't love trusting my provider when they say they don't keep logs.
It says it works on "Ready to protect your Mac computers, iPhones, and iPads?" how does even work? It would be one thing if they provided apps but I can't seem find links to their apps so why would this be limited to Mac/iOS?
* VPN detection is becoming a problem, and Fortressa is harder to detect as a VPN (unlike other providers)
* uses stronger, more trusted protocols than OpenVPN and others commonly used by most providers
* no software to install, so no apps are necessary
The VPN service itself is not limited to Mac/iOS in any way. The configuration steps on Android, Linux Desktop, and Windows are a bit more involved, so I simply haven't had time to properly document those steps. Thank you for reminding me that I need to add that to the FAQ, which is here: https://fortressa.com/faq/
Can you elaborate on that?