Help: Too poor to buy VPS at full price: sharing the cost with a stranger I barely know :D

TL;DR
I have rented a VPS where I am not the only person who has root access. This way it’s cheaper since the cost is split.

Purchasing intention was to use it as a VPN node since the VPS has a much better upstream route then the one I have from my home.
(From me to VPS 3ms, from VPS to target region 120-180ms ping, no packet loss)
(From me to target region directly 200-350ms depending on congestion, packet loss every now and then)

Would only need a WireGuard exit node. No other features.

Now I wanted to ask if you think this is ok from a security perspective.
Or it’s a hazard and I should distance myself from something like this because the other person could use my WireGuard instance to gain access to my other machines.

I didn’t use WireGuard before so I do not know how secure and encrypted it is, even with proper ACL set. Especially if the other user has root access as well.
The dude I am sharing my VPS with seems to be legitimate, but one can never be too careful. x)

«1

Comments

  • AuroraZeroAuroraZero ModeratorHosting Provider

    Are you insane?

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • JabJab Senpai

    With the number of free VPS you can get from AWS, Azure, Google, Alibabab etc how this makes any sense? :D

    Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
    https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png

  • cybertechcybertech OGBenchmark King

    get to know him. problem solved

    I bench YABS 24/7/365 unless it's a leap year.

  • edited March 1

    @Jab said:
    With the number of free VPS you can get from AWS, Azure, Google, Alibabab etc how this makes any sense? :D

    They all have much higher ping and high packet loss :(

    Traffic to Mainland China (excluding Hongkong) over the normal routes are extremely inconsistent. Some websites work slow, others work horribly slow with almost all packets lost, rip smooth browsing experience...
    With a good route you can cut ping in half, sometimes even more, and eliminate packet loss completely.

    Truely a first-world-problem x)

    @AuroraZero said:
    Are you insane?

    That's what I like to hear. Sharing the instance basically means some is 24/7 looking at what I am doing, even the whole process of me deploying my wireguard instance including any secrets within the configuration. I am aware of the fact that all my traffic at the node can be sniffed at

    Well I better buy a separate Node even if it's more expensive. After further thought it will save me a lot of headaches.

    But if somebody can come up with a solution of securely deploying nodes in a shared environment I would happily listen to it. Already have a lot of VPS and plan to extend to even more nodes across the globe for better connectivity. If shared VPS can be realized securely it would cut down the cost significantly.

  • AuroraZeroAuroraZero ModeratorHosting Provider

    @lowendspiritxdax said:

    @Jab said:
    With the number of free VPS you can get from AWS, Azure, Google, Alibabab etc how this makes any sense? :D

    They all have much higher ping and high packet loss :(

    Traffic to Mainland China (excluding Hongkong) over the normal routes are extremely inconsistent. Some websites work slow, others work horribly slow with almost all packets lost, rip smooth browsing experience...
    With a good route you can cut ping in half, sometimes even more, and eliminate packet loss completely.

    Truely a first-world-problem x)

    @AuroraZero said:
    Are you insane?

    That's what I like to hear. Sharing the instance basically means some is 24/7 looking at what I am doing, even the whole process of me deploying my wireguard instance including any secrets within the configuration. I am aware of the fact that all my traffic at the node can be sniffed at

    Well I better buy a separate Node even if it's more expensive. After further thought it will save me a lot of headaches.

    But if somebody can come up with a solution of securely deploying nodes in a shared environment I would happily listen to it. Already have a lot of VPS and plan to extend to even more nodes across the globe for better connectivity. If shared VPS can be realized securely it would cut down the cost significantly.

    Next thing I expect you to say is it okay that I share underwear with my sister?

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • @AuroraZero said:

    @lowendspiritxdax said:

    @Jab said:
    With the number of free VPS you can get from AWS, Azure, Google, Alibabab etc how this makes any sense? :D

    They all have much higher ping and high packet loss :(

    Traffic to Mainland China (excluding Hongkong) over the normal routes are extremely inconsistent. Some websites work slow, others work horribly slow with almost all packets lost, rip smooth browsing experience...
    With a good route you can cut ping in half, sometimes even more, and eliminate packet loss completely.

    Truely a first-world-problem x)

    @AuroraZero said:
    Are you insane?

    That's what I like to hear. Sharing the instance basically means some is 24/7 looking at what I am doing, even the whole process of me deploying my wireguard instance including any secrets within the configuration. I am aware of the fact that all my traffic at the node can be sniffed at

    Well I better buy a separate Node even if it's more expensive. After further thought it will save me a lot of headaches.

    But if somebody can come up with a solution of securely deploying nodes in a shared environment I would happily listen to it. Already have a lot of VPS and plan to extend to even more nodes across the globe for better connectivity. If shared VPS can be realized securely it would cut down the cost significantly.

    Next thing I expect you to say is it okay that I share underwear with my sister?

    No. It is waste of water to wash it. Better no underwear

    Thanked by (1)AuroraZero

    I believe in good luck. Harder that I work ,luckier i get.

  • You would lose so much more than your other machines.
    Your bank accounts can be withdrawn by the other person you barely know.
    Your sisters can be married to the other person you barely know.
    Your jail records can be shared with the other person you barely know.
    Your pants can be worn by the ehab person you barely know.
    Your fast food can be eaten by the other person you barely know.
    Your bandwidth can be doubled by the other person you barely know.

  • @AuroraZero said:

    @lowendspiritxdax said:

    @Jab said:
    With the number of free VPS you can get from AWS, Azure, Google, Alibabab etc how this makes any sense? :D

    They all have much higher ping and high packet loss :(

    Traffic to Mainland China (excluding Hongkong) over the normal routes are extremely inconsistent. Some websites work slow, others work horribly slow with almost all packets lost, rip smooth browsing experience...
    With a good route you can cut ping in half, sometimes even more, and eliminate packet loss completely.

    Truely a first-world-problem x)

    @AuroraZero said:
    Are you insane?

    That's what I like to hear. Sharing the instance basically means some is 24/7 looking at what I am doing, even the whole process of me deploying my wireguard instance including any secrets within the configuration. I am aware of the fact that all my traffic at the node can be sniffed at

    Well I better buy a separate Node even if it's more expensive. After further thought it will save me a lot of headaches.

    But if somebody can come up with a solution of securely deploying nodes in a shared environment I would happily listen to it. Already have a lot of VPS and plan to extend to even more nodes across the globe for better connectivity. If shared VPS can be realized securely it would cut down the cost significantly.

    Next thing I expect you to say is it okay that I share underwear with my sister?

    yes, it's perfectly fine, siblings should share

  • Now I can peacefully discard my cheap thought. Just spend less on other unnecessary things, earn more through side income and rent proper services. Less attack surface less troubles, less brain to waste later on. Maybe once I become a full expert but not before that. Right now it's one mistake and gg game over.

    Problem solved, thank you everybody!
    Though sometimes it's tough for me to fully distinguish the facts from the irony in your responses haha x) @yoursunny
    (Just joined recently, not aware of context from previous forum posts, need to learn and read a lot before I can fully understand all of the conversations :D)

  • I am sure @yoursunny can cut you a deal for a VPS in McMurdock.

    The all seeing eye sees everything...

  • AuroraZeroAuroraZero ModeratorHosting Provider

    @selalumenang said:

    @AuroraZero said:

    @lowendspiritxdax said:

    @Jab said:
    With the number of free VPS you can get from AWS, Azure, Google, Alibabab etc how this makes any sense? :D

    They all have much higher ping and high packet loss :(

    Traffic to Mainland China (excluding Hongkong) over the normal routes are extremely inconsistent. Some websites work slow, others work horribly slow with almost all packets lost, rip smooth browsing experience...
    With a good route you can cut ping in half, sometimes even more, and eliminate packet loss completely.

    Truely a first-world-problem x)

    @AuroraZero said:
    Are you insane?

    That's what I like to hear. Sharing the instance basically means some is 24/7 looking at what I am doing, even the whole process of me deploying my wireguard instance including any secrets within the configuration. I am aware of the fact that all my traffic at the node can be sniffed at

    Well I better buy a separate Node even if it's more expensive. After further thought it will save me a lot of headaches.

    But if somebody can come up with a solution of securely deploying nodes in a shared environment I would happily listen to it. Already have a lot of VPS and plan to extend to even more nodes across the globe for better connectivity. If shared VPS can be realized securely it would cut down the cost significantly.

    Next thing I expect you to say is it okay that I share underwear with my sister?

    yes, it's perfectly fine, siblings should share

    I dodn't say share your sister I said her panties

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • @lowendspiritxdax said: Now I can peacefully discard my cheap thought.

    You might consider another cheap thought: offering just Wireguard access for a low price to people that you hardly know.

    No idea how that would work with terms of service and such, but if you wouldn't allow it to be used as an ingress VPN for P2P or shady websites, you might stay in the clear.

  • AuroraZeroAuroraZero ModeratorHosting Provider

    @wankel said:

    @lowendspiritxdax said: Now I can peacefully discard my cheap thought.

    You might consider another cheap thought: offering just Wireguard access for a low price to people that you hardly know.

    No idea how that would work with terms of service and such, but if you wouldn't allow it to be used as an ingress VPN for P2P or shady websites, you might stay in the clear.

    Have to fly well below the radar deck and hope to all the gods that no one decides to trace anything back to you.

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • "shady websites" has different meanings in different places.

    The all seeing eye sees everything...

  • @wankel said:

    @lowendspiritxdax said: Now I can peacefully discard my cheap thought.

    You might consider another cheap thought: offering just Wireguard access for a low price to people that you hardly know.

    No idea how that would work with terms of service and such, but if you wouldn't allow it to be used as an ingress VPN for P2P or shady websites, you might stay in the clear.

    I only plan on using the nodes as personal endpoints to improve speed.

    Though I did have read about projects like opengfw and alike, which can detect and literally block any kind of traffic you choose to. Funny project, I find it amusing :D

  • @lowendspiritxdax said: Now I wanted to ask if you think this is ok from a security perspective.

    it's okay for personal use (the risk is yours rightfully). don't ever do this in business or where the traffic passing are not only yours.

    also learn how wireguard handle it's encryption, whether you uses is as mesh or client-to-server, if you have concern about traffic snooping then also search about it. don't be poor and stupid at same time

    Thanked by (1)lowendspiritxdax

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • @lowendspiritxdax said: Truely a first-world-problem x)

    Fellas, is it gay first world privilege to not want to give root access to a stranger?

  • @yoursunny said:
    You would lose so much more than your other machines.
    Your bank accounts can be withdrawn by the other person you barely know.
    Your sisters can be married to the other person you barely know.
    Your jail records can be shared with the other person you barely know.
    Your pants can be worn by the ehab person you barely know.
    Your fast food can be eaten by the other person you barely know.
    Your bandwidth can be doubled by the other person you barely know.

    I will find out his house and eat all his cake

    youtube.com/watch?v=k1BneeJTDcU

  • @lowendspiritxdax which locations would be the best for you?

  • @zgato said:
    @lowendspiritxdax which locations would be the best for you?

    Mainland China, so more dependant on upstreams I guess. I think preference would be JP,HK,SG,LAX,SEA.

    Thanked by (2)lowendspiritxdax zgato
  • @zgato said:
    @lowendspiritxdax which locations would be the best for you?

    Do you mean which locations I plan on setting up nodes?
    Germany, Germany → China, China, USA, (India, Turkey, Argentinia for cheaper subscriptions :D ), Japan and Korea etc.
    Just doing it for fun, no real meaning haha.

  • cybertechcybertech OGBenchmark King

    @cybertech said:
    get to know him. problem solved

    stupid me, this is actually second solution.

    best solution is dont be poor.

    I bench YABS 24/7/365 unless it's a leap year.

  • MathiasMathias Hosting Provider
    edited March 2

    Sharing root access with a stranger? what the fuck.
    That's like giving someone your phone password and trusting them not to empty your bank account

    But anyway good luck :p

    Luxvps - Hosting services with outstanding customer support
    "You only have the fun you make yourself"

  • I would only ever give root access to someone I knew decently. If you are in China and trying to use a VPN to circumvent GFW why not just use snowflake or something? Is it too slow?

  • @BruhGamer12 said:
    I would only ever give root access to someone I knew decently. If you are in China and trying to use a VPN to circumvent GFW why not just use snowflake or something? Is it too slow?

    I am from Germany but have family members who originate from China. 100% of our traffic start their journey from Europe, so we don't need to use For some family members the latency and packet loss is becoming a problem. Packages to and from China are being routed so awful, in addition to the already super duper congested network caused by hundred millions of people trying to get out/in China. (Btw just as a sidenote: Don't know about the insights but the GFW must have some insane algorithm to be able to handle so much traffic 24/7 lol.)

    TL;DR our connection to China has only worsened over the last 10+ years x), many websites become completely unusable during peak intervals, needed a solution to boost the connectivity. And the Misaka node reduced our average Ping from 280-350ms with 30% packet loss to just 120ms ping, 0% packet loss. (Misaka to our home router is just 3ms, quite the good location I have to say, faster then my WiFi connection with 4ms lol)

    Thought I can save 50€ a year by sharing a VPS with someone else, and if it works out maybe share more VPS to save more money (currently have 10+ just for fun). If I buy even more I don't know if my pocket money is enough to cover all the expenses xD. Quickly turned out to be a bad idea :D. Now I am going to order a seperate Node.

    Thanked by (1)BruhGamer12
  • edited March 3

    I salute your initial trust in your fellow human <3. This forum is full of paranoid old men who have forgotten that to be human means to have trust in strangers. Their vague concerns stem from personal insecurity, and are not relevant.

    Sharing a VPS with a stranger is an excellent way to get access to its benefits for cheap. Thank you for mentioning this strategy here.

    Regarding safety

    In short: Used only as a VPN exit node, you will be totally fine and safe. It is equivalent to being on the same Wifi network as a stranger.

    I would consider the trustworthiness of the VPN exit node as I would consider any stranger's machine which routes my traffic - treat it like any untrusted part of the internet. In other words - only use encrypted protocols, like HTTPS and SSH and Wireguard, and pay attention to any certificate warnings. Hint: You already do those things :)

    I would not leave or transmit any secrets to the machine, like SSH private keys or passwords, even temporarily. I would not use the VPS for any other server activities - only Wireguard.

    If you follow those basic security steps, there is no chance that the other person can sniff or alter your traffic without your knowledge. If the other person tries to mess with your traffic, the encryption will simply fail and they will not get your data.

    The only real risk is that the stranger somehow destroys the VPS, which means that you cannot use it - Denial of Service, to use an industry term :)

  • @lowendspiritxdax said:

    @BruhGamer12 said:
    I would only ever give root access to someone I knew decently. If you are in China and trying to use a VPN to circumvent GFW why not just use snowflake or something? Is it too slow?

    I am from Germany but have family members who originate from China. 100% of our traffic start their journey from Europe, so we don't need to use For some family members the latency and packet loss is becoming a problem. Packages to and from China are being routed so awful, in addition to the already super duper congested network caused by hundred millions of people trying to get out/in China. (Btw just as a sidenote: Don't know about the insights but the GFW must have some insane algorithm to be able to handle so much traffic 24/7 lol.)

    TL;DR our connection to China has only worsened over the last 10+ years x), many websites become completely unusable during peak intervals, needed a solution to boost the connectivity. And the Misaka node reduced our average Ping from 280-350ms with 30% packet loss to just 120ms ping, 0% packet loss. (Misaka to our home router is just 3ms, quite the good location I have to say, faster then my WiFi connection with 4ms lol)

    Thought I can save 50€ a year by sharing a VPS with someone else, and if it works out maybe share more VPS to save more money (currently have 10+ just for fun). If I buy even more I don't know if my pocket money is enough to cover all the expenses xD. Quickly turned out to be a bad idea :D. Now I am going to order a seperate Node.

    You need a VPS with direct peering with the Big Three of China: China Telecom, China Mobile, or China Unicom. CT also operates some premium networks: GIA and GT.

    Of course, the less congested you desire, the more you pay.

    If you want some others to share your cost of VPS without giving them root access, just resell them a VPN service managed by you. This way, you remain the only person with root access.

    Thanked by (1)sh97

    The all seeing eye sees everything...

  • @IAmNix said:
    I salute your initial trust in your fellow human <3. This forum is full of paranoid old men who have forgotten that to be human means to have trust in strangers. Their vague concerns stem from personal insecurity, and are not relevant.

    Sharing a VPS with a stranger is an excellent way to get access to its benefits for cheap. Thank you for mentioning this strategy here.

    Regarding safety

    In short: Used only as a VPN exit node, you will be totally fine and safe. It is equivalent to being on the same Wifi network as a stranger.

    I would consider the trustworthiness of the VPN exit node as I would consider any stranger's machine which routes my traffic - treat it like any untrusted part of the internet. In other words - only use encrypted protocols, like HTTPS and SSH and Wireguard, and pay attention to any certificate warnings. Hint: You already do those things :)

    I would not leave or transmit any secrets to the machine, like SSH private keys or passwords, even temporarily. I would not use the VPS for any other server activities - only Wireguard.

    If you follow those basic security steps, there is no chance that the other person can sniff or alter your traffic without your knowledge. If the other person tries to mess with your traffic, the encryption will simply fail and they will not get your data.

    The only real risk is that the stranger somehow destroys the VPS, which means that you cannot use it - Denial of Service, to use an industry term :)

    Since you have faith in strangers, why don't you give me your money for me to invest. I promise 100% return in a year.

    Thanked by (1)skorous

    The all seeing eye sees everything...

  • If sharing a VPS saves you €50, does that mean you're paying €100 a year for a VPS?

    I think spending 100 euros for a VPS is really quite a lot, and it's not about being poor at all, it's about doing it the wrong way.

    I don't know what your main use for a Germany-China link is, it should be easy to find a cheap solution depending on the use, and unless you need milliseconds of response, the need to buy a line optimised for China is worth thinking about.

    Given that the line you are currently using allows for a 120ms response between Germany and China, I think that's pretty good, so there's no need to take the extra step of doubling up on packets, which would drastically increase traffic consumption, and is probably one of the reasons why your costs are too high.GFW mainly implements its blocking through signature detection, so you should be using sensible protocols rather than relying on doubling packets to try to increase speed.

    Also, a direct connection between Germany and China can be costly, if your business allows it you can try to transit from places like Japan, Singapore, South Korea, etc. This will require you to test the speeds from both ends to the middle, some of these places should be able to find very cheap and good speed lines, of course there may be some fluctuations, but it shouldn't affect the majority of the software used.

    I think for the cost of $20-30 a year, you should be able to buy enough VPS for use between two homes, which includes reasonable latency (but not going to be optimal latency), plenty of traffic, a little bit of storage space, and excellent compute power (enough to deal with any connectivity protocols needed).

    Thanked by (2)lowendspiritxdax wankel

    Have the honor of being the crybaby who pays $20 for a 128MB VPS at VirMach in 2023.

Sign In or Register to comment.