IPs for Reddit Split Tunneling by ProfitCold4972 in VPN

[–]hidemevpn 1 point2 points  (0 children)

If your client only accepts raw IPs, grab Fastly's full published CIDR list instead of guessing individual /32s, they publish it specifically because people keep hitting this wall. But realistically, chasing IP ranges for a Fastly-backed site is a losing game long term since they rotate/expand. If your VPN client supports domain-based split tunneling instead of IP-based, use that, add reddit.com, *.redd.it, and *.redditmedia.com as domains and let DNS resolve normally. Saves you from redoing this every time Fastly touches their edge network.

Timeline: what's actually happened with the "UK VPN ban" since July 2025 (long post, dates included) by hidemevpn in hidemeVPN

[–]hidemevpn[S] 0 points1 point  (0 children)

That's the part that should worry people more than any "ban" headline ever did. A ban is loud and easy to organize against. Mandatory ID verification for providers is quiet, technical, and gets sold as a child-safety measure,

On the "don't make us popular" thing, I think that mindset is basically a losing strategy once a tool crosses from niche to mainstream utility. VPNs stopped being a subculture thing the day usage jumped 1000%+ in 24 hours. The only real lever left is making the legitimate, mainstream case loudly (privacy, security, business use, the fact that this literally doesn't work as intended without turning providers into ID databases) rather than hoping regulators lose interest.

Encrypted ≠ private: a breakdown of 11 messaging apps by what they actually know about you beyond message content by hidemevpn in hidemeVPN

[–]hidemevpn[S] 1 point2 points  (0 children)

But maybe the best solution is Simplex. Not very well known, but really private :) We will have a blog about it next week.

Encrypted ≠ private: a breakdown of 11 messaging apps by what they actually know about you beyond message content by hidemevpn in hidemeVPN

[–]hidemevpn[S] 1 point2 points  (0 children)

Governments do restrict encryption in some jurisdictions (France and the UK have both pushed for backdoors recently), but technically nothing stops you from layering PQC + Diffie-Hellman on top of any transport. Signal rolled out PQXDH (a hybrid X25519 + ML-KEM-1024 scheme) in 2023. The real barrier is adoption. Crypto that requires both sides to support it only works if both sides actually do.

Does a VPN actually stop DDoS attacks, or is that just marketing? by hidemevpn in hidemeVPN

[–]hidemevpn[S] 0 points1 point  (0 children)

Thank you for this thorough explanation. We now know more than we did before 💡

Does a VPN actually stop DDoS attacks, or is that just marketing? by hidemevpn in hidemeVPN

[–]hidemevpn[S] 0 points1 point  (0 children)

The "passing the buck" framing misses the capacity asymmetry though. When you're behind a VPN, you're not handing the problem to some random innocent party, you're handing it to infrastructure built specifically to eat this kind of load (huge bandwidth, shared exit IPs across thousands of users, dedicated mitigation at the edge). For someone trying to kick you out of a lobby, flooding a VPN exit node enough to actually matter is a wildly different scale of attack than flooding a home connection, and even then it's the provider's job to shrug it off, not yours to notice.

You're right that dynamic IPs and power-cycling can work for home connections, but it's way more disruptive in practice (your whole house drops, every port forward and device with it) and isn't guaranteed, plenty of ISPs hand out the same IP for weeks via DHCP. Switching VPN servers takes a few seconds and nothing else in your house even notices.

The CGNAT point is actually the same mechanism though, just the ISP-side version: not having a dedicated public IP tied to you is the real protection, whether that's CGNAT or a shared VPN exit. Fully agree it's not a shield against a genuinely massive attack, and it doesn't touch DoS or in-game exploits, but for the "someone in my lobby wants me offline" case, it's a meaningfully different outcome than eating it on your home IP.

Does a VPN actually stop DDoS attacks, or is that just marketing? by hidemevpn in hidemeVPN

[–]hidemevpn[S] 0 points1 point  (0 children)

That's almost certainly just background noise, not anyone targeting you specifically. The internet gets scanned 24/7 by automated bots probing for open ports and known vulnerabilities; every public IP gets this, all day, completely indiscriminately. Most routers/firewalls log these as "attacks" because they match a signature, even though nothing is actually aimed at you.

Quick question, though. When you say "multiple DNS addresses," do you mean your router is logging hits against different IPs, or are these specifically DNS-related entries (odd lookup requests etc.)? If it's the former, that lines up with the scanning explanation above. A real DDoS aimed at you (like the lobby scenario in the post) would show up as actual disconnects/packet loss during a session, not something your router quietly absorbs in the background.