I hate to tell you this but you are not smarter than the people who design VPN protocols. Neither am I for that matter. But I do audit them, have have very intimate knowledge on how they work.
-
An http proxy and dns over HTTPS is not enough.
In order to establish a TLS session to encrypt your DNS you need to pass a handshake which means your initial request is going to be unencrypted. There is nothing preventing a MITM attack against your DNS request, and your ISP likely already does this when using 1.1.1.1 for example. The same vulnerability lies inside encrypted email when establishing Secure SMTP. Don’t use STARTTLS, because step-down attacks can force your server to talk unencrypted. Use Explicit TLS. -
Proxies and TLS are layer 3 protocols, meaning it’s easy for your OS to fuck up your routing tables and send everything unencrypted. Most people have no clue what they are doing. VPN’s are both easier to use, and serve the same purpose.
-
I forgot to mention client side attacks like revealing your IP by simply using an API request to api.ipify.org or another to bypass the proxy. This can be done with a myriad of protocols.
The issue with proxies is they only handle 1 protocol.
VPNs handle all of them because they operate on layer 2.
I am going to make a post about how VPNs work so I can inform everyone on how these work, they can make their own decisions. I will also include my own recommendations to satisfy everyone.
Here’s the post: https://discuss.eroscripts.com/t/should-i-use-a-vpn