Just be aware of your specific threat model. Tying your "anonymity" VPN to your AWS credit card may not be what you want.
And your browser is still going to continue fingerprinting and websites will continue to use tracking cookies though a VPN. So all it is really doing is stopping your ISP from monetizing your traffic, which you get with a DNS over HTTPS provider without needing to spend money in the cloud, and is default in Firefox and I think just turned on in chrome as well.
The other issue is your traffic isn't encrypted traveling to the proxy, which means your ISP still sees your requests for the various sites. I use Tinyproxy and an ssh tunnel:
ssh -L 8888:localhost:8888 users@vpn.vm
Then set up your browser to use a proxy on localhost:8888. Tinyproxy is set to only listen on the localhost. Using an SSH tunnel allows you to use the proxy no matter where you are.
Well, HTTPS traffic is still encrypted so your ISP won't see what traffic you mean to send, just that you are communicating with your VPN server in AWS because that is the only DNS traffic it see. So you're fine there, but again DNS over https is an easier and cheaper way to accomplish that.
Your ISP won't be able to see the traffic, but they will know what sites you are visiting since those requests go across in plaintext. Here's an example line from Squid log when used as a proxy server:
That's the traffic your ISP will see. Since you aren't encrypting traffic between you and the proxy, even DOH won't stop your ISP from seeing the sites you are visiting.
Your plan is solid, except for the connection to the proxy server. 😄
Just be aware of your specific threat model. Tying your "anonymity" VPN to your AWS credit card may not be what you want.
And your browser is still going to continue fingerprinting and websites will continue to use tracking cookies though a VPN. So all it is really doing is stopping your ISP from monetizing your traffic, which you get with a DNS over HTTPS provider without needing to spend money in the cloud, and is default in Firefox and I think just turned on in chrome as well.
The other issue is your traffic isn't encrypted traveling to the proxy, which means your ISP still sees your requests for the various sites. I use Tinyproxy and an ssh tunnel:
Then set up your browser to use a proxy on localhost:8888. Tinyproxy is set to only listen on the localhost. Using an SSH tunnel allows you to use the proxy no matter where you are.
Well, HTTPS traffic is still encrypted so your ISP won't see what traffic you mean to send, just that you are communicating with your VPN server in AWS because that is the only DNS traffic it see. So you're fine there, but again DNS over https is an easier and cheaper way to accomplish that.
Your ISP won't be able to see the traffic, but they will know what sites you are visiting since those requests go across in plaintext. Here's an example line from Squid log when used as a proxy server:
That's the traffic your ISP will see. Since you aren't encrypting traffic between you and the proxy, even DOH won't stop your ISP from seeing the sites you are visiting.
Your plan is solid, except for the connection to the proxy server. 😄
You should be encrypting traffic between yourself and the proxy! That's half of a proxy's point
😄 We're on the same page, except you didn't put that part in the article. You're not encrypting anything between your browser and the proxy.
Not my article!
Ah man, it must be getting late, LOL! Apparently I've failed at reading tonight and probably should go to bed. 😄
Sure, thanks for the suggestion, I will edit the part to encrypt the traffic between browser and proxy.