Mikelius

Thanks for clarifying! Took a deeper look on my computer and I guess I learned that NoScript was misidentifying due to the cors or something. Just had to call it out before, as one can never be too careful these days :D

The security part is the reason I use NoScript to do this. We've all typo squatted sites we visit, I'm sure. But if I typo squat a site I frequently visit and see the JavaScript disabled, it forces me to recheck I'm on the right site. Granted it's only happened once where I didn't realize I typo'd until seeing it was disabled, but it only takes 1 time to lose everything...

Not sure the fingerprint concerns are too major for me either. Hopefully most scenarios, I'm flagged as a bot or crawler and out of some data that would otherwise have been collected. Who knows. I imagine that JavaScript makes up for way more fingerprinting though.

I use iperf3 with Speedtest's servers, personally. But for a browser, yes JavaScript is needed.... But needing JavaScript files from like 20 different domains is typically a red flag for me on any site.

My solution to this question a year or so ago was to take my gaming desktop, which was collecting dust after I moved to my gaming laptop, and gut it down to a 4U server rack case. Best decision I've ever made. 12 core Ryzen and 128gb memory. Got a 10g adapter in the pci express, 8xHDD for data and then 2 mirrored nvme for the OS itself. Only thing I kept out was the video card since I had no use for it (yet)

An equivalent "server" on the market would probably cost a fortune and cost you a ridiculous amount of electricity.

The NoScript list terrifies me a little though... Not sure what's going on there, but that's a lot of JavaScript lol.

I've been doing this for a while now with opnsense being what masks the whole network behind the mullvad VPN.

Pros:

• Even fresh new devices that have all that crap junkware installed get routed through the VPN, meaning no tracking to you immediately (unless they sniff the rest of the network and relay your network AP I guess)
• one device instead of many, leaving extra devices available to use for a single mullvad account (limited to 5 devices, at least for wireguard)
• if using wireguard, you honestly won't be hit with network performance issues. Just don't choose a server across the world from you. I chose one in the same country as myself and get an average 95-97% of my internet speed, and that's because I also have IDS/IPS enabled

Cons:

• as others mentioned, increase captcha annoyances
• some banks may lock your account if you try to log in with the VPN
• if the VPN server goes down, the whole network will. This may be a good thing since your don't want traffic to leak, but just pointing out you now have another single point of failure outside your ISP
• when someone's hoarding the entire VPN server you're connected to, you'll probably witness a slowdown

That all being said, if you're not very technically savvy on the networking side or haven't ever setup a custom router/firewall, this will be a pain. But it you want to learn something new and are up for the challenge, eventually it gets down to almost never having to worry about it. I've been doing it for a long time now, so for me personally, I've gotten to the point of only needing to login to the firewall for a VPN setting update or server change maybe once a month

I've had the opposite experience and was actually referring to this generation in my comment, specifically for the series X.

With Xbox 360 and even some Xbox one games, I was able to come home with the game and put it into the console knowing I could play it right away from the disc (or install for the Xbox one and play). When I buy a game now, referring to physical copies, I'm unable to play without requiring internet. I understand some games have limitations on disc size, but once upon a time, that's where multi disc came in. Just the other day I forgot to unplug my console from the network to play a game and was hit by a firmware update request that I couldn't say "later" to. Once that finally finished, I unplugged but I guess the console already got wiff of an update for the game I wanted to play and said I need to be connected to the internet to continue.

This is definitely not something I ran into with older generations, personally. That being said, it sounds like your experience was different, so I suppose mileage may vary

For me, it's just that I don't want to have to turn the console on with plans to play for 1 hour only to be introduced to mandatory forced updates or show installation times that eat that entire hour away anyway. I just want to play my damn games, not to mention 100% offline if I so choose to.

I personally use mullvad for all outgoing traffic and then airvpn for any let forwarding I require. Basically airvpn is exclusive to incoming traffic, like my self hosted services or game servers, and then anything I do on the internet routes through mullvad. All setup through opnsense since they both support wireguard.

I always had issues with proton's port forwarding being reliable in the past. That being said, if you need things like video streaming services, mullvad seems to be having a hard time with these recently where as proton worked well for me back when I used it (unsure if that's still true).

Lots of comments already mentioning the differences. I have tried these, including the mentioned ipfire, and decided on the end to use opnsense plus openwrt on two different devices.

I chose opnsense at the time many years ago because it supported wireguard out of the box, where as pfsense required some weird install process I didn't want to deal with. Plus I liked the UI to opnsense more.

My moden has been literally replaced by my firewall so I have the ONT connected to it and then use it to do all the heavy lifting for... Well, firewall stuff. It connects to a VPN so my entire network routes through the VPN. Then my openwrt device is connected to that. It also handles firewall stuff, but more at an internal level (keeping network devices only permitted to communicate with devices I say are okay, blocking internet access, etc) and also hosts my nginx setup to route to various servers.

While I could do everything on one machine with opnsense, I've got a particular setup that allows me to have multiple devices at the firewall level, truly isolated from the rest of my internal network (for a couple of internet open port services). And it gives me peace of mind that if someone found a zero day in opnsense, I'm not totally screwed unless they also got one in openwrt.

To answer "which is better to begin with", I personally find opnsense way more flexible and robust than the other 2 options. Has a lot more capabilities and upgrading is super easy without requiring jumping through weird hoops and such like openwrt does.

Unless it's my cat. Got heavily filtered water and use it to fill 3 different fountain bowls in different parts of the house (none near the food source, but I did that because if they are, she'll eat her food over them...) and the cat still demands I turn the sink on instead. Same exact water, and even though I change her water out almost every other day, the sink wins. Just glad she hasn't figured out how to turn it on yet...

Funny enough the last fountain I got looks like a faucet and she's like "nah I'm not stupid, turn the sink on."

This is where rooting the phone is required. I use wireguard without root and have AFWall granted with root at bootup so it doesn't require acting as a VPN