Effectively hiding IP

Question

Context: Consider the scenario in which you want to hide your ISP IP address from the application service you are accessing/using.

Possible solutions: In general, three scenarios for trying to accomplish this task may be employed:

1. Using a third-party VPN service, where the VPN provider still has the power of disclosing, case the company adopts a logging policy, the ISP IP address;
2. Hosting a VPN in a third-party VPS service, where the same weakness manifests by the side of the VPS provider; And
3. Hosting a VPN in my own self-hosted and physically maintained VPS, where would require physical infrastructure for such.

Is my reasoning right? Is the last option the only really effective?

For didactic purposes, I am ignoring the Tor network alternative.

Answer 1

So by necessity in IP systems, an IP address has to be visible to the network. Any intermediary may be recording traffic (subject to their local legal system as to when this is banned, allowed, or required).

That means there has to be a node somewhere which:

• knows what your ultimate other end of communication is

• knows at least one "hop" back down the chain towards you

And that node needs to be in a real location subject to physical law enforcement. Tor just expands this by providing an automatically configured chain of forwarding nodes, in the hope that obfuscates traffic sufficiently.

Your option (3) just moves the "attack" point to your own VPS.

In practice, law-evading systems either use uncooperative jurisdictions (e.g. Russia) or compromised third party nodes (such as consumer routers) which are not aware that they are facilitating crime.