Max-P

This is the privacy community, not the piracy one.

You might want !piracy@lemmy.ml

Now is not the fucking time to give governments unlimited access to user data. If the UK has it, the US will have it too.

AWS does have plenty of VPN solutions for this, but likely not with the credentials you have because they’re usually very specific. And it’s probably intentional, if they wanted to give you VPN access they’d give you VPN access.

The website requests an image or whatever from 27748626267848298474.example.com, where the number is unique for the visitor. To load the content the browser has to resolve the DNS for it, and the randomness ensures it won’t be cached anywhere as it’s just for you. So it queries its DNS server which queries your DNS provider which queries the website’s DNS server. From there the website’s DNS server can see where the request came from and the website can tell you where it came from and who it’s associated with if known.

Yes it absolutely can be used for fingerprinting. Everything can be used for fingerprinting, and we refuse to fix it because “but who thinks of the ad companies???”.

It’s going to depend on how the access is set up. It could be set up such that the only way into that network is via that browser thing.

You can always connect to yourself from the Windows machine and tunnel SSH over that, but it’s likely you’ll hit a firewall or possibly even a TLS MitM box.

Virtual desktops like that are usually used for security, it would be way cheaper and easier to just VPN your workstation in. Everything about this feels like a regulated or certified secure environment like payment processing/bank/government stuff.

but I’m curious if it’s hitting the server, then going the router, only to be routed back to the same machine again. 10.0.0.3 is the same machine as 192.168.1.14

No, when you talk to yourself you talk to yourself it doesn’t go out over the network. But you can always check using utilities like tracepath, traceroute and mtr. It’ll show you the exact path taken.

Technically you could make the 172.18.0.0/16 subnet accessible directly to the VPS over WireGuard and skip the double DNAT on the game server’s side but that’s about it. The extra DNAT really won’t matter at that scale though.

It’s possible to do without any connection tracking or NAT, but at the expense of significantly more complicated routing for the containers. I would do that on a busy 10Gbit router or if somehow I really need to public IP of the connecting client to not get mangled. The biggest downside of your setup is, the game server will see every player as coming from 192.168.1.14 or 172.18.0.1. With the subnet routed over WireGuard it would appear to come from VPN IP of the VPS (guessing 10.0.0.2). It’s possible to get the real IP forwarded but then the routing needs to be adjusted so that it doesn’t go Client -> VPS -> VPN -> Game Server -> Home router -> Client.