I’ve not done this (yet) so this is more of just an FYI. Whenever I get ‘er done, I’ll update with any particular added info.
This is a video that uses a free tier AWS server to run your own VPN server. It’s free for a year, then about $10 / month (though unclear what prevents you from just making a new free server… one presumes they do something to track just who is setting up servers).
IMHO the nice thing about this is you can assure that the VPN server is not keeping any log files around. The downside is that Amazon will have logging of which IP address connects to this VPN instance and what outgoing traffic it produces. Do they bother? Don’t know… but I’d expect yes.
So why do it then? Well, for just general purpose stuff like avoiding geolocation and advertising that knows where you live, or for being inside a VPN when using open access WiFi (i.e. not sending your stuff ‘in the clear’ at Starbucks where WiFi sniffers can inspect it…) it would be great. IF you have some really critically secret stuff (like “land you in Chinese Prison” or “TLA knocking at the door”) then this at best can be a nice way point to an additional relay. So you could, for example, use it from an added paid VPN hosted in another country. Yup, VPN inside a VPN… (I’d also use a “disposable system image” for any such activity and scrub the uSD card after use, but that’s just me…)
So you could have a “Dongle Pi” (as I posted way back) driven by your laptop, then connect via a public WiFi, bounce through a couple of VPNs and when done, re-flash the uSD in the Dongle Pi back to empty. At that point the “source machine” has effectively ceased to exist, the WiFi doesn’t know who you are, the AWS image has no logs, and all Amazon can do is say “originated at this Public VPN server in country FOO and went to BAR” or originate at the AWS and then go to FOO and then nobody can really say what your traffic was (other than the VPN server in country FOO who, in theory, could provide logs of traffic from that IP address back to investigators, so choose wisely).
At that point, your investigator has to have warrants in 2 (or 3…) countries and get cooperation from AWS as well as a foreign VPN provider. And all they can really say about “you” is that “someone” used that public WiFi hot spot. So don’t be on a recognizable camera, OK? (Many WiFi hot spots are strong enough to be used from a car parked outside near a window…)
Also note that IF challenged you can show you were on a Laptop running a different OS and with a different MAC address, and claim you never used their WiFi at all… Dongle Pi is your friend ;-)
If REALLY worried, you can use a $9 WiFi USB nubby and toss it afterwards. Any WiFi hardware fingerprinting / MAC address goes with it. I doubt I’d ever be that worried, but hey, it depends on your needs. Also note that you can set up the Pi with both the onboard WiFi and a nubby dongle WiFi and eliminated the ethernet wire to the laptop. The whole thing could be put in a pouch with a battery so not visible on any cameras. Just you, your laptop, and a book bag… I’d also show up a good while before starting to use the VPN and stay a while after closing it down, just so you can’t be time-stamped with enter / start and end / exit. (Or just sit in your car with a good antenna and a nice cardboard sun screen in the window ;-)
But assuming none of you are doing seriously risky stuff and just want to not have the WiFi sniffer guy or the “send me advertising like crazy” folks knowing too much about you, or want to geolocate to somewhere else, you can skip all that and just do the free VPN bit: