Since we now provide Portmaster in our repos, I’d like to open this thread for any discussion related to this software.
The developers work very close to my place here in Austria and I even met their CEO in person last week.
I think this is a great opportunity to give them our direct feedback about possible problems and feature requests from our side and get some first hand responses back.
My personal experience running Portmaster and SPN sofar is really positive with just a few issues, where most of them I was able to resolve. Portmaster works great as an extremely granular firewall where you can allow or block specific connections for any app, down to specific URL’s an application might contact during different actions.
Then on top of that there is SPN which is a paid upgrade (currently 9.9€/month or 99€/year)
My own general misunderstandings at first was that SPN unlike a VPN is NOT intended primarily for stuff like faking your geo-location to be able to stream video content not intended for your country by the provider. It should however enable you to access any content outside a restriction imposed on you by for example your ISP or local policy.
I think that their homepage and advertisement really gives a bit of a wrong impression there and I am about to discuss this with them, actually…
Their explicit goal anyway is to give you access to everything “legal in most countries”, not to enable activity illegal in most countries.
SPN gives you multiple identities and locations in parallel at the same time and routes your connections through individual tunnels.
Here you can see that currently, two of my targets in firefox think I am in Germany, while the third will locate me in France. In reality I am still in Vienna.
I think that their technology is a BRILLIANT tool to protect your privacy.
If you want to know more about the technical details, you should read their whitepaper - really an interesting read, even if you are not a complete nerd
I can say that their team went to great lengths to guarantee anonymity without even the need for a kill-switch or a no-log-policy. You could call it a DKYC policy where they have absolutely no idea who their customers are.
I hope we can use this thread for more insight into what the benefits and problems and potentially rough edges of this software are. I am looking forward to this discussion and will also try to invite their devs and team here.
Following a support request post this morning I became interested and installed portmaster.
It seems indeed a useful security addition, however, I also noted that a permanent ram usage of over 700MB will make it unsuitable for many older machines.
It’s another VPN service that can see all my traffic.
Also, it’s not working for me. The service starts but when the app is started, it wants to connect to Portmaster (why does a firewall need to access a remote service?), I guess it blocks itself from accessing.
Apparently you didn’t read the original post. Portmaster does not collect any private data - there is no way it could do that. Also it’s not connecting to a remote service. It’s a systemd.service
In the GUI you can swith on/off SPN with a slider.
Portmaster is opened and closed like any other application, or you can also define rules for which connections it should monitor or not
“Force Block Incoming Connections” is enabled by default in the Global Settings for all apps to block all from LAN and internet.
But this option is in the highest priority and ignores or doesn’t respect your custom whitelists for any apps you want to set.
A tip:
How to switch from “Force Block Incoming Connections” to custom “Incoming Rules” in Global Settings:
Disable “Force Block Incoming Connections”
Change “Simple Interface” to “Advanced Interface” for GUI to show a hidden function “Incoming Rules”
Add “Allow localhost” and "Block *" in Incoming Rules, the behavior is like “Force Block Incoming Connections”
Done, global Incoming Rules respect your custom whitelists for any apps.