Outline doesn't log traffic, but an advanced user could instrument their server to capture the traffic that goes through, seeing the same thing that your ISP would see when you are not using a VPN. The EFF has a diagram illustrating what an ISP can see.
A lot of web traffic is encrypted these days, so they wouldn't be able to see the content of that traffic. However, some pages are still unencrypted, so be aware of that. I recommend using HTTPS Everywhere.
Furthermore, even encrypted HTTPS connections leak the name of the domain you are visiting. So even though they can't see the content of the communication, they could tell what sites you are visiting.
https://www.getoutline.org/en/support
>What kind of encryption do you use?
>Outline encrypts communications between the clients and the server using the AEAD 256-bit Chacha2020 IETF Poly 1305 cipher. AEAD ciphers offer confidentiality, integrity, and authenticity, and exhibits excellent performance on modern hardware.
The private network is a second network interface, unreachable from the Internet, that can be used to communicate with other virtual servers in a team or account within the same datacenter.
This tutorial has more info describing its use case: https://www.digitalocean.com/community/tutorials/how-to-enable-digitalocean-private-networking-on-existing-droplets
Outline Manager creates a DigitalOcean droplet, so DigitalOcean manages whether the server has a static or dynamic IP.
By default, every DO droplet is assigned a static IP that is permanent until the droplet is destroyed. If you destroy the droplet and create another immediately after, the new server likely will have the same static IP as before. There is currently no option for dynamic IPs for DO servers.
Personally, I have a DO droplet hosting a Shadowsocks server (the same underlying proxy solution that Outline uses) running on port 443 with obfuscation. My setup is essentially undetectable since port 443 is used for HTTPS traffic, but requires more advanced steps to get up and running.
Proxies are incredibly less detectable than VPNs since they don't leave traditional VPN-like network traffic signatures. Check out https://github.com/StreisandEffect/streisand for a relatively simpler set up procedure.
Source: https://www.digitalocean.com/community/questions/will-my-droplet-have-a-static-ip
As a user in China, it’s quite effective for circumventing the Great Firewall most of the time. I’m also an ExpressVPN subscriber and literally within the last week, their services have become unusable in China due to new blocks.
I spent hours trying to connect to Express servers here and gave up. Within ten minutes I set up a new Outline server for myself, installed the app on my devices, and was back to browsing normally again. If nothing else, it’s a great backup in countries with heightened censorship.
This is a great resource, if people can trust the servers. One question to the community: how can we be confident we can trust a server?
The use of domain names and reverse DNS lookup could help prove identity of the server. Perhaps we need a web endpoint for validation.
It would be nice to add to the list the reverse DNS result and IP whois information. That would show the cloud providers and may also reveal some interesting servers. A service like https://ipinfo.io can be helpful.
A client that only tunnels encrypted traffic and does encrypted DNS could help too, since the servers wouldn't be able to modify or read traffic, though they could still see the TLS domains.
Lastly, it would be great to search or filter the list by location. Perhaps group by continent and country.
No your DNS is not leaking. Actually you "self-censored" part of the answer.
I bet the OpenDNS hostname looks like xx.hkg.opendns.com meaning that the DNS is hosted in Hong Kong which is as a matter of fact part of China.
So your DNS leak test is not wrong it's just inaccurate.
You can try this DNS leak test: https://www.astrill.com/vpn-leak-test
The test is basically the same but with more accurate results.
Thanks for the report. If you're willing, would you mind sending feedback from within the app and filing a bug on GitHub? We're currently working on improving the desktop clients, so detailed reporting will help us understand what's happening.
In the meantime, you may consider trying another Linux Shadowsocks client to see if you have the same problem.
Hi Elliot, Would you mind connecting with the 1.2.1 client, and sending feedback through the app? Some more technical data gets to us when you submit through the app, and it might help us troubleshoot. If the problem that you are experiencing is that you seemingly connect successfully but nothing loads, would you mind running "route print" on the Windows terminal, and sending me the outcome on private message? Thanks!
Regarding operating as a browser-only VPN: We currently don't have plans to support two modes, but you CAN use the Shadowsocks Windows client, that does operate as a browser-only VPN: https://shadowsocks.org/en/download/clients.html
I would give that a shot :)
Indeed :) We use the Electron framework for the Outline Manager and Windows client application, and Apache Cordova for the Android, ChromeOS, iOS and macOS client applications.
Does it work with other Shadowsocks apps? I use [this one](https://play.google.com/store/apps/details?id=com.github.shadowsocks) with an Outline server. You can try that out (just import the URI) and see if it's a problem with the Outline app or VPN/proxy apps in general.
Wow that sucks. Customer service seems to be terrible these days at so many places. Outline seems to be broken right now anyways, every time I reboot I have to fix it. That is more of a headache than I need. Thinking about using NordVPN instead. Good luck.