Investigator Use
Algo VPN is an open-source set of scripts available on GitHub from Trail of Bits that automates the deployment of a personal VPN server on major cloud providers (AWS, Google Cloud, Azure, DigitalOcean, Vultr). It sets up a WireGuard and IKEv2-based VPN with security best practices without requiring the investigator to trust a commercial VPN provider.
For OSINT investigators concerned about operational security, Algo VPN provides a significant privacy advantage over commercial VPN services: rather than trusting a third-party VPN company with browsing traffic and IP addresses, investigators can run their own VPN infrastructure on a cloud server they control.
Commercial VPN providers have faced multiple instances of logging and cooperating with law enforcement despite claiming no-log policies, having security incidents that exposed user data, and in some cases having opaque ownership structures. By self-hosting a VPN with Algo, investigators ensure that the only entity with access to VPN traffic logs is the cloud provider — which can be selected based on jurisdiction and privacy characteristics.
The automated deployment approach makes Algo accessible to investigators without deep system administration skills. Deployment to a supported cloud provider takes approximately 15-20 minutes following the documented process. Multiple client configurations can be generated for different devices and investigation environments.
For high-sensitivity investigations where the VPN provider's trustworthiness matters — investigations involving organized crime, hostile nation-states, or where operational security has legal implications — self-hosted VPN infrastructure provides stronger assurance than commercial services.
Algo's use of WireGuard provides modern, audited cryptography with better performance characteristics than older VPN protocols like OpenVPN.
Operational security note: The cloud provider still knows what IP is connecting to the VPN server, though not what sites are visited through it. For maximum anonymity, Tor remains more appropriate than any VPN arrangement.
Document the cloud provider used, server region, deployment date, and device configurations generated for operational security records.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
Account Killer
Privacy & Security OSINT
AccountKiller provides direct deletion links and step-by-step instructions for removing accounts on hundreds of websites and social platforms.
Blokada
Privacy & Security OSINT
Keep all your devices protected with Blokada content filtering and encryption.
Canarytokens
Privacy & Security OSINT
Canarytokens creates tracking traps that alert investigators when accessed, revealing attacker IP, time, and origin when planted.
Certificate Search
Privacy & Security OSINT
crt.sh searches certificate transparency logs to uncover domains, subdomains, and infrastructure from TLS certificate data.
Cover Your Tracks
Privacy & Security OSINT
EFF Cover Your Tracks reveals how ad trackers and fingerprinters see your browser to help investigators strengthen OPSEC and anonymity.
DNS Leak
Privacy & Security OSINT
DNS Leak Test checks whether your VPN or proxy is leaking DNS requests, exposing your real IP address during anonymous browsing.