Why not to use a VPN

[System Error Message]

Since there has been so much demand for VPN i am going to say that most of the demand is misplaced. Using a VPN for anonymity is no more secure than using a layer 3 network over a layer 2 network. Every packed sent in a layer 2 network containing a layer 3 network would appear like this [(L2 header), (payload containing L3 header and payload)]. A VPN network is layer 4 in the networking OSI model.

Even if you encrypt the payload the packets still travel using layer 3 over the internet so while information cant be read they can be tracked in various ways other than reading the packet source/destination. Take for example on how some sites using TOR can backtrace you since TOR encrypts your traffic over 3 nodes and can be imagined as a VPN with many seperate tunnels but all on the same network. So to use a VPN as a proxy is just as detectable as using layer 3 routing in which it is very easy to determine a host on the network through techniques such as fingerprinting and detecting hosts behind a NAT (there are actual products that do this used by various ISPs, organisations and such).

This is why if you see a VPN provider selling VPN service for the reason of anonymity you should not use it because a VPN is never meant for anonymity, it is only meant to be used to create networks, it is just companies preying over the various confusions and lack of information. A VPN doesnt protect your anonymity, it only routes your traffic through another node and a VPN would definitely keep a log of you because it is required by law just as it is for ISPs (im not sure if they are classified the same way as ISPs but the service is actually the same).

If you want to protect your anonymity use an encrypted proxy instead. Even though a proxy has more processing requirements and less compatibility it can change traffic that you cannot tell if something is behind it and it is well known to defeat NAT detection and detecting hosts behind a NAT. A proxy is detected either by a known proxy host or through the lack or forged information.

Even though a VPN offers compression it doesnt mean a proxy cannot do the same if using a tunnel between the proxy server and the client since you can use VPN between you and the proxy to encrypt and compress data.

I really hope this thread gets stickied to as a MUST READ before deciding to get a VPN service when it is more likely a proxy service that you are looking for.

 

[sfx2000]

Since there has been so much demand for VPN i am going to say that most of the demand is misplaced. Using a VPN for anonymity is no more secure than using a layer 3 network over a layer 2 network. Every packed sent in a layer 2 network containing a layer 3 network would appear like this [(L2 header), (payload containing L3 header and payload)]. A VPN network is layer 4 in the networking OSI model.

Most think they're anon - VPN only hides parts, and we can see the sources and sinks...

My guess is a majority here are using tools like OpenVPN to geo-unlock content - e.g. Netflex in CA doesn't have the same catalog as they do in the US, or catching cricket/soccer match streams where folks in the US can't get it...

From a content provider perspective - connect the dots...

So guess what - a VPN end-point might hide one person's content, but not 100,000's... that's a pretty big dot...

Torrents - same thing - not fooling anyone...

TOR - consider every end point compromised...

Three/Four Letter Govt Agency Perspective - let's invest in VPN providers...

 

[Nullity]

...
Take for example on how some sites using TOR can backtrace you since TOR encrypts your traffic over 3 nodes and can be imagined as a VPN with many seperate tunnels but all on the same network.
...

Link?

 

[System Error Message]

Link?

TOR is essentially 1 big layer 4 network, hence you can see other TOR users on TOR. Hence you can send code or a network response to make the host respond in a different way.

Another way the feds track people on TOR is that they own most of the TOR nodes so if 3 nodes you're using is owned by the same guy you're basically screwed and the feds have so much resource that it is very likely.

At least with VPN you choose your node but that doesnt make it secure. Content providers can still see fingerprints and OS details and browser details as a means to also check if you are outside the country in the case of geo-locked content which is why a proxy is much better.

 

[Nullity]

TOR is essentially 1 big layer 4 network, hence you can see other TOR users on TOR. Hence you can send code or a network response to make the host respond in a different way.

Another way the feds track people on TOR is that they own most of the TOR nodes so if 3 nodes you're using is owned by the same guy you're basically screwed and the feds have so much resource that it is very likely.

At least with VPN you choose your node but that doesnt make it secure. Content providers can still see fingerprints and OS details and browser details as a means to also check if you are outside the country in the case of geo-locked content which is why a proxy is much better.

You can see other users, but you know nothing about the data, it's origin, or it's destination, as a Tor relay. Hence,

Please post a link proving FEDs have used the "own every relay" attack. As far as I know, that is a well known attack vector, but nobody has ever been shown to use it.

Every Tor de-anonymization I have read about required a individually identifying leak at the client or server end-points.

 

[System Error Message]

You can see other users, but you know nothing about the data, it's origin, or it's destination, as a Tor relay.

Please post a link proving FEDs have used the "own every relay" attack. As far as I know, that is a well known attack vector, but nobody has ever been shown to use it.

Every Tor deanonymization I have read abou required a individually identifying leak at the client or server end-points.

Its not about hiding the data but rather of being identified. What i am trying to say in this thread is that using a VPN doesnt stop you from being identified whereas a proxy does.

About hiding your identity:
http://www.bbc.co.uk/news/technology-29987379
http://www.wired.com/2014/11/operation-onymous-dark-web-arrests/

The sites were using TOR so while the traffic is hidden the hosts arent. You say you cant track people down on TOR and these 2 links prove otherwise. Infact theoratically how much does it cost to create a TOR node and the fact that you could easily make millions of nodes cheaply.

 

[Nullity]

Its not about hiding the data but rather of being identified. What i am trying to say in this thread is that using a VPN doesnt stop you from being identified whereas a proxy does.

About hiding your identity:
http://www.bbc.co.uk/news/technology-29987379
http://www.wired.com/2014/11/operation-onymous-dark-web-arrests/

The sites were using TOR so while the traffic is hidden the hosts arent. You say you cant track people down on TOR and these 2 links prove otherwise. Infact theoratically how much does it cost to create a TOR node and the fact that you could easily make millions of nodes cheaply.

Where did I say you cannot track down people on Tor? You absolutely can, but not because of the reasons you claim.

There are many established ways, theoretical and otherwise, to de-anonymize a Tor user or hidden-service, but your statement of "Take for example on how some sites using TOR can backtrace you since TOR encrypts yourtraffic over 3 nodes and can be imagined as a VPN with many seperate tunnels but all on the same network." is ambiguous and misleading.

Your position that Tor is vulnerable simply because it could be considered a VPN is nonsensical.

 

[System Error Message]

Where did I say you cannot track down people on Tor? You absolutely can, but not because of the reasons you claim.

There are many established ways, theoretical and otherwise, to de-anonymize a Tor user or hidden-service, but your statement of "Take for example on how some sites using TOR can backtrace you since TOR encrypts yourtraffic over 3 nodes and can be imagined as a VPN with many seperate tunnels but all on the same network." is ambiguous and misleading.

Your position that Tor is vulnerable simply because it could be considered a VPN is nonsensical.

But isnt TOR a type of VPN? it is a virtual network, it uses tunnels.

 

[Nullity]

But isnt TOR a type of VPN? it is a virtual network, it uses tunnels.

Let us assume it is. Using Tor as an example of VPNs being intrinsically poor at anonymity is nonsense, partly because Tor is actually very good at keeping users anonymous.

Yes, plenty of Tor users have been de-anonymized, but almost every instance was not because a flaw in the Tor network's design, but instead because of ignorant users.

 

[sfx2000]

Yes, plenty of Tor users have been de-anonymized, but almost every instance was not because a flaw in the Tor network's design, but instead because of ignorant users.

That "ignorant" user might be an exit node, so everyone there is compromised...

 

[Nullity]

That "ignorant" user might be an exit node, so everyone there is compromised...

Technically, all exit nodes should be assumed untrustworthy, so no, that does not compromise any non-ignorant Tor user. That has been a known attack vector since the beginning of Tor.

It also depends what you mean by "compromised". A single Tor Exit Node cannot de-anonymize a user, assuming the user connects to all services accessed through the compromised Exit Node using secure protocols. An army of compromised Exit Nodes can do more damage, but even then, a vigilant user is aware of this and acts accordingly.

 

[kvic]

Since there has been so much demand for VPN i am going to say that most of the demand is misplaced. Using a VPN for anonymity

SEM, you have to provide some evidence to your claim that majority of VPN users are using it for anonymity purpose.

 

[System Error Message]

SEM, you have to provide some evidence to your claim that majority of VPN users are using it for anonymity purpose.

a lot of reasons for using a VPN is for security while using an encrypted proxy provides more security than a VPN. Some do use it for anonymity. I think if you want to properly fool the server to where you're from a proxy server does a better job than a VPN for security and anonymity. A lot of people do buy VPNs when they dont need them and that you could just use your router as a VPN server instead.

For example using internet from a public cafe, you can setup your router as a VPN server in this case instead of using a public VPN server unless your upload speeds are poor or that your internet is DSL.
Trying to bypass geolocation, a proxy server does a better job.
Browsing anonymously, a proxy server will do this, not a VPN.
Trying to hack someone, a VPN only routes your traffic through a node but doesnt hide who you are.
Bypassing your ISP monitoring but the information will still be available from the sites and services you use. If you want to use google without getting info on yourself a proxy server works better than VPN for this case.

Normally for the best security you would use an encrypted tunnel to the proxy server.

I made this thread because VPN services have become a norm with people thinking its for security and normal use when it isnt. If you need a central server to route traffic and create a network than VPN is the answer or maybe you have a few sites you want to transfer data securely but otherwise a proxy server would be better. Many blogs say to use it to bypass filtering and for other security purposes when a proxy would be better.

 

[Nullity]

No service can guarantee anonymity if the user is lazy or ignorant.
A VPN can offer anonymity and security.

Your numerous claims either need to be amended or you need to show proof, not anecdotal conjecture.

 

[kvic]

SEM, do us a favor.

if you intend to write for noob on the forum, pls keep them short and simple and without techie jargons.

If you intend to write for technically educated forum members, pls have proper thesis and sound supporting arguments.

Merry Xmas in advance.

 

[Nullity]

I do not mean to discourage interesting posts like this, but as @kvic said, the posts either need to be more concise & simple, or there needs to be legitimate proof of your claims.

You neglect to even mention what type of proxy is better than a VPN.

I applaud your efforts to educate, but there needs to be more facts and less opinion.

 

[Nullity]

A VPN doesnt protect your anonymity, it only routes your traffic through another node and a VPN would definitely keep a log of you because it is required by law just as it is for ISPs (im not sure if they are classified the same way as ISPs but the service is actually the same).

Among many other statements, this is also wrong.
https://en.m.wikipedia.org/wiki/Tel..._mandatory_ISP_retention_legislation_attempts

I really hope this thread gets stickied to as a MUST READ before deciding to get a VPN service when it is more likely a proxy service that you are looking for.

I must have originally missed this...
Before any feedback, you declare your post worthy of a sticky?

 

[CaptainSTX]

Among many other statements, this is also wrong.
https://en.m.wikipedia.org/wiki/Tel..._mandatory_ISP_retention_legislation_attempts




I must have originally missed this...
Before any feedback, you declare your post worthy of a sticky?

Most if not all US based VPN providers maintain logs of who is using their service including the IP assigned by them and them as well as the IP of the actual user from his local ISP.

To protect themselves under the safe harbor provisions of the copy right laws they need to be able pass on notice to to customers accused of downloading copy righted materials. Failure to notify users means the VPN ISP is liable for damages,

Read the TOS of most all VPN providers. They make it very clear they will rat you out for copy right complaints as well as respond to legal service. Further more if you get multiple copy right notices the VPN provider will close your account.

They don't log what you are doing but they know who you are.

 

[sfx2000]

This is why if you see a VPN provider selling VPN service for the reason of anonymity you should not use it because a VPN is never meant for anonymity, it is only meant to be used to create networks, it is just companies preying over the various confusions and lack of information.

Hmmm... lots of hateful comments on an opinion piece, but generally, I agree with SEM..

Many people have succumbed to strong marketing efforts by VPN services - but the general issue with VPN is that if you don't own both end points, it's not private, it's a proxy...

I understand the need for some to use VPN, but it's always best to do this on the desktop, not inside your router, as VPN extends a level of trust that one needs to be aware of.

It's like TOR - folks inside the TOR cloud can find/discover other nodes inside the "darknet". I consider the whole TOR cloud to be that "Casual Encounters" section of the list of Craig (Craigslist) - inside the TOR cloud, there is no trust, and one shouldn't expect it..

VPN - I do use VPN - going into my work network, and that is a trusted end-point, and they trust my work issued laptop - they own the certificates - that's all good.

For personal use - I have a VPN server - it's not openVPN, it's an L2TP/IPSec host, and again, I know the sources of the certs, because I issued them (I use L2TP as it's much more efficient than OpenVPN, and my client devices support it without an external supplicant) - I use this when I'm travelling or at the local coffeeshop, and it's basically just to protect my content - it's not anonymous by any means - like I said earlier, the source/destination of those packets to track down to something..

What VPN doesn't do is anonymize you - your end point is known, and it's not hard to figure out where the exit is - it's not deep packet inspection, it's logs, and most providers in the G7/G20 countries have obligations to keep, maintain, and provide those logs to law enforcement and other folks that issue legal requests and whatever - and they'll go to whatever ends they need to - as folks that use VPN might have something to hide...

There was an interesting quote sometime back when the whole Snowden thing blew up - "use encryption, that's ok, but guess what, we're tracking and logging it as something of interest.." I'll have to dig out the source...

 

[sfx2000]

A VPN can offer anonymity and security.

No, it does not - it does provide some security on the content within the packet, but the source/destination are easily discovered..