1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

To VPN or not to VPN?

Discussion in 'VPN' started by frichardson, Mar 15, 2019.

  1. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    9,403
    I can mostly agree with you, but I don't think I'm too cynical in my old age! I've been the same at every age. :)

    In your example above where he connects to the internet at large, instead, he should be connecting back to his router and network which he has hardened as much as possible (algo?), that way, a third (potentially irresponsible or worse) party is never needlessly involved.

    I'm also under no illusions that changing IP addresses via VPN's camouflage 'naughty' behavior. But as mentioned above, you need bigger actors (state, etc.) to see clear images at that zoomed in/out level (depending on your point of view).
     
  2. Klueless

    Klueless Very Senior Member

    Joined:
    Jan 1, 2016
    Messages:
    623
    Location:
    Rochester, NY
    Point well taken!

    I was also starting poke at security versus the illusion of security. If I use a tunnel service I'm putting a lot of trust in my provider. The "bad guys" use randomized networks of proxy servers, tunnels and more ("oh my") to hide behind. If only the bad guys used them it'd be easier to trace them but all of us "naughty" and "vanilla users" generate so much white noise it becomes rather tedious to track them down. Why doesn't government do more? I think counter espionage also hides behind all this white noise. Now how's that for cynical ; -)
     
    Last edited: Mar 17, 2019
    L&LD likes this.
  3. frichardson

    frichardson Occasional Visitor

    Joined:
    Mar 9, 2019
    Messages:
    44
    @Klueless - yes, where I was a bit confused was if there was a reason to encrypt all traffic using some VPN provider. Based on what I understand so far, the answer is "no". I'm better of locking things down as best as I can on my end (via good router hygiene) then becoming my own "VPN provider" that I can use when I am out of the house. I'm still learning so I guess all that could change lol!
     
  4. Klueless

    Klueless Very Senior Member

    Joined:
    Jan 1, 2016
    Messages:
    623
    Location:
    Rochester, NY
    Me Too!
    Some don't trust their ISP but the counter point is if you don't trust your ISP then why trust a VPN service? Myself, I think most ISPs in the States are trustworthy but that doesn't mean they're going to protect you from targeted marketing. There are some "pay for" VPN services that seem trustworthy (presumably because they're happy with the monthly revenue stream) and the extra layer of abstraction does sound comforting.
    True enough although the ISP could still see what websites you are going to, yes?
     
    Last edited: Mar 18, 2019
  5. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    2,698
    Location:
    texas
    I agree with a lot of what you are saying but whether you use a VPN service or your ISP they can track you because all routing data is not encrypted. Even if you use a VPN service your ISP will know you are going to a porn site. They just will not know what pictures you are looking at because that data is encrypted.
     
  6. frichardson

    frichardson Occasional Visitor

    Joined:
    Mar 9, 2019
    Messages:
    44
    @coxhaus - one use case for VPN I've heard is for people who don't like the way their ISPs throttle certain types of traffic (gaming or video or some such thing) and they try to use a VPN to obfuscate the packets. I don't know if this really works or not...
     
  7. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    2,698
    Location:
    texas
    There is no way running VPN is going to be as fast using a small SOHO router as just connecting and using your ISP. There is too much overhead for running VPN especially in the high end encryption.
     
  8. umarmung

    umarmung Senior Member

    Joined:
    Apr 21, 2018
    Messages:
    245
    This is completely wrong. The fact that you have now repeated that claim across these forums means you have no real understanding of either encryption or tunneling. At best, you seem to be confusing TLS/SSL protocol usage with VPN. At worst, you have no understanding of either.

    For everyone else reading, assuming you setup a strong encrypted tunnel in such a way that there are no obvious leaks like you left your DNS still pointing back to your ISP, there is no way any third party, less than a sophisticated actor with huge resources attacking that encryption or someone hacking your network, can monitor the content of transmissions from within the tunnel directly. This is the entire purpose of encrypted tunneling protocols.

    Modern business and much of the Internet uses this basic principle and was the original purpose of a "Virtual Private Network" (minus the strong encryption and protocols of modern comms.), which is relied on for private site-to-site tunnels over the Internet or WAN. It does not take an ounce of effort to verify this by checking Wikipedia, reading a book on encryption, or asking anyone with more networking expertise than you.
     
    Last edited: Mar 18, 2019
    juniorsweet likes this.
  9. Klueless

    Klueless Very Senior Member

    Joined:
    Jan 1, 2016
    Messages:
    623
    Location:
    Rochester, NY
    Uh, I tend to agree with @umarmung but, ouch, that was just a little harsh ...

    There are other easy to read sources (besides Wikipedia) that also agree, such as "AskLeo" (whoever he is : -)

    "It’s important to realize while your ISP can see that you are using a VPN, they cannot tell what you are using it for.

    "For example, you might connect to askleo.com through your VPN. Your ISP can see only the VPN portion. That you are connecting to askleo.com, and the information being sent to and from askleo.com through the VPN, is encrypted and inaccessible.

    "Remember, however, that your VPN provider can see everything, just as your ISP might otherwise. In a sense, your VPN is acting as your ISP, as they’re providing the final connection to the rest of the internet."
    In partial support of that I'm thinking; turn on a computer, connect to the Internet, do a (from your browser) "what is my IP?", then connect to a VPN and do another "what is my IP?" ... the results should be different?
     
    Last edited: Mar 18, 2019
  10. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    30,418
    Location:
    Canada
    They won't, since the packet headers will be encrypted. The only routing info visible to the ISP will be the headers of the VPN packet, which will show your VPN provider's IP as its destination.

    Basically, look at VPN like putting your traffic inside a box, with a different destination address on the box. The VPN provider opens the box, looks at the destination address on the content inside the box, and sends it there.
     
  11. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    9,403
    Thanks, RMerlin. Trying to get my head around this...

    Doesn't the VPN need an ISP too though? Can't that ISP be 'your' ISP (at least sometimes)?

    From my viewpoint and current understanding, there is nowhere to hide. Even with a paid-for VPN service.
     
  12. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    30,418
    Location:
    Canada
    Yes, although they aren't called ISP. But they do have (often multiple) upstream providers that connects the servers in the datacenters to the rest of the world.

    So, if I were the NSA (or any similar organization), I would be very interested in knowing which upstream provider is used by all the big VPN tunnel providers, and tap into these networks, for all that nicely aggregated traffic...

    The ONLY things guaranteed by a VPN service provider is:

    1) Hides the traffic from your ISP, and any provider sitting between your ISP and the remote destination
    2) Can hide the traffic from your LAN if the VPN client runs on your computer (useful while in a public hotspot, for instance)
    3) Replace your ISP-provided IP address by one provided by the tunnel provider

    Nothing more. It won't hide your traffic between the VPN provider and your remote destination.
     
  13. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    2,698
    Location:
    texas
    Your are right. You are encrypted from point a to b. But after that your are not. The routing info is not encrypted but the tunnel gives you protection from point a to b.

    My info is worth what you pay for it. Sometimes I have wine or/and bourbon distractions. I may have been distracted as I obviously did not think it out well. My original point is the routing info is not encrypted.
     
    Last edited: Mar 22, 2019
  14. Klueless

    Klueless Very Senior Member

    Joined:
    Jan 1, 2016
    Messages:
    623
    Location:
    Rochester, NY
    <lol> Me too. Get some of my best thinking done with a double in front of the fire. What kind of bourbon do you recommend : -)
     
  15. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    2,698
    Location:
    texas
    Elmer T Lee bourbon...hard to find but worth it.
     
    Klueless likes this.