Why not to use a VPN

[Nullity]

No, it does not - it does provide some security on the content within the packet, but the source/destination are easily discovered..

If I connect from an external network (IP1) to my home VPN (IP2), then connect to google.com through my VPN, which IP does google see?

I think I may understand your position, that all communication must have point A and point B, so technically no communication is anonymous.

Anonymity is never guaranteed by anything. An educated user must activity pursue anonymity. VPNs (or any sort of proxy) aid in that effort. That is all.

 

[sfx2000]

If I connect from an external network (IP1) to my home VPN (IP2), then connect to google.com through my VPN, which IP does google see?

I think I may understand your position, that all communication must have point A and point B, so technically no communication is anonymous.

Don't worry about Google - worry about the ISP's...

 

[Nullity]

Don't worry about Google - worry about the ISP's...

Or the truly frightening and impressive abilities of the NSA. Last I read that they literally had a 2-3 day history of most, if not all, of US internet traffic.

 

[kvic]

Hmmm... lots of hateful comments on an opinion piece, but generally, I agree with SEM..

I would disagree. I don't sense any hatred here but rather people's frustration in reading SEM's various posts.

SEM is a senior member on this forum. I think people in general have the right expectation on senior or "respected" members on this forum to write responsibly..at the minimum shall write logically.

Yourself being another senior member on this forum share the responsibility to help a bit on SEM too. You and me and other technically literate readers can comprehend, and could choose to make a tong in cheek or silently ignore. Not the other readers who are new or less technically literate.

 

[Nullity]

True privacy can only be had behind the event horizon.

 

[sfx2000]

SEM is a senior member on this forum. I think people in general have the right expectation on senior or "respected" members on this forum to write responsibly..at the minimum shall write logically.

Yourself being another senior member on this forum share the responsibility to help a bit on SEM too. You and me and other technically literate readers can comprehend, and could choose to make a tong in cheek or silently ignore. Not the other readers who are new or less technically literate.

On this topic - SEM and I are in full agreement...

 

[Nullity]

On this topic - SEM and I are in full agreement...

To clarify, a VPN can give you anonymity from some, but not all indivuals or groups.

For example, if I use a VPN to connect to snbforms, my true IP is hidden from snbforums. I am anonymous.

To someone like my ISP or the NSA, no, but that is where Tor is useful.


So, a VPN can provide anonymity. The absolutist view that a VPN is either incapable of anonymity or guarantees anonymity is false.

 

[Nullity]

Most if not all US based VPN providers maintain logs of who is using their service including the IP assigned by them and them as well as the IP of the actual user from his local ISP.

Link?

To protect themselves under the safe harbor provisions of the copy right laws they need to be able pass on notice to to customers accused of downloading copy righted materials. Failure to notify users means the VPN ISP is liable for damages,

As I understand it, the ISP only needs to shut down the offending account when DMCA notices are issued. The ISP does not need to communicate with the offender or record their IP.

If you have a link refuting this, please post it.

https://en.m.wikipedia.org/wiki/Safe_harbor_(law)#United_States

Read the TOS of most all VPN providers. They make it very clear they will rat you out for copy right complaints as well as respond to legal service. Further more if you get multiple copy right notices the VPN provider will close your account.

They don't log what you are doing but they know who you are.

What the individual companies do is their decision. I only said that there is no law forcing them to keep logs. There is nothing I can do to stop anyone from logging.

One interesting thing to research is how a Tor Exit Node survives all the legal issues and what countries they can survive in.



Slightly off-topic: I like to think I am a respectable supporter of free speech and privacy, but when I was younger I ran an Exit Node and scanned all unencrypted data, for the sake of research and curiosity. Well, I have been on the internet and seen more than your average amount of life-alteringly awful stuff, but the things that passed through my server while acting as an Exit Node were easily the worst things I have seen... and that was just the unencrypted stuff.

 

[Mikeyy]

I think most people use VPN for 2 things, geo reason (Netflix etc.) and torrenting.
Don't think anyone will care if you pay for service and use VPN to access it.

Torrenting on the other hand is where someone will have reasons to get your true identity.
But I fail to see how VPN isn't providing annonimity for that, since all other side will see is exit server IP and some meta data (torrent software etc.).
If VPN isn't keeping logs, there isn't much they can do to find someone behind VPN?

 

[CaptainSTX]

Link?



As I understand it, the ISP only needs to shut down the offending account when DMCA notices are issued. The ISP does not need to communicate with the offender or record their IP.

If you have a link refuting this, please post it.

https://en.m.wikipedia.org/wiki/Safe_harbor_(law)#United_States



What the individual companies do is their decision. I only said that there is no law forcing them to keep logs. There is nothing I can do to stop anyone from logging.

One interesting thing to research is how a Tor Exit Node survives all the legal issues and what countries they can survive in.



Slightly off-topic: I like to think I am a respectable supporter of free speech and privacy, but when I was younger I ran an Exit Node and scanned all unencrypted data, for the sake of research and curiosity. Well, I have been on the internet and seen more than your average amount of life-alteringly awful stuff, but the things that passed through my server while acting as an Exit Node were easily the worst things I have seen... and that was just the unencrypted stuff.

Here is the TOS from Astrill regarding copyrights:

ASTRILL

Copyright and trade mark policies

15.1 It is Astrill's policy to respond to notices of alleged copyright infringement that comply with applicable international intellectual property law (including, in the United States, the Digital Millennium Copyright Act) and to terminating the accounts of repeat infringers.

15.2 Astrill operates a trade mark complaints procedure in respect of Astrill's advertising business.

In the past I have also used HMA and StrongVPN.

Their TOS were similar. Strong VPN's policy was that if they received a notice you had X number of days to refute the allegation. Get three notices and your account would be terminated.

HMA had a similar policy.

VPN providers operate the same way any other ISPs do in regards to copyrights.

 

[coxhaus]

I am not sure on VPN providers as I have not used one.

I the old days when Cisco first handed out software VPN for PCs we used it to encrypt data for work so it could not be read on the internet as we used 3des (triple des). All the routing info was available to read. This is so the packets could be sent and returned to the sender.

 

[Nullity]

Here is the TOS from Astrill regarding copyrights:

ASTRILL

Copyright and trade mark policies

15.1 It is Astrill's policy to respond to notices of alleged copyright infringement that comply with applicable international intellectual property law (including, in the United States, the Digital Millennium Copyright Act) and to terminating the accounts of repeat infringers.

15.2 Astrill operates a trade mark complaints procedure in respect of Astrill's advertising business.

In the past I have also used HMA and StrongVPN.

Their TOS were similar. Strong VPN's policy was that if they received a notice you had X number of days to refute the allegation. Get three notices and your account would be terminated.

HMA had a similar policy.

VPN providers operate the same way any other ISPs do in regards to copyrights.

I dunno if those few VPNs speak for the whole industry, but I will defer to your experience here. I would have preferred a link to some respected site that catalogued the majority of VPN providers and came to the same conclusion that you stated;

Most if not all US based VPN providers maintain logs of who is using their service including the IP assigned by them and them as well as the IP of the actual user from his local ISP.

 

[Nullity]

I think most people use VPN for 2 things, geo reason (Netflix etc.) and torrenting.
Don't think anyone will care if you pay for service and use VPN to access it.

Torrenting on the other hand is where someone will have reasons to get your true identity.
But I fail to see how VPN isn't providing annonimity for that, since all other side will see is exit server IP and some meta data (torrent software etc.).
If VPN isn't keeping logs, there isn't much they can do to find someone behind VPN?

I think the position of sfx2000 was that, ultimately, from an omniscient perspective, a VPN is not anonymous. True enough, I suppose.

It all depends who you are trying to hide your identity from.

For example, I would not (only) use a VPN if I was in North Korea...

but if I was just trying to avoid DDoS while chatting on IRC, almost any simple proxy would suffice.

 

[sfx2000]

I think most people use VPN for 2 things, geo reason (Netflix etc.) and torrenting.
Don't think anyone will care if you pay for service and use VPN to access it.

Hmm... most uses of VPN's, believe it or not...

1) Biz-to-Biz - content is still encrypted, but again, the sources/destinations are known - no anonymity here...

2) Remote Access - telecommuters and public access point - again, sources/sinks - all known..

3) Big One - Workarounds of the Great Firewalls of various countries with onerous internet policies - this is likely the most common usage of public VPN provders actually... and that's ok...

4) the remaining few percent are those that do geo-unlocking of content on public VPN services... whether it's Netflex or BXX cricket matches (or watching the FIFA world cup)...

5) The folks (fools) who think the Private in VPN means Privacy/Anonymity - easily discovered.. and TOR doesn't really help here - consider the resources of a middle size ISP/Telecom operator - given a secret letter from a govt agency, or a subpoena for a DCMA suspected violation - one is toast... TOR is pretty easy to fool due to it's distributed nature and trust relationships, and it doesn't cost much to do it...

One get's to the level of global scale providers - China Telcom, NTT, KDD, ATT, Verizon, Reliance, Tata, Telefonica, Level3, etc... the game changes big time... at that scale, there is no privacy..

 

[Nullity]

5) The folks (fools) who think the Private in VPN means Privacy/Anonymity - easily discovered.. and TOR doesn't really help here - consider the resources of a middle size ISP/Telecom operator - given a secret letter from a govt agency, or a subpoena for a DCMA suspected violation - one is toast... TOR is pretty easy to fool due to it's distributed nature and trust relationships, and it doesn't cost much to do it...

Support this assertion with proof.

Yes, for state-sponsored attacks, there are known traffic analyses that can correlate traffic volume and timing, but even then, proving identities is trouble-some. The fact that Tor is encrypted end-to-end, and node-to-node, while passing through 3 nodes, means trust is not a factor like you seem to think.

Tor was designed from the beginning to deal with the exact situation you describe; to protect individuals in enemy territories. If you have a "simple" example of how the design of the Tor network is flawed, please share it. If you show a simple, easily exploitable flaw in Tor's design, you would surely make a name for yourself.


Edit: I do not mean to imply that the United States is anyone's enemy. America, I love you bro.

 

[System Error Message]

There are a lot of articles on TOR being cracked by MIT research though not sure if you would consider the many websites saying it as trusted. This is why i dont normally link sites because they are readily searchable and many articles come from media sites instead of their original source. The articles could be true but Nullity wouldnt consider them even if they could be reproduced or verified. The best source for me is to actually research the technicalities and see how things are but isnt something readable for many. You can find more than a decade old cisco tutorials on layer 2 security that protect against hacks and exploits that come only 5 years or more later which till today still effects many networks and devices.

Before using a VPN or proxy you need to know what you're trying to do whether you want to route your traffic through a node, or create a virtual network or hide your details. Proxies work best on geo location filters because it not only has traffic going from a node but also changes the information such as timezone, locale, and other information that identifies you including browser and OS information. Some services only check IP because they arent forced check if a viewer is from an area strictly. Using a proxy protects you from ads uniquely identifying you and having your information and habits over the web which is something a VPN will never be able to do.

There are 4 setups for VPN and proxy server which is
Local VPN server
External VPN server
local proxy server
external proxy server

So before using a VPN service consider these 4 options and which is likely the best for you. A local proxy server can use cache and filters so it isnt for privacy or security but is for performance and filtering reasons. Dont forget to use a UTM in your network and anti malware.

Knowing how a VPN works i made this thread to explain what it is actually for so that less knowledgeable people dont go buying something they dont need and i have seen a number of scams (i consider the chinese hardware MIPS based VPN solution portability a scam) or VPN providers advertising their VPNs like it is a proxy server and some of the links are actually in this forum advertising their service. A proxy server and VPN are very different things and have very different usefulness or uses for different things.

 

[Nullity]

There are a lot of articles on TOR being cracked by MIT research though not sure if you would consider the many websites saying it as trusted. This is why i dont normally link sites because they are readily searchable and many articles come from media sites instead of their original source. The articles could be true but Nullity wouldnt consider them even if they could be reproduced or verified. The best source for me is to actually research the technicalities and see how things are but isnt something readable for many. You can find more than a decade old cisco tutorials on layer 2 security that protect against hacks and exploits that come only 5 years or more later which till today still effects many networks and devices.

Citing sources and presenting proof to support your claims is standard procedure. If you have researched the technicalities, then you should be able to easily share your results rather than skipping straight to the conclusion. No results have been shared though.

Tor has many flaws, but not for any of the reasons stated in this thread. This NSA document leaked by Edward Snowden states:

We will never be able to de-anonymize all Tor users all the time.
With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand.

Granted, the information is a few years old but the government and academians have been researching and developing Tor and related technologies for more than 20 years. The foundation for Tor's anonymity is well-researched and proven (as well as anything can be).


The statement of yours that I quoted in bold is bordering on an ad hominem personal attack. Please stick to arguing the facts, and not the person.

 

[sfx2000]

Support this assertion with proof.

https://conference.hitb.org/hitbsec...Hidden-Hidden-Services-Considered-Harmful.pdf

That's just one - and incredibly easy to do from a large scale VPS cloud...

 

[Nullity]

https://conference.hitb.org/hitbsec...Hidden-Hidden-Services-Considered-Harmful.pdf

That's just one - and incredibly easy to do from a large scale VPS cloud...

What part of your statement does that link support?

I am not quite sure how the "TOR is pretty easy to fool due to it's distributed nature and trust relationships" means with regard to anonymity, but your claim that an ISP (or similar service) can de-anonymize a particular Tor user on demand is plain wrong.


How about I connect to a host of your choice using Tor, or even a VPN, then you tell me my real IP, since these services cannot offer anonymity. That would quickly prove your point. Use any resources at your disposal.

 

[sfx2000]

I am not quite sure how the "TOR is pretty easy to fool due to it's distributed nature and trust relationships" means with regard to anonymity, but your claim that an ISP (or similar service) can de-anonymize a particular Tor user on demand is plain wrong.

I have no interest in digging out Tor traffic - but it's recognizable based on it's patterns, and all traffic within an ASN needs to leave somewhere, and normally those border gateway routers are few and far between - within the AS, everything eventually lands at a point of interest...

Monitoring TOR traffic isn't hard - it's not a needle in a haystack - just need to shift perspective from the last mile to the core, and it's all logged there...

Then it's just a matter of sifting out the data - remember, the ISP generally doesn't care what's inside, just that the traffic is there for performance/reliability purposes - it's up to the 3La's or lawyers to sort it from there.