惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
P
Privacy International News Feed
Security Latest
Security Latest
H
Hacker News: Front Page
T
Tenable Blog
The Hacker News
The Hacker News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Security @ Cisco Blogs
Project Zero
Project Zero
O
OpenAI News
AI
AI
Spread Privacy
Spread Privacy
C
CERT Recently Published Vulnerability Notes
The Last Watchdog
The Last Watchdog
G
GRAHAM CLULEY
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
NISL@THU
NISL@THU
A
Arctic Wolf
T
Threat Research - Cisco Blogs
PCI Perspectives
PCI Perspectives
N
News and Events Feed by Topic
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
Simon Willison's Weblog
Simon Willison's Weblog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Google Online Security Blog
Google Online Security Blog
罗磊的独立博客
L
LINUX DO - 最新话题
U
Unit 42
S
Security Affairs
有赞技术团队
有赞技术团队
WordPress大学
WordPress大学
博客园 - 【当耐特】
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
月光博客
月光博客
Engineering at Meta
Engineering at Meta
腾讯CDC
F
Full Disclosure
Cyberwarzone
Cyberwarzone
S
SegmentFault 最新的问题
Recorded Future
Recorded Future
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
The Cloudflare Blog

PrivSec - A practical approach to Privacy and Security

Using IVPN on Qubes OS ChromeOS's Questionable Encryption Setting up MTA-STS with a custom domain on Proton Mail Secure Time Synchronization on macOS Using Native ZFS Encryption with Proxmox Installing Kali NetHunter Lite on DivestOS 20.0 Resources Update your Signal TLS Proxy Android VPN Leakage with Secondary User Profiles ProtonVPN IP Leakage on Linux and Workaround NetworkManager Trackability Reduction Using Mullvad VPN on Qubes OS Firewalling with MirageOS on Qubes OS Desktop Linux Hardening Using Split GPG and Split SSH on Qubes OS Badness Enumeration Using Lokinet on Qubes OS Android Tips Choosing Your Android-Based Operating System Code of Conflict Linux Insecurities Slightly Improving Mailcow Security Threat Modeling Privacy Policy Choosing Your Desktop Linux Distribution About Us Donate Multi-factor Authentication Securing OpenSSH with FIDO2 Docker and OCI Hardening FLOSS Security Banking Applications Compatibility with GrapheneOS F-Droid Security Issues
Commercial VPN Use Cases
Tommy · 2022-07-19 · via PrivSec - A practical approach to Privacy and Security

Virtual Private Networks are a way of creating a protected and private network over the open Internet. It was originally designed to provide remote access to an internal corporate network. However, in recent years, it has also been used by commercial VPN companies to hide their clients’ real IP address from third-party websites and services.

Should I use a VPN?

Yes, unless you are already using Tor. A VPN does two things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third-party service.

VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider’s “no logging” policies in any way.

However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking.

What about encryption?

Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption.

In order to keep what you actually do on the websites you visit private and secure, you must use TLS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling “HTTPS everywhere” in your browser to mitigate downgrade attacks like SSL Strip.

Should I use encrypted DNS with a VPN?

Unless your VPN provider hosts the encrypted DNS servers, no. Using DOH/DOT (or any other form of encrypted DNS) with third-party servers will simply add more entities to trust and does absolutely nothing to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider.

A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for TLS certificates with HTTPS and warn you about it. If you are not using HTTPS, then an adversary can still just modify anything other than your DNS queries and the end result will be little different.

Needless to say, you shouldn’t use encrypted DNS with Tor. This would direct all of your DNS requests to a single entity and make you stand out from the rest of Tor users who would be using the exit node’s DNS configuration.

What if I need anonymity?

VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on “no logging” policies to protect your data. Use Tor instead.

Should I use Tor over VPN?

By using Tor over VPN, you are creating essentially adding an extra node in the beginning of the circuit. This provides zero additional benefits to you, while increasing the latency of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, consider using Tor bridges with obfuscation methods.

What about VPN over Tor?

By using VPN over Tor, you are adding an extra node at the end of a circuit, which is always controlled by the same entity. If you pay for the VPN using the traditional banking system, it essentially breaks the anonymity that the three hops in front of it would provide. If you pay for the VPN subscription using cash or a private cryptocurrency like Monero, your privacy is reduced to that of pseudonymity, since the VPN provider still knows the connections being made are from the same individual, they just do not know who you really are. Even if you are using a free VPN, you would still break Stream Isolation, one of Tor’s important anonymity features. There are very few use cases where it would make sense to add a VPN server at the end of the chain.

What about VPN providers that provide Tor nodes?

Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the TCP protocol. Through Tor, UDP (used in WebRTC for voice and video sharing, the new HTTP3/QUIC protocol, etc), ICMP and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with ProtonVPN. Additionally, like VPN over Tor, you lose control over other important Tor features like Stream Isolation. Thus, this feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For true anonymity, use the Tor Browser Bundle, TorSocks, or a Tor gateway.

When are VPNs useful?

A VPN is useful in a variety of scenarios, such as:

  • Hiding your traffic from only your Internet Service Provider.
  • Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
  • Hiding your IP from third-party websites and services, preventing IP based tracking.