Service Providers + VPN + Privacy

4 Antworten [Letzter Beitrag]
john.rook
Offline
Beigetreten: 04/08/2018

I imagine a regular internet service provider snoops or records ones searches, even with a VPN . . . ?

Would I be right or wrong in this assumption . . . . ?

Any illuminating help much appreciated in these censor-full times . . .

Lèyon di li N.
Offline
Beigetreten: 02/11/2017

Internet service provider can only track part of what you are sending to a VPN because a VPN is in https, so, the "body of the message" is encrypted but not all the HTTP meta-information (URL, type of request: GET POST & so on, response of the server including redirections, … all this tied to any necessary timestamps)
I wouldn't trust any VPN though, only proxy that are free software might be trusted, so TOR with its proxy might be trusted, but it looks like TOR had some issues recently with the plug-in protecting from intrusive JavaScript if my memory is not wrong about that (and I don't know if it's resolved yet).
But then, with non-free blobs everywhere in some hardware, you should just not trust any computers indeed, if the free community have rendered free lots of things, there's still a let more to do about that.

koszkonutek
Offline
Beigetreten: 03/19/2020

Lèyon wrote:
> the "body of the message" is encrypted but not all the HTTP meta-information

How come not everything is encrypted? AFAIK TLS is negotiated before any HTTP data is sent. And with a VPN we actually have a double encryption when browsing *most* WWW sites - the encrypted HTTPS connection is typically wrapped in an encrypted VPN tunnel.

We could perhaps leak some metadata to the ISP when using a proxy instead of VPN. But even then it'd need to be an HTTP (not HTTPS) proxy for any leaks to be possible.

Whether the VPN itself is spying on you is another issue. It won't be able to see HTTPS traffic between you and search engine server but it will be able to see which IP addresses you connect to, how often you do that, much data is transferred and which TCP/UDP ports are used. That's actually a lot of information and, as Lèyon said, conventional VPNs are not trustworthy. Tor (and perhaps the little-known GNUnet VPN as well) is, to some extent, more reliable. However, all depends on what you need. If you're Edward Snowden, even Tor might not be good enough. If all you want is bypassing censorship, VPNs will likely do fine.

As to JavaScript, it is indeed a privacy nightmare. You should best disable it to the extent possible and beyond, regardless of any plug-in protection...

Lèyon di li N.
Offline
Beigetreten: 02/11/2017

My bad, so, all the internet provider can have is an URL, a timestamp tied to it and the fact that the data are encrypted (and that is not nothing).
Also, poorly implemented website might use HTTPS but without encrypting their cookies, that might be another leak source.

john.rook
Offline
Beigetreten: 04/08/2018

Thank you for your thoughts & input guys - much appreciated