News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • An honest VPN commercial – from somebody who actually knows what he’s talking about

    Home Forums AskWoody blog An honest VPN commercial – from somebody who actually knows what he’s talking about

    Tagged: 

    This topic contains 28 replies, has 16 voices, and was last updated by  OscarCP 1 week ago.

    • Author
      Posts
    • #1996634 Reply

      woody
      Da Boss

      https://www.youtube.com/watch?v=WVDQEoe6ZWY Tom Scott knows whereof he speaks – and he speaks the truth, as best I know it. Thx Catalin Cimpanu
      [See the full post at: An honest VPN commercial – from somebody who actually knows what he’s talking about]

    • #1996672 Reply

      lurks about
      AskWoody Lounger

      Good overview of the real reason to use a VPN and the over-hyped claims made by the ads.

    • #1996674 Reply

      GreatAndPowerfulTech
      AskWoody Lounger

      Enjoyable  to watch. Thanks!

      GreatAndPowerfulTech

      1 user thanked author for this post.
    • #1996689 Reply

      techweenie
      AskWoody Lounger

      I’ve always questioned many of the claims VPN providers have been making, and now I know I was right to.  Thanks.

      Regarding torrents – so long as you disable peer exchange and DHT, and enforce encrypted connections, you won’t get flagged by your ISP.   At least not on Comcast.

      1 user thanked author for this post.
    • #1996700 Reply

      CAS
      AskWoody Plus

      Thank you so much for posting this video, Woody. Hearing the truth about anything is so rare today. Tha’s why I come to your site and ghacks, even though I don’t understand much of the technical information.

      Since the advent of VPN’s I must have read hundreds of articles and investigated 10’s of VPNs. (The result has been confusion.) No more; not after watching this video.

      I’ve returned to using FF ESR as my default browser so when I see the “green lock” I know my information is encrypted. I also use HTTPS Everywhere, a FF add-on, and rarely go to a site without it. I admit that I use Browsec’s free VPN, also a FF add-on, for all of my browsing, except your site because you kindly told me that spammers use this VPN and I couldn’t post here if I used it. On those rare occasions that HTTPS has to be disabled to get to an http site, my lame VPN tells them I’m in Clifton, NJ. I never log into an insecure site. I don’t care if they keep a log or that FF add-on’s all request permission to know my browsing activity.

      I’m doing the best I can, security-wise, and will continue to read and patch, based on your suggestions. I’m sending you another check to show my continued support and for saving me from researching and worrying about not having a “real” VPN.

      2 users thanked author for this post.
    • #1996728 Reply

      anonymous

      “https” is great but I think you need to know your client configuration, certificates, possibly OpenSSL version to know if you have vulnerabilities.  Same with a VPN service, or running a private VPN such as on your NAS.

    • #1996901 Reply

      anonymous

      Nice video.  I’ve had a few users asking about VPNs recently (specifically our customers trying to connect to our services from Asian-based IPs) and was trying to explain why VPNs are useful and why they’re a fad.

      Hits the nail on the head for both issues.

    • #1996923 Reply

      Rick Corbett
      AskWoody_MVP

      I’ve always liked Tom Scott’s ‘no nonsense’ approach to subjects.

      • #1997009 Reply

        tonyl
        AskWoody Lounger

        Me too; I hope he’s OK as he always sounds out of breath to me.

    • #1997013 Reply

      OscarCP
      AskWoody Plus

      Nicely done, the video. I only use VPN to telecommute to NASA, which I enjoy doing to perform most of my work there from home and entirely in my own hours, being semi-retired these days, and using only the VPN software the government IT people has prescribed and that I do not get to choose.

      Otherwise and among other serious uses of VPN, such as those discussed by Tom Scott in his YouTube video blog, and that are all very good reasons for using it to secure anonymous and untraceable Internet access: I am not, right now, planning one or more assassinations, or have plans for massive smuggling of “content”, or manage the importation and distribution of drugs for a Cartel, or assist with money-laundering operations, or actively engage in human trafficking, or am working towards the violent overthrow of some government.

      But it is very nice to know, if one ever finds oneself in real need to do any of those things, that one can always count on VPN for doing it.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

      • #1997061 Reply

        anonymous

        This is an example of what has caused me some confusion, and maybe you can help. Please forgive any misuse of terms and correct where needed.

        For longer than VPN has been a hot topic, I have known of remote connections, or end to end tunnels, or other ways to describe a dedicated link to a customer or vendor. I have lumped these concepts under a heading of private network, where there is no non-encrypted (in the clear) exposure along the way.

        VPNs that are widely advertised only give that protection to their node. Whereupon they became your remote ISP so to speak. With all the same privileges and hazards that you wished to deprive your actual paid ISP. I have joked that the name Virtual Private Network is very apt. In that it is neither private nor a closed network. Virtual applies to both descriptors. And for myself, I have decided I have more trust in a paid contract (with my ISP) than a service provided for free (where I am likely the product). I remain unconvinced that the service has enough value to pay a subscription or purchase.

        But I feel like I’ve only rewritten what Scott already covered with more style in that excellent video. Only in a much more clumsy way.

        So I guess my real question is, does your NASA contract have you utilizing a proprietary tunnel all the way through; or simply advise you to use one of these advertised products that are only half a tunnel?

        I can see how that anonymizes your end of the connection, but not how it would conceal traffic from the VPN service. I assume your payload of data transmitted is itself encrypted within the overall transmission packets. Thanks for any corrections and help in understanding better.

        • #1997081 Reply

          OscarCP
          AskWoody Plus

          Transmission is encrypted, both ways. I don’t know about the details. Also, to be able to use this VPN one has to make use of a valid government-issued PIN in a keychain, to be allowed access to the government network. I imagine this security setup is no invulnerable to attacks (what is?), but even so, it should deter many from trying to break into the network that way.

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

          1 user thanked author for this post.
        • #1999352 Reply

          anonymous

          VPN is a group of protocols on how traffic should be encrypted, end-to-end.  VPN’s original purpose was to allow external users to connect into company resources securely.  In the case of NASA they probably host their own VPN service internally; they wouldn’t be using another service like NordVPN.  They probably do use a specific implementation of VPN, something provided by a  specific software or hardware vendor (eg, Dell, Cisco, HP)

          Most VPNs in the world are privately run by corporations for their external users.  They are not services that resell an Internet Point of Entry.

          • #1999377 Reply

            OscarCP
            AskWoody Plus

            Anonymous: “In the case of NASA...”

            The way you describe it is how it’s done.

            Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

    • #1997047 Reply

      MrJimPhelps
      AskWoody_MVP

      A few years back I read here at AskWoody or at Windows Secrets that https security was broken. Has it been fixed?

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
    • #1997135 Reply

      Noel Carboni
      AskWoody_MVP

      Good, practical presentation. Thanks for sharing it, Woody / Catalin.

      All encryption can be broken. It’s designed to be difficult but not impossible. Do you even begin to imagine your government would allow you to encrypt things they can’t decrypt with a government budget? Why do you think key lengths keep increasing only incrementally as time goes on?

      Security is mostly about weighing costs and probabilities, and beyond that deciding who to trust.

      What security is most certainly NOT is something that should motivate our actions (or spending!) through fear, uncertainty, and doubt. Computing companies have understood security for a long time and know how to market it to leverage their sales, and make no mistake, they DO market it – even with absolutely no practical evidence (where’s that post Woody wrote about “where are all those exploits anyway?”).

      Read and learn as much as you can. You’ll find understanding is a good antidote for fear.

      Now consider this: Before signing up to spend $$ each month for a service, run by who knows whom in some other part of the world, understand this: Many home routers, with a little setup, offer the ability to establish a VPN connection to your home network when you are away. I have one myself. If you’re really worried about what might be sent across your wireless link when you’re abroad, or whether someone locally might get to know you in ways you don’t want through your DNS resolutions, that home VPN connection will net you that fully encrypted tunnel… Web site names will be resolved just as if you were on a computer at your home, and not by whatever DNS server the coffee shop or airport has. Food for thought.

      In my mind part of it boils down to “whom do you trust more” (in a world where it’s practically impossible to judge): When I think about this I imagine I might be able to trust a local service provider in my own country a bit more than some overseas VPN company.

      -Noel

      3 users thanked author for this post.
      • #1997165 Reply

        Sessh
        AskWoody Lounger

        The thing about VPN’s is that it’s kind of important what country the VPN is operated out of. What is known as the “Five Eyes” consist of the US, UK, Canada, Australia and New Zealand. There is an intelligence sharing agreement between these five countries, so if any of them gain access to your personal data, you can be sure they will share it with the others.

        Then, there are two other international alliances (Nine Eyes: Five Eyes + Denmark, France, Holland and Norway / Fourteen Eyes: Nine Eyes + Germany, Belgium, Sweden, Spain and Italy) which also share your data. Japan, Israel, South Korea and Singapore could also be involved, but not confirmed.

        Therefore, a VPN based in any of those countries is not a good idea for anyone who cares about their online privacy. Of course, there’s always risk no matter what, but the above mentioned countries are involved in global surveillance and share people’s data with each other regularly and Snowden is a big reason why we’re aware of this now. VPN’s based outside of those jurisdictions are better choices for privacy than ones that are in it.

        I will certainly keep routers with built-in VPN’s in mind next time I am set to purchase a new modem.

        • This reply was modified 1 week, 3 days ago by  Sessh.
        3 users thanked author for this post.
        • #1997189 Reply

          OscarCP
          AskWoody Plus

          Sessh: that leaves a lot of the world out, but does not leave much to choose from. So: Portugal? Norway? Finland? The Central African Republic?

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

          2 users thanked author for this post.
          • #1997879 Reply

            Sessh
            AskWoody Lounger

            A few examples of highly regarded VPN’s outside of those jurisdictions:

            • CyberghostVPN (Romania)
            • ProtonVPN (Switzerland)
            • NordVPN (Panama)
            • ExpressVPN (Virgin Islands)

            You are still right, though. It does leave a lot of the world out, but it’s disturbing that so much of the world has to be excluded in order to have any hope of staying out of the 14 eyes line of sight. Quite depressing really.

             

            1 user thanked author for this post.
      • #1998450 Reply

        Michael Austin
        AskWoody Plus

        A very good post, thanks. In philosophy it reminds me of my policy that I prefer to store my password credentials locally rather than have them mediated by some cloud company I don’t know.

        Professional propellerhead. Former builder & admin of the 1st mixed OS network at a premier gallery of vintage animation art in its cake days, including its 1st intranet and all its back office business systems. My LAN security implementations once successfully passed muster by subpoena from a CA Superior Court judge. Former Windows Secrets subscriber and also former, gleeful reader of InfoWorld when it was a tabloid print edition.

        Earth spirit. Finance, social and tech founder.

    • #1997210 Reply

      280park
      AskWoody Lounger

      Even if I accept the claims of enhanced security made by a VPN, is it not true that my internet traffic must first reach the VPN in order for the VPN to work its magic? In other words, if, for example, I use my home computer to do some online banking (which I do not do) the data and passwords that I enter into my computer first goes to my wifi router, then by dsl on a copper wire to my isp, and only then to the VPN? I don’t understand how a VPN does anything to enhance the security of my data on its trip from my computer to the VPN.

      • #1997262 Reply

        OscarCP
        AskWoody Plus

        280Park: That’s a really good question. The answer being, as explained in more detail here:

        https://www.namecheap.com/vpn/how-does-vpn-virtual-private-network-work/

        A VPN works by routing your device’s internet connection through your chosen private server rather than your internet service provider (ISP) so that when your data is transmitted to the internet, it comes from the VPN rather than your computer.”

        So, as already discussed here earlier, it all comes down to just how trustworthy is the “chosen private server” operator that provides you with the VPN connection. And to how well-encrypted are the transmissions you send and receive through the VPN.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

        1 user thanked author for this post.
        • #1997617 Reply

          Fred
          AskWoody Plus

          So, as already discussed here earlier, it all comes down to just how trustworthy is the “chosen private server” operator that provides you with the VPN connection. And to how well-encrypted are the transmissions you send and receive through the VPN.

          It’s nice to try the TOR-networks through the own VPN connection, or using TOR and then an extra VPNproxy in the browser…
          Concidering the xEyes-international-cooperation:
          Last week it became clear in the Netherlands that the intelligence services still are exchanging data with other countries in an uncontrolled manner. Data that can still be swept or checked without real legal necessity. Whatever the legal limits are, it is still being done, …… and most people don’t seem to care, after all, “they have nothing to hide …”

          It seems that the time of “Permanent Record” by Edward Snowden is even more elusive.

          After all.. Just because we're paranoid doesn't mean they aren't out to get us.
      • #1997929 Reply

        anonymous

        @280park, you do understand the basic concept correctly. The quotation offered to you makes it sound as though your traffic finds some magical path that does not go through your ISP. You correctly realize that just cannot be true, the way your system is set up. Your only link to the internet is through your ISP, it’s right there in the name. And all the bits you send and receive go through them.

        What you are not shown is the secret pocket where the magician holds the doves before exposing them with a flourish. By wrapping your traffic in a packet that only goes to the VPN before it crosses your ISP’s gear, you hide the information that gives the real purpose of your requests. Just like wrapping your postal packages in brown paper and twine to protect the goods within. The only addressees you have written on the outside is your own return and the VPN. Your ISP sees all your traffic go to a single choke point, and knows nothing of what happens after that.

        The VPN now handles your traffic in exactly the same manner your ISP would have. And offers no further protection from corruption further down the line from their node. You have hired a Man-in-the-Middle to handle all your traffic. But because you trust this service, you prefer to call it a VPN.

        • #1997967 Reply

          OscarCP
          AskWoody Plus

          Anonymous: “you do understand the basic concept correctly. The quotation offered to you makes it sound as though your traffic finds some magical path that does not go through your ISP.

          Or perhaps that is not entirely so:

          https://www.quora.com/Is-it-possible-to-have-two-different-internet-providers-in-one-house

          It says there that “yes, one can” have two, or even more ISPs. It just takes some more work. If that is so, then, perhaps, if one ISP is, let’s say, your original one and, until now, only ISP, could not the second, eventually, be the owner of your future “chosen private server”: the VPN provider?

          I am not trying to refute anyone here. I am really interested in learning from this discussion on a topic that rarely comes up. And others here might be interested, too.

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

          • #1999376 Reply

            anonymous

            When thinking of how ISPs work, it’s usually easier to think of them as streams feeding into a larger river, which reverses (from river to streams) on the other end.  Your ISP will run your traffic up to a certain level, after which one of the national or international carriers takes over routing data.  When you sign up for a VPN service, you’re not getting a second ISP.  Having a second ISP is like having a second stream connected to your house:  You can choose down which stream your internet traffic goes.  You can even choose which types of traffic goes down which streams, eg all standard browser traffic goes down one while your VoIP (Voice over Internet Protocol, like Skype or IP Phones) goes down the second.

            A VPN travels the same stream as other traffic over your ISP.  It just changes the traffic a bit so that it’s not easy to read what is going on.  Most traffic nowadays is encrypted already.  When you send an encrypted request to https://www.youtube.com, your ISP will see that your traffic is going to YouTube.  If you’re on a VPN and go to https://www.youtube.com, your ISP sees that your traffic is going to a VPN, not that you’re using YouTube.  From the point of view of your ISP it doesn’t know what you’re doing over that VPN.  Once your traffic reaches the VPN provider, the VPN sends out your request over their own ISP.  Their ISP knows that a request was sent out to access YouTube, but since there could be thousands of people using that connection they cannot determine if it was you using YouTube.

            That said, if you have a Google account that you log into while using YouTube, then you’re not hidden.  YouTube/Google now knows that you access their services from two different places; your home and a VPN service.  Even after you log out of your Google account, they could theoretically determine which requests are yours via cookies or analyzing the traffic to figure out the likelihood that it matches your usage patterns.  Also, you now have a company (the VPN provider) who also knows that you went to YouTube.  And, if they are malicious and you accept something you shouldn’t, they could know even more like what your account password is as well as which videos you were watching.  Of course that’s a worst-case scenario and I’d assume trusted VPN services would not do this.

            1 user thanked author for this post.
            • #1999385 Reply

              OscarCP
              AskWoody Plus

              Anonymous: “That said, if you have a Google account that you log into while using YouTube, then you’re not hidden.

              Quite so. One reason for Google to determine who I am is that they already have my email address as my user ID and they use that to verify that my password and my address match. That should be the same with most of the online services I use. I don’t see a likely problem with Google knowing that I am using an account they keep open for me. If I wanted to anonymize my use of the Internet, it wouldn’t be for hiding my use of those plain-vanilla services I subscribe to.

              Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

      • #1999370 Reply

        anonymous

        There are methods that can be used in order to make certain that all traffic to/from a VPN or another service are encrypted.  It’s a fairly complicated topic, but let’s use a single case to show how this works:

        You sign up for a VPN service (let’s call it FooVPN) which requires that you download a client on your PC before you can use their service.  You download this client to your desktop and install.  This client has information baked into it that allows it to encrypt that data between it and FooVPN (Public/Private keys and certificates).  Now assuming that this client has not been compromised in some way, and does come directly from FooVPN, it is capable of recognizing and responding properly to the FooVPN services’ encryption messaging.  Other systems (like your ISP) do not understand this traffic, and instead forward this information on to FooVPN with no modification.  If they do try to modify the traffic, then either the FooVPN client or the FooVPN servers will recognize the message has been tampered with and reject it.

        How secure is this tunnel?  That all depends on whether or not the encryption has been compromised in some way, or whether or not one of the end points has been compromised.  Compromising the encryption is usually hard unless the attacker knows the protocols and public/private keys in use so that they can decrypt the data, read it, and re-encrypt the data in such a way that both endpoints accept it as legitimate.  This CAN be done, but is quite hard to do.  HTTPS sites rely on a similar encryption system, however since at least one set of the keys are more publicly well known they may be more likely to be compromised.  The larger concern is whether or not the end points have been compromised.  Eg, do you have spyware installed on your desktop?  Well then your traffic may be compromised and is being sent to some other actor.  This spyware could be part of the VPN client that you just installed…

        2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: An honest VPN commercial – from somebody who actually knows what he’s talking about

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.