Eli5: How do VPNS work and why are they considered safe? Couldnt the network Im connecting to not just read out all my passwords etc.?
Even without a VPN, networks cannot read the data you send- as long as the connection to the website is “HTTPS” rather than “HTTP”.
Put really simply, when you connect to an HTTPS website, the first thing your browser and the websites server do is setup an encryption scheme. Together, they agree on an encryption key. All the data you send is encrypted so that no eavesdropper can listen in.
Here’s the really cool part. Even if the eavesdropper listens in as you decide the encryption key, they still won’t know what the encryption key is!
Math is involved. Some very clever math. Google “Diffie Helman Key Exchange” to learn more about how.
They aren’t more safe than your current browser. Tom Scott has a great video made on it.
The only thing VPN’s are good for is to connect to region blocked content and to keep your data away from your ISP’s. Although the government would probably still somehow pay the companies to extract data if you were high on the hit list.
VPNs aren’t really that safe. Sorry, but that’s just how it is.
And yes, they could gather all kinds of info on you. And they’d probably have to turn their records over if required by law.
There’s not much you or anyone can do to prevent it. It’s not privacy by design, but rather a promise of respecting your privacy.
If you’re looking for internet anonymity maybe go for TOR.
Normally, your internet service provider can see all the websites/servers you connect to (but not the content of what is being sent to/from those servers). Your ISP obviously knows your name and physical address so they can give you service. This means they can connect your real world identity to the websites you access (including the exact time you accessed them).
If you use a VPN, your ISP can only see that you are communicating with the VPN’s server; they can’t see the content of that traffic, so they can’t see which websites you are accessing through the VPN. If the VPN company is privacy conscious and doesn’t save logs (or doesn’t know who you are because you signed up anonymously) it is much harder for someone to tie your browsing activity to your real world identity.
This is even more advantageous if you are using a public Wi-Fi network, which could be actively trying to listen in on your communications.
First of all, it’s worth mentioning that there are two primary uses for the VPN.
The first (and original) use is to connect to the remote network over an untrusted line (usually the Internet) so that nobody can peek into the transferred data. It can be used to connect remote company locations back to the head office servers or to allow staff to work remotely. In this case, both VPN endpoints trust each other so they only need to protect communication from the middlemen. VPN is designed to do so very well.
The second use that has been growing in popularity in recent years is the internet VPN services. They leverage the technology to protect you from being eavesdropped on by your local ISP and/or hide your location from the servers you are connecting to. It won’t protect you from the VPN service itself, but the modern web is largely using HTTPS to encrypt communication anyway, so the combination is safer than the sum of parts - VPN will not allow your local ISP to know what sites you visit, and HTTPS will not let the VPN service to read your passwords.
There are other solutions out there if you desire greater anonymity, the most widely known being TOR (The Onion Router) which uses sophisticated algorithms to bounce your packets around the globe before reaching the final destination so that no single link in the chain knows both the sender and the recipient of the connection. The downside is that the connection delays are unpredictable and bandwidth is generally quite limited, so it’s only suited to general web browsing, but not gaming or streaming.
Rather than ask if the VPN is safe, ask yourself if the company running it is safe.
Basic attempts to lift data from the tunnel don’t work well these days thanks to browser security, but zero days exist that VPNs could easily redirect you to. So it’s all about trusting the company.
VPNs more or less allow you just get by your everyday shitty ip hacker and allows you to unlock region blocker content. It’s a bit safer, but its not gonna keep an entire government out.
they could. Internet security is mostly build on trust. there are certain industry standards and principles that can be applied by services you use but they have to be applied and need stay in compliance to those rules.
typically the most comon rule is to use https sites instead of http. put also those secure protocols are ultimately govern by an institution.
It depends.
A VPN is just a secure connection between two endpoints. The security of the connection is pretty damn invincible, to be honest, for any practical purpose. The identity of the endpoints is also guaranteed (i.e. someone else can’t just pretend to be either end of the connection, if you have it set up properly).
The problem lies in that one endpoint is YOU (and that can be a security risk in itself, as your network and computers also have to be secure) and the other endpoint is… who? Some random third-party provider that you don’t know? There’s the problem.
VPNs, however, can be used to connect YOU to YOUR WORKPLACE. Both endpoints are well-known, so the VPN is useful and secure. I VPN into my own servers remotely. I know both endpoints are secure, hence everything is good.
But using a commercial VPN provider, say to bypass geographical restrictions on media playing, or to torrent or whatever… there you are trusting that other endpoint to not snoop on you and to also pass on your traffic to/from the wider Internet without modifying/snooping it.
VPN is just a secure connection between two endpoints that trust each other. If that trust is misplaced, there’s nothing the VPN can do for you. When you use a VPN you just have a secure connection to the other end of the VPN. That’s all. Beyond that, whatever that endpoint, or the wider Internet, does with that information is beyond your control. All you can be assured of is that nobody snooped on your traffic between your endpoint, and the other endpoint.
P.S. A VPN encrypts all network traffic that is sent over it, and decrypts it at the other end. Effectively it “joins” the two networks together as if you had put a cable between them, even if they are thousands of miles apart, and does so in a manner that an eavesdropper couldn’t see what traffic was being sent or received. It’s pretty much identical to a secure website, in that respect, and even uses the same kinds of key-exchange, authentication (i.e. checking that the endpoints are who they say they are), encryption, etc. as a secure website. Some VPNs even operate over a secure website connection rather than directly over the Internet, too.
I’ll say VPN’s are close to me,
A VPN is a Virtual Private Network. It’s a network in software that exists within network made of hardware. So computers can be physically interconnected, but they can also be logically or virtually interconnected.
In practice, this is how you can configure your laptop so that, regardless of where you are and whose network you’re attached to, it looks, to you, like you’re on your home network. There are all your other computers, your printer, your TV and game consoles. No one else can see them but you when you’re on the airport public WiFi, for example.
It’s how businesses operate, too. I work remote, but my workstation in my home office and my laptop both see their network as though I were in the office. I see all the office shares, the intranet, our servers, all the other workstations…
How it works is all in software. I’ve got a “VPN Tunnel” that routes all my network communication through an encrypted connection to a corporate VPN server, an access point into the corporate network. That means my home network, my ISP, and everyone in between can’t see the contents of my network communication. They can see I’m sending and receiving data to and from the VPN access point, they can see it’s encrypted, and that’s it.
Do they make your browsing safe and secure? ABSOLUTELY NOT. That’s blatantly conflating the utility of what a VPN does. But even if you’re on a VPN, your browser has to reach OUT of the network in order to communicate with that web server over there, it’s irrelevant whether you do that from your computer directly or over a VPN.
God, I know too many people who work with all this stuff…
So tracking and imprinting. Advertising companies use hundreds of different techniques to uniquely identify you, through your browser. Again, this makes the VPN irrelevant, you touched a web server, and your browser is a more complex piece of software than even your operating system. A lot of code is executed on your browser for the web server, and they get all sorts of information back about you. Advertisers can track your browsing across the whole of the internet. This itself is a big long discussion. I can say a whole lot about how they do it, what they do with it, and what they can do with it.
Here’s the thing about VPN services - they’re only as good as their advertising. The reality is different. You don’t control the computers you don’t own. So anything you do through a computer you don’t own, you don’t own that, either. Are these services logging your behavior? Most will say no, but then public records have demonstrated that basically all of them do, and will immediately hand them over if a government agency so much as asks. Because look, if you’re doing something illegal through my VPN server, I want to prove it wasn’t me or my server. Better you than me. Further, VPNs are getting big because people don’t understand what these things are good for. The advertising is misleading because they’re pitching to the ignorant. They have such plausible deniability about misleading claims, it’s astonishing.
Couldnt the network Im connecting to not just read out all my passwords etc.?
No. And no one gives a shit about you or your computer. Hackers and criminals and corporations don’t care about the individual, they care about the aggregate.
to put simply vpn isnt safer its just more privacy. its like being able to have no one know which bar you go to or who you are at the bar, but it doesnt magically prevent you from getting robbed or getting in a fight at the bar.
If you think that VPN can hide all your activities on pornhub then think again.
There is always a backlog somewhere on what you are doing.
Most people are using VPN in a wrong way, it was made for remote control working not hiding your kinky stuffs.
The exception to this is if you’re on a work/school network. They might be decrypting the traffic by pretending to be the website you’re actually trying to access. This only works on devices they can install a certificate on to and does not work on sites that tell your browser what certificate they should use to access them (this is called certificate pinning or HSTS and is mainly used on financial sites)
VPNs are used for more than just privacy. They are widely used in business to securely connect between 2 different firewalled networks. like connecting a work laptop to the companies network from WiFi in a café.
It’s also recommended to connect to a cloud server instance via a VPN to run commands than leaving port 22 open for SSH.
Exactly what I came here to post. VPNs have their uses, but really the only reason the average person would need them is for pirating things, or if their work requires one to connect to the internal network.
That’s one amazing video. (Well, the guy’s good at his thing.)
It sucks that I have to use speedify with VPN service just to get channel bonding…
Your submission has been removed for the following reason(s):
Top level comments (i.e. comments that are direct replies to the main thread) are reserved for explanations to the OP or follow up on topic questions.
Off-topic discussion is not allowed at the top level at all, and discouraged elsewhere in the thread.
If you would like this removal reviewed, please read the detailed rules first. If you believe this was removed erroneously, please use this form and we will review your submission.
Yep. There is a hard problem of “authentication”- are you authentically who you say you are?
Lots of solutions exist, but as is often said: don’t trust any computer that your adversary has had physical access to.