So I’ve always been curious about how VPN companies are able to set up literally hundreds of servers in all different countries.
I know that a VPS is cheap to rent and set up, but at the very least its still costing them thousands of dollars to keep running, but I just can’t see how that would even be worth it for them. When im using VPN, I usually stick to 1 or 2 of the servers with fast connections and that’s it.
Do they actually have all the servers that they claim they do? Or do they share the servers with other people or something?
They’ll probably be using virtual servers run by other people. Dead cheap, and you can have one person sitting at home operating plenty of servers from everywhere.
Yes they certainly do have servers located everywhere that they say. If they’re out of the country where the VPN is based, they likely just rent servers in a data center. It costs a few hundred to a thousand bucks a month per server, but each server offers enough bandwidth for probably 500-1000 users connected at once, and most people aren’t connected 24/7 so they actually probably have 1 server per 2-3k subscribers, leaving them a pretty healthy profit margin.
The software defined network mixed with on-demand infrastructure as a service ensures capacity for these types of things where it’s really not a single server, but a scope of expected hardware on a site by site basis.
What can the physical server operator do if they don’t have access to the OS on the VPS? Sure they can log all communication to that machine, but they can’t say who’s doing what, can they? genuine question
They could mount a timing attack to try and relate inbound traffic and outbound traffic. They could also intercept any unencrypted traffic leaving the VPN.
And if they have physical access to the machine, they can leverage that into access to the OS by screwing about with the memory while it’s running or the disk images while it’s off or whatever; it’s just a lot of work.
If you dont trust the VPN company you’re using, you have troubles. If you dont trust the country its hosted in, then you have big troubles.
You think when law enfocement comes knocking , theyll say “oh, we dont have logs, sorry and have a good day?” Theyll be forced to turn logging on without notifying you.
Relying on promises from an entity you dont trust just doesnt make sense.
The datacenter cant necessarily provide that info. The VPN provider would be who they would want to talk to. Aside from issues of who has access to the datapipe, neither the ISP nor the datacenter would have any insight into what each connection was. If you’re looking to establish a crime, you generally need to show that a particular user did a particular thing. The only one who can definitively tie a VPN tunnel to an egress connection is the provider.
I dont know that derived statistics from timing attacks would be useful in an investigation. Sounds a lot like circumstantial evidence, to me; you cant actually prove that the traffic went from one to the other.