What stops a VPN from completely lying to you? Logging everything, snooping on your private information, gathering passwords, not encrypting your packets properly, not giving you the IP they say they are, not connecting you to the server you're supposed to be connected to, etc? How can you independently verify that they are providing the services for which they claim?
-
1I usually setup VPN myself on the cloud server. This way I am in control of it as well it's not some cheap VPS where there are sniffers all over the place. – Aria Aug 14 '16 at 13:01
-
Unless you see their code you have no way to trust them. However depending on what you're using the VPN for it may not be a problem. If you're simply using it to be safe from the unencrypted coffee shop's wireless network then logging on the provider's side will not matter - bad guys from the Wi-Fi still won't be able to snoop on your traffic. – André Borie Aug 14 '16 at 13:33
2 Answers
I'm under the assumption that all VPNs are honeypots, whether the company intends it to be, or not. They're the perfect way to gather information about you when you least expect it.
What stops a VPN from completely lying to you?
Like hax said, there's literally nothing stopping a VPN provider from lying to you.
And there's nothing stopping the VPN's service provider from logging information either. Even if you say you don't log anything, and you really don't, the service/hosting provider can still log everything. =)
Remember, traffic still has to be decrypted by the VPN before being sent to the destination. Non-HTTPS? Good luck. And there are many ways to find out what you're doing anyway.
- 22,498
- 8
- 74
- 91
-
Does this imply that you do not advocate the use of VPNs if they are honeypots? – user51819 Aug 14 '16 at 14:43
-
`And there's nothing stopping the VPN's service provider from logging information either` So when the VSP decrypts the traffic, their ISP still logs all of this, right? They just don't know where it came from? Or do they? – user51819 Aug 14 '16 at 14:49
-
What it means is this: the service provider (could be AWS) may have a way to access the VPN server. And they generally know where you came from: you are connecting to them. That connection to them, whether encrypted or not, does not hide the end points. `127.0.0.1` (client) connects to `127.0.10.4` (VPN). They can log the handshake attempt for the VPN, and follow the rabbit hole. This kind of logging is possible, but requires a lot of effort. Some, ahem, agencies, may invest in that effort. Metadata is *crazy*. – Mark Buffalo Aug 15 '16 at 01:55
-
I don't advocate the use of VPNs to commit crimes, no. If you're just using them as a normal person would, you don't have much to worry about... but don't expect to be truly anonymous. – Mark Buffalo Aug 15 '16 at 01:56
What stops a VPN from completely lying to you?
Short answer is Nothing.
Logging everything, snooping on your private information, gathering passwords, not encrypting your packets properly,
If the VPN is opensource we can verify if the libraries they use are secure standard ones. Otherwise limited dynamic testing would be possible too.
not giving you the IP they say they are, Can be verified by connecting to your own internet service and checking the logs or verifying it using a service like whatismyip
not connecting you to the server you're supposed to be connected to, etc?
Virtually impossible as this can have an impact on the response from the server. If the server you are connecting to you uses a certificate based author, like https, you would be able to figure out the same easily.
- 3,851
- 1
- 16
- 34