0

I use the free version of proton VPN because it has such a nice interface. From my understanding, when I connect to one of their VPNs located in the US, my information passes through an encrypted tunnel visible to my ISP, then to an entry node, then to a relay node, then to an exit node, then to where my internet activities are told to go.

Let's say I was a cautious internet "criminal", and my ISP believed me to be such. They've hired one of you to come out to their location and make some guesses about what i was using their service for and you are really good at your job.

What would you be able to tell my ISP?

Tough question so thanks in advance!

thinksinbinary
  • 149
  • 6
  • Entry/relay/exit nodes are part of the Tor architecture, and probably aren't applicable in this context. Unless you are using ProtonVPN's Tor integration. – multithr3at3d Jan 01 '20 at 21:21
  • The American VPNs proton use the tor relay, I assume this because theres a picture of an onion next to the dropdown menu of US networks – thinksinbinary Jan 01 '20 at 21:38
  • 2
    Does this answer your question? [VPN, ISP & deep packet inspection](https://security.stackexchange.com/questions/158175/vpn-isp-deep-packet-inspection) – LTPCGO Jan 07 '20 at 16:51

1 Answers1

3

Your ISP would be able to see the following:

  • That you are using VPN
  • The IP address (on the ISP's network) from which you are connecting to the VPN
  • The IP address of the entry node of the VPN
  • The volume of data between any two points in time that you are sending and receiving through the VPN

Without the cooperation of the VPN provider, the ISP would not be able to see:

  • The web sites that you are visiting or the servers that you are connecting to

Even with the cooperation of the VPN provider, the ISP would still not be able to see the information in plaintext form that you are sending to these servers or receiving from these servers, assuming that you are using a secure protocol supported by the server, inside the VPN tunnel, such as HTTPS, SSH, SFTP, etc.

However, it should be noted that an entity that is able to surveil large swaths of the internet (such as a three-letter agency) may be able to determine the web sites that you are visiting, and the servers that you are connecting to, by using 'big data' to match up the dates and times of the chunks of packets that they see traversing your connection to your ISP, with the dates and times of the chunks of packets that they see traversing the server's connection to the server's ISP. Even though these packets are encrypted, if they are able to match up enough of these chunks of packets over the course of time, they can determine with a high probability that it is you connecting to the server via the VPN. Bruce Schneier writes about this in his latest book, 'Click Here to Kill Everyone'.

mti2935
  • 19,868
  • 2
  • 45
  • 64
  • I guess the type of encryption of encryption being used is important for the info security. – thinksinbinary Jan 01 '20 at 20:24
  • @thinksinbinary All modern encryption and key exchange mechanisms in TLS are fine. The problem is rather that now instead of your ISP seeing all your traffic, your VPN provider sees all your traffic. And that may be mor e people [than you think](https://www.theverge.com/2019/10/21/20925065/nordvpn-server-breach-vpn-traffic-exposed-encryption). –  Jan 01 '20 at 20:35