21

Sometimes I connect to the Internet using a VPN connection to be able to access the blocked websites. I've got a few questions regarding this:

  1. Are my important data (like my credentials) vulnerable to be eavesdropped on the VPN server? What if the protocol of web site I am connecting to is HTTPS? (like gmail)
  2. Is the owner of VPN server able to access anything on my computer (files and folders) via this connection?
  3. If the answer to any of the above questions is Yes, is there any counter measures to prevent it?

Any advice would be appreciated!

Shurmajee
  • 7,285
  • 5
  • 27
  • 59
B Faley
  • 313
  • 1
  • 2
  • 7
  • possible duplicate of [Differences between using Tor browser and VPN](http://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn) – RoraΖ Aug 03 '15 at 11:37

2 Answers2

14

You need to think of connecting to a VPN like walking over to a physical network and plugging your computer into a switch there. So:

  1. If you use HTTP, everything is sent in plain text. The VPN server can read everything. If you use HTTPS, only the domain of the server will be known by the VPN server. The first step in a HTTPS session is to establish an SSL connection, everything is encrypted from there.

  2. If you have open ports on your computer (sharing files, music, etc.) this will be visible to the VPN server. Other than this, nothing is revealed. Again, it's as if you were connected to a physical network. The VPN server doesn't gain any other special privileges.

There is one exception to this, what VPN software are you using? Do you verify the source? If you received the VPN software from a questionable source, it could contain a trojan which allows outside attackers access to your computer.

Have you considered Tor or Freenode? These can run by themselves, or in addition to a VPN to give you privacy when visiting standard HTTP websites.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Jonah Braun
  • 256
  • 2
  • 4
  • Once I used `Your Freedom` and `Tor` softwares but both of them have become slow and annoying in terms of connection speed. I don't know anything about `Freenode` though, I will take a look at it, I hope it's easy to use :) The VPN software I am using simply looks like tending to ease the creation of `PPTP`, `L2TP` & `SSTP` connections for me. Of course I am not sure if this app is doing anything else behind the scenes, so I can create the VPN connection myself without needing to use this software. Thanks for your advice! I will get your answer checked if no better answer is posted any soon :) – B Faley Dec 16 '11 at 06:51
  • 1
    One thing to think about is that when you start looking at anonymizing services like Tor, your concerns with the hopping points eavesdropping on your conversation become much more likely. I would recommend not using Tor for sites that you authenticate with or that store any of your PII. Also, whatever VPN resource your using should have some kind of client agreement that you can look over. That should mention things like you are agreeing to allow SSL interception, traffic sniffing, etc of your data. – Ormis Dec 17 '11 at 17:12
4

One point Jonah hasn't mentioned is that the owner of the VPN server could intercept your communications even if you use https unless you manage and monitor your certificates. See this question, but especially @D.W.s first sentence, which is the critical piece.

Tor and Freedom give you greater resilience against a malicious node, but as you have noticed, they do slow the connection because there are many more hops between you and yourdestination.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320