@Sparrow
>Sometimes, it also routes traffic through a different part of the Internet. It can for example let you connect to game servers if it fails due to a bad node between you and said servers without the VPN.
Fun story. I was trying to access a work document that I was able to access a week prior. It was on a google Drive or something - nothing unusual. I just could not load the page where it was located all of the sudden.
I spent 3 weeks trying to hunt this thing down. I have zero experience with networking but I work with databases and applications so I am at least familiar with terminals. I tried a million things that I have no clue about. I go through a local ISP and they were stuck too, saying the data was definitely going out just fine through their systems.
Well, I ended up figuring out how to get a print out of every server along the line that my data was going. Couldn’t tell you a lick of how to do it again but I got it working that one time and I saw the last one in line every time was the same server.
I used a VPN to force a redirect and lo and behold the file was accessible. So I called my ISP out of ignorance (by this time I was talking to their top level guys) and they were like “Yo that’s not our server” and I am like “Fuck you mean, you’re my ISP?” and they’re like “Bitch that’s someone else” so I was like “aight”
I tracked down the server (pretty simple with some googling) to an AWS server. Then, I found out who that server was registered to. Again, couldn’t remember the company name to save my life. But I called them.
I immediately knew I was in a different pond when I got the most professional corporate suit sounding guy answering the phone. I was polite and explained the situation and I don’t think he really knew how to respond haha.
What he taught me was that there are whole companies that serve as server highways for internet data. ISPs and various other companies contract with these guys so they can send data across large reaches of the world. This company with the affected server was simply one of those companies.
He also explained that a single issue from a single person when their servers are handling mind boggling amounts of data just isn’t going to warrant a check on their end. So that was a bummer. But it was a really cool thing to learn about.
@Gabi
The NOC of whatever company might actually check into it if you were able to reach them; a single user that’s technically sufficient to identify a routing error and get NOC details is a good sign something is wrong.
The companies that help ISPs reach other parts of the internet are called “tier 1” ISPs. It’s way more complicated than that
@Sonny
That’s right he mentioned tiers. It’s been a few years so I’m foggy on the details.
I’m sure they would’ve checked it and probably found something. Within a few weeks the issue was resolved so I guess a bigger fish ran into the same issue and finally reported it. Or maybe they just noticed it and fixed it idk.
I just think it’s so cool that this entire infrastructure exists and nobody ever mentions it. Seems like a pretty critical piece of infrastructure.
@Gabi
It’s very cool! And crazy that it works as well as it does.
Here’s one thing: it isn’t even just the tier 1s doing this, there are about 60,000 entities that run “autonomous systems”, and it’s all just people/companies cooperating to make the networks talk to each other (thus the “inter” net, the network that connects networks).
They just all talk to each other to figure out the best way to go from one network to another, with every proper router on the Internet knowing about every single block of IP addresses. When I turned on a particular IP block for a company I used to work for, the information about that spread around the world in seconds, to hundreds of thousands of routers.
@Sonny
That’s just crazy. It really makes you wonder what all it could be used for. I mean it’s already been used for incredible (and incredibly bad) things - the internet isn’t exactly an obscure topic anymore. But when you imagine being able to relay information instantaneously and in parallel threads to anywhere in the world (kinda), it really makes your head spin. Especially with IoT bringing us wifi-enabled computers the size of a flash drive. All of it built on a massive series of servers more-or-less duct taped together with a series of “okay we’ll all just do it this way then” decisions haha.
@Gabi
> Well, I ended up figuring out how to get a print out of every server along the line that my data was going. Couldn’t tell you a lick of how to do it again but I got it working that one time and I saw the last one in line every time was the same server.
@Sparrow
I’ve heard people say they never use a public WiFi without VPN because they can track you. They even know your IP address and can find out where you live!
Riley said: @Sparrow
I’ve heard people say they never use a public WiFi without VPN because they can track you. They even know your IP address and can find out where you live!
Yeah, they actually said that
It’s the default sales pitch of YouTube VPN adds. Some choose to believe it.
Riley said: @Sparrow
I’ve heard people say they never use a public WiFi without VPN because they can track you. They even know your IP address and can find out where you live!
Yeah, they actually said that
There are reasons why trusting public WiFi networks is risky, but there’s a lot of missing detail. The crux of it, though, starts with the fact that most people just aren’t tech savvy or security conscious.
One scenario: It is very easy for a bad actor to setup a public WiFi that broadcasts an SSID that people will willingly trust; sitting in an airport terminal? I can just name my WiFi network “Airport GUEST” or sit in a McDonalds parking lot and broadcast “McDonalds GUEST” and countless people will willingly connect (and many without care if there are warnings about it being insecure standards). Very easily one can setup a fake portal to make them “login” with some basic credentials and promote it as “this is a free network but for your protection for security we require all guests to provided XYZ personal information” … again, countless people will fall for it.
Even on a public WiFi network that a bad actor is joined to but doesn’t directly control, Other things can be put into the mix like listening for LLMNR broadcasts and responding back to those requests with poisoned results. Running automated scans against IP addresses on the network to footprint for potential openings for more direct attacks. Mapping the network itself and looking for opportunities to escalate control or privileges on the network (e.g. bad/weak configurations/policies, remote admin logins with easy passwords or even default passwords still in play).
It’s also extraordinarily easy to give yourself constant remote access to these networks by plugging in and hiding a tiny device (raspberry pi for example) out of sight but connected to a public network and having it provide bad actors with a more long-term strategy to find ways to compromise the network itself and/or users on the network.
So, while you’re right to call into question the misleading nature of those ads VPN companies like to run, they’re not entirely unfounded. A good rule of thumb is to not connect to any WiFi network unless you’re certain it’s legitimate. When you do connect to one, be diligent and skeptical of anything out of the ordinary. Ideally, run through a trusted VPN (the VPNs I trust the most are the ones I run myself e.g. Wiregaurd).
Riley said: @Sparrow
I’ve heard people say they never use a public WiFi without VPN because they can track you. They even know your IP address and can find out where you live!
Yeah, they actually said that
In very specific scenarios, I suppose they could find out where you live. But the likelihood of that happening when browsing legit websites run by real companies today is basically zero. You would need to fill out a form with your address and submit it over http. If any site still allows you to do that, don’t ever give them your information.
@Sparrow
In terms of intention, I think people are interested in VPNs to protect against ‘bad actors’ or government spying. In that sense, can VPNs protect you? Or is another method more preferred?
Oakley said: @Sparrow
In terms of intention, I think people are interested in VPNs to protect against ‘bad actors’ or government spying. In that sense, can VPNs protect you? Or is another method more preferred?
They can help. However, if you really to maximize your privacy , you should be using more than a single tool for this. Think of the VPN as one added layer of security. Remember that the VPN provider is bound by the laws of wherever they are based in. They can still encrypt all data, purge logs, etc. but if there is data that has not been purged and law enforcement shows up, they’ll provide that data.
If you are a journalist somewhere the regime is very unfriendly, you’d want more than just the VPN. Encrypt everything on your computer, use other methods to protect your online activities like Tor, etc.
I am no expert on this, just someone who finds that stuff interesting, so I’ve never gone through those lengths.
@Sparrow
Most popular VPN apps advertise that they keep no logs. Is that true? I have no clue. But that’s what they claim. If you want to be extra safe, VPN through a country that is an enemy to the US and won’t comply if the US asks for the logs (Russia, China, etc.)
@Kipp
That just risks your data being grabbed by those countries instead. I’d rather go for a service in a country like Switzerland or even the US or other Five Eyes country that has an actual good track record of no logs than some country where whatever “dear leader” decides goes, laws be damned. I’d expect those providers to be fully “cooperating” with those governments anyways.
Nite that to route your traffic, the VPN needs some information, it’s more a matter of whether that info gets deleted as soon as it’s no longer needed.
@Kipp
You really don’t know but there are ones like Mulvad who were visited by the National Police and basically said sure take whatever because there’s nothing.
OVPN I also believe has a court case showing similar results and winning awhile back.
It depends on the countries laws, a country like Sweden it is not illegal to run a server with no logs and just RAM/Bare metal servers.
If you want heavy hitters when it comes to privacy most people go to Mulvad, Perfect Privacy, etc. some will recommend Proton. Proton does have a mark against them in regards to their email service tho no the VPN.
Tldr just use Mulvad most of the gigantic ones are all owner by big companies in countries that don’t care about your privacy.
@Sparrow
A VPN on public unencrypted WiFi can still help hide metadata not hidden by HTTPS alone. I personally use a private VPN back to my place so that I can mask traffic and access devices on my LAN.