Comment on Pornhub shuts down in Texas... and predictably, VPNs benefit
tal@lemmy.today 9 months agoencrypted over https
The TLS handshake will generally – through there are some ways to avoid this, and people are banging on it – expose hostnames in the clear.
en.wikipedia.org/wiki/Server_Name_Indication
Even if your browser is using DNS-over-HTTP, most software doesn’t, so outside of your browser, DNS is generally visible.
Some protocols still are not encrypted; I was looking at MUDs the other day, and few of them support encrypted connections. The networks that I’m most worried about are random WiFi access points.
The network provider can still see which addresses and ports someone is connecting to and to where the traffic goes, and how much traffic is sent.
Some network providers blacklist material – as is the case here. For example, one of my first experiences on the Threadiverse was kbin sending me to a random discussion on policy that Ada (the lemmy.blahaj.zone admin) was having with some gay user who lived somewhere in the Middle East. Lemmy.blahaj.zone had been blocked in that country – the country presumably didn’t like something related to the server having LGBT content. The Threadiverse is semi-resillient to that – they could still connect to a federated server and see comments. But it meant that images on lemmy.blahaj.zone were blocked in that country.
For another contemporary example, Russia has cracked down on politics online. Can’t block access to content without killing off VPNs, and they went after those too.
For people who maintain a long-running IP address, it’s possible to cross-correlate logs from various services. So, okay, let’s say that a given IP address has been logged downloading BitTorrent content. That same IP address is linked to, at various times, use of an app where a particular unique phone ID has shown up, or maybe that a user has logged into some account service on, which is linked to personal information. Even a party who is not someone’s ISP can cross-correlate logs using the IP. A VPN doesn’t absolutely avoid that, but it makes it harder.
Without an VPN, anyone can get at least a rough geographical location of a user by geolocating their IP address.
Probably more, but that’s some off-the-cuff.
Brkdncr@lemmy.world 9 months ago
My isp uses cg-nat, and many others do too, so source ip is hidden from most except for my isp, which I have a contract agreement with.
As someone that manages networks and security, you know what piques my interest? When I see hosts using vpn. I look up the host using the service, the service in use, and see what other interesting things are happening.