What is a VPN and why do we need it?
A VPN (virtual private network) is a persistent secure/encrypted connection over an unsecured network. Lets say that you send letters via 'snail mail' to you friend, and you're worried about it getting intercepted and read. However, you combat this vulnerability of the unsecured mail network by scrambling your messages in a way that only you and your friend can know how to unscramble. This is equivalent to a VPN. Someone in between you and the other end can intercept your messages, see where it came from and where it's going, but wouldn't be able to unscramble your messages (assuming you use a good method of scrambling/unscrambling them).
Usually, when people talk about a VPN, they're talking about a VPN that's also a proxy server.
A proxy is where you send your traffic through a 3rd party instead of being sent directly. Lets say that you want to get a package sent to your house, but you don't want the sender to know where you live or you don't want your parents to see it when it is delivered. You could instead make arrangements with a friend to have it sent to his house instead, and for your friend to forward it to you. In this case, your friend is serving as a proxy. This can have the advantage of keeping you anonymous1 , hiding where you live to the sender (or anyone who sees your package in transit between the sender and your friend), and for you to get around certain restrictions (parents can't block it).. In this case, the message is received by the friend from the sender, and then scrambled/encrypted and sent to you. Conversely, if the message goes the other way, it's scrambled/encrypted by you and sent to the friend, unscrambled/decrypted by the friend and forwarded to the recipient. With this setup, someone who intercepts the package between you and your friend can know where you are, but not to where your sending (if outgoing) or where it came from (if incoming), nor would they know what the message is (because it's scrambled). Someone who intercepts it between your friend and the other person would see who that other person is, but not who are. They would be able to see what the content of the intercepted message is, since your friend had to unscramble it so the end party could understand what they mean. That is, of course, unless you and the end party you're sending to receiving from have mutually decided to scramble the message too.
A proxy is where you send your traffic through a 3rd party instead of being sent directly. Lets say that you want to get a package sent to your house, but you don't want the sender to know where you live or you don't want your parents to see it when it is delivered. You could instead make arrangements with a friend to have it sent to his house instead, and for your friend to forward it to you. In this case, your friend is serving as a proxy. This can have the advantage of keeping you anonymous1 , hiding where you live to the sender (or anyone who sees your package in transit between the sender and your friend), and for you to get around certain restrictions (parents can't block it).. In this case, the message is received by the friend from the sender, and then scrambled/encrypted and sent to you. Conversely, if the message goes the other way, it's scrambled/encrypted by you and sent to the friend, unscrambled/decrypted by the friend and forwarded to the recipient. With this setup, someone who intercepts the package between you and your friend can know where you are, but not to where your sending (if outgoing) or where it came from (if incoming), nor would they know what the message is (because it's scrambled). Someone who intercepts it between your friend and the other person would see who that other person is, but not who are. They would be able to see what the content of the intercepted message is, since your friend had to unscramble it so the end party could understand what they mean. That is, of course, unless you and the end party you're sending to receiving from have mutually decided to scramble the message too.
So this is what sending with using a VPN as a proxy looks like:
You ------[encrypted]---------> Friend -------[decrypted]-------> server
So this is what receiving with using a VPN as a proxy looks like:
You <------[encrypted]--------- Friend <-------[decrypted]------- server
Keep in mind that your friend will have the ability to know everything: who/where you are, who/where the other party is, and what the content of the message is (unless you and the end party mutually decided to scramble it, which is equivalent to using HPPTS instead of HTTP). So you better trust this friend if you're going to send anything sensitive through him. For this reason, I recommend not using free VPN/proxy services. You can get a reliable VPN/proxy service for ~$40/year.
This is what using a VPN as a proxy looks like when connecting using an https connection:
You ------[encrypted][encrypted]---------> Friend -------[encrypted]-------> server
You <------[encrypted][encrypted]--------- Friend <-------[encrypted]------- server
In this case, the message is scrambled between you and the end server, but that scrambled message is being scrambled again between you and the friend/VPN. This way, not even your friend/VPN could know what the message is (assuming the encryption is good enough), because even the message he unscrambles is still a scrambled message. It also provides encryption all the way to the end server, whereas using a VPN/proxy only encrypts between you and the proxy/VPN. This is why I recommend that people use https, which encrypts your traffic between you and the website you're accessing (e.g., reddit.com). While not every website supports https, almost all major websites do. There are browser extensions, such as HTTPS Everywhere, that makes your browser try to use https by default.
For those wondering, this is a good explanation for how one type of encryption works, keeping any interceptors from being able to unscramble the message even if all the information exchanged is intercepted.
Now a tiny bit of information about TOR.
Tor is basically a network of public servers that partially decrypts your message as it sends it from Tor router to Tor router. That way, while the first/last Tor routers will know some information, such as knowing where it's going, where it came from, or what the decrypted message is (if you and the end party don't mutually agree to encrypt it), no single one of them will know all of that information.
Comments
Post a Comment