What does your VPN really do to your web traffic? (a deep dive into HTTPS)

We have all seen the ads, right? If you have not, I would question how you are reading this article while turning your butter but anyway, let’s talk about VPNs (this is going to be spicy). I know we have also all heard about the "benefits" of using a VPN, such as "privacy", "security", and using that sketchy Wi-Fi that showed up while you were at the strip. So why don't we talk about what it does shall we? 

First "privacy". Now yes, it might improve it to a point at least by masking your IP however there are so many other ways that you are tracked online that are not your IP that the benefit would be very little. For example, your browser dimensions, cookies, installed extensions, etc. These are all sent through the VPN and allow the service at the other end to identify you through the VPN anyway, and another point I made add. What do most people do with their VPN? I would say use services online, and what do most services have? A login! You’re connecting to your VPN to “improve” your privacy then logging in and identifying the VPN connection as you. So don't fool yourself. A VPN is only a tool for privacy but is not privacy in itself (you need a lot more than just the VPN, plus there are tools that do even better than a VPN such as Tor).

Second “Security”. Again, there is a hint of truth to it as if you connect to an insecure website or are using an application that does not have any encrypted traffic but in general the internet uses HTTPS which is the secure version of HTTP (meaning it uses encryption and yes its “Military Grade” just like the VPN has). This will secure the content and page of the website you are visiting and using certificates block man in the middle attacks as well.

Here is an example of a HTTP request (without any encryption) to view raw headers.
This is a curl verbose output to Wikipedia, as you can see its pretty simple (also this is a basic request so there are very little headers). It starts with GET then the location and the HTTP version, after that it will contain headers about how the server should handle the request. Now lets look at the response.
As you can see its pretty similar, starts with the http version then the status of the request. Then more header data like cookies, content length, and the content type. Finally the actual content of the web request or the body of the request. Here I am using curl so you can see all the requests, and the data it sent. However let me move to Wireshark so you can see the actual network packets sent using both a HTTP website and an HTTPS website.
Here we have an HTTPS website (Wikipedia again). As you can see all that Wireshark can see are TCP and TLS request which contain no readable data. All we can see is the IP of the website that we are connecting to but nothing about where or what the website is sending us or what we are requesting from it. Now lets try with an HTTP site (so no encryption with HTTPS/TLS).
Now look at all that! Wireshark immediately detects it as HTTP packets and even shows us in a nice format the request and all the data that was sent back and forth.
So now that you have seen what HTTPS/TLS does, what does a VPN add you may ask or even say that its not doing anything? And you would be correct! The VPN just encrypts this HTTPS traffic and sends it to the destination meaning you... well encrypt the encryption? Seems weird right.

So lets answer our question from before, what security does a VPN add to our web traffic? Well because most of the internet already uses HTTPS the only real effect the VPN has is to hide what the website is you are visiting from the network you are connected to and instead show that you are connected to the VPN. But it will provide no extra security for any of the packets as they where already encrypted and using certificates to protect from man in the middle attacks. So if you are going to get a VPN to "secure" your web traffic from all those hackers its really not going to add much as most of the internet already solved this years ago with HTTPS to encrypt your packets between the server and you.

So what would I actually want a VPN for. Here is a small list of them
  1. A VPN will hide your IP from the services you connect to and hide the IP's of the websites you connect to from your connected network.
  2. A VPN will allow you to change your location by changing your IP to one somewhere else.
  3. A VPN because of its ability to change your IP and tunnel traffic can bypass filters on networks.
  4. A VPN can allow you to tunnel your traffic into another network to access the services and devices in it (such as your home network with a media server) (this one is if you set it up yourself or the service offer the ability to not every VPN service can).


I hope this clears the waters of all the misinformation and lets you make a more informed decision so you don't waste you money on a service you don't need.

Comments

Post a Comment

Popular posts from this blog

Danger in shortcuts

Image
Shortcuts, personally I never really use them. They link to a program slash file to run it or to make it easier to execute with arguments such as open minimized window. But I decided to give them a relook with the new Powershell program bundled in with all Windows installations and even released for Linux. Shortcuts if you did not know can pass arguments into the program or file it has been linked to. Usually you use this if for example you want to configure a program to launch silently using lets say a -silent flag. Well just add that into the shortcut and it will launch with that argument without having to open a shell. So what about Powershell? Well it has a interesting flag called " -Command ". The command flag allows you to pass a command or potentially even an entire script into the Powershell process that will be started. Interestingly this means an entire script can run in memory without being stored on disk at all, the most insane version of anti-malware avoidance. N
Read more

Keeping your AV enabled and not extracting the ZIP

Image
Public Service  Announcement This is something I wanted to write a post about as it seems to still be getting lots of hits and fooling lots of people. I will wright the TLDR here so you can get the message now and read further if you want to learn more. If ANY program EVER tells you to disable your Anti-Malware solution PROCEED WITH EXTREAM CAUTION.  If you are ever provided with a password protected archive again PROCEED WITH EXTREAM CAUTION. Now that the TLDR is out of the way let me explain. There have been many campaigns that have been involving something in common, using a password protected zip file hosted with a page that contains both the password AND instructions to disable your Anti-Malware solution. The ZIP file then contains infected files usually Redline or alike however if the person follows the instructions as provided they would have disabled their Anti-Malware solution which would now not detect the sample. This is a common tactic used to distribute malware onto comput
Read more