From Newsgroup: alt.os.linux
On 08/09/2024 19.39, david wrote:
Using <news:lk547cFesj4U1@mid.individual.net>, J.O. Aho wrote:
The real question is why would you want to do that? You tend to get no
further "security" of "anonymity" of it. The last VPN will be the one
that can decipher your traffic anyway.
Thank you and everyone for trying to point out that supposed futility.
Maybe I fundamentally misunderstand everyone who said what you said, which
is that the last VPN will be able to decipher your traffic no matter what.
Exit points will be decrypting the data and forward the traffic to the intended server, then encrypt the reply and send it back. Sure this
don't mean they will automatically be a man in the middle, but they know
what server you tried to connect with, they may know what DNS requests
(at least know which name server you used) you done if they go use the VPN/TOR.
But isn't that dead wrong?
Isn't that what double NAT'ing does, or, more to the point, TOR?
It's just a try to hide the source, it don't hide the data you send, so
if you use TOR and you use the same exit point for a number of requests
they will know what you may be doing. There are or have been methods for
exit nodes to figure out the origin, which nullifies the point of TOR.
Why does it work perfectly for TOR and not work at all for VPN?
They work differently
When you tunnel a vpn over another vpn, it just makes the outer vpn to
keep your data one layer encrypted from you to the server of that vpn
(they will know which vpn you connect to), the there is the second
layer between the two vpns, the last vpn will know more or less
everything about you, so you don't get anything else than just an extra encryption of your date for a limited distance.
Unless your end vpn uses a really crappy encryption, you will not gain
any benefit from running vpn trough a vpn, just remember that the crappy encryption will still be there between the two vpns. The best is to just connect to the vpn you trust the most directly.
1
2 3
(you) EEEEEEEEEEEEEEEEEE> vpn1 ===============> vpn2 ----------------------------->(site)
Assuming the site you connect to uses https
1. Your ISP will know you use VPN1
Your data is encrypted 3 times
2. VPN1 knows that you use VPN2
The data is encrypted 2 times
3. VPN2 knows which IP and most likely the domain name too you connect to
The data is encrypted once
Assume the site is just using http
1. Your ISP will know you use VPN1
Your data is encrypted twice
2. VPN1 knows that you use VPN2
The data is encrypted
3. VPN2 can read your traffic
The data is in plain text from the VPN2 to the site
In all the cases the VPNs know your IP.
--
//Aho
--- Synchronet 3.20a-Linux NewsLink 1.114