hide yo kids, hide yo wife - with a VPN

Mike Davis

So now that the general public thinks they need a VPN to hide their browsing, does anyone have any recommendations? Does anyone have any clients that put their entire site behind a VPN?

Dashrender

Put your entire business behind a VPN? /sigh.

Nope, not I. Why should I trust the VPN provider more than the ISP? I suppose if the VPN terminates in a different country, there might be less tracking. But unless the DNS requests are also going over the DNS, you're not completely invisible to your ISP.

Mike Davis

@Dashrender I think along the same lines as you. In addition, if some cookies are dropped google has more information than you can imagine, so does it really make a difference if your ISP can see the urls you connect to? My concern supporting it professionally is that their banking site might not work if they are behind a VPN. For a client that I have that was using a load balancer, I had to write rules so that traffic to that site would only go out one interface. Their site couldn't handle the fact that our connecting IP might change. I imagine with the VPN it would be the same type of problems.

scottalanmiller

Texkonc

Well, I even saw something that even that wont stop the evesdropping. There still are ways to track.

Dashrender

@Mike-Davis said in hide your children, hide your wife - with a VPN:

@Dashrender I think along the same lines as you. In addition, if some cookies are dropped google has more information than you can imagine, so does it really make a difference if your ISP can see the urls you connect to? My concern supporting it professionally is that their banking site might not work if they are behind a VPN. For a client that I have that was using a load balancer, I had to write rules so that traffic to that site would only go out one interface. Their site couldn't handle the fact that our connecting IP might change. I imagine with the VPN it would be the same type of problems.

Wait - huh? Your load balancer didn't keep all the traffic to a given session on the same outbound IP? I guess I just assumed each browsing session to say, google.com or bankrus.com would stay on a single interface unless that interface went down. Sure two different sights might be access via two of your outgoing IPs, but that normally doesn't matter.

Dashrender

@Texkonc said in hide your children, hide your wife - with a VPN:

Well, I even saw something that even that wont stop the evesdropping. There still are ways to track.

Of course - cookies

travisdh1

@Texkonc said in hide yo kids, hide yo wife - with a VPN:

Well, I even saw something that even that wont stop the evesdropping. There still are ways to track.

Yep. Someone figured out a way to read the signal from analog monitor connections. That's right, if you've got VGA, you can be eased dropped on from quite a distance (I forget exactly how far away, one hundred some feet.)

Dashrender

@travisdh1 said in hide yo kids, hide yo wife - with a VPN:

@Texkonc said in hide yo kids, hide yo wife - with a VPN:

Well, I even saw something that even that wont stop the evesdropping. There still are ways to track.

Yep. Someone figured out a way to read the signal from analog monitor connections. That's right, if you've got VGA, you can be eased dropped on from quite a distance (I forget exactly how far away, one hundred some feet.)

Researchers found a way to read the CPU remotely (though it was only a few feet, but it was a through a wall. and did require malware on the machine.

Texkonc

@Dashrender said in hide yo kids, hide yo wife - with a VPN:

@Texkonc said in hide your children, hide your wife - with a VPN:

Well, I even saw something that even that wont stop the evesdropping. There still are ways to track.

Of course - cookies

Nom Nom

Mike Davis

@Dashrender said in hide yo kids, hide yo wife - with a VPN:

Wait - huh? Your load balancer didn't keep all the traffic to a given session on the same outbound IP? I guess I just assumed each browsing session to say, google.com or bankrus.com would stay on a single interface unless that interface went down. Sure two different sights might be access via two of your outgoing IPs, but that normally doesn't matter.

yes. This was with a SonicWall NSA250. The second time I had the issue, I contacted the business that had the payment site that wouldn't work. I asked him for the IP of the payment server so I could write a route statement. He said the IP was private for security reasons. I got it from nslookup and asked him to let me know if he ever changes it.

Texkonc

@travisdh1 said in hide yo kids, hide yo wife - with a VPN:

@Texkonc said in hide yo kids, hide yo wife - with a VPN:

Well, I even saw something that even that wont stop the evesdropping. There still are ways to track.

Yep. Someone figured out a way to read the signal from analog monitor connections. That's right, if you've got VGA, you can be eased dropped on from quite a distance (I forget exactly how far away, one hundred some feet.)

So DVI and HDMI are encrypted?

Texkonc

@Dashrender said in hide yo kids, hide yo wife - with a VPN:

@Mike-Davis said in hide your children, hide your wife - with a VPN:

@Dashrender I think along the same lines as you. In addition, if some cookies are dropped google has more information than you can imagine, so does it really make a difference if your ISP can see the urls you connect to? My concern supporting it professionally is that their banking site might not work if they are behind a VPN. For a client that I have that was using a load balancer, I had to write rules so that traffic to that site would only go out one interface. Their site couldn't handle the fact that our connecting IP might change. I imagine with the VPN it would be the same type of problems.

Wait - huh? Your load balancer didn't keep all the traffic to a given session on the same outbound IP? I guess I just assumed each browsing session to say, google.com or bankrus.com would stay on a single interface unless that interface went down. Sure two different sights might be access via two of your outgoing IPs, but that normally doesn't matter.

If he wasn't using sticky sessions.

RojoLoco

@Texkonc said in hide yo kids, hide yo wife - with a VPN:

@travisdh1 said in hide yo kids, hide yo wife - with a VPN:

@Texkonc said in hide yo kids, hide yo wife - with a VPN:

Well, I even saw something that even that wont stop the evesdropping. There still are ways to track.

Yep. Someone figured out a way to read the signal from analog monitor connections. That's right, if you've got VGA, you can be eased dropped on from quite a distance (I forget exactly how far away, one hundred some feet.)

So DVI and HDMI are encrypted?

I think the fact that those are digital vs VGA being analog is the difference.

Dashrender

@Mike-Davis said in hide yo kids, hide yo wife - with a VPN:

@Dashrender said in hide yo kids, hide yo wife - with a VPN:

Wait - huh? Your load balancer didn't keep all the traffic to a given session on the same outbound IP? I guess I just assumed each browsing session to say, google.com or bankrus.com would stay on a single interface unless that interface went down. Sure two different sights might be access via two of your outgoing IPs, but that normally doesn't matter.

yes. This was with a SonicWall NSA250. The second time I had the issue, I contacted the business that had the payment site that wouldn't work. I asked him for the IP of the payment server so I could write a route statement. He said the IP was private for security reasons. I got it from nslookup and asked him to let me know if he ever changes it.

OMG - private for security reasons, but it's on the bloody internet - that guy needs to be fired, he clearly doesn't understand security.

Dashrender

@Texkonc said in hide yo kids, hide yo wife - with a VPN:

@travisdh1 said in hide yo kids, hide yo wife - with a VPN:

@Texkonc said in hide yo kids, hide yo wife - with a VPN:

Well, I even saw something that even that wont stop the evesdropping. There still are ways to track.

Yep. Someone figured out a way to read the signal from analog monitor connections. That's right, if you've got VGA, you can be eased dropped on from quite a distance (I forget exactly how far away, one hundred some feet.)

So DVI and HDMI are encrypted?

I don't know about DVI, but HDMI definitely can be. For Bluray and other DRM content it often is.

scottalanmiller

@Dashrender said in hide yo kids, hide yo wife - with a VPN:

@Texkonc said in hide yo kids, hide yo wife - with a VPN:

@travisdh1 said in hide yo kids, hide yo wife - with a VPN:

@Texkonc said in hide yo kids, hide yo wife - with a VPN:

Well, I even saw something that even that wont stop the evesdropping. There still are ways to track.

Yep. Someone figured out a way to read the signal from analog monitor connections. That's right, if you've got VGA, you can be eased dropped on from quite a distance (I forget exactly how far away, one hundred some feet.)

So DVI and HDMI are encrypted?

I don't know about DVI, but HDMI definitely can be. For Bluray and other DRM content it often is.

I believe DVI cannot be. But you can convert DVI to HDMI.

scottalanmiller

Encryption on HDMI was a major deal when it released.

art_of_shred

@scottalanmiller said in hide yo kids, hide yo wife - with a VPN:

Encryption on HDMI was a major deal when it released.

We all know you're watching porn. Can't we just accept that and avoid the added complexities?