Question VPN concepts?

brannsiu

Distinguished
Apr 20, 2013
1,073
3
19,285
Is it true that without VPN, when I visit a website, and if the website is powerful enough, they could be able to find out my real identity that may include my real name, phone number and home address etc through the help of my internet service provider? Of course, my ISP should not give out those information to them but it shouldn't involve a lot of difficult technical skills, it should only involve legality, but not technology.

But after using VPN, chances are they COULD still find out those information but will probably have to go through a lot of processes, tracking down a lot of companies that may involve a lot of overseas companies, before they will be able to find out my personal information?

Or does VPN itself technically make the connection process so complicated that even if all those overseas companies are corrupted and do whatever illegal, chances are they will still have hard time tracking down my personal information technically?

In other words, does VPN increase more of the technical difficulties (i.e. harder to track down technically, even if all companies involved are corrupted and do whatever illegal.) or more of the legal difficulties? (i.e. through more companies so it is not easy to track down legally, but it's still easy technically.)

Sorry my English isn't very good, I hope you understand my questions. I am looking for the concepts.
 
All a VPN does is this:
  • Instead of all of your internet traffic going to the destination after hitting the ISP, it goes to the VPN server instead. So to everyone else, you're talking only to the VPN server.
    • However, anyone sniffing the network and specifically on your computer will immediately find your computer reaching out to the same destination rather suspicious... so ironically using a VPN makes it obvious you're using a VPN.
  • The data payload of said traffic is encrypted before it goes out. However, this encryption does not affect the IP routing information.
Is it true that without VPN, when I visit a website, and if the website is powerful enough, they could be able to find out my real identity that may include my real name, phone number and home address etc through the help of my internet service provider? Of course, my ISP should not give out those information to them but it shouldn't involve a lot of difficult technical skills, it should only involve legality, but not technology.
If the ISP has my personal information that readily available, then then should be sued out of their existence because that's poor security. But otherwise, even getting to that point depends on what the destination server can see. If there's no data that could be linked back to your ISP anyway, then how does the server know what to look for?

But after using VPN, chances are they COULD still find out those information but will probably have to go through a lot of processes, tracking down a lot of companies that may involve a lot of overseas companies, before they will be able to find out my personal information?
If they saw you were using a VPN and the VPN does a poor job of protecting your data, then it's no different than the previous scenario you're describing. In this context, you're shifting trust from the ISP to the VPN.

Or does VPN itself technically make the connection process so complicated that even if all those overseas companies are corrupted and do whatever illegal, chances are they will still have hard time tracking down my personal information technically?
No. For that you need run on a Tor network.

In other words, does VPN increase more of the technical difficulties (i.e. harder to track down technically, even if all companies involved are corrupted and do whatever illegal.) or more of the legal difficulties? (i.e. through more companies so it is not easy to track down legally, but it's still easy technically.)
I don't think it really makes a difference. VPN ad spots you see on YouTubers massively inflate what a VPN can do.
 
All a VPN does is this:
  • Instead of all of your internet traffic going to the destination after hitting the ISP, it goes to the VPN server instead. So to everyone else, you're talking only to the VPN server.
    • However, anyone sniffing the network and specifically on your computer will immediately find your computer reaching out to the same destination rather suspicious... so ironically using a VPN makes it obvious you're using a VPN.
  • The data payload of said traffic is encrypted before it goes out. However, this encryption does not affect the IP routing information.

If the ISP has my personal information that readily available, then then should be sued out of their existence because that's poor security. But otherwise, even getting to that point depends on what the destination server can see. If there's no data that could be linked back to your ISP anyway, then how does the server know what to look for?


If they saw you were using a VPN and the VPN does a poor job of protecting your data, then it's no different than the previous scenario you're describing. In this context, you're shifting trust from the ISP to the VPN.


No. For that you need run on a Tor network.


I don't think it really makes a difference. VPN ad spots you see on YouTubers massively inflate what a VPN can do.

Well

I think when I visit a website without VPN, even without leaving any message, chances are they can already have my IP address and thus they can find out my ISP and then my personal information can be found out (Assume my ISP is crap and dishonest)

Is what I understand true?


If I use VPN, then they will have hard time finding out my ISP and thus it's harder for them to find out my personal information even if my ISP is dishonest because they have hard time looking for my internet provider or hacking into my personal computer.

Is what I understand true?
 
Well

I think when I visit a website without VPN, even without leaving any message, chances are they can already have my IP address and thus they can find out my ISP and then my personal information can be found out (Assume my ISP is crap and dishonest)

Is what I understand true?


If I use VPN, then they will have hard time finding out my ISP and thus it's harder for them to find out my personal information even if my ISP is dishonest because they have hard time looking for my internet provider or hacking into my personal computer.

Is what I understand true?
You are trading your trust in your ISP to your trust in a VPN provider. The VPN provider has similar info to your ISP. The VPN provider has your true IP address. They probably have some kine of payment info provided by you. If you can "assume your ISP is dishonest" then you can also assume that of a VPN provider.
 
You are trading your trust in your ISP to your trust in a VPN provider. The VPN provider has similar info to your ISP. The VPN provider has your true IP address. They probably have some kine of payment info provided by you. If you can "assume your ISP is dishonest" then you can also assume that of a VPN provider.
OK
Assume that the website I am visiting cannot be trusted.
Assume that my ISP cannot be trusted.
Assume that VPN server CAN be trusted.
In that case, can adding VPN in the mid way make the website less likely, if not impossible, to find out my ISP, and thus my personal information stored in the server or database of my ISP?
 
Assume that VPN server CAN be trusted.
In that case, can adding VPN in the mid way make the website less likely, if not impossible, to find out my ISP, and thus my personal information stored in the server or database of my ISP?
said website wont be able to find whats behind VPN server directly, but if that website is fishy enough, they can still get you some nice malware which could show your real connection to vpn, including your isp routes
 
OK
Assume that the website I am visiting cannot be trusted.
Assume that my ISP cannot be trusted.
Assume that VPN server CAN be trusted.
In that case, can adding VPN in the mid way make the website less likely, if not impossible, to find out my ISP, and thus my personal information stored in the server or database of my ISP?
If the ISP can't be trusted with your personal information, then it doesn't really matter at this point.

For example, let's say the purpose of using a VPN is because I believe what you're saying and I want to do this to stop spam emails or junk mail from getting to me, because someone would either have to have my email or physical address. If the ISP can't be trusted, by say selling this data to advertisers, then a VPN isn't going to stop this. At best they'll just stop sending me targeted ads based on websites I've visited.

If the ISP can't be trusted by having poor security practices and basically hackers and data miners have a back door access, but they're not actively selling the data or whatever, then it doesn't matter if I visited the shady website or used a VPN. The bad actors can just get my data and do whatever with it.

In any case, I also would suggest stop visiting this website. They don't really need to know your ISP to do bad things to you or your computer. The fact you've connected to them in some way is enough to give them the potential.
 
  • Like
Reactions: EggShell