4

I have been trying out ExpressVPN to connect to the internet. I have mostly used this at a coffee shop that I use regularly.

I see this question with answers:

Differences between using Tor browser and VPN

Here the accepted answer says:

"Both traditional VPNs and VPN services are to protect against external visibility into the network. Neither of them will protect you from authorized administrators for the network you're on."

I am not sure that I completely understand how the traffic is visible to the network one is on. For example: does this refer to the traffic before or after it is encrypted?

Where does the encryption happen when you use a VPN with encryption like ExpressVPN?

For example, if I am using the WIFI at my coffee shop, is the coffee shop able to see my unencrypted traffic? (Maybe my confusion is not understanding how a "network" in general works).

schroeder
  • 125,553
  • 55
  • 289
  • 326
user186049
  • 43
  • 3

1 Answers1

4

Your understanding is correct; when using a VPN, all traffic is encrypted on your laptop and remains encrypted all the way until the VPN server.

I think the wording in that answer is a bit confusing because there is more than one "network" here:

  • The wireless network provided by the coffee shop (wifi)
  • The Virtual Private Network (VPN).

Earlier in that section, @RoraZ says:

Let's take a situation with a VPN: you have your remote laptop R and your private network gateway/secure anonymous proxy (G). Now you have a private network IP that is encrypted from R to G. A network admin sitting on G can see your plaintext.

So I think he means "VPN admin" rather than "wifi admin".


As a fun side-note (and where I thought this question was going when I first read it) is that encrypting your traffic does not fully protect you against traffic analysis. For example when using HTTPS encryption, anyone sniffing your traffic can see which web servers you're talking to (everything up until the first slash in a URL, ex security.stackexchange.com). VPNs and TOR hide this because all your traffic looks like it's going to the VPN server, and the VPN server opens fresh connections to the web servers.

Another fun bit of traffic analysis is that, even encrypted, someone sniffing your traffic can see how many packets your're sending / receiving, and the size and timestamps of those packets. This awesome paper:

shows that not only can they tell from the packet size / timestamp data that you're streaming Netflix, but thanks to the way video codecs work (bandwidth spikes when the scene changes rapidly) they can actually tell which Netflix video you're watching.

Mike Ounsworth
  • 58,107
  • 21
  • 154
  • 209