0

What a VPN does is take the encrypted traffic from the client, decrypt it and forward it to the server, while tor bounces the traffic in multiple nodes decrypting a layer at each node.

I have some questions about the security of these systems:

Regardless of whether the VPN holds traffic logs or not, an entity that has the power to do so can not request logs from the ISP, and even if it gets inbound encrypted traffic, it compares the size of incoming traffic and the outgoing one and see which one matches? Once you understand what inbound traffic is, you can get the IP of the affected client, right?

This same thing can not be done with tor even if it requires more steps?

If a private VPN is used, then there is only 1 user connected, getting the incoming logs you only see a connection, so even without correlating the size of the packages, you can easily understand who is connected to the VPN and being the only one that was done with the IP of the VPN he did it, so the private VPNs is less anonymous than the public trusted ones, right?

This question may seem similar to the others, but I do not think, the other questions are shown how the solution could be tor, but the problem seems to me that there is also with tor, later I would like understand if it is true that private VPNs are much safer than public ones, in short, I think my question is more general, I'm sorry for the bad english, but I help me with the translator. And my question has nothing to do with Differences between using Tor browser and VPN

  • 1
    Possible duplicate of [Differences between using Tor browser and VPN](https://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn), also similar [Why is Tor safer than a proxy?](https://security.stackexchange.com/questions/31589/why-is-tor-safer-than-a-proxy). – Steffen Ullrich Jan 04 '19 at 19:04
  • @SteffenUllrich Yes I know, I intended anonymity, anyway I edited the answer. – Chi non salta Pavarotti è Jan 04 '19 at 19:04
  • @SteffenUllrich I don't think. – Chi non salta Pavarotti è Jan 04 '19 at 19:06
  • *"I don't think."* - I'm pretty sure you think in general although you might not agree with my comment (which would be "I don't think __so__"). In this case it would be good to show how your question differs. Some more questions which highly overlap with the three questions you ask : [Could logless VPNs be traced?](https://security.stackexchange.com/questions/175179/), [How do traffic correlation attacks against Tor users work?](https://security.stackexchange.com/questions/48502), [Tor traffic correlation attacks by global adversaries](https://security.stackexchange.com/questions/48502). – Steffen Ullrich Jan 04 '19 at 19:20
  • @SteffenUllrich "I do not think" was addressed to the comment, however this question may seem similar to the others, but I do not think, the other questions are shown how the solution could be tor, but the problem seems to me that there is also with tor, later I would like understand if it is true that private VPNs are much safer than public ones, in short, I think my question is more general, I'm sorry for the bad english, but I help me with the translator – Chi non salta Pavarotti è Jan 04 '19 at 19:39

1 Answers1

1

... it compares the size of incoming traffic and the outgoing one and see which one matches? Once you understand what inbound traffic is, you can get the IP of the affected client, right?

To do this kind of correlation an attacker would need to have access not only to the endpoint of the VPN but also need to sniff near the entry points, i.e. at the ISP level. This is complicate already and likely only on the reach of government agencies. But it gets even more complicate if VPN endpoint and entry are in different countries with different laws and which might not like to help each other. And with a typical VPN provider used by many users the attacker would either have to do mass surveillance or need to have some idea already which client he needs to monitor for activity.

But if all this is given such correlation is possible. See Could logless VPNs be traced? for more details.

This same thing can not be done with tor even if it requires more steps?

Tor works differently and the traffic from the same client passes through different nodes and also different exit nodes. Also fingerprinting at the level of the IP stack is no longer possible and timing and size analysis are made way harder too. This and more makes it likely practically impossible for an attacker to demask a user this way although association was done in some theoretical and simplified scenarios. See Why is Tor safer than a proxy? and Differences between using Tor browser and VPN and Tor traffic correlation attacks by global adversaries and How do traffic correlation attacks against Tor users work? for more details.

If a private VPN is used, then there is only 1 user connected, ..., so the private VPNs is less anonymous than the public trusted ones, right?

A VPN with a single user cannot provide any kind of anonymity if the attacker is able to detect the entry point in the VPN and is able to associate this entry point with a specific user. If the attacker is a government agency and has already an idea which user this might be and only needs some proof then this can likely be done since these agencies can usually require cooperation by the ISP. Insofar it is easier as with a VPN used by lots of users.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434