1

I am asking this question from a security perspective (not privacy)

I have read that using a vpn can prevent hackers including your isp (who could be working for the government) from doing mitm attacks. Is this correct? That using a vpn has security benefits? It can provide security against the isp and government?

But then that means the mitm attacks can be performed by the vpn.

So is it a matter of who you trust? Your isp or the vpn? And if you don't trust your isp then you can be safe from the isp by using a vpn?

Linux_user0987
  • 261
  • 1
  • 8

1 Answers1

2

You've got the main idea correctly: if you fear that your ISP would sniff or manipulate your traffic then a proper VPN will protect you against this. But then you have to trust the VPN provider instead. Only that you often have more choice in choosing a VPN provider than an ISP and that VPN providers might actually want to excel in terms of privacy while your ISP might have different interests.

But note that a VPN might protect you less than you think, i.e. watch out for IPv6 leaks or DNS leaks caused by improper VPN implementations or configurations.

I have read that using a vpn can prevent hackers ...

The VPN provider can only protect your connection between the VPN entry (usually your system or your local router) and the VPN exit. The VPN exit is usually not the endpoint of your connection, i.e. there are still MITM attacks possible between the VPN exit and the site you visit. And a VPN will also not protect you against a malicious or otherwise insecure web site. But you've bypassed at least your ISP and if the VPN exit is outside the reach of your government you increased your chance to bypass your government too (as long as the trust in the VPN is actually justified).

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • Does the ISP and vpn provider have the same options if they choose to attack you? Or does one have an advantage over the other? – Linux_user0987 Nov 05 '19 at 08:22
  • @Linux_user0987: Both are in the path of all your traffic and have the same options to attack you if they want. – Steffen Ullrich Nov 05 '19 at 08:33
  • @ Steffen Is it okay to compare the ISP and vpn provider with a hacker on a LAN? I have read that it is quite easy for a person on a LAN to intercept your traffic and initiate mitm attacks. So can they be compared? Would the ISP and a person on a LAN attack using the same tools and methods? – Linux_user0987 Nov 09 '19 at 17:04
  • @Linux_user0987: it is easier for an ISP or a VPN to intercept your traffic than for a hacker on the LAN. On the LAN the hacker has to somehow redirect your traffic (for example using ARP spoofing) first in order to be in your network path so he can do some MITM. But the ISP and VPN are already in the path of your traffic. It is more comparable with somebody hacking into the SoHo router which connects you to the internet. – Steffen Ullrich Nov 09 '19 at 17:52
  • @ Steffen: Is it correct that when using a vpn there are two people you need to be careful about; the vpn provider and the ISP of the vpn? The traffic gets to the vpn encrypted but then gets decrypted and flows through the vpn's isp unencrypted. So is it possible that even if the vpn is trustworthy the vpn's isp (depending on the country you choose) might perform a mitm attack? Unlikely but still possible isn't it? So do you think that choosing the right country is important as well? – Linux_user0987 Nov 10 '19 at 05:06
  • @Linux_user0987: Everything outside the VPN connection and thus everything between the VPN exit and the final server is not secured by the VPN. because of how the internet works there is usually not a direct connection between the VPN exit and the final server so not only the VPN and its ISP but several other parties might see and possibly intercept and modify the traffic. That's the main point of using HTTPS which provides end-to-end protection (but not anonymity) between client (browser) and server (webserver). – Steffen Ullrich Nov 10 '19 at 07:31
  • You said that the ISP can be compared to a hacked router. So if you connect a clean OS to a hacked router but use proper encryption like dns over https and connecting to https websites, can you safely use the hacked router? Does a vpn provide the same protection against a hacked router like it does with the ISP? – Linux_user0987 Nov 11 '19 at 04:33
  • @Linux_user0987: If you do not ignore any warnings you get when establishing a HTTPS connection then https hinders a compromised or malicious router, ISP or VPN to see your plain traffic and to modify it. They can mostly still see what domains you visit (visible inside the TLS handshake and from the target IP address) and deny access to specific domains based on this knowledge. A VPN provides more protection in that router and ISP can only see traffic to a single destination (the VPN endpoint) and everything inside is encrypted. – Steffen Ullrich Nov 11 '19 at 04:46
  • @ Steffen Ullrich: Just to be clear, you are saying that if I use a trusted vpn while connected to a malicious router, I don't have to be worried of getting hacked by the router? – Linux_user0987 Nov 11 '19 at 12:20
  • @Linux_user0987: You don't have to worry about the router reading or modifying your internet-facing traffic. This is not the same as not *"getting hacked by the router"* since the router still has access to your local network and can still intercept and modify communications between the systems in your local network. – Steffen Ullrich Nov 11 '19 at 12:29
  • @ Steffen: Yes, but if you connect to a malicious router to only use internet and use a trusted vpn and also don't communicate with other devices on the network you should be safe, right? – Linux_user0987 Nov 11 '19 at 16:19
  • @Linux_user0987: again, an attacker on a compromised router cannot listen to your internet traffic since this is protected by the VPN but the attacker can directly connect to your computer and thus might attack it depending on the exposed services. – Steffen Ullrich Nov 11 '19 at 17:27
  • @ Steffen: Can you explain how the router might attack? And what could the possible exposed services be? Also are you assuming a wired connection or wireless connection? Does it make a difference? – Linux_user0987 Nov 12 '19 at 11:19
  • @Linux_user0987: sorry, but this is a Q+A site and not a forum or discussion site. This is moving far out of the context of your original question (which is answered). Please ask a new question instead. – Steffen Ullrich Nov 12 '19 at 13:24
  • @ Steffen: I think it's up to the user. He can decide if he wants to discuss. You helped a lot. Thanks. Can you take a look at this question: https://unix.stackexchange.com/questions/551284/will-this-firewall-configuration-prevent-unencrypted-traffic – Linux_user0987 Nov 12 '19 at 16:16