3

As you may know, Virtual Private Network or VPN is a system to create an encrypted tunnel between two computers on the internet, on one end is the VPN client, and on the other end is the VPN server. Everything the client does on the internet can be monitored by the VPN server, which will otherwise be monitored by the ISP and/or the government.

The question is, what kind of data can a VPN server log or monitor? Can the VPN service provider monitor or intercept the full length of the transmitted data, or are they able to do so for some part of it? Also, can they alter and re-transmit the data as it passes through the VPN server?

This question came to my mind after reading some articles warning about VPNs that log and sell user data to third parties. How do I know that the provider isn't doing such thing?

Tom Netherlands
  • 31
  • 1
  • This is a legal question. From a technical perspective nearly anything is possible. Thus the importance of reading the Service Level Agreement (SLA) or similar document when signing up for their service. – phbits May 05 '20 at 23:16
  • I'm asking about the providers' technical capability, not their legal capability. – Tom Netherlands May 06 '20 at 00:49
  • Without knowing the provider, one can only make a best guess as to their technical capabilities which should align with their legal docs. That said, the following contains answers which address many of the technical concerns you likely have. https://security.stackexchange.com/questions/155057/my-isp-uses-deep-packet-inspection-what-can-they-observe – phbits May 06 '20 at 04:10

2 Answers2

4

You asked a couple questions:

What kind of data can a VPN server log or monitor?

Date, time, which server you connected to (IP and port), the size of the request, the response size, how many times you connected to it.

Can the VPN service provider monitor or intercept the full length of the transmitted data, or are they able to do so for some part of it?

It depends. If the connection is encrypted (TLS, SSH, for example), the provider can intercept the message but cannot know its contents, as the encryption is meant to protect exactly against this kind of attack. If the connection is not encripted (FTP, Telnet, HTTP, POP3, and others) they can monitor and intercept everything.

Not only monitor, but copy, alter, and replay any message. Logged into a plain FTP Server? Your credentials can be copied. The files you transmitted can be copied or changed.

Also, can they alter and re-transmit the data as it passes through the VPN server?

Same as above.

How do I know that the provider isn't doing such thing?

The Terms and Conditions. Yes, that boring page full of legalese that almost nobody reads. Usually they will tell there (in cryptic language) what they monitor and what they don't.

Will they monitor you? Probably. Like every single Facebook beacon, every Google Analytics script, everything on everywhere you navigate. It's bad? Not worse than everything around you. And that's a legal thing to do (unless they say they will not monitor).

Will they steal your credentials and your data? Unlikely. Besides being illegal on almost every jurisdiction, it would bury their business pretty fast. They have other means to make money, and stealing data from their customers isn't the best one.

How to be sure you are not being monitored instead of protected? Rent your own VPS and install your own VPN. It may seem complicated (and it's not simple), but with the correct tutorial you can have a Linux installed and running wireguard in an afternoon, for less than 5 dollars a month.

ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
  • I have seen a Terms and Conditions page that says that they keep "headers" for 15 days and connection logs for a month. What is this "header" and what information may it contain? – Tom Netherlands May 06 '20 at 00:52
  • A header can contain information like source/destination (IP, URL, port), size, language, cookies, User-Agent, among many things that tell the internet "Where and how I want this packet to be sent". You usually don't have to be too worried about header logging. My biggest concern with it would be cookies, which are often used for things like authentication, but a good website should use encrypted data for important cookies anyway. The VPN server can do about the same things as anyone sitting between your and your destination servers. – ChocolateOverflow May 06 '20 at 02:19
0

They see everything you put in the VPN tunnel on your end. In all cases they see IP, port, date, time, size. If you send unencrypted data they can read that too. Encrypted data can be captured as well but can not always be decrypted like TLS 1.2 at this time. Old versions and ciphers may be vulnerable and can possibly be decrypted. Replaying traffic is possible but some (encrypted) protocols have mitigations against that.

John Keates
  • 820
  • 4
  • 7