Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,010 --> 00:00:07,680 Get an hour of the witnesses and problems inherent in VPN so you can understand where they are suitable 2 00:00:07,680 --> 00:00:09,180 and where they are not. 3 00:00:09,180 --> 00:00:14,490 So the first thing is that the paeans is slower than if you use your ISP alone which I think is probably 4 00:00:14,490 --> 00:00:20,580 pretty obvious as you are adding an extra layer of encryption and you do an extra hop VPN out of your 5 00:00:20,580 --> 00:00:21,740 country. 6 00:00:21,750 --> 00:00:28,410 This will make the speed and latency issues worse but you should still have acceptable speed and latency 7 00:00:28,680 --> 00:00:31,150 with a good ISP and VPN provider. 8 00:00:31,290 --> 00:00:37,590 If you're only concerned about local hackers say a wife or a hotspot or stopping your ISP log in the 9 00:00:37,590 --> 00:00:43,980 sites that you go to then connecting to a local VPN that is in your country could be fine and make the 10 00:00:43,980 --> 00:00:47,190 speed and latency issues virtually non-existent. 11 00:00:47,430 --> 00:00:54,210 But generally good VBN are fast enough for even streaming videos even when you're bouncing off international 12 00:00:54,210 --> 00:00:55,440 exit nodes. 13 00:00:55,560 --> 00:01:02,100 On the positive side VPN is much faster than alternative anonymizing services like Tor. 14 00:01:02,250 --> 00:01:04,950 John Dhanam and I to pay. 15 00:01:05,370 --> 00:01:13,350 Now the first important point about VPN is VPN is not suitable to hide your identity from a motivated 16 00:01:13,390 --> 00:01:22,050 nation state especially if you are targeted only if you use a VPN in combination with other VPN nested 17 00:01:22,530 --> 00:01:24,490 or using toll. 18 00:01:24,540 --> 00:01:32,670 And John Dhanam Marta VPM be suitable as part of a complete solution to hide your identity against a 19 00:01:32,670 --> 00:01:35,260 nation state level adversary. 20 00:01:35,460 --> 00:01:41,010 In this sort of situation a less convenient solution might be just to use a public Wi-Fi hotspot. 21 00:01:41,220 --> 00:01:47,400 So let me repeat that a single VPN is not suitable to protect you against a nation state you need much 22 00:01:47,400 --> 00:01:57,090 more VPM would just be a piece of a total solution for anonymising you VPN can be good for evading censorship 23 00:01:57,120 --> 00:02:04,050 and geographic restrictions but it's only really wise to use them if the consequences of getting caught 24 00:02:04,290 --> 00:02:05,760 are relatively minor. 25 00:02:05,970 --> 00:02:12,270 Although it is not possible to see the content of VPN traffic as censor can use firewalls that your 26 00:02:12,270 --> 00:02:18,870 VPN is going through with something called deep pack inspection to determine if the encryption used 27 00:02:18,960 --> 00:02:20,790 is that of a VPN. 28 00:02:20,820 --> 00:02:27,480 The sensor can also probe suspected VPN servers to try to determine if it's a VPN. 29 00:02:27,660 --> 00:02:29,290 And this does happen in Iran. 30 00:02:29,340 --> 00:02:38,870 China notoriously do this open VPN IP set protocols are both distinctive from Hastey to p.s.. 31 00:02:38,880 --> 00:02:45,660 So it is possible to see the difference if a VPN is detected it can be blocked but the traffic still 32 00:02:45,660 --> 00:02:48,100 can't be seen or understood. 33 00:02:48,450 --> 00:02:53,190 If you are just looking to avoid censorship say for example you are in the US and you want to get to 34 00:02:53,580 --> 00:03:00,070 the BBC where the consequences of getting caught are pretty much non-existent although you can actually 35 00:03:00,080 --> 00:03:06,390 use alternative solutions to VPN which are actually arguably better because they might be faster and 36 00:03:06,390 --> 00:03:15,990 a couple of such solutions are these you have on locator is worn and smart VPN proxy. 37 00:03:16,140 --> 00:03:21,720 What you do with these is you simply add their DNS servers your DNS server and instead of giving you 38 00:03:21,720 --> 00:03:25,920 the real IP address of the servers you want to go to. 39 00:03:26,040 --> 00:03:32,370 It gives you the IP address of its proxy and all your traffic goes through its proxy and it changes 40 00:03:32,370 --> 00:03:37,980 the location based information so it effectively acts as a man in the middle. 41 00:03:38,130 --> 00:03:41,390 And because it is a man in the middle you have to trust them. 42 00:03:41,400 --> 00:03:45,870 They could do man in the middle attacks and I'm sure they can see your traffic as well. 43 00:03:45,930 --> 00:03:50,940 So you would only want it to be used this if what you were doing wasn't sensitive or the consequences 44 00:03:50,940 --> 00:03:52,090 were low. 45 00:03:52,480 --> 00:03:58,880 Are the ways of avoiding censorship and geographic restrictions or things like Sock's 5 proxies Heyse 46 00:03:58,920 --> 00:04:05,870 TTP Haiti DP Assam web proxies but we'll talk more about those in their own section. 47 00:04:05,880 --> 00:04:11,490 Now I did mention VPN detection and how an adversary could determine whether or not you are using a 48 00:04:11,490 --> 00:04:12,370 VPN. 49 00:04:12,450 --> 00:04:16,360 While there are methods to get around this detection. 50 00:04:16,410 --> 00:04:20,360 One such example is estoppel which you can see here. 51 00:04:20,420 --> 00:04:28,860 Another example is AABs proxy and we talked more about evading VPN detection and getting through files 52 00:04:29,280 --> 00:04:31,040 in it's own section too. 53 00:04:31,490 --> 00:04:37,350 But this then relates to my next point without obfuscating your use of a VPN. 54 00:04:37,350 --> 00:04:44,340 It is obvious to an observer that you are using on this code and on its own target you for active surveillance 55 00:04:44,370 --> 00:04:51,960 or a targeted attack is always best to keep a low profile and fly under the radar all times especially 56 00:04:51,960 --> 00:04:53,700 against a nation state. 57 00:04:53,700 --> 00:05:01,290 The peons would generally be considered less noteworthy than using Tor though as we're talking about 58 00:05:01,290 --> 00:05:04,580 potential weaknesses and problems with the VPN. 59 00:05:04,710 --> 00:05:08,430 It's worth mentioning the good VPN is don't come free. 60 00:05:08,490 --> 00:05:15,240 You can get slow speed VPN for free but if you want to fast before then you need to pay and you need 61 00:05:15,240 --> 00:05:21,510 to pay on the order of say $10 to $15 a month and that could be quite expensive depending on where you 62 00:05:21,510 --> 00:05:28,820 live and how much you earn know the potential witnesses the money trail unless you use anonymous forms 63 00:05:28,810 --> 00:05:32,400 of payment the payment can be traceable back to you. 64 00:05:32,410 --> 00:05:34,130 So that needs to be done correctly. 65 00:05:34,160 --> 00:05:43,460 So we're talking about using anonymous forms of payment such as Bitcoin in cash BP ends or a low latency 66 00:05:43,490 --> 00:05:45,010 anonymising service. 67 00:05:45,230 --> 00:05:51,040 What this means is that the traffic has to get to the destination quickly and come back quickly. 68 00:05:51,050 --> 00:05:55,350 For example browsing the web you don't want to wait five minutes for a response. 69 00:05:55,360 --> 00:06:03,250 This is what low latency means and all low latency anonymizing services like VPN Tor John Dhanam are 70 00:06:03,250 --> 00:06:10,400 susceptible to what is called Traffic confirmation or end and correlation attacks from any adversary 71 00:06:10,390 --> 00:06:14,330 that has sufficient means to have international influence. 72 00:06:14,720 --> 00:06:19,340 And what that means is really that they have the ability to see potentially the traffic here potentially 73 00:06:19,330 --> 00:06:26,270 the traffic here and potentially the traffic here because a single VPN service has a relatively small 74 00:06:26,260 --> 00:06:34,370 number of servers located in only a few data centers with a small number of users per server plus most 75 00:06:34,370 --> 00:06:41,470 beefy and servers only provide a single hop for an adversary if sufficient means to cross correlate 76 00:06:41,870 --> 00:06:46,700 all the entry and exit conversations wouldn't be too difficult. 77 00:06:46,780 --> 00:06:53,390 It would be in the order of less than a million comparison's for say an average VPN service something 78 00:06:53,380 --> 00:06:56,870 pretty trivial for the likes of the NSA or GCH. 79 00:06:56,870 --> 00:06:58,740 Q So what do I mean by that. 80 00:06:58,750 --> 00:07:05,860 So if you see here maybe you are set here you send some traffic volume VPN and that traffic happens 81 00:07:05,870 --> 00:07:13,390 to be sort of 5 meg of packet comes hours after here goes through to your destination server and say 82 00:07:13,390 --> 00:07:15,190 10 megs comes back. 83 00:07:15,190 --> 00:07:21,650 Here are some mornings able to observe here the rebels are able to observe here they can see and correlate 84 00:07:22,120 --> 00:07:25,630 the five megas going in 10 Meg has gone out. 85 00:07:25,630 --> 00:07:31,670 They keep watching it and then it won't take long for them to do traffic confirmation to determine who 86 00:07:31,660 --> 00:07:32,400 you are. 87 00:07:32,560 --> 00:07:39,210 Now what mitigates this slightly is if you have more users and servers spread over more countries the 88 00:07:39,380 --> 00:07:41,470 traffic confirmation attacks are. 89 00:07:41,810 --> 00:07:46,390 We know from NSA documents and therefore we can assume the nation states do this as well. 90 00:07:46,430 --> 00:07:49,060 The Internet routers are compromised. 91 00:07:49,370 --> 00:07:54,460 And so we will have tens of thousands of other devices around the world that will be compromised. 92 00:07:54,620 --> 00:08:01,600 And one of the things will be compromised for is for this traffic observation some VPN services offer 93 00:08:01,850 --> 00:08:09,790 multiple hop routes in different nations also making this end and correllation more difficult and tool 94 00:08:09,800 --> 00:08:12,200 for example would be more resistant to this. 95 00:08:12,220 --> 00:08:19,980 And co-relation attack as there are simply more servers and users but it is a known weakness for Tor 96 00:08:19,990 --> 00:08:27,190 as well and is certainly very vulnerable to it and a VPN is even more vulnerable to it. 97 00:08:27,310 --> 00:08:34,810 And again because of this low latency nature of VPN they are also susceptible to active attacks. 98 00:08:34,820 --> 00:08:41,830 So for example if your adversary was able to observe traffic between the user and the VPN server and 99 00:08:41,830 --> 00:08:48,890 they could affect that traffic in some way so say Vire a denial of service attack by sending too many 100 00:08:49,120 --> 00:08:51,350 packets to the VPN server. 101 00:08:51,520 --> 00:08:58,160 They would then be able to see impacts to both the user's online activity the birds see time variations 102 00:08:58,550 --> 00:09:05,130 and the changes in the connection to the server which would help the anonymize a user. 103 00:09:05,240 --> 00:09:09,970 And as I said all low latency anonymizing systems are susceptible to this. 104 00:09:10,060 --> 00:09:14,490 The less VOR's uses in less countries the more susceptible. 105 00:09:14,780 --> 00:09:21,080 And I think almost goes without saying but VPN don't protect you from client attacks. 106 00:09:21,080 --> 00:09:28,070 So if my adversary here just straight out attacks the destination server puts some code on here. 107 00:09:28,250 --> 00:09:31,010 You then go to this site you run that code. 108 00:09:31,150 --> 00:09:34,290 Then obviously the VPN is not going to do anything about that. 109 00:09:34,390 --> 00:09:39,360 Also browser exploits social engineering and phishing attacks. 110 00:09:39,360 --> 00:09:45,130 Obviously VPN does not provide any sort of protection against that which is the reason why you can't 111 00:09:45,130 --> 00:09:47,510 just have a VPN and everything is secure. 112 00:09:47,620 --> 00:09:56,840 You need defense in depth which is what all the controls are that we go through in this course we peons 113 00:09:56,890 --> 00:10:04,520 are possibly susceptible to something called web traffic fingerprinting which is a passive eavesdropping 114 00:10:04,510 --> 00:10:12,140 attack that looks at the size and timing of encrypted data streams where although the adversary only 115 00:10:12,130 --> 00:10:19,570 watches encrypted traffic from VPN and also S-sh And P.S. are affected. 116 00:10:19,610 --> 00:10:28,580 The adversary can still guess what web page is being visited because all web pages have specific traffic 117 00:10:28,580 --> 00:10:29,540 patterns. 118 00:10:29,570 --> 00:10:34,440 They can only guess if they know the pattern of the web page they're in advance. 119 00:10:34,440 --> 00:10:38,100 So if you were going to pages they were not aware of. 120 00:10:38,190 --> 00:10:40,810 They wouldn't have a patent for it. 121 00:10:40,990 --> 00:10:49,140 The content of the transmission is still hidden in the encryption in the VPN but to which website one 122 00:10:49,290 --> 00:10:53,050 connects to isn't secret or private anymore. 123 00:10:53,310 --> 00:10:58,360 There are multiple research papers on this topic. 124 00:10:58,380 --> 00:11:06,750 Several researchers have developed web page fingerprinting attacks on encrypted web traffic as occurs 125 00:11:07,050 --> 00:11:14,380 when the victim uses an encrypted tunnel such as S-sh VPN or IP Sec. 126 00:11:14,400 --> 00:11:22,290 According to this report here that you see they yielded greater than 90 percent accuracy for identifying 127 00:11:22,300 --> 00:11:27,150 Haiti Pak is on conventional VPN protocols. 128 00:11:27,150 --> 00:11:35,730 However some protocols like open S-sh and open VPN required a large amount of data before Haiti ETP 129 00:11:35,730 --> 00:11:38,850 packages were identified. 130 00:11:38,860 --> 00:11:46,980 I believe these numbers are overstated though from what I have read the other research papers that I 131 00:11:46,970 --> 00:11:51,390 am referring to are things like this one. 132 00:11:51,390 --> 00:11:57,280 Also there is more information here and there's more information here as well. 133 00:11:57,270 --> 00:12:03,730 If you're interested in web site fingerprinting other issues to consider. 134 00:12:03,840 --> 00:12:11,160 If you don't run your VPN permanently It's obvious to an observer when you're attempting to do something 135 00:12:11,160 --> 00:12:12,280 more private. 136 00:12:12,390 --> 00:12:18,390 So this is a signal that can draw closer examination because you are clearly showing when you are trying 137 00:12:18,390 --> 00:12:26,220 to do something private very annoyingly m t p or e mail and all the services that you might want to 138 00:12:26,220 --> 00:12:30,190 use can be blocked by the VPN provider. 139 00:12:30,480 --> 00:12:38,950 As MT particularly is often blocked because spammers use VPN to send spam that creates a problem. 140 00:12:38,940 --> 00:12:45,990 If you want to use email with an email client VPN can also be blocked by some Web sites that you want 141 00:12:45,990 --> 00:12:52,410 to visit streaming sites like Netflix for example are now blocking VPN. 142 00:12:52,560 --> 00:13:02,270 So this is a trend going forward and a definite weakness for VPN or at least some VPN providers. 143 00:13:02,580 --> 00:13:10,170 If you use your VPN for different aliases or identities at the same time this could contaminate or associate 144 00:13:10,170 --> 00:13:11,610 those aliases. 145 00:13:11,640 --> 00:13:20,130 For example if you have your email running for your real identity while using your VPN and you are accessing 146 00:13:20,130 --> 00:13:29,250 a forum has a different aliases your freedom fighter alias an observer could correlate the two together 147 00:13:29,250 --> 00:13:29,400 . 148 00:13:29,400 --> 00:13:33,420 This is another form of a correlation attack. 149 00:13:33,610 --> 00:13:41,070 You get captures that pop slow you down and your language can be set incorrectly when you're doing searches 150 00:13:41,070 --> 00:13:41,960 . 151 00:13:42,120 --> 00:13:50,310 We peons do not normally filter or replace your TZP packets which means you're not protected from TZP 152 00:13:50,310 --> 00:13:58,740 timestamp attacks the size you use when trying to access your accounts could flag your account as having 153 00:13:58,740 --> 00:14:05,940 suspicious activity because you are using a VPN then block lock or suspend your accounts. 154 00:14:05,940 --> 00:14:07,750 This can be for different reasons. 155 00:14:07,740 --> 00:14:12,990 Maybe the IP address you're using for your VPN has a tainted history. 156 00:14:12,990 --> 00:14:21,330 This often happens or they may know you are using a VPN IP address and not like it or they will see 157 00:14:21,330 --> 00:14:26,040 you're in a country that is different from where you are coming from previously. 158 00:14:26,040 --> 00:14:28,110 Those by using a VPN. 159 00:14:28,140 --> 00:14:31,100 Your accounts can be at risk. 160 00:14:31,470 --> 00:14:39,930 VPN providers don't provide a hardened browser to prevent tracking and hacking browser fingerprinting 161 00:14:39,960 --> 00:14:47,320 or browser exploits like you get if you use Tor or John Dhanam they have hardened browsers. 162 00:14:47,380 --> 00:14:54,010 This means if you use a VPN and you don't harden your browser as I suggest in the section on browser 163 00:14:54,000 --> 00:15:01,470 security your VPN sessions can be tracked from site to site using things like cookies super cookies 164 00:15:01,500 --> 00:15:07,500 referrers and all the other nefarious methods I mentioned and go on the course. 165 00:15:07,560 --> 00:15:15,950 VPN is really only protect your privacy and not anonymity so much to protect your anonymity. 166 00:15:15,960 --> 00:15:23,550 The VPN providers cannot know your source IP address they cannot have payment details they cannot know 167 00:15:23,860 --> 00:15:31,210 anything about you otherwise that is not anonymity and the VPN providers will know the information is 168 00:15:31,560 --> 00:15:37,780 only possible to get anonymity with a VPN or full anonymity with a VPN. 169 00:15:37,770 --> 00:15:47,600 If you use nested VPN which we can later or VPN is in combination with all the anonymizing services 170 00:15:48,000 --> 00:15:55,570 you could argue that you can get anonymity with BP ns from say where you are connecting to the far destination 171 00:15:55,680 --> 00:15:59,780 if they have no power by which to influence your VPN. 172 00:15:59,900 --> 00:16:06,330 But generally you should consider a VPN is more of a tool for privacy than a inimitably. 173 00:16:06,370 --> 00:16:12,970 If your source IP address is known by someone your payment details are known and there's tracking information 174 00:16:12,960 --> 00:16:18,260 back to you and inimitably is where there is nothing related back to you. 175 00:16:18,390 --> 00:16:26,170 So that's all of the VPN weaknesses there's lots there to think about gives you an idea of why you should 176 00:16:26,160 --> 00:16:32,110 use a VPN and why you should not use a VPN and why you should rely on not rely on them. 20904