Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:02,010 --> 00:00:07,680
Get an hour of the witnesses and problems inherent in VPN so you can understand where they are suitable
2
00:00:07,680 --> 00:00:09,180
and where they are not.
3
00:00:09,180 --> 00:00:14,490
So the first thing is that the paeans is slower than if you use your ISP alone which I think is probably
4
00:00:14,490 --> 00:00:20,580
pretty obvious as you are adding an extra layer of encryption and you do an extra hop VPN out of your
5
00:00:20,580 --> 00:00:21,740
country.
6
00:00:21,750 --> 00:00:28,410
This will make the speed and latency issues worse but you should still have acceptable speed and latency
7
00:00:28,680 --> 00:00:31,150
with a good ISP and VPN provider.
8
00:00:31,290 --> 00:00:37,590
If you're only concerned about local hackers say a wife or a hotspot or stopping your ISP log in the
9
00:00:37,590 --> 00:00:43,980
sites that you go to then connecting to a local VPN that is in your country could be fine and make the
10
00:00:43,980 --> 00:00:47,190
speed and latency issues virtually non-existent.
11
00:00:47,430 --> 00:00:54,210
But generally good VBN are fast enough for even streaming videos even when you're bouncing off international
12
00:00:54,210 --> 00:00:55,440
exit nodes.
13
00:00:55,560 --> 00:01:02,100
On the positive side VPN is much faster than alternative anonymizing services like Tor.
14
00:01:02,250 --> 00:01:04,950
John Dhanam and I to pay.
15
00:01:05,370 --> 00:01:13,350
Now the first important point about VPN is VPN is not suitable to hide your identity from a motivated
16
00:01:13,390 --> 00:01:22,050
nation state especially if you are targeted only if you use a VPN in combination with other VPN nested
17
00:01:22,530 --> 00:01:24,490
or using toll.
18
00:01:24,540 --> 00:01:32,670
And John Dhanam Marta VPM be suitable as part of a complete solution to hide your identity against a
19
00:01:32,670 --> 00:01:35,260
nation state level adversary.
20
00:01:35,460 --> 00:01:41,010
In this sort of situation a less convenient solution might be just to use a public Wi-Fi hotspot.
21
00:01:41,220 --> 00:01:47,400
So let me repeat that a single VPN is not suitable to protect you against a nation state you need much
22
00:01:47,400 --> 00:01:57,090
more VPM would just be a piece of a total solution for anonymising you VPN can be good for evading censorship
23
00:01:57,120 --> 00:02:04,050
and geographic restrictions but it's only really wise to use them if the consequences of getting caught
24
00:02:04,290 --> 00:02:05,760
are relatively minor.
25
00:02:05,970 --> 00:02:12,270
Although it is not possible to see the content of VPN traffic as censor can use firewalls that your
26
00:02:12,270 --> 00:02:18,870
VPN is going through with something called deep pack inspection to determine if the encryption used
27
00:02:18,960 --> 00:02:20,790
is that of a VPN.
28
00:02:20,820 --> 00:02:27,480
The sensor can also probe suspected VPN servers to try to determine if it's a VPN.
29
00:02:27,660 --> 00:02:29,290
And this does happen in Iran.
30
00:02:29,340 --> 00:02:38,870
China notoriously do this open VPN IP set protocols are both distinctive from Hastey to p.s..
31
00:02:38,880 --> 00:02:45,660
So it is possible to see the difference if a VPN is detected it can be blocked but the traffic still
32
00:02:45,660 --> 00:02:48,100
can't be seen or understood.
33
00:02:48,450 --> 00:02:53,190
If you are just looking to avoid censorship say for example you are in the US and you want to get to
34
00:02:53,580 --> 00:03:00,070
the BBC where the consequences of getting caught are pretty much non-existent although you can actually
35
00:03:00,080 --> 00:03:06,390
use alternative solutions to VPN which are actually arguably better because they might be faster and
36
00:03:06,390 --> 00:03:15,990
a couple of such solutions are these you have on locator is worn and smart VPN proxy.
37
00:03:16,140 --> 00:03:21,720
What you do with these is you simply add their DNS servers your DNS server and instead of giving you
38
00:03:21,720 --> 00:03:25,920
the real IP address of the servers you want to go to.
39
00:03:26,040 --> 00:03:32,370
It gives you the IP address of its proxy and all your traffic goes through its proxy and it changes
40
00:03:32,370 --> 00:03:37,980
the location based information so it effectively acts as a man in the middle.
41
00:03:38,130 --> 00:03:41,390
And because it is a man in the middle you have to trust them.
42
00:03:41,400 --> 00:03:45,870
They could do man in the middle attacks and I'm sure they can see your traffic as well.
43
00:03:45,930 --> 00:03:50,940
So you would only want it to be used this if what you were doing wasn't sensitive or the consequences
44
00:03:50,940 --> 00:03:52,090
were low.
45
00:03:52,480 --> 00:03:58,880
Are the ways of avoiding censorship and geographic restrictions or things like Sock's 5 proxies Heyse
46
00:03:58,920 --> 00:04:05,870
TTP Haiti DP Assam web proxies but we'll talk more about those in their own section.
47
00:04:05,880 --> 00:04:11,490
Now I did mention VPN detection and how an adversary could determine whether or not you are using a
48
00:04:11,490 --> 00:04:12,370
VPN.
49
00:04:12,450 --> 00:04:16,360
While there are methods to get around this detection.
50
00:04:16,410 --> 00:04:20,360
One such example is estoppel which you can see here.
51
00:04:20,420 --> 00:04:28,860
Another example is AABs proxy and we talked more about evading VPN detection and getting through files
52
00:04:29,280 --> 00:04:31,040
in it's own section too.
53
00:04:31,490 --> 00:04:37,350
But this then relates to my next point without obfuscating your use of a VPN.
54
00:04:37,350 --> 00:04:44,340
It is obvious to an observer that you are using on this code and on its own target you for active surveillance
55
00:04:44,370 --> 00:04:51,960
or a targeted attack is always best to keep a low profile and fly under the radar all times especially
56
00:04:51,960 --> 00:04:53,700
against a nation state.
57
00:04:53,700 --> 00:05:01,290
The peons would generally be considered less noteworthy than using Tor though as we're talking about
58
00:05:01,290 --> 00:05:04,580
potential weaknesses and problems with the VPN.
59
00:05:04,710 --> 00:05:08,430
It's worth mentioning the good VPN is don't come free.
60
00:05:08,490 --> 00:05:15,240
You can get slow speed VPN for free but if you want to fast before then you need to pay and you need
61
00:05:15,240 --> 00:05:21,510
to pay on the order of say $10 to $15 a month and that could be quite expensive depending on where you
62
00:05:21,510 --> 00:05:28,820
live and how much you earn know the potential witnesses the money trail unless you use anonymous forms
63
00:05:28,810 --> 00:05:32,400
of payment the payment can be traceable back to you.
64
00:05:32,410 --> 00:05:34,130
So that needs to be done correctly.
65
00:05:34,160 --> 00:05:43,460
So we're talking about using anonymous forms of payment such as Bitcoin in cash BP ends or a low latency
66
00:05:43,490 --> 00:05:45,010
anonymising service.
67
00:05:45,230 --> 00:05:51,040
What this means is that the traffic has to get to the destination quickly and come back quickly.
68
00:05:51,050 --> 00:05:55,350
For example browsing the web you don't want to wait five minutes for a response.
69
00:05:55,360 --> 00:06:03,250
This is what low latency means and all low latency anonymizing services like VPN Tor John Dhanam are
70
00:06:03,250 --> 00:06:10,400
susceptible to what is called Traffic confirmation or end and correlation attacks from any adversary
71
00:06:10,390 --> 00:06:14,330
that has sufficient means to have international influence.
72
00:06:14,720 --> 00:06:19,340
And what that means is really that they have the ability to see potentially the traffic here potentially
73
00:06:19,330 --> 00:06:26,270
the traffic here and potentially the traffic here because a single VPN service has a relatively small
74
00:06:26,260 --> 00:06:34,370
number of servers located in only a few data centers with a small number of users per server plus most
75
00:06:34,370 --> 00:06:41,470
beefy and servers only provide a single hop for an adversary if sufficient means to cross correlate
76
00:06:41,870 --> 00:06:46,700
all the entry and exit conversations wouldn't be too difficult.
77
00:06:46,780 --> 00:06:53,390
It would be in the order of less than a million comparison's for say an average VPN service something
78
00:06:53,380 --> 00:06:56,870
pretty trivial for the likes of the NSA or GCH.
79
00:06:56,870 --> 00:06:58,740
Q So what do I mean by that.
80
00:06:58,750 --> 00:07:05,860
So if you see here maybe you are set here you send some traffic volume VPN and that traffic happens
81
00:07:05,870 --> 00:07:13,390
to be sort of 5 meg of packet comes hours after here goes through to your destination server and say
82
00:07:13,390 --> 00:07:15,190
10 megs comes back.
83
00:07:15,190 --> 00:07:21,650
Here are some mornings able to observe here the rebels are able to observe here they can see and correlate
84
00:07:22,120 --> 00:07:25,630
the five megas going in 10 Meg has gone out.
85
00:07:25,630 --> 00:07:31,670
They keep watching it and then it won't take long for them to do traffic confirmation to determine who
86
00:07:31,660 --> 00:07:32,400
you are.
87
00:07:32,560 --> 00:07:39,210
Now what mitigates this slightly is if you have more users and servers spread over more countries the
88
00:07:39,380 --> 00:07:41,470
traffic confirmation attacks are.
89
00:07:41,810 --> 00:07:46,390
We know from NSA documents and therefore we can assume the nation states do this as well.
90
00:07:46,430 --> 00:07:49,060
The Internet routers are compromised.
91
00:07:49,370 --> 00:07:54,460
And so we will have tens of thousands of other devices around the world that will be compromised.
92
00:07:54,620 --> 00:08:01,600
And one of the things will be compromised for is for this traffic observation some VPN services offer
93
00:08:01,850 --> 00:08:09,790
multiple hop routes in different nations also making this end and correllation more difficult and tool
94
00:08:09,800 --> 00:08:12,200
for example would be more resistant to this.
95
00:08:12,220 --> 00:08:19,980
And co-relation attack as there are simply more servers and users but it is a known weakness for Tor
96
00:08:19,990 --> 00:08:27,190
as well and is certainly very vulnerable to it and a VPN is even more vulnerable to it.
97
00:08:27,310 --> 00:08:34,810
And again because of this low latency nature of VPN they are also susceptible to active attacks.
98
00:08:34,820 --> 00:08:41,830
So for example if your adversary was able to observe traffic between the user and the VPN server and
99
00:08:41,830 --> 00:08:48,890
they could affect that traffic in some way so say Vire a denial of service attack by sending too many
100
00:08:49,120 --> 00:08:51,350
packets to the VPN server.
101
00:08:51,520 --> 00:08:58,160
They would then be able to see impacts to both the user's online activity the birds see time variations
102
00:08:58,550 --> 00:09:05,130
and the changes in the connection to the server which would help the anonymize a user.
103
00:09:05,240 --> 00:09:09,970
And as I said all low latency anonymizing systems are susceptible to this.
104
00:09:10,060 --> 00:09:14,490
The less VOR's uses in less countries the more susceptible.
105
00:09:14,780 --> 00:09:21,080
And I think almost goes without saying but VPN don't protect you from client attacks.
106
00:09:21,080 --> 00:09:28,070
So if my adversary here just straight out attacks the destination server puts some code on here.
107
00:09:28,250 --> 00:09:31,010
You then go to this site you run that code.
108
00:09:31,150 --> 00:09:34,290
Then obviously the VPN is not going to do anything about that.
109
00:09:34,390 --> 00:09:39,360
Also browser exploits social engineering and phishing attacks.
110
00:09:39,360 --> 00:09:45,130
Obviously VPN does not provide any sort of protection against that which is the reason why you can't
111
00:09:45,130 --> 00:09:47,510
just have a VPN and everything is secure.
112
00:09:47,620 --> 00:09:56,840
You need defense in depth which is what all the controls are that we go through in this course we peons
113
00:09:56,890 --> 00:10:04,520
are possibly susceptible to something called web traffic fingerprinting which is a passive eavesdropping
114
00:10:04,510 --> 00:10:12,140
attack that looks at the size and timing of encrypted data streams where although the adversary only
115
00:10:12,130 --> 00:10:19,570
watches encrypted traffic from VPN and also S-sh And P.S. are affected.
116
00:10:19,610 --> 00:10:28,580
The adversary can still guess what web page is being visited because all web pages have specific traffic
117
00:10:28,580 --> 00:10:29,540
patterns.
118
00:10:29,570 --> 00:10:34,440
They can only guess if they know the pattern of the web page they're in advance.
119
00:10:34,440 --> 00:10:38,100
So if you were going to pages they were not aware of.
120
00:10:38,190 --> 00:10:40,810
They wouldn't have a patent for it.
121
00:10:40,990 --> 00:10:49,140
The content of the transmission is still hidden in the encryption in the VPN but to which website one
122
00:10:49,290 --> 00:10:53,050
connects to isn't secret or private anymore.
123
00:10:53,310 --> 00:10:58,360
There are multiple research papers on this topic.
124
00:10:58,380 --> 00:11:06,750
Several researchers have developed web page fingerprinting attacks on encrypted web traffic as occurs
125
00:11:07,050 --> 00:11:14,380
when the victim uses an encrypted tunnel such as S-sh VPN or IP Sec.
126
00:11:14,400 --> 00:11:22,290
According to this report here that you see they yielded greater than 90 percent accuracy for identifying
127
00:11:22,300 --> 00:11:27,150
Haiti Pak is on conventional VPN protocols.
128
00:11:27,150 --> 00:11:35,730
However some protocols like open S-sh and open VPN required a large amount of data before Haiti ETP
129
00:11:35,730 --> 00:11:38,850
packages were identified.
130
00:11:38,860 --> 00:11:46,980
I believe these numbers are overstated though from what I have read the other research papers that I
131
00:11:46,970 --> 00:11:51,390
am referring to are things like this one.
132
00:11:51,390 --> 00:11:57,280
Also there is more information here and there's more information here as well.
133
00:11:57,270 --> 00:12:03,730
If you're interested in web site fingerprinting other issues to consider.
134
00:12:03,840 --> 00:12:11,160
If you don't run your VPN permanently It's obvious to an observer when you're attempting to do something
135
00:12:11,160 --> 00:12:12,280
more private.
136
00:12:12,390 --> 00:12:18,390
So this is a signal that can draw closer examination because you are clearly showing when you are trying
137
00:12:18,390 --> 00:12:26,220
to do something private very annoyingly m t p or e mail and all the services that you might want to
138
00:12:26,220 --> 00:12:30,190
use can be blocked by the VPN provider.
139
00:12:30,480 --> 00:12:38,950
As MT particularly is often blocked because spammers use VPN to send spam that creates a problem.
140
00:12:38,940 --> 00:12:45,990
If you want to use email with an email client VPN can also be blocked by some Web sites that you want
141
00:12:45,990 --> 00:12:52,410
to visit streaming sites like Netflix for example are now blocking VPN.
142
00:12:52,560 --> 00:13:02,270
So this is a trend going forward and a definite weakness for VPN or at least some VPN providers.
143
00:13:02,580 --> 00:13:10,170
If you use your VPN for different aliases or identities at the same time this could contaminate or associate
144
00:13:10,170 --> 00:13:11,610
those aliases.
145
00:13:11,640 --> 00:13:20,130
For example if you have your email running for your real identity while using your VPN and you are accessing
146
00:13:20,130 --> 00:13:29,250
a forum has a different aliases your freedom fighter alias an observer could correlate the two together
147
00:13:29,250 --> 00:13:29,400
.
148
00:13:29,400 --> 00:13:33,420
This is another form of a correlation attack.
149
00:13:33,610 --> 00:13:41,070
You get captures that pop slow you down and your language can be set incorrectly when you're doing searches
150
00:13:41,070 --> 00:13:41,960
.
151
00:13:42,120 --> 00:13:50,310
We peons do not normally filter or replace your TZP packets which means you're not protected from TZP
152
00:13:50,310 --> 00:13:58,740
timestamp attacks the size you use when trying to access your accounts could flag your account as having
153
00:13:58,740 --> 00:14:05,940
suspicious activity because you are using a VPN then block lock or suspend your accounts.
154
00:14:05,940 --> 00:14:07,750
This can be for different reasons.
155
00:14:07,740 --> 00:14:12,990
Maybe the IP address you're using for your VPN has a tainted history.
156
00:14:12,990 --> 00:14:21,330
This often happens or they may know you are using a VPN IP address and not like it or they will see
157
00:14:21,330 --> 00:14:26,040
you're in a country that is different from where you are coming from previously.
158
00:14:26,040 --> 00:14:28,110
Those by using a VPN.
159
00:14:28,140 --> 00:14:31,100
Your accounts can be at risk.
160
00:14:31,470 --> 00:14:39,930
VPN providers don't provide a hardened browser to prevent tracking and hacking browser fingerprinting
161
00:14:39,960 --> 00:14:47,320
or browser exploits like you get if you use Tor or John Dhanam they have hardened browsers.
162
00:14:47,380 --> 00:14:54,010
This means if you use a VPN and you don't harden your browser as I suggest in the section on browser
163
00:14:54,000 --> 00:15:01,470
security your VPN sessions can be tracked from site to site using things like cookies super cookies
164
00:15:01,500 --> 00:15:07,500
referrers and all the other nefarious methods I mentioned and go on the course.
165
00:15:07,560 --> 00:15:15,950
VPN is really only protect your privacy and not anonymity so much to protect your anonymity.
166
00:15:15,960 --> 00:15:23,550
The VPN providers cannot know your source IP address they cannot have payment details they cannot know
167
00:15:23,860 --> 00:15:31,210
anything about you otherwise that is not anonymity and the VPN providers will know the information is
168
00:15:31,560 --> 00:15:37,780
only possible to get anonymity with a VPN or full anonymity with a VPN.
169
00:15:37,770 --> 00:15:47,600
If you use nested VPN which we can later or VPN is in combination with all the anonymizing services
170
00:15:48,000 --> 00:15:55,570
you could argue that you can get anonymity with BP ns from say where you are connecting to the far destination
171
00:15:55,680 --> 00:15:59,780
if they have no power by which to influence your VPN.
172
00:15:59,900 --> 00:16:06,330
But generally you should consider a VPN is more of a tool for privacy than a inimitably.
173
00:16:06,370 --> 00:16:12,970
If your source IP address is known by someone your payment details are known and there's tracking information
174
00:16:12,960 --> 00:16:18,260
back to you and inimitably is where there is nothing related back to you.
175
00:16:18,390 --> 00:16:26,170
So that's all of the VPN weaknesses there's lots there to think about gives you an idea of why you should
176
00:16:26,160 --> 00:16:32,110
use a VPN and why you should not use a VPN and why you should rely on not rely on them.
20904
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.