many discussions it recently there has been about the safety of PIA VPN services in particular and as a VPN technology in general. This post should help both to the spirit of our customers at home and also to better inform them on how VPN technologies work and how they interact with the largest ecosystem of applications and infrastructure network.
First of all, no solution is 100% secure by itself. Applications depend on other applications and hardware to run properly, and compromise throughout the stack can be used to attack your privacy and anonymity.
To understand how PrivateInternetAcces works, you must have a basic understanding VPN in networks and routing interact general and how to protect your data.
VPN is an encrypted tunnel works by creating a network interface in your computer similar to a Wifi / simulated network connection. When your computer sends data to the simulated interface, your VPN software encrypts the data and sends it to your gateway via your actual network interface. The gateway decrypts the data and sends it to original as you want it to go to.
Your computer knows which connection to send data by checking your "routing table". When using the VPN, he said something like "usually always send data to my vpn simulated interface". Apart from this, it is often more specific rules, depending on your network configuration.
Another rule that you will always have your routing table when using a VPN is "when sending data on the VPN gateway, use my WiFi interface." Otherwise, your VPN software will not be able to connect to your VPN server and send it to your encrypted data. Thus, your routing table should have links that allow it to be sent directly to the network.
This means that if your computer is behaving in a way that you do not want to act because of a compromise, the above configuration can be exploited. By having a malicious actor taking control of various parts of your computer or network, your safety may be endangered.
Web browsers, but a fundamental part of our experience of the Internet, are also an essential element of our security profile. Not only are they powerful applications in what they can do on our computers, but they are in constant communication with servers that may not have our best interest in mind. This is always extremely dangerous: our browser is running attackers controls on our computers. In addition, browsers are highly complex applications, and are often able to perform even more powerful plugins such as Java and Flash, which all had vulnerabilities described in the past.
The fact is that browsers can, for example, the name of the site you visit, open arbitrary network connections from your computer just about any other server in the Internet. This means that there can be an incredible power to your computer in the hands of a malicious Web site operator once you give him free reign in your browser by accessing its website
But the question is :. A malicious Web site could still threaten my safety or anonymity just visiting? The answer, as in so many complex situations, it depends. Here are some scenarios in which the answer could be yes:
- Your Flash version is outdated. The site can take control of your computer and execute arbitrary commands on it, and it is likely that the malicious Web site can control your computer in a way that threatens your privacy / anonymity, even if you use a VPN .
- You 're using Java. Although Java is patched every 3 months, given the 30+ vulnerabilities announced each quarter, it is very likely that you are at risk sailing with Java. It is recommended practice that if you need to use Java for anything (usually corporate intranet applications or banks) that you use a browser just for that, so that you reduce the risk of opening a malicious Web site about her.
- There is a tap on the browser itself. What happened when the FBI injected malware on the Tor Bundle firefox browser users by hacking a website and serve site users malware, it helps to de-anonymize them.
- By forcing you to connect to another site that keeps track of your identity via cookies or log, another site can now match your IP VPN to your previous original IP in the folder the same user assuming you have used the Web site directly in the past, even if you do plan to let the other website know your IP VPN.
- The site opens a connection to a server that is not on your itinerary "default". In other words, the data will not be sent through the VPN, and the malicious operator has the ability to be inspecting network traffic by compromising your router or be able to read the packets on your network, or to receive packets network directed to this server. Mitigating this is one of the main reasons why we do not recommend any kind of split tunneling.
Note that if these attacks are technically feasible when visiting a malicious website, they are usually simple, to the point of being impractical and even a Man In The (MitM ) average scenario, ie., someone manipulate network data between you and a legitimate website. The reason is that the VPN connection protects you against already MitM attack all the way until the VPN gateway server, and it is much more difficult to attack far from the front door that is in front of her , mean compromising your public WiFi router / home.
In any case, this is why we recommend that users that really need to be as safe as possible for their anonymity to add layers of protection because you never know where the next vulnerability be. Unfortunately, the most common operating systems (Windows and OSX) do not offer this solution directly. However, having a firewall that ensures that only your VPN application sends unencrypted data on your WiFi / network interface, for example, you can prevent other malicious application to send data with your original IP . There is a chance that your firewall has a weakness, but it acts as another layer of security.
Similarly, if your browser has a proxy configuration on him, he will therefore always send data directly to the proxy, instead of relying on the routing table. There is still a chance that your proxy may be compromised, but you add another layer of security.
By disabling javascript and not allowing it to non-malicious-known sites that you trust, you can avoid certain types of network connections to be open. There are still ways to open connections without javascript, and the site you trust could be compromised by a third party (as in the case of the previously discussed FBI). But there is another layer of security.
Our team at PrivateInternetAccess working around the clock to keep your anonymity and your data safe. It is important to be aware that no single solution can protect 100% all the time, regardless of defects and vulnerabilities elsewhere. Computers and networks form an interdependent ecosystem, and cracks on one of these interactions can be exploited by a person who does not have your best interest in mind. In particular, web browsers are powerful and in the hands of malicious website operations applications, they can, intelligently, putting your privacy at risk.
Although we do not believe what is stated above should concern the everyday user, it is always important to understand that the Internet can be a dangerous place, and we do our best to ensure that you are protected.
0 Komentar