I see all the craze about VPN and often it is connected with hiding activity from ISP.
I understand that VPN encrypts the packets and my concrete activity should be hidden from ISP.
But what about VPN provider? Can they see my activity? Ultimately the packet must be decrypted at the end of the tunnel and sent its way out to the internet - that will be visible to VPN provider doesn’t it? As well as the response to that packet which need to find its way back to the tunnel and to me.
If so, aren’t VPN providers just becoming those who can look?
If so, aren’t VPN providers just becoming those who can look?
Yes, that’s precisely how it works. The benefits for many despite this are, that the VPN provider usually knows less about you than your ISP, they often don’t log your activity and you share one IP address with several other customers of that VPN, which makes it more difficult to connect specific activities to you personally.
If they want they can, because the tunnel is to their servers, this is why many sais no log policy, no user activities, no user ip, etc,
When we connect to a vpn server provider, the connection is between our pc and their servers, from their servers to internet, but they can snoop, the good thing is that almost all the websites now in internet are https://, so they can see what websites you go to, but not what youre doing in them,
VPN is basically to protect from your isp from p2p downloadings, protections like man in the middle in unsecure WiFi spots, etc
But even using VPN, the isp can see what websites we are going to… because the sni is unencrypted.
So a VPN doesnt protect much more than surfing in internet throught https://, because isp and vpn provider can still known what website we are visiting.
But its good for geolocation restrictions, streaming and p2p
But even using VPN, the isp can see what websites we are going to… because the sni es unencrypted.
I didn’t know the isp could still see where I was going. If they can what is the point of a VPN as the traffic itself is already mostly https and therefore encrypted.
I admit I didn’t understand the part ‘the sni is’, is that just typo I can’t decrypt or a jargon? And I am also interested in the answer to your question. Thx
When we are connected to the VPN, the VPN ISP can see the websites we are going to, and more things if they want, if we use https the VPN provider cannot see what we are doing in this sites, but if we have not esni=encrypted sni, they can see all the websites we are visiting, the same context, if we are without VPN and our ISP, even using https, they can see what websites, and also p2p traffic, etc
VPN server’s ISP can see our HTTPS traffic and the SNIs on it, but has no idea what user that is associated with. Could be 10K people using same VPN server at same time.
Your home ISP knows your ID, but can’t see HTTPS traffic or SNIs if you’re using a VPN.
Maybe there’s a little confusion which provider are we talking about at each point.
There are 3 different providers so far if I understand correctly:
My home ISP [this is the one everybody is trying to hide from]
My VPN provider [this is the suggested solution for some problems]
VPN’s ISP [this one was mentioned, but it seems to me that this one is not really the issue, for the reasons you stated - the disconnect from the original user (=me)]
So the statement in question is (I think):
Can my VPN provider see servers (host names) I am browsing?
And because of SNI it seems that they can even if you use HTTPs (which will encrypt content but not the SNI part). Unless the server and browser support (and use) ESNI.
Yes, the VPN provider sees the SNIs and the destination IP addresses of your HTTPS traffic. VPN knows what sites you’re accessing. Even if SNI was not an issue, VPN has to know the destination IP addresses.
But you said:
even using VPN, the isp can see what websites we are going to
