- Joined
- Jul 14, 2019
Well, the purpose of a VPN is to provide network services as though your device has a network interface connected to another network entirely, so that you can access the private services within that network. It (should) do this with a virtual network interface, hence Virtual Private Network. Of course, it is better with encryption, but that isn't the actual goal of VPN software. The goal is to provide connectivity to some other network. Encryption is just a way to achieve that while also preventing network-level VPN protocol hijacking. Commercial VPN services such as Mullvad, ProtonVPN and PIA are actually pretty weird in that regard, as they are just connecting you to the Internet as though the Internet was the private network.
The krebsonsecurity article on this has a quote from some UICnigger who wrongly states "However, and I think this is a key point to emphasize, an untrusted network is an untrusted network, which is why you’re usually employing the VPN in the first place." No child, you use a VPN to access private network services in another network. You fell for mossad marketing tactics, child.
The underlying VPNs are working as intended, and this "advisory" assumes the goal is to provide encrypted communications within a hostile networking environment which is NOT the goal of VPN software. This is just a marketing discrepancy between what commercial VPN providers promise to their consumers and what they actually deliver, which is almost always an off-the-shelf VPN solution that is configured to work like a dynamic network proxy.
That being said, a commercial VPN is still a convenient way, especially for less technically savvy people to hide their IP address from websites they use and appear as though they are originating from a place they are not. Always assume your VPN provider is logging your traffic post-decryption when they send it on to its real destination. Internet backbones were doing that anyways for whatever domestic glow agencies their wires run through the jurisdiction of.
This is a low-risk vulnerability at its best. I won't be including this in my threat model.
The krebsonsecurity article on this has a quote from some UICnigger who wrongly states "However, and I think this is a key point to emphasize, an untrusted network is an untrusted network, which is why you’re usually employing the VPN in the first place." No child, you use a VPN to access private network services in another network. You fell for mossad marketing tactics, child.
The underlying VPNs are working as intended, and this "advisory" assumes the goal is to provide encrypted communications within a hostile networking environment which is NOT the goal of VPN software. This is just a marketing discrepancy between what commercial VPN providers promise to their consumers and what they actually deliver, which is almost always an off-the-shelf VPN solution that is configured to work like a dynamic network proxy.
That being said, a commercial VPN is still a convenient way, especially for less technically savvy people to hide their IP address from websites they use and appear as though they are originating from a place they are not. Always assume your VPN provider is logging your traffic post-decryption when they send it on to its real destination. Internet backbones were doing that anyways for whatever domestic glow agencies their wires run through the jurisdiction of.
This is a low-risk vulnerability at its best. I won't be including this in my threat model.
