upvote

points

by lorenzohess8 hours ago |
comments
upvoteby illiac7866 hours ago|
next
[-]
Why not? Why can’t it be the purpose of a given VPN service?
reply
upvoteby PhilipRoman5 hours ago|
parent|
[-]
If you use the VPN for the Web, browser fingerprinting is a major threat outside of specialized scenarios
reply
upvoteby mort962 hours ago|
parent|
[-]
In other words: a VPN service can't by itself solve all problems which potentially lead to deanonymization, it can only provide anonymous networking.

Why can't it aim to solve what it can do? TOR is a great example: the TOR network itself can't perfectly anonymize you due to browser fingerprinting, but users of the TOR Browser get both the TOR network resisting deanonymization on a network level and a browser with plenty of anti-fingerprinting measures built in. A VPN could aim to prevent deanonymization on a network level so that users who want to stay anonymous can use the VPN in combination with fingerprinting-resistant software.

reply
upvoteby colordrops7 hours ago|
prev|
next
[-]
Isn't Tor a us government project that has been shown to be deanonymizable?
reply
upvoteby SirHumphrey6 hours ago|
parent|
next
[-]
Sort of. There are a bunch of timing attacks bug in general it still works fairly well.
reply
upvoteby overfeed6 hours ago|
parent|
[-]
Also, a buch of conspiring entry-/exit-nodes will do the trick, if you have a budget for enough of them.
reply
upvoteby mike_hock3 hours ago|
parent|
prev|
next
[-]
It has been successfully deanonymized, and resistance to NSA-level capabilities is explicitly not a stated goal.
reply
upvoteby DaSHacka3 hours ago|
parent|
[-]
Do you have a source for this?
reply
upvoteby mike_hock3 hours ago|
parent|
[-]
No, because I don't keep a list of every article I've read over the past decade or so, but there were multiple busts where a regular law enforcement agency (FBI and their international counterparts) were able to prove the identity of a user simply by timing attacks.

The fact that Tor does not intend to tackle the timing problem is plainly stated on the Tor website.

reply
upvoteby breppp6 hours ago|
parent|
prev|
[-]
and so is ARPANET
reply
upvoteby jorvi7 hours ago|
prev|
[-]
That is exactly the point of public VPNs..

If I'm on a public VPN, I don't want anyone to know who is making the request, including the terminating IP.

Think about it. By your logic, VPNs shouldn't be used for torrents because VPNs shouldn't anonymize you to the terminating IP. Whereas they work gangbusters for that.

If you are talking about private VPNs.. Mullvad isn't one.

reply
upvoteby DrBenCarson5 hours ago|
parent|
next
[-]
Public VPNs only protect you from your ISP
reply
upvoteby DaSHacka3 hours ago|
parent|
[-]
And, arguably more importantly, from the service you're using.
reply
upvoteby charcircuit6 hours ago|
parent|
prev|
[-]
I think you are misreading his comment. He is saying that on a VPN it is standard behavior that if you visit site A and site B they will both see you connecting from the same IP and can infer you are potentially the same person.
reply
upvoteby fragmede5 hours ago|
parent|
[-]
Site A and B have to collude in order to make that inference. Outside of Cloudflare, no one is colluding at that level.
reply
upvoteby camgunz1 hours ago|
parent|
next
[-]
Plenty of people own more than one website. You're also forgetting about random site assets like web fonts, CSS, JavaScript CDNs, etc. etc.
reply
upvoteby antonvs4 hours ago|
parent|
prev|
[-]
That would only be true if there were no ad networks.

But today’s internet is essentially a giant ad network.

reply