Can a VPN read my traffic to know what I’m doing?
fedilink
53
Can a VPN read my traffic to know what I’m doing?
fedilink

https://torrentfreak.com/italy-approves-piracy-shield-vpn-dns-proposal-risk-of-prison-for-isps-intact-241001/

As title. Italy is decided to pass a law that basically creates a chinese-type firewall in the country. The question is simple: even if I’m not doing anything illegal, my VPN provider will have to know what am I doing to report it in case it’s illegal, or face jail.

So how could my traffic remain private in this scenario?

Can a VPN provider with no logs policy be held accountable of anything? Can it actually know what I’m doing?

@ShortN0te@lemmy.ml
link
fedilink
13M

Not exactly. They are pointing out that HTTPS assumes all is well if it sees a certificate from any “trusted” certificate authority. Browsers typically trust dozens of CAs (nearly 80 for Firefox) from jurisdictions all over the world. Anyone with sufficient access to any of them can forge a certificate.

Great thing, that you can remove them and only trust those you trust.

Also, HTTPS doesn’t cover all traffic like a properly configured VPN does.

Pls explain what https is not covered? The SNI on tbe first visit? A VPN just moves the “exit point” of your traffic. Now the Datacentef and VPN provider sees what you ISP saw.

it’s not difficult for a well positioned snooper (like an internet provider that has to answer to government) to follow your traffic on the net and deduce what you’re doing.

No. I never said otherwise. But they cannot spy on the traffic. And since the SNI is not encrypted anyway they do not even nerd to “follow the traffic”. But what sites you are visiting and what you are doing on them are 2 different things.

@delirious_owl@discuss.online
link
fedilink
1
edit-2
3M

Lol OK. Every US company has to legally provide their private keys (or a subordinate CA) to the US government if asked, due to NSL laws. We have examples of the US doing this historically, only because some companies broke the law and spoke out publicly.

So go ahead and remove all CAs issued from US companies. Verisign, cloudflare, akamai, Microsoft, Amazon, etc.

Now 80% of the Internet is broke.

@ShortN0te@lemmy.ml
link
fedilink
13M

  1. And? If you cannot trust then you should not use them when you want to do something that is private and should not get looked on.

  2. And if there were signs of misuse of the trust, then they would get removed.

It is actually really easy to monitor thanks to CT.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.11K Posts
  • 78K Comments
  • Modlog