So I run NordVPN and Malwarebytes in an effort to keep my ass hidden online and avoid the planting of pests and spyware in my system, but some time ago I ran into a bit of confusion. A chap I know was singing the praises of NordVPN, telling me why it was better than other VPNs, and he eventually convinced me and I began running it; but no sooner had he done that (and this guy knows a lot about this technology) than he told me Big Brother had tools that could force your computer to send out its real IP address despite the encryption and VPN technology.
Frustrated was I, and still am. I never got a chance, however, to ask him to explain this damnable technology he alluded to. Could someone who understands it please explain it to me in simple terms, and also tell me if there is anything that can be done about it? I’d be grateful, thanks.
Simple answer, particularly if state actors are your concern, do nothing on the internet that you would be unwilling to have printed on the front pages of the New York Times.
All of these efforts are only mitigation and not prevention. There will be leakage, there will be exploits.
Your IP address is an address that’s fundamentally necessary for communication to happen, completely hiding it is impossible. By definition, your ISP knows your IP address, since they are the ones who assign it to you in the first place,so anyone who can get that information from the ISP can get it.
What a VPN can do for you is force all traffic through the VPN provider. So instead of you connecting directly to the Straightdope servers, you send your traffic to the VPN, and the VPN relays it to the Straightdope servers. So anyone tapping into your ISP routers would only see you constantly talking to the VPN server, and not know from that data stream what you’re talking to.
But that also means that the VPN by definition has to keep track of who you are and what you’re talking to, to be able to keep the transaction going. So if Big Brother has the VPN provider tapped, they’ll still know everything.
VPNs are useful to avoid (some) geoblocking, and good if you’re in a situation where you’re on an insecure network (open or someone else’s wifi), but it’s not really all that useful against malware or actual targeted government actions.
VOIP phones are an example of technology that sends out your “real” IP address. Webrowser like you are using now are also sometimes guilty.
Knowing your “real” IP address is often both less dangerous and less helpful than it might seem: my "real’ IP address at the moment is 192.168.1.157, which tells you nothing (It’s a generic IP address). If I was using a VPN, my “real” IP address would still be easy to discover, and still be useless.
A more common event is that the government or copyright holder might work backwards from the other end, to find your ISP and the IP address the ISP is using for you. Then they can get your identity from your ISP. Some VPNs “proxy” to make this more difficult.
A government could probably defeat that protection if they really tried. On the other hand, it is so difficult that China doesn’t try: they just ban VPNs.
Taking this one piece at a time... I had some confusion as to where the VPN was placed, as it were. My computer connects to the internet through my ISP's gateway, so it's after the gateway that my traffic is routed through the VPN. Somehow I was thinking the VPN obscured me to my ISP.
Now when you say the VPN keeps track of me and who I'm talking to, do you mean it's all logged? The friend I mentioned earlier had said that one great thing about NordVPN is they don't do that--although I'm aware that's a common claim among VPN providers. But this leads me to the question of encryption. NordVPN also encrypts all my traffic, so even if the gov't is tapping the VPN, they can't know anything about my traffic or which servers I'm connecting to, can they?
Encryption, by itself, does not hide any traffic. It’s just scrambled.
If you want to defeat network traffic analysis, you need to do so deliberately. Starting from the assumption that the entire network is being monitored and all messages are visible.
So my traffic is encrypted, but “they” can see which servers I connect to? And when you say defeating network traffic analysis, is that what Melbourne was referring to when he mentioned a VPN proxy?