Comment on Please allow VPNs
Tellore@lemmy.world 2 weeks agoBecause it protects you from ISP or targeted MITM. Lets say your ISP decides to spy on users or someone cuts into the internet wire going from your appartment to ISP, without VPN they can fully see and modify all http traffic as it’s totally unencrypted, in https traffic they can’t see the content but they see domain names of sites you are visiting and exact time when you are visiting them. With VPN 100% of your traffic is encrypted and in similar situation absolutely nothing is visible or modifiable. Someone can MITM on VPN provider itself, but it’s not really suitable for targeted scenarios, because those wires are in other part of the world than you, those wires are much better physically protected and even if malicious actors succeed they will have very hard time filtering traffic from different users from each other.
Gimpydude@lemmynsfw.com 2 weeks ago
I agree with preventing your ISP from being able to see your traffic, but not necessarily on the mitm attacks. In either case, a mitm needs to be positioned properly.
As far as the ISP seeing your DNS traffic, there are ways to derive your real IP based on DNS queries. DNS leaks are a thing. It’s not necessarily true that 100% of your traffic is encrypted.
Tellore@lemmy.world 2 weeks ago
Do you think VPN doesn’t necessarily prevent MITM anywhere between you and VPN server? Regarding DNS queries, here is a quote I found: “Full-Tunnel VPN routes and encrypts all the Internet traffic through the VPN. Consequently, DNS requests are also encrypted and out of the control of the Internet provider". I’m not sure how to setup VPN in a way that doesn’t tunnel DNS requests through VPN server because I mostly use smart clients like Proton’s one that route everything and have total killswitch.