How does the ONE VPN, which is on Purism's end, work to prevent the local router from seeing my traffic, more?

In addition to the Subject question, I want to know what privacy Tor provides outside of its computer? I thought that it doesn’t log one’s traffic so that anyone else looking at THAT computer would not be able to see where one has been, but that doesn’t seem to prevent the ISP from seeing the Tor browser’s traffic. And how does https prevent the ISP from seeing the url?

The URL is transmitted on the TLS-secured connection that is requested by virtue of the URL being “https:”. The secured payload includes the host name from the URL and the local path from the URL - so these are both kept private. However if the client is using Server Name Indication (SNI) then the host name may additionally be transmitted in plain text for the purposes of establishing the secure TLS connection.

So to take the URL of your post as an example https ://forums.puri.sm/t/how-does-the-one-vpn-which-is-on-purisms-end-work-to-prevent-the-local-router-from-seeing-my-traffic-more/6190 (where I have inserted a space in the URL to keep this forum from not displaying the URL) …

the Host name is forums.puri.sm and the path is /t/how-does-the-one-vpn-which-is-on-purisms-end-work-to-prevent-the-local-router-from-seeing-my-traffic-more/6190 and both of these are transmitted encrypted on the TLS-secured connection but if the client is using SNI it may additionally transmit forums.puri.sm unencrypted anyway.

I’ll leave the VPN question and the TOR question for someone else.

Well, it’s called tunnel for a reason, right? It’s not “on Purism’s end”.
YOU ==> local router ==> ISP ==> random node ==> VPN out --> random node --> destination
Basically, you (only) have a connection to the VPN out, and that’s all the local router and ISP etc. know.
The IPs you visit are only visible to “VPN out” and the following.

the WWW is CENTRALISED meaning that everyone who “surfs” the internet get’s an ip and requests and is served data through packets. these packets can be modified both incoming/outgoing at seemingly random points along the transport medium.

so the question is ? where is the first exit node of the tunnel ? and who controls it ?

VPN is dangerous in this regard because it tends to concentrate ALL data packets at a single exit node. while in the dark tunnel a packet is concealed by encription but when it exits it is revealed by the “light outside”. with TOR it’s the same final exit node anyways so no matter how many times you bounce the traffic around a network it still has to come out finally at some point. it’s just like the customs between Mexico and USA - in this case Mexico is the network (VPN,TOR, or just the non-tin-foil-hat-way to travel) the USA customs is the exit node.

see > https://protonvpn.com/blog/vpn-servers-high-risk-countries/

vote for 2019 protonVPN countries > https://protonvpn.com/blog/vpn-servers-poll-2019/

now the question is can you trust your machine at least ? > https://www.gnu.org/philosophy/loyal-computers.html > http://www.gnu.org/philosophy/who-does-that-server-really-serve.html > https://www.fsf.org/resources/hw/endorsement/respects-your-freedom

https://www.eff.org/pages/tor-and-https for those who find pictures a bit easier check out the thing near the bottom of this page.

2 Likes

OneVPN had many such issues and they were not persistent with their policilies. Personally I like NordVPN. It is a paid service but well worth the money. They have a lot of servers around the world, support streaming, have an awesome and responsive ServiceDesk and best of all, a no-log policy. That last part is something that is being overlooked to often and basically means that your VPN isn’t private at all since the logs will tell exactly what, where and how long you did something.

Read more about NordVPN comprehensively here https://www.privacytips.co/nordvpn-review/

They also have several other benefits like NordVPN offer double VPN, Onion routing (join the Onion network without installing additional software) en secure browsing features.

Highly recommended!

Pro tip: Stop using NordVPN and stop recommending it to others. If you’ve been keeping up on tech news, you know that NordVPN is worthless from a privacy standpoint now.

As many as 2,000 users of NordVPN, the virtual private network service that recently disclosed a server hack that leaked crypto keys, have fallen victim to credential-stuffing attacks that allow unauthorized access to their accounts.

In recent weeks, credentials for NordVPN users have circulated on Pastebin and other online forums. They contain the email addresses, plain-text passwords, and expiration dates associated with NordVPN user accounts.

Anybody still recommending this service should be admonished harshly and publicly. You should switch to something more secure as soon as possible.

give me a free-software VPN that uses open-hardware for infrastructure is local enough to be paid with cash or pre-pay activated, is fully transparent about it’s active personal-data-policies and has a similar activist attitude and i’ll consider it.