Re: OT: VPN questionww

To: debian-user@lists.debian.org
Subject: Re: OT: VPN questionww
From: Andy Smith <andy@strugglers.net>
Date: Sat, 16 Aug 2025 16:57:41 +0000
Message-id: <[🔎] aKC4hQZeCt5epopn@mail.bitfolk.com>
In-reply-to: <[🔎] 6ed7affd-da1f-4cc5-93c8-b31618de999c@mail.com>
References: <[🔎] 6378c065-d588-41eb-9645-b01dcf78c680@blakemfg.com> <[🔎] 20250815162652.r4qna4pzmunr5nnl@randomstring.org> <[🔎] b85af757-5ccb-4798-a64b-c7fe81c43df5@blakemfg.com> <[🔎] 9a765720-fef2-1c3b-e81d-e93003b5b5f3@woodall.me.uk> <[🔎] efd51be0-5876-4b90-a0fa-3d447091903b@blakemfg.com> <[🔎] 6ed7affd-da1f-4cc5-93c8-b31618de999c@mail.com>

Hi,

On Sat, Aug 16, 2025 at 05:40:33PM +0200, john doe wrote:
> Note that VPN providers will know what web site you are looking at.

Maybe yes, maybe no.

The Internet is increasingly centralised with for example so many web
sites served by Cloudflare. The host and URL that the browser requests
is done inside the https connection so all the VPN provider sees is a
port 443 connection to some Cloudflare IP address.

Now, the DNS is often clear text UDP on port 53, so if your DNS server
is also reached by the VPN they may be able to see what you are
resolving, which would indeed reveal the sites you use (but not the
URLs, directly¹). Yet, increasingly DNS privacy measures are in place
like again Cloudflare and others offering DNS over HTTPS, or
alternatively DNSCrypt.

So in fact I am personally more concerned about the vast trove of user
data that Cloudflare has as opposed to any individual VPN provider.

Thanks,
Andy

¹ With knowledge of the layout of a web site it is possible to
  statistically partially recreate a user's journey through the site
  based on what their DNS queries are. Similarly by analysing other
  traffic flow metadata like file size it can be guessed which assets
  have been requested without being able to see the content of the
  assets on the wire. This has been one argument for https Debian
  mirrors, even though Debian packaging format has its own
  anti-tampering precautions.

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

Follow-Ups:
- Re: OT: VPN questionww
  - From: "Roy J. Tellason, Sr." <roy@rtellason.com>

References:
- OT: VPN question
  - From: Fred <fred@blakemfg.com>
- Re: OT: VPN question
  - From: Dan Ritter <dsr@randomstring.org>
- Re: OT: VPN question
  - From: Fred <fred@blakemfg.com>
- Re: OT: VPN question
  - From: Tim Woodall <debianuser@woodall.me.uk>
- Re: OT: VPN question
  - From: Fred <fred@blakemfg.com>
- Re: OT: VPN questionww
  - From: john doe <johndoe65534@mail.com>

Prev by Date: Re: Atypical migration to Trixie
Next by Date: Re: Fullscreen X11 Applications on Trixie KDE
Previous by thread: Re: OT: VPN questionww
Next by thread: Re: OT: VPN questionww
Index(es):
- Date
- Thread