undefined | Better HN

0 pointspbhjpbhj6y ago0 comments

I don't think your analysis is complete.

Most VPN's raison d'être is providing privacy. If it's publicly known that they don't then that kills their business.

An ISP is tasked with connecting prior to the internet, they don't make claims about privacy, they can reveal information about clients without necessarily putting anyone off, most of the clients for large ISPs have probably never heard of a VPN.

If a VPN wanted to they could get audits by pen-testers to warrant their ability to provide secrecy.

A VPN provider that's been around a while and claims to offer a high level of privacy probably does.

Slight aside:

>My ISP can see the domain name of the result I click, and a VPN would mask that from them. //

There was a paper a little while ago, they directly identified pages by mitm-ing HTTPS by using meta-data (page size alone IIRC). Success was something like 80%.

0 comments

headmelted6y ago

>There was a paper a little while ago, they directly identified pages by mitm-ing HTTPS by using meta-data (page size alone IIRC). Success was something like 80%.

Link please. I don't doubt what you're saying, I'm just really interested in reading more about this.

pbhjpbhjOP6y ago

https://scirate.com/arxiv/1403.0297

>We present a traffic analysis attack against over 6000 webpages spanning the HTTPS deployments of 10 widely used, industry-leading websites in areas such as healthcare, finance, legal services and streaming video. Our attack identifies individual pages in the same website with 89% accuracy, exposing personal details including medical conditions, financial and legal affairs and sexual orientation. //

j / k navigate · click thread line to collapse