Someone please demystify VPN

Discussion in 'Mac Basics and Help' started by talino, Mar 27, 2012.

  1. talino macrumors member

    Joined:
    Aug 16, 2010
    #1
    Hi,

    I have a very basic question regarding VPN: suppose I want to connect a Mac to a paid VPN server in order to secure and anonymize internet traffic, and manage to configure OSX properly. If I'm behind a router, how is the VPN traffic different from stuff sent and received by other (non-VPN) Macs behind the same router? Since all the Macs share the same "outside" IP address and are only differentiated by the router NAT feature, how can a single Mac be "anonymized" by connecting through a VPN?

    Thanks in advance for clearing this up...
     
  2. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #2
    Depends what you mean by "anonymised", and who is looking.

    In the main, and notwithstanding lets say significant law enforcement activity, since the traffic between you and the VPN end point is encrypted, and only the VPN service can tie up whats going into them and then is being routed on to you, its not possible for anyone to determine what your Mac is connecting to on the net.

    So one anonymity would be that the end service you connect to, lets say Website X, only sees a connection to VPN website Y, not Mac Z.
    Another would be that anyone tapping your line, would have no idea whether you were sending traffic to website X, or Google.
    Obviously (?) the VPN service could tell someone what was happening, so you'd have to trust them.

    Or did I misunderstand your question?
     
  3. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #3
    It can't, because VPNs (especially paid subscriptions) are not anonymous.
     
  4. Bob Coxner macrumors 6502a

    Joined:
    Mar 24, 2011
    #4
    You can come pretty close. Use a VPN based outside of the US or Europe to start. There's one (can't remember the name right now) that's based in the Maldives and makes a big point that they're immune to law enforcement demands from US or European authorities. Then pay for it with a pre-paid anonymous Visa card that you buy from Walmart with cash.

    Unless you come to the attention of the FBI or CIA, you're probably pretty good even with a US/Euro based VPN. If you're just doing routine music/movie torrents then you'll be safe from the RIAA and MPAA. If you're playing with Wikileaks or Lulzsec then, no, you're not safe if "they" really want to identify you, again unless you're dealing with a VPN that can legally avoid logging requirements.
     
  5. n8236 macrumors 65816

    Joined:
    Mar 1, 2006
    #5
    Look into a paid proxy service. Using a proxy, the outside traffic should see incoming traffic coming from proxy instead of your private network.

    Because every bit of traffic goes into a proxy and back out (vice versa), you won't get the full bandwidth due to the checks and relays in place.
     
  6. talino thread starter macrumors member

    Joined:
    Aug 16, 2010
    #6
    Thanks everyone for the very informative answers. What I was trying to understand is how can there be a difference between a Mac connecting to, say, a VPN from behind a router and another Mac connecting directly to the internet through that same router, with no VPN. If I understand routers correctly, to the outside world all computers behind the router look the same (i.e. coming and going from and to the same "public" IP address). If I take the VPN analogy I've seen recently — islands communicating via special submarines moving inside a "public" ocean — how can some of this communication be a submarine (i.e. encrypted) and some not, when they all "share" the same IP address? I hope the question makes sense, apologies if it doesn't...
     
  7. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #7
    It all comes down to what YOU mean by "anonymous". IMO you are focussing too much on the IP address regards anonymity. I would say that for "most" people anonymity means that no one knows what websites you are accessing, and the websites you access dont know who you are,say you are accessing my.little.fluffy.kitten website , even if someone accessed the server logs for that website, they wouldnt be able to backtrack to you, the track would end at the VPN site.

    All depends what your aim is regards anonymity, at this theoretical level its hard to take it any further. What do you define anonymity as being? What sort of anonymity do you want?

    Or if its all just a theoretical Q, then go read Wikipedia or similar on how VPNs work as I'm sure there articles will be far longer than anyone here has the enthusiasm to recreate (and why reinvent the wheel).
     
  8. Cerebrus' Maw, Mar 28, 2012
    Last edited: Mar 28, 2012

    Cerebrus' Maw macrumors 6502

    Joined:
    Mar 9, 2008
    Location:
    Brisbane, Australia
    #8
    In someways, you have answered your own question.

    A proxy server is just another level in the paradigm you've described.

    In the scenario of where there is no proxy, you (the user, A) make a request to a Website (B), and the website sends the response to you. A<------->B

    Where there is a proxy, the VPN assumes your role as the user. The VPN makes the request on your behalf, receives data, and then forwards that data to you. So 'anonymity' is based on the fact that the website has sent data to the VPN that it thinks is you. A<----->VPN<------->B

    I'm not sure I get your submarine analogy (it actually seems more like a HTTP/S one) . I would liken it more like a mail one. Most people get mail delivered to their door (non VPN) with their name on the envelope (John Doe).

    But some people get their mail delivered to the front desk of a hotel or a PO Box (PO/Room 16) Who lives in Room 16??? Only the hotel (VPN) knows...

    Crude, but I hope I articulated the point...

    EDIT: Just reading your last post regarding two computers on the same router.
    Ok, imagine you and I are in a house and we are both on our wifi router, browsing the Apple store.

    Now the Apple website sees one IP address, the router. It has no context that there is more then one computer. Apple receives a request from our router, and sends a response directly to it. It is then up to our router to correctly give the response to either you or me.

    Next I am going to use a Proxy server. So I make a connection to the Proxy server Tor. Now Apple WILL see two IP address. One from our router, (which you are one) and one from Tor(which I am on, via our router)
    When you make a request, our router sends it to Apple, and Apple, as before, sends it back. Our router gives the response to you.
    When I make a request, our router sends it to Tor, Tor then sends it to Apple. Apple sends it back to Tor, Tor then gives it back to our router, and gives the response to me.

    Apple has no idea what happens to the data beyond when it sends it to the destination. Wether it be our router, or to Tor. It simply sends
     
  9. talino thread starter macrumors member

    Joined:
    Aug 16, 2010
    #9
    @Cerebrus' Maw: Most detailed and helpful answer possible. Thanks a lot for taking the time to post this!
     

Share This Page