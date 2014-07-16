Hacker News new | comments | show | ask | jobs | submit login
Ask HN: Is it possible to make a VPN that cannot log traffic?
i.e. the same way Signal has end to end encryption and they do verifications of their software

is it possible to set up VPN infrastructure such that you could have independent audits that prove you have no way of knowing what website a given user is on?

otherwise, theoretically, could a curious VPN employee just browse what all of the VPNs customers are doing at any time, what they're googling, who they're looking at on Facebook, etc?

I don't know enough about VPNs and network infrastructure to be able to word this question properly, to my uneducated self it feels like I'm basically asking, could you have a VPN with end to end encryption






Nope. Mix networks like Tor attempt to disguise metadata, but USG essentially owns all the Tor exit nodes, and logs all traffic: https://nakedsecurity.sophos.com/2015/06/25/can-you-trust-to... https://pando.com/2014/12/26/if-you-still-trust-tor-to-keep-... https://pando.com/2014/07/16/tor-spooks/

There is no way to browse the web securely. Don't do anything online that you think the Trump administration might not like.

You mistake VPN for anonymization tool. It's not, it's for joining two or more non-public networks together (in degenerate case a network consists of a single host only). What you want is implemented by Tor, though you still need encryption+authentication channel between yourself and destination server (i.e. SSL/TLS connection).

HTTPS doesn't hide metadata, of course. An exit node can still see what servers you're connecting to.

Of course it can, but it cannot tell who is making the connection (this is implemented by onion routing) or what was sent (this is implemented by TLS), and without the payload it cannot infer who is making the connection.

