VPN Security

Some security issues when using a VPN

VPN Anonymity

An insecure connection is still insecure: Although Riseup VPN will anonymize your location and protect you from surveillance from your ISP, once your data is securely routed through riseup.net it will go out on the internet as it normally would. Therefore, you should still use secure connections (TLS) when available (ie https over http, imaps over imap, etc).

Besides that, how anonymous is RiseupVPN? Each time you run RiseupVPN, a new certificate is created to authenticate to the service. We do not require a username/password registration for RiseupVPN, and we do not have any information that ties those short-lived certificates to each other, or to an individual. Additionally, our logs do not contain any IP addresses of any user, any browser fingerprint information (browser information, plugins installed, fonts installed, screen resolution, etc.), DNS requests, traffic flows, any metadata information, any personally identifying information of any kind, and more. The logs we do have are the bare minimum needed to make the service work. We don’t sell or share any of these logs. The logs that do exist are stored encrypted, and persist for no more than 5 days before being rotated out of existence.

Man-in-the-middle attacks

A Man-in-the-middle attack (or MiTM) is where the attacker is able to listen and/or modify your network traffic. Such an attack can be used to de-anonymize you, modify content, steal your passwords, or serve you viruses, trojans or other software designed to gain access to your computer.

Every internet connection is vulnerable to a MiTM attack because of the broken nature of how the internet works. By tricking the routing protocol used by the internet, any traffic is vulnerable to a MITM attack from anywhere in the world. Although this vulnerability has been known for years, researchers dramatically demonstrated such an attack at the hacker conference DEFCON in August of 2008.

Does a VPN help protect against MiTM?

Yes and no. Using a VPN will shut down many of the places where a MiTM attack might happen, but not all of them. Specifically, it will protect your traffic between your device and the VPN gateway, preventing your ISP (or most governments) from performing a MiTM attack targeted toward you.

However, once your traffic passes from the VPN gateway to its eventual destination, it becomes vulnerable to a MiTM attack. With a VPN, your traffic is then semi-anonymized, so it is much much more difficult to target any attack toward any particular person, but an indiscriminate attack against all users of a particular website is still very possible.

For example, in January 2011 the Tunisian government, in fear of the popular uprising that would eventually topple the regime, was able to perform a MiTM attack on Facebook users connecting from withing Tunisia, capturing their login and passwords. In this case, a VPN would have protected as long as the VPN gateway was located outside the country of Tunisia.

Περιορισμοί στη χρήση του Riseup VPN

Το Riseup VPN έχει κάποιους περιορισμούς που απαντώνται σε όλα τα προσωπικά VPN:

  • Μια μη ασφαλής σύνδεση παραμένει μη ασφαλής: Αν και το Riseup VPN θα κρατήσει ανώνυμη την τοποθεσία σας και θα σας προστατεύει από την επιτήρηση του ISP σας, αφού τα δεδομένα δρομολογηθούν με ασφάλεια μέσα από το riseup.net θα βγουν στο διαδίκτυο όπως θα έβγαιναν κανονικά. Αυτό σημαίνει ότι πρέπει ακόμα να χρησιμοποιείτε TLS όταν είναι διαθέσιμο (δηλαδή https, imaps κλπ).
  • η σύνδεσή σας στο διαδίκτυο μπορεί να είναι πιο αργή: το Riseup VPN δρομολογεί όλη την κίνησή σας μέσα από μια κρυπτογραφημένη σύνδεση στο riseup.net πριν βγει στο κανονικό διαδίκτυο. Αυτό το επιπλέον βήμα μπορεί να κάνει τα πράγματα πιο αργά. Για να ελαχιστοποιήσετε το φαινόμενο αυτό, επιλέξτε μια πύλη VPN κοντά στο μέρος όπου πραγματικά ζείτε.