What personal information (like hostname etc) of Ubuntu sends in order to initialization of open VPN (establishing)?
What personal information (like hostname etc) of Ubuntu sends in order to initialization of open VPN (establishing)?
I imagine that depends entirely on what information the VPN client software chooses to collect and send.The client's real IP address so the VPN server can reply is the only necessity I can think of.
ovpn is just text. Look inside.
However, the VPN provider does have access to all unencrypted traffic going through its pipes and if encrypted traffic is poorly encrypted using out of date ciphers (which are still allowed), then they may have complete access to all the data. Using a VPN provider you trust really is important.
I'm so paranoid that I don't trust any of them and choose to rent a VPS and install my own VPN server whenever I need a VPN. Because I do this often, I have the server setup taking less than 3 minutes from the time I log into the VPS panel and start choosing the VPS machine configuration until I'm connected to the VPN and nearly anonymous. Of course, if the VPS is required by some govt, they can capture all the transferred data and try to crack the TLS encoded packets from inside the vpn tunnel later, if they like.
Some govts are known to require the VPN keys be provided for all VPNs under their control. For them, all the data is available.
Some govts require older versions of TLS (the newer version of SSL) be used which have been cracked, so all that data is available to them as well.
If you really need the protections of a VPN and live in the places that don't allow privacy to that level, perhaps a different solution than a VPN would be prudent? TOR would be my first go-to tool, but performance can be bad.
I suspect that too, so I use the method of VPN on Tor, so my real IP is still hidden to VPN server. I just want to know what the system information can help them identify me are not a different user (eg, computer name) when the tor IP are different.
Your authentication information already uniquely identifies you to the VPN server.
Also, openpvn is bad software which is full of bugs and you're likely opening yourself up to a range of vulnerabilities just by using it. You can tell how good a VPN provider is by their tech stack. Try to find someone who supports at least Wireguard, a modern and secure VPN protocol.
Tor is only for HTTP/HTTPS traffic. I don't even know if they tunnel DNS. They definitely do not tunnel all other traffic ... unless there is another Tor setting.
VPNs are for all ports, if correctly configured and you aren't on MS-Windows (which has a DNS attack for all VPNs announced a few weeks ago, that has been in the code over a decade (perhaps 2)).
More isn't always better. It often provides a false sense of security rather than real security. Additionally, Tor cannot help if you've every connected to the same websites using the same userid. Or if you post with the same writing style, just writing style can out you, even from different userids and different IPs.
Privacy on the internet is hard.
I am using Ubuntu + Whonix-gateway, so DNS resolving is not a problem. Because is OpenVPN file is public using, I guess they cannot identify me if no more personal information OpenVPN sending to the VPN service during initializing connection (about 5 seconds).
That's no guarantee.
It isn't that easy. Behavior matters, assuming everything else is done correctly too. You can be determined just by behavior. Heck, most browsers can be "fingerprinted" to drastically reduce the number of possible people. I did a fingerprinting exercise and was able to figure out that only 2 people in Australia, outside Sidney, would have the same fingerprint as my browser. Just two! That means in about 22 million people (I removed Sidney's population), just 2 browsers are like mine. 2 locations to knock on the door. Add in behavior and I bet the other guy would be eliminated - so 1 house.
Browsers give away all sorts of things about us, by default, unless we go out of our way to lie or prevent it. Things like timezones, languages, addons, extensions, if they allow javascript, then your local LAN can be scanned for other devices using javascript. Now they have MAC addresses not just for the computer, but for any other devices on the LAN. MAC addresses can be spoofed on computers, if the NIC allows that, but not on TVs and other IoT devices.
Like I said, privacy is hard.
Bookmarks