Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Someone could make a program that inspects the packets on your local network. If they're encrypted then the connection is safe. They could then start a register of VPNs and rate them.

This is just the start though, you'd also have to guard against common keys and other various gotchas.

Also, another idea is VPN providers might start seeing it as a business opportunity to provide robust, secure connections and advertise how they work. These claims could easily be verified.

Just a start, I'm not an expert in networking, but it seems fairly doable. Obviously MITM is always possible if you're not connecting via ssl.

Also, this could be the impetus for further decentralizing the internet, although who knows how far that's out. The centralization of the internet might have taken things too far and killed the golden goose by abusing their position, incentivizing an acceleration of full decentralization, like with IPFS and their ilk.



I don't understand. The VPN connection is decrypted at some point when it goes to public internet, and that server is in control of the VPN provider (or so I've thought). They could log the requests at that point. Even if you only use HTTPS, the VPN provider can at least log what servers you're making requests to, and DNS requests too I suppose, even if they can't figure out what HTTP route you're requesting.


Furthermore, SNI will leak domains. Which is just as valuable to data miners. And also DNS.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: