Guidebolt

Online Security

2017.10.16

HTTP

From Your Computer

To Your Internet Service Provider

To the Target Website


Summary: Everything is exposed. The ISP, website, and any packet sniffers in the middle see everything.

Your IP Address: Exposed (ex. 23.21.193.184)

Target Website Address: Exposed (ex. www.website.com)

Target URI Path: Exposed (ex. /blog/article/why-security-matters)

Request Data: Exposed (ex. cookies, passwords, search queries, file uploads)

HTTPS

From Your Computer

To Your Internet Service Provider

To the Target Website


Summary: Your IP address is exposed; the website's name and IP are exposed. But all other data is secured by encryption between your computer and the website.

Your IP Address: Exposed

Target Website Address: Exposed

Target URI Path: Secured

Request Data: Secured


Balance between security and privacy. Good for general use.

HTTPS with VPN

From Your Computer

To Your Internet Service Provider

To the VPN Server

To the VPN Server's Internet Service Provider

To the Target Website


Summary: Your ISP only sees the connection between your computer and the VPN server. The VPN server's ISP only sees the connection between the VPN server and the target website. Other data is encrypted between your computer and the website.

Your IP Address: Exposed to Your ISP and VPN Server

Target Website Address: Exposed to VPN Server and their ISP

Target URI Path: Secured

Request Data: Secured


Excellent security but not fail-proof!

You will be compromised in the future if the VPN server saves logs. Logs show timestamps and connection details. They can be used to trace packets back to your computer. To ensure forward secrecy, the VPN server and its network infrastructure must be truly logless.

You will be compromised now if the VPN server has been taken over already. The VPN server does not need to record logs if it is streaming your connection details in real-time to those with malicious intent against you.

You may be compromised if the target website or VPN ISP colludes with your ISP or a packet sniffer on your side. Timestamps and IP address tracing can be analyzed to point back to your computer. You can protect yourself by accessing the website during high traffic periods (camouflaging), using multiple VPN servers to complicate the retroactive trace analysis (proxy chaining), and switching IP addresses (dummy swapping).