If a computer or phone uses a VPN, then what data will be available to the owners of this VPN? It is clear that the user's ip and all http traffic. And what is the part of https traffic? And what about the other protocols?

  • What other protocols are we talking about? In general, they will have access to all question-answer traffic, but encryption solves such questions. They will not get something supernatural. - Evgeny Ivanov
  • @ EvgenyIvanov probably meant ftp, rpd and so on. And yes, vpn will be able to find out your login / password from ftp (not to be confused with sftp), and also read the forward config.php - DiDex
  • @DiDex well, how to say find out, he will be able to find out everything, all traffic, if that is not encrypted, and if it is encrypted, it will be available but it will not be able to decrypt even the config . - Evgeny Ivanov
  • @ YevgenyIvanov unconditionally, (Hello telegram) - DiDex
  • 2
    @Qwertiy is probably sent . - D-side

1 answer 1

Those. it is about untrusted VPN.

Purely hypothetically, owners of an untrusted VPN can see:

  • for any protocol - addresses and ports of end servers.
  • for any unencrypted protocol (HTTP, FTP ...) - take a snapshot of the traffic and pull out all user logins / passwords from there
  • in addition - to reveal the sites that the user visits through the DNS data leak (by default, the DNS is unencrypted + some providers intercept requests to external DNS and slip their records). Now, of course, there is a movement in the direction of DoT and DoH, but the matter has not yet reached its full implementation.
  • in order to infiltrate encrypted HTTPS traffic, one must either use stolen and valid certificates (no one checks the certificate for membership of any organization, since this is contrary to the idea of ​​Domain Validation).

I'm not saying that if any ports with any services are open on the computer, then the VPN owners (and with certain settings other VPN users) can scan the computer for vulnerable services and attack them (through overflow buffers, etc.).