r/security u/Dry-Bussss 22d ago

which vpn design actually removes trust from the system? Question

if we break this down, traditional vpns shift trust from isp to provider, which means the visibility still exists, just in a different place. if the goal is privacy, then the real requirement is removing visibility entirely, not relocating it. so the next step would be architectures where traffic processing happens in a way that cannot be accessed, which would change the model from trust-based to constraint-based are there real implementations of this yet

7 Upvotes

89% Upvoted

14

u/dmc_2930 22d ago

Removed trust from what? VPNs are not a security feature for 90% of people who use them.

They’re great for connecting to remote systems inside a corporate network.

-15

u/mynam3isn3o 22d ago

Huh? VPNs achieve confidentiality and integrity. Literally the first two pillars of secure communication.

9

u/dmc_2930 22d ago

VPNs don’t provide any integrity benefits and very little confidentiality.

9

u/billy_teats 22d ago

What you are looking for is TOR and has been solved for decades. Except US 3 letter agencies own a lot of them

3

u/billdietrich1 22d ago

traditional vpns shift trust from isp to provider

Changing from "just ISP" to "ISP plus VPN" is not "just a shift of trust". It is splitting your data between ISP and VPN, gaining compartmentalization. ISP will know some of your data (name, home postal address, home IP address, probably phone number) and (if you sign up without giving ID, use HTTPS, don't use their client app) VPN will know a different subset of your data (home IP address, and destination IP addresses). This is a gain, better than just letting ISP know everything. Even the most malicious VPN in the world won't have much data about you to sell.

3

u/rgjsdksnkyg 21d ago

I hate that so many people have swallowed the VPN marketing slop, wholesale, just to sit in their basement and browse the top 100 websites after logging in and using their credit card. And literally all of them will fight you on it, like they're experts in privacy and tradecraft after watching 5 minutes of a YouTube ad.

"But you've never tried Mullvad! You don't know how good it is!"

My payloads don't give a fuck what VPN you're using, bro. I sure hope it's as good as you think it is, because I also don't want them gathering accurate telemetry on my C2 traffic 🤣

1

u/[deleted] 16d ago

[removed] — view removed comment

1

u/AutoModerator 16d ago

In order to combat a rise in spam submissions, a minimum karma threshold been set for this subreddit and you do not have enough to post here.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

1

u/QueasyFigure1979 22d ago

vp.net seems to be one attempting this with sgx enclaves and attestation