INVITATION TO CYBERSECURITY 254 Figure 9.13 Alice browsing the Internet—her ISP can see the IP addresses of the websites Alice is visiting. Some people use VPNs so that their ISP is unable to perform this type of data collection. VPNs create an encrypted channel between the user and the VPN, and the VPN becomes the launching-off point for all web browsing. All traffic that flows to a VPN still must first go to the ISP, but because of the encrypted channel that is created, the ISP is only able to see that the person is using a VPN and nothing else—not even the metadata of the HTTPS connections (see Figure 9.14). However, the tradeoff is that now the VPN can see all the websites a person visits. In some cases this can be more invasive to a person’s privacy, because if he always uses the same VPN even when connecting to the Internet on different devices and through different ISPs, then the VPN can track all of the websites that he ever visits. Figure 9.14 Alice browsing the Internet while using a VPN—her ISP only sees that Alice is using a VPN, but the VPN provider sees the IP addresses of the websites Alice is visiting. VPNs are often used to provide local area network resources to off network users. For example, businesses often restrict access to some of their resources (e.g., file servers) to employees who are at work and connected to the business’s local area network. Employees working from home, therefore, would be unable to access those resources. However, if an employee at home were to connect to his employer’s VPN server, then he would gain access to those restricted resources. The VPN server becomes the point of origin for his requests and allows the user to browse resources as if he were at work. The worker is at home physically, but he is at work virtually. Similarly, when a person uses a VPN for privacy, the webservers he visits see his requests as coming from the VPN server, not from the user’s actual IP address (look closely at the IP address the website server sees in Figure 9.14). This creates another layer of privacy for users. Most companies and ISPs are honest and are not looking to abuse their customers, but it is still helpful to know what access to information they have. If they retain data, they
RkJQdWJsaXNoZXIy MTM4ODY=