I was thinking how many of these vpn ads i see pop up on youtube are just using a cloud service renting servers from AWS,or another company to host there services.Thinking about the vpn company owning the servers that would be quite expensive and also running a data center with x amount of employees operating 24/7x365 doesnt seem cheap.
I’ve never heard of a vpn provider saying they own all there servers,its usually"we dont keep logs" and “your datas encrypted” i read 99% of websites are using HTTPS and that encrypts your traffic between you and the website.Ya maybe you the vpn company dont log because you dont own the servers what about the company they rented the servers from could the backend server company still be selling your data?
Would running a simple tracert in windows while behind a vpn show a cloud server ip would it be that simple to tell?Am i out of line with this or what are your thoughts?
To answer your question about running a tracert whilst on the VPN, if that would tell you. No it wouldn’t. When you’re on the VPN you’re issued an internal IP and then your gateway would be the other internal IP. All you need to do is do a lookup on the IP of the remote server address you’re initiating the VPN connection. That’ll tell you who owns the IP space.
This issue is increased because the VPN protocol isn’t and wasn’t designed to protect privacy. It is designed to connect into a company network. Therefore our use case wasn’t planned and by monitoring incoming and outgoing traffic of the server (the “owner” isn’t able to spot this) you can gather tons of data.
We need new approaches for today’s problems not old solutions applied differently.
Most rent them I only know a few which either have a more expensive plan That gives you access to a data center entirely run by them or generally way more expensive ones which own all or most servers.
I would say most rent from aws. Much easier to scale with a growing customer base. Why does that matter though. If the vpn is set up right, all they know is that you use the vpn service. Basically the same information your isp will have.
I suspect that the more endpoints that a VPN provider is able to supply the more likely it is they are using rented server space in a datacentre somewhere as it would be difficult and expensive for them to have privately owned servers in their own datacentre.
I suspect that some of the cheaper providers are using virtual servers in a datacentre to keep prices down.
Some do seem to offer plans where they claim to have their own servers, others will tell you that they only use dedicated servers and not virtualisation but in reality it is going to be difficult for the end user to actually confirm any of this. The same with logs, many will claim not to keep logs but how can you ever be 100% certain.
Unfortunately, too many people buy into the hype that a VPN is the panacea to all of their online security and don’t really grasp that they are just shifting their trust from the ISP to their VPN provider.
Have you seen them with your own eyes, or have you seen independent validation that this is the case?
The problem as I see it is that a company can make such a claim but how can you be 100% certain that they are being honest. I’m not saying that this particular company is lying but how would you really know that every endpoint they are offering is operating on their own servers.
Ehm, I am not sure what you want from me. The thing is the more parties are involved in something security related like a VPN, the more potential security issues can arise, simply because more people or companies are involved.
For example, the ToS of the company the vpn provider rented the servers from may include some kind of mandatory logging for whatever reasons (billing etc.). So basically that would create a situation in which the VPN provider can assure you, he doesn’t keep any logs (which can be fully true) but the company which owns the rented servers may create logs (as mentioned above) and you aren’t basically log-less anymore.
Keep in mind though, this is just a very simplified example of one possible security issue.