Dark Days Ahead

[The Conservative]

Sooo make sure that you use a VPN and stay off of social media.

Irrelevant. The software being used bypasses that stuff.

Of course there are ways OTHER than trying to crack VPN to identify and track someone. Maybe I misread you here. All I'm saying is there isn't software out there that will "bypass" encrypted VPN traffic, compromise the VPN servers, and locate you. That's ridiculous.

I'll trust someone in the military warning me than an armchair general

[SilverEagle]

Irrelevant. The software being used bypasses that stuff.

Of course there are ways OTHER than trying to crack VPN to identify and track someone. Maybe I misread you here. All I'm saying is there isn't software out there that will "bypass" encrypted VPN traffic, compromise the VPN servers, and locate you. That's ridiculous.

I'll trust someone in the military warning me than an armchair general

I think you’re telling the truth TC. I appreciate you informing us with your info.

[DBTrek]

I just explained how it's done:
1) Use a sniffer. (I have a sniffer on this line.)
1) Determine VPN packets. (Not hard, the registration looks like a VPN.)
2) Follow all packets during that session from the ISP feed. Look for a history of similar traffic. (An AI does this.)
3) The ISPs know every IP that is on VPN, and can sniff where they're going.
4) Match to the end requests. (An AI does this.)
5) Arrest you.

1. Your sniffer sees encrypted packets heading to a VPN server
1b. Your sniffer says "Yep, this is encrypted data going to NordVPN servers."
2. Nope. Once that encrypted traffic hits the VPN servers it's mixed in with all the other traffic being handled by the VPN. If you try to track all the outgoing packets from the company's VPN servers - good luck. If ten thousand people are using that VPN, you have ten thousand streams of outgoing traffic. Which one was the encrypted traffic you watched go in? Only the VPN knows.

Now if a VPN is misconfigured, or set up out-of-the box there may be other opportunities to track data ... but on a correctly configured one? The data is just tumbled with the rest of the incoming traffic.

https://cyberwaters.com/can-vpn-be-trac ... ed-online/

[DBTrek]

Irrelevant. The software being used bypasses that stuff.

Of course there are ways OTHER than trying to crack VPN to identify and track someone. Maybe I misread you here. All I'm saying is there isn't software out there that will "bypass" encrypted VPN traffic, compromise the VPN servers, and locate you. That's ridiculous.

I'll trust someone in the military warning me than an armchair general

I know you will.
You're gullible.
("This man is clearly an expert, he passed the ASVAB and has at least a GED. He's in the military")

[Martin Hash]

I just explained how it's done:
1) Use a sniffer. (I have a sniffer on this line.)
1) Determine VPN packets. (Not hard, the registration looks like a VPN.)
2) Follow all packets during that session from the ISP feed. Look for a history of similar traffic. (An AI does this.)
3) The ISPs know every IP that is on VPN, and can sniff where they're going.
4) Match to the end requests. (An AI does this.)
5) Arrest you.

1. Your sniffer sees encrypted packets heading to a VPN server
1b. Your sniffer says "Yep, this is encrypted data going to NordVPN servers."
2. Nope. Once that encrypted traffic hits the VPN servers it's mixed in with all the other traffic being handled by the VPN. If you try to track all the outgoing packets from the company's VPN servers - good luck. If ten thousand people are using that VPN, you have ten thousand streams of outgoing traffic. Which one was the encrypted traffic you watched go in? Only the VPN knows.

Now if a VPN is misconfigured, or set up out-of-the box there may be other opportunities to track data ... but on a correctly configured one? The data is just tumbled with the rest of the incoming traffic.

https://cyberwaters.com/can-vpn-be-trac ... ed-online/

My sniffer is just on my line. Government will have sniffers on Comcast's ingoing lines. The VPN packets from a single stream can all be identified otherwise an entire message would never be able to be put back together. And Comcast knows who the VPNs are so traffic going out before it hits the VPN is easily identified. 10s of 1000s of streams ain't nuttin'; Jesus, man, Big Data AI works in quadrillions. Even if EVERYBODY was on VPN, AI could eventually figure you all out.

[DBTrek]

¯\_(ツ)_/¯
Ok, man.

If ten thousand people give me a nickel ... and I go exchange those for 10k Canadian nickels and then make purchases, big data will be able to know which American nickel was swapped for which Canadian one at the point of purchase. Why not. I will say though, it seems strange for the government to offer cybersecurity bounties to crack a problem they've already apparently solved. But what do I know.

[Martin Hash]

¯\_(ツ)_/¯
Ok, man.

If ten thousand people give me a nickel ... and I go exchange those for 10k Canadian nickels and then make purchases, big data will be able to know which American nickel was swapped for which Canadian one at the point of purchase. Why not. I will say though, it seems strange for the government to offer cybersecurity bounties to crack a problem they've already apparently solved. But what do I know.

If there was a pattern of where you (or 10K people) exchanged nickels, tell me why a probability algorithm (AI) couldn’t figure it out?

R U saying if U were the only 1 using a VPN nobody would know it’s U? Come on man, this is a tensor problem, exactly what 3080s were built for.

[The Conservative]

Of course there are ways OTHER than trying to crack VPN to identify and track someone. Maybe I misread you here. All I'm saying is there isn't software out there that will "bypass" encrypted VPN traffic, compromise the VPN servers, and locate you. That's ridiculous.

I'll trust someone in the military warning me than an armchair general

I know you will.
You're gullible.
("This man is clearly an expert, he passed the ASVAB and has at least a GED. He's in the military")

The guy is on the task force to make this happen.

Again I would rather trust someone in the know that came to warn me than an armchair general.

He was stopped from going to Africa to deal with this in the US.

If you think they don't have actionable material to go off of, so be it. I know where I won't be for two weeks.

[SuburbanFarmer]

AI...

[DBTrek]

¯\_(ツ)_/¯
Ok, man.

If ten thousand people give me a nickel ... and I go exchange those for 10k Canadian nickels and then make purchases, big data will be able to know which American nickel was swapped for which Canadian one at the point of purchase. Why not. I will say though, it seems strange for the government to offer cybersecurity bounties to crack a problem they've already apparently solved. But what do I know.

If there was a pattern of where you (or 10K people) exchanged nickels, tell me why a probability algorithm (AI) couldn’t figure it out?

Because AI has to train on relevant data sets.
The only one who knows which American nickel was exchanged for which Canadian nickel, for which purchase, is me.
Therefore AI has no relevant data to train with.
All it knows are 10k people give me nickels, and I purchase 10k end products.
I, acting as a VPN, offer the shield of anonymity by tumbling everyone's nickels together before making the purchases.
I do this specifically to create the layer of obfuscation that prevents initial order tracking and later reverse lookup.

Now ... if you happen to browse "nickelPorn.com" frequently, and your browser includes tracking data from that site, and every time you give me a nickel I go make a purchase at "nickelPorn.com" - it's not gonna take a genius to see what's going on.

But that's not a vulnerability in VPN. That's a vulnerability in people NOT using VPN for everything, but half-assing security while running a dirty browser. And even then ... they won't track you down through the VPN. They're gonna track you down through the "nickelPon.com" tracking cookies you allowed on your browser. Also the "nickelPorn.com" site will match your browser with you when you visit, regardless of the VPN.

So I'm not saying using a VPN makes you invisible.
But wisely using VPN can make you anonymous.
I buy a new laptop with cash. I VPN through public WiFi on the Brave Browser, using DuckDuckGo, allowing NO cookies, and accessing zero email/social media/online store accounts that can positively identify me - good luck ever figuring out who I am or where I'm at. "Starbucks in Tacoma" - that's about as close as you're gonna get, and then only if you intercept me between Starbucks and the VPN.