Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,790 --> 00:00:05,750 There are a number of anonymizing services and that includes things like toll. 2 00:00:05,850 --> 00:00:16,710 John Donum S-sh tunnel's proxies Free-Net ITP and also virtual private networks or VPN. 3 00:00:17,000 --> 00:00:24,860 And all of these VPN is can be considered one of the simpler and easier to use methods of anonymising 4 00:00:25,140 --> 00:00:32,460 but also less resistant to motivated and well resourced adversaries such as nation states. 5 00:00:32,490 --> 00:00:39,810 This is some of the alternatives such as Tor and John don't him on one side you have a VPN client which 6 00:00:39,810 --> 00:00:48,120 is here and then the other side you have a VPN server and that can also be known as a VPN Terminator 7 00:00:48,210 --> 00:00:56,790 or exit node pipiens enable confidentiality and privacy by creating an encrypted tunnel of traffic over 8 00:00:56,790 --> 00:01:02,190 the Internet from the client here to the VPN remote exit node. 9 00:01:02,340 --> 00:01:10,620 You have an encrypted tunnel and importantly the traffic is only encrypted from the client to the exit 10 00:01:10,620 --> 00:01:11,180 node. 11 00:01:11,280 --> 00:01:18,120 And that's a key feature of the VPN only encrypted from the client to the exit node and client can be 12 00:01:18,120 --> 00:01:23,280 installed in three main places to get you an idea of what they look like practically. 13 00:01:23,430 --> 00:01:27,450 So the first place would just be simply on your operating system. 14 00:01:27,450 --> 00:01:34,800 And here's an example VPN client this is cyber ghost and you click connect and you select a country 15 00:01:34,800 --> 00:01:41,210 and you connect and you get your various configuration settings that you can make in this one. 16 00:01:41,290 --> 00:01:46,950 And is a different one here called Safe jumper and you got different configuration settings. 17 00:01:46,950 --> 00:01:54,760 In fact this one is more configurable and change your DNS what port is using and your algorithms etc. 18 00:01:54,840 --> 00:01:54,910 . 19 00:01:54,930 --> 00:01:57,560 So thats a client on your operating system. 20 00:01:57,570 --> 00:02:00,900 There's just another client on the operating system. 21 00:02:01,020 --> 00:02:05,300 Another way of having a VPN client is to install it on a router. 22 00:02:05,580 --> 00:02:13,470 So if I show you this picture here you can see that here is where we have the VPN client software and 23 00:02:13,470 --> 00:02:16,990 then everything from here to here is encrypted. 24 00:02:17,160 --> 00:02:21,600 And this is a local network so we can see three machines on this local network. 25 00:02:21,770 --> 00:02:27,050 And the traffic they're sending here is not encrypted here and here. 26 00:02:27,150 --> 00:02:31,860 Once it gets here it means all the traffic is encrypted from there to there. 27 00:02:31,890 --> 00:02:33,910 And this might look something like this. 28 00:02:33,930 --> 00:02:41,580 This is Deedy w RTU which is an open source firmware for routers and this is a configuration page for 29 00:02:41,580 --> 00:02:43,490 setting up a VPN client. 30 00:02:43,530 --> 00:02:48,600 So what you could do is you have all of your traffic for all of your machines around your local network 31 00:02:48,600 --> 00:02:55,020 going via this VPN or you could set it up so that only a single poll that you plug into on your switch 32 00:02:55,020 --> 00:03:02,490 goes via this VPN where you can set up one Wi-Fi network that you connect to and that goes via VPN. 33 00:03:02,490 --> 00:03:07,200 So there's lots of different ways of doing it but that's VPN client on a router. 34 00:03:07,310 --> 00:03:11,090 No other place you can have a VPN client is within a virtual machine. 35 00:03:11,130 --> 00:03:16,830 So the virtual machine itself so this is representing the virtual machine has the VPN client on it. 36 00:03:16,830 --> 00:03:23,580 So that could be an operating system like Windows but the Windows client that you just saw then you 37 00:03:23,580 --> 00:03:29,760 have a different operating system maybe your host operating system connecting to that guest operating 38 00:03:29,760 --> 00:03:34,480 system which has the VPN client and then that creates the encrypted tunnel. 39 00:03:34,720 --> 00:03:40,440 Or this could actually have router software on it on that virtual machine and that's acting deliberately 40 00:03:40,470 --> 00:03:42,560 as a VPN client. 41 00:03:42,570 --> 00:03:45,140 I might wonder well why might you want to do this. 42 00:03:45,180 --> 00:03:51,390 Well one reason you might want to do this is to create what's called a nested VPN where you have VPN 43 00:03:51,450 --> 00:03:52,950 within VPN. 44 00:03:53,010 --> 00:04:00,330 So you might have a VPN client on here and on here which would mean you have nested VPN so you might 45 00:04:00,330 --> 00:04:05,880 go to this terminate wanting to be peahens here and go to another one and terminate the other VPN here 46 00:04:05,880 --> 00:04:06,500 . 47 00:04:06,510 --> 00:04:09,000 We'll talk more about Nestors VPN later. 48 00:04:09,030 --> 00:04:14,120 Those are the three main options so you can have the client on your on an operating system you can have 49 00:04:14,180 --> 00:04:17,360 on a router and you can have it on a virtual machine. 50 00:04:17,370 --> 00:04:22,470 Now remember of course there is only encryption between the VPN client and the VPN server. 51 00:04:22,480 --> 00:04:27,970 Keep saying it but it's very important from the VPN server to the destination. 52 00:04:27,990 --> 00:04:35,220 There is no encryption unless you add an extra layer of encryption yourself by means of what it is that 53 00:04:35,220 --> 00:04:35,880 you're doing. 54 00:04:35,880 --> 00:04:41,790 So if you are going to a hasty CPS web site then this will be encrypted it can be encrypted by hate 55 00:04:41,840 --> 00:04:42,240 . 56 00:04:42,320 --> 00:04:50,070 So you'll have two layers of encryption within the VPN or you could be using T.L. esper e-mail or you 57 00:04:50,070 --> 00:04:57,130 could be using SSA for remote logging and then this would be encrypted so you'd have two layers of encryption 58 00:04:57,160 --> 00:04:57,310 . 59 00:04:57,440 --> 00:05:03,590 But unless you add that layer of encryption it is not end to end encryption. 60 00:05:03,590 --> 00:05:07,320 It is only encryption from the client to the server with a VPN. 61 00:05:07,410 --> 00:05:13,440 So why would you want to use a VPN what what are they good for where are the theory of the various things 62 00:05:13,440 --> 00:05:14,620 that they're good for. 63 00:05:15,380 --> 00:05:25,000 They can protect you against hackers and trackers and both hackers and trackers cannot see the traffic 64 00:05:25,270 --> 00:05:31,660 that is within the VPN and they also cannot insert into that traffic either. 65 00:05:31,660 --> 00:05:34,770 So for example this guy here is the adversary. 66 00:05:34,840 --> 00:05:42,790 If he's able to look at this traffic he will see the VPN which means he won't be able to do SSL stripping 67 00:05:42,790 --> 00:05:47,370 for example because he won't be able to see the SSL and won't be able to see the VPN. 68 00:05:47,440 --> 00:05:53,950 Your internet service provider which will be set here he can't log where you are going. 69 00:05:54,010 --> 00:06:00,610 The Internet service provider can only see that you're going to this VPN server you cannot see you're 70 00:06:00,620 --> 00:06:07,740 going to this ends because all the ISP can see is what he owns which is here. 71 00:06:07,750 --> 00:06:13,660 So your ISP cannot log where you're going or what you are doing if there is passive surveillance from 72 00:06:13,660 --> 00:06:21,140 a nation state for example they won't be able to see just like your ISP where it is you're going they'll 73 00:06:21,130 --> 00:06:26,770 only be able to see you're connecting to your VPN server and they won't see that you're going from the 74 00:06:26,770 --> 00:06:29,490 server to wherever the destination is. 75 00:06:29,680 --> 00:06:34,290 But obviously nation states have got the ability to see most of the Internet. 76 00:06:34,300 --> 00:06:40,610 So they will probably be able to see that you are using a VPN traffic is going into the VPN and they'll 77 00:06:40,620 --> 00:06:45,860 be able to see that traffic is going out of the VPN in terms of passive surveillance. 78 00:06:45,850 --> 00:06:51,250 Now they won't so you know that you know they would have to do more active surveillance in order to 79 00:06:51,250 --> 00:06:56,710 determine whether or not it is you using that and then going to that destination site. 80 00:06:56,710 --> 00:07:01,270 So from passive surveillance they wouldn't know they would have to step up to active surveillance in 81 00:07:01,270 --> 00:07:08,530 order to counter the VPN which is one reason why the peons are only a very basic solution because when 82 00:07:08,530 --> 00:07:14,230 it comes to someone who can do active surveillance they are likely to be able to determine that as you 83 00:07:14,260 --> 00:07:18,180 go into that destination site based on the VPN traffic. 84 00:07:18,250 --> 00:07:26,030 So the useful thing for VPN is you can bypass Geographic access restrictions and censorship your IP 85 00:07:26,020 --> 00:07:33,430 address which will be given to you by your ISP here will be associated against a geographic location 86 00:07:33,430 --> 00:07:33,610 . 87 00:07:33,620 --> 00:07:40,990 So for example the Wikipedia page of the church and square massacre is not available if you have a source 88 00:07:41,050 --> 00:07:43,010 IP address that is in China. 89 00:07:43,060 --> 00:07:51,380 So if you want to see that page what you could do is you could VPN out of China to a VPN server that's 90 00:07:51,430 --> 00:07:57,310 in the United States or the U.K. or somewhere out of China and then from here you go to the Wikipedia 91 00:07:57,310 --> 00:08:03,250 page on the Chinaman's Square massacre that's in the United States allowing you to bypass your geographic 92 00:08:03,250 --> 00:08:05,520 restrictions and that censorship. 93 00:08:05,740 --> 00:08:13,240 Now obviously China would have to be allowing this VPN service and this protocol and you would have 94 00:08:13,250 --> 00:08:19,780 to make special configuration where the right sort of VPN so that you could bypass any restrictions 95 00:08:19,970 --> 00:08:26,710 or China or whoever to stop particular VPN in particular ports which will also talk about. 96 00:08:26,710 --> 00:08:34,490 So obviously VPN is provide a degree of anonymity as the IP address that you give them via your Internet 97 00:08:34,490 --> 00:08:38,330 service provider cannot be seen by the destination. 98 00:08:38,330 --> 00:08:45,880 You only see the VPN as exit node IP address and this exit node will have multiple people coming from 99 00:08:45,880 --> 00:08:45,970 it. 100 00:08:45,970 --> 00:08:50,210 There will be many people connecting to this sharing the same IP. 101 00:08:50,360 --> 00:08:57,110 So it gives you a degree of anonymity in that your real IP address is not shown to your destination 102 00:08:57,110 --> 00:08:57,350 . 103 00:08:57,350 --> 00:09:05,510 The question is often asked is if Haseeb TPSAC encrypting data from the browser to the service then 104 00:09:05,500 --> 00:09:07,130 why do you need a VPN. 105 00:09:07,120 --> 00:09:08,620 Why is it even necessary. 106 00:09:08,620 --> 00:09:16,480 Well on the section on cracking encryption we go into more detail on this shell with VPN providers you 107 00:09:16,490 --> 00:09:21,060 get certificates from the VPN provider directly. 108 00:09:21,080 --> 00:09:27,910 Usually when you download the VPN client or some time around then and if this is obtained securely then 109 00:09:27,910 --> 00:09:35,590 authentication is established security authorities are not therefore required with VPN is they are with 110 00:09:35,620 --> 00:09:43,370 hasty TPF and all the abilities and weaknesses that were associated with the ecosystem of certificates 111 00:09:43,390 --> 00:09:47,060 and certificate authorities is bypassed completely. 112 00:09:47,060 --> 00:09:54,010 A VPN client will only with the correct public key which means SSL stripping and fake certificates and 113 00:09:54,010 --> 00:09:57,750 public keys are close to impossible forms of attack. 114 00:09:57,880 --> 00:10:00,850 A man in the middle attacks also mitigated. 115 00:10:00,860 --> 00:10:02,180 So that is your benefit. 116 00:10:02,170 --> 00:10:10,560 A VPN over hates ETOPS and we VPN you can have HTP us as well and the VPN to give you defense in depth 13725