How can Nord VPM encrypt your internet traffic if there ismn't something
at the other end to decrypt it?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/1/25 09:46 PM, micky wrote:

How can Nord VPM encrypt your internet traffic if there ismn't something
at the other end to decrypt it?

So they have an arrangement with the other end? maybe?

--
Linux Mint 22.1, Cinnamon 6.4.6, Kernel 6.8.0-52-generic
Thunderbird 128.6.0esr, Mozilla Firefox 134.0.2
Alan K.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 2/1/2025 9:46 PM, micky wrote:

How can Nord VPM encrypt your internet traffic if there ismn't something
at the other end to decrypt it?

When you use a browser, there is a certificate scheme for authenticity,
and SSL/TLS is used for end-to-end protection. That protection (TLS 3)
is provided by the endpoints. This is why we have an "HTTPS Everywhere" campaign, to ensure that even naive conversation is covered by some
sort of crypto. "All our eggs, are in one TLS 3 basket".

NordVPN should be able to add another layer, on the path from
you to NordVPN. What happens after that, only has the assurance of the
SSL/TLS that your HTTPS browser session is using.

I would give you an Internet article on the top... if there was
an honest one to be had. As long as Nord pays people to be promoted,
it's unlikely a security researcher PowerPoint slide is going to
appear on anyones screen. All the diagrams are made by Nord.

I hope you know that Security researchers are suppressed by
the effects of DMCA legislation. When the original Skype was
analyzed by security researchers, they had to put up a
web page giving their lawyers opinion of what the odds
were of them going to jail.

If you're wondering why you don't feel so safe, that's why OK ?
It's not like you can trust Pauls opinion on the topic.
Paul is not a security researcher, nor does he play the
part of one on TV.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 01 Feb 2025 21:46:44 -0500, micky <NONONOmisc07@fmguy.com>
wrote:

How can Nord VPM encrypt your internet traffic if there ismn't something
at the other end to decrypt it?

There *is* something at the other end - the Nord VPN server.

A VPN is an encrypted tunnel, and since it's a tunnel, it has two
endpoints. You run a VPN client on your PC, your phone, your home
router, whatever, and that client sets up an encrypted tunnel to a VPN
server that's located somewhere else. In this case, it's Nord, but there
are lots of VPN providers out there.

Some, or all, of your Internet traffic enters the VPN tunnel at the
client end, and then it pops out of the tunnel at the server end. Once
out of the tunnel, your traffic travels normally, the rest of the way to
its actual destination. The response from the destination server comes
back to the VPN server endpoint, where it re-enters the tunnel and
travels back to your local VPN client. Once there, it pops out of the
tunnel where it gets handled like normal traffic.

Greatly simplified, but hopefully it makes sense.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Micky,

How can Nord VPM encrypt your internet traffic if there ismn't
something at the other end to decrypt it?

You seem to be mixing up two different sevices NordVPN (and others like it) offers :

1) A VPN (Virtual Personal Network), which is a *one-to-one* connection.
And yes, in that case both parties would need to run the same VPN software.

2) A "Geo block" bypassing service - a way around restrictions companies and gouverments place on internet traffic passing a(n arbitrary) geographical border (both ways).

In that case you are *not* directly connecting to the other target, but
instead let the NordVPN software redirect your internet traffic to a server
of theirs, which than, *after removing their NordVPN encryption*, sends your traffic to your intended target - making it look as if its a normal
connection coming from their NordVPN server.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/1/2025 9:46 PM, micky wrote:

How can Nord VPM encrypt your internet traffic if there ismn't something
at the other end to decrypt it?

If you use https encryption then no one in the
middle can see what you download or the content
of webpages.

If you use encrypted DNS then they also can't see
what domains you're visiting.

You can test those things with a program that lets
you see packet content. Not long ago it was all in plain
text. These days, most of it will be encrypted so the
bytes are nonsense. But if you don't use encrypted
DNS then the domains you visit will be in plain text.

If you use a VPN then no one knows where you're
coming from.

If it were a phone call then it would be like hiding
the conversation, the recipient ID and the caller ID,
respectively -- https, encrypted DNS, VPN.

I use a VPN if I'm staying at a hotel where I have to
go through their network, because anyone on the network
could conceivably be eavesdropping. People in dangerous
countries might use a VPN to hide their activities. If you're
not a freedom fighter in China and you have your own
home system then why use a VPN? Mainly it would be for
an additional layer of privacy. Online surveillance can track
IP like a phone number. IP can also be used to find your
location. I even do that with my own rinky dink website.
I don't sell anyone's data, but I resolve IPs in my server
logs to hostname and location, so 123.12.1.123 can typically
be resolved to something like:
server1.trainco.com - Peoria IL US

That's helpful to figure out whether I have a real visitor
or some kind of bot in Pakistan. Is the Wordpress attack
attempt coming from California or China. (Usually China.)
If someone lokked at one page, did they also look at others?
Did they download anything? That's easier to see if I've
resolved IP addresses.

If you don't hide your IP then it can be used in so-called
"fingerprinting". It gets complicated. If you visit somewhere.com
and it's infested with Google tracking, along with 2 dozen other
analytics scripts, then they might use your IP to follow you
around online. But if you block that they might still use fingerprinting.
In that case they don't know exactly what you did, but they
were able to track your mouse movements, they know you
visited a furniture store online and looked at the same chair 3
times. They know that you visited your local dentist's site and
made an appt. They know you looked up sports scores. And they
can probably ID you by your unique signature of browser, installed
fonts, e-tags, blah, blah, blah. It's highly likely that Google and
their ilk have a record of your online activity and have also tied
that to your cellphone. Possibly even your TV and credit cards.
(Google entered into partnerships with CC companies some
years ago.)

In that case none of the encryption matters much because
they're seeing what you do on the webpage and connecting the
dots. So encryption is good for privacy and security in terms
of that data during transport online. Encryption does nothing to
block surveillance on websites, to stop cross-site scripting
attacks, to prevent trick popups on webpages that try to sell you
scams, etc. For that you need to block script as much as possible
and use a good HOSTS file.

(No, Ghostery, UBlock, etc will not do that. Frankly, if privacy
is not a hassle then it's not working. Those 3rd-party tools
won't block any but the most obvious ads because too many
webpages would break if they did.)

Why does it work this way?
If Google-analytics can run script they can do very
extensive fingerprinting and surveillance. If they can't run script
they can still track you by sending you a fake image with a unique
ID. They code the webpage to say there's a picture, 1x1 pixel,
named pic1jhviinlajjwqbkkvooajj.jpg. Your browser then asks for
the alleged picture and Google has tracked you. So script is the
worst, but IP, web beacons and even limited fingerprinting also
enable tracking.

But if Google-
Analytics is in your HOSTS file, identified as the local computer,
your browser is unable to contact Google's server, even if you
allow script. So Google gets no record at all of you visiting those
websites.

Your mission, should you accept it, is to decide how much you
care about privacy, how much you care about security, and how
worried you are about gov't swat teams breaking down your
door for visiting the free world. (Of course, that's not getting into
things like collecting child porn images, but you can get the basic
idea from my description.)

If you don't live someplace like China then script is by far the
biggest threat on all counts. The one exception would be logging
in through a public network, like Starbucks or a hotel.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In alt.comp.os.windows-10, on Sun, 2 Feb 2025 08:53:37 +0100, "R.Wieser" <address@is.invalid> wrote:

Micky,

How can Nord VPN*** encrypt your internet traffic if there ismn't
something at the other end to decrypt it?

*** I corrected VPM here, but I'm afraid to correct the typo in my
subject line because, even though msessage-ids are used primarily to
string posts together into a thread, one of the settings in Agent
referred to Subject Lines and implied the thread would break, as
displayed by Agent, if the subject line changed. It's been 30 years
since I set up Agent the first time but I'm sure it said something like
that.

You seem to be mixing up two different sevices NordVPN (and others like it) >offers :

Well, I was just quoting their advertisement (which fwiw has been
running several times a day on one of the 3 OTA tv stations I watch,
MeTV, Catchy, and Laff).

1) A VPN (Virtual Personal Network), which is a *one-to-one* connection.
And yes, in that case both parties would need to run the same VPN software.

2) A "Geo block" bypassing service - a way around restrictions companies and >gouverments place on internet traffic passing a(n arbitrary) geographical >border (both ways).

That's what I've used it for, to watch or listen to USA content when out
of the country. FWIW, when I'm back in the USA, I don't use it and don't
keep paying for it.

In that case you are *not* directly connecting to the other target, but >instead let the NordVPN software redirect your internet traffic to a server >of theirs, which than, *after removing their NordVPN encryption*, sends your >traffic to your intended target - making it look as if its a normal >connection coming from their NordVPN server.

That does explain it. The other choice was that every server out
there had some NordVPN software in it to do decrypting.

Thanks and thanks everyone.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 01 Feb 2025 21:46:44 -0500, micky wrote:

How can Nord VPM encrypt your internet traffic if there ismn't something
at the other end to decrypt it?

<https://nordvpn.com/what-is-a-vpn/>

--
s|b

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

micky,

*** I corrected VPM here, but I'm afraid to correct the typo in
my subject line because, even though msessage-ids are used
primarily to string posts together into a thread, one of the
settings in Agent referred to Subject Lines and implied the thread
would break, as displayed by Agent, if the subject line changed.

Newsgroup messages get a so-called "message ID", and each reply to them
*must* mention (in the headers under "references:") at least the last three
in line (great-grandfather, grandfather, father), but normally has a few
more. Those are used to group messages together (in their correct order!),
not the subject lines and timestamps.

IOW, you can change the subjectline and the post will still be part of the thread.

Just look at "Kenny McCormack"s message from 31 Jan 2025 22:24:43 UTC named "The 'label' command (Was: Clever helpful suggestion for portable memory
using Windows &)". Its still part of the thread, even though the
subjectline changed considerably.

The other choice was that every server out there had some
NordVPN software in it to do decrypting.

:-) They definitily would *not* want that, as that would make you look as
if you would be sitting at a desk in their company, connected to their local network, bypassing their firewalls.

Besides, its /those servers/ which impose the geo-blocking (because of their own choice or forced by agreements with other parties or by their
gouverment). If you connect directly to them they would still be able to
see your IP - which is all they need to determine that you are connecting
from outside their geo-blocking boundary, and would kick you out.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)