blank90 3 Posted ... I use AirVPN for privacy, but I'm wondering if when I am transferring sensitive, private data across the world if doing so through an AirVPN connection improves my security any. Can anyone intelligently explain? Quote Share this post Link to post
reversevpn 4 Posted ... That depends who you are hiding the sensitive, private data from, and whether it was already encrypted before you sent it through AirVPN. If who you are hiding it from has no power over the jurisdiction of the AirVPN server you connected to AND no power over the jurisdiction that you are sending your data to, NOR over any intermediate points between the AirVPN server and the final destination of your data, and the data was not encrypted to begin with, then yes, your security has improved a little, because your data is now being decrypted in a jurisdiction that your adversary has no power over. In this sense, AirVPN prevents adversaries from sniffing your data. However, in today's internet, it is bad practice to rely on your adversary not being in any jurisdiction, because it is hard(but not impossible) to know the full path that your data travels over, especially once it leaves the AirVPN server. It would be better if you had encrypted the data BEFORE sending it through AirVPN. If the data was already end-to-end encrypted so that only your intended recipient can decrypt your data, then AirVPN helps only in the sense that 3rd part observers will not know that YOU are the one sending data to your intended recipient(provided that your recipient is not cooperating with your adversary and has not been compromised by your adversary). If your goal is to hide your data from everybody other than your intended recipient (this would be the norm), but you do not care that people see that you are sending something to your intended recipient (provided that they cannot understand what you are sending), then using AirVPN would not really improve your security. If your goal is to hide your data from everybody other than your intended recipient and you do not want them to know that you are even sending anything to your intended recipient (they will still see that you are sending something to AirVPN, not that they can understand what you are sending), then yes, AirVPN does improve your security. Either way, it would be best to encrypt your data end-to-end before sending it. DO NOT rely on AirVPN to keep the data encrypted end-to-end, because the only way AirVPN can send the data to your recipient is to decrypt your data and send it to the recipient. 1 blank90 reacted to this Quote Share this post Link to post
blank90 3 Posted ... Thank you for the excellent and thorough reply. The question actually relates to my wish to backup a credential database. It would be encrypted on my end before uploading it. I just wonder if any additional security is provided by AirVPN's encrypted tunnel. Do you think even if encrypted it is a bad idea to upload anywhere a password database? In general, I find I don't understand well enough how data travels and the risks of sending it far distances. Maybe it is best to buy many USB drives and back up important data only locally? For example, just traveling from North America to Europe the data has to go across the enormously big distances under the Atlantic. I don't necessarily trust the safety of every mile of that enormous distance. Also seems odd to me that when I transfer something from North America to France, it appears in my account almost instantly. The whole concept of travel across such long distances happening so fast is beyond my comprehension. Lots of trust is required. Quote Share this post Link to post
reversevpn 4 Posted ... As long as the cipher you encrypted the database with is secure (ie. AES-256, not blowfish or 3DES), and you are sure your adversaries don't have the decryption key, there is no issue with sending your data under the Atlantic. The TCP protocol will take care of sending your data reliably. However, if you have reason to suspect that your data would be compromised by an adversary in the middle of transit, i suggest you take a sha256sum hash of the data on the sending side, before sending, then another sha256sum on the receiving side, after the data has been received. If the 2 hashes are byte-for-byte equal, you can be certain that your data has not been tampered with or corrupted. Also, if these premises are satisfied (secure encryption scheme, secure encryption key, equal hashes), then using AirVPN adds an extra benefit only if you do not want anybody to know that you are sending data under the Atlantic (in that case, pick an AirVPN server in America that the sender connects to, and another AirVPN server in Europe that the receiver connects to, then all anybody tapping the wires under the Atlantic will see is one AirVPN server talking to another. They will not be able to trace the activity back to you.) If you do not care that the data transfer can be traced back to you, then AirVPN does not help you at all. Quote Share this post Link to post
Staff 10015 Posted ... On 4/3/2024 at 2:55 AM, blank90 said: I use AirVPN for privacy, but I'm wondering if when I am transferring sensitive, private data across the world if doing so through an AirVPN connection improves my security any. Can anyone intelligently explain? Hello! It does. End-to-end encryption ensures data integrity and confidentiality between you and the recipient. End-to-end encryption must be used, properly and correctly, no matter what (with or without VPN, with or without Tor...). By adding AirVPN you enhance your privacy as nobody in the middle (including your ISP) comes to know that you and your recipient are communicating with each other (if necessary, you may hide your identity to your recipient too). As the Electronic Frontier Foundation pointed out, knowing who communicates with whom is a sensitive information which can be used against citizens' privacy even when the communication's content is encrypted. In this peculiar sense, privacy enhancement is also a security enhancement. On 4/3/2024 at 11:11 PM, blank90 said: The question actually relates to my wish to backup a credential database. It would be encrypted on my end before uploading it. I just wonder if any additional security is provided by AirVPN's encrypted tunnel. In this specific case the AirVPN additional protection may or may not be necessary, according to your threat model. Let's imagine an hard case: your threat model includes an adversary which systemically wiretaps your lines. When this happens, hiding to that adversary the location of where you're uploading important amount of data is a layer of protection in itself: it may be a very good thing, and indeed a security feature, to prevent your adversary to know which datacenter you rely to store your data and so on, even when everything is encrypted. This is a real security enhancement (you cancel the knowledge of a crucial access point from the attack surface): even if the adversary can't decrypt your data, it can either destroy them, make the machine where they are stored inaccessible, or further encrypt them to ask for a ransom, if it comes to know their location and cracks the access system. On 4/3/2024 at 11:11 PM, blank90 said: Do you think even if encrypted it is a bad idea to upload anywhere a password database? Avoid it whenenver possible, but there are some cases where it comes in handy. Imagine that you have to cross the borders of a country with questionable practices towards foreign citizens and you want to avoid a compulsory, time-consuming and stressful analysis of your mobile devices or laptop (with the obligation to provide the decryption password, otherwise you will be charged as a criminal). To avoid this hugely stressful and time-consuming action, the usual solution is to upload the complete device image (heavily encrypted of course) to a service that you know you can access from abroad, and download and restore the image well after you have crossed the border. So you can cross the border with a dummy phone/tablet/laptop completely empty of any of your sensitive data, with just a few apps to make the inspection and intrusion quick and painless, or with no device at all, and then buy a new one and restore the image you have stored on some globally accessible server (of course, some passwords must necessarily remain stored in your mind). Kind regards 1 blank90 reacted to this Quote Share this post Link to post