(no title)
appease7727 | 6 months ago
If you aren't aware: a Virtual Private Network creates a fully encrypted link between you and a remote node. So long as your encryption keys are secure, there's no way for anyone (even a global superpower) to listen to or intrude on that connection. There is no possible way to break into this connection, even with the entire planet's computing resources.
From the outside, all you can see is a stream of encrypted data between two nodes. You cannot tell where the traffic goes once it exits the VPN server or what it contains.
The only way to compromise a VPN connection is the most straightforward and pedestrian: compromise the VPN host and directly spy on their clients with their own hardware.
The GFW certainly can and has detected such encrypted streams and blocked them for being un-inspectable. With a VPN you can perfectly hide what you're doing and you can perfectly prevent intrusion. You cannot prevent someone noticing you're using a VPN. China can simply blanket ban connections that look like VPN traffic. But they cannot tell what you're doing with that VPN.
chickenzzzzu|6 months ago
nijave|6 months ago
estimator7292|6 months ago
Besides that, when negotiating a secure connection through unencrypted channels you typically use Diffe-Hillman to establish the encryption keys. As far as I'm aware, this method cannot be broken. Both nodes compute their own private encryption key and do math to create unencrypted data that must be verified by the other node's key. Even if you had full control of the data stream, you can't determine those private keys and cannot break into the encrypted connection that follows.
Also VPNs are typically UDP, but there's no hard requirement as far as I know.