Pippin wrote:OpenVPN is about securing data transferred between endpoints over a unsecure channel.
This is a good point where I thank you for catching that I sometimes forget people actually use OpenVPN for "security".
I think you feel VPN is all about security because you are probably used to dealing with IT networking professionals, and not home-owner laypeople of the sort that I am.
On a static IP address Corporate or Home-Built VPN server, then, of course, it's not going to be so much about privacy, but about data security.
I use VPN mostly to change my IP address on demand, and to hide my activities from large accumulators across the net (e,g., facebook, google, amazon, the government, my employer, etc.).
To understand why VPN is about privacy, you have to think about the other half of the OpenVPN users out there who use it for privacy.
a. Privacy from the ISP
b. Privacy from the snooping eyes of the government (and anyone else with nefarious purposes and a lot of money)
c. Privacy from snooping meta-data collectors such as Google and their ilk
d. Even privacy from web sites such as this very OpenVPN web site (and the Usenet, and any other "forum").
Notice that the web administrators of this forum have no idea what my IP address is.
Why is that?
Because I'm never NOT on VPN, and I change my IP address perhaps fifty times a day (which is why my use model must be push-button efficient!
VPN is not just about security.
If you use freely available public VPN servers - then it can certainly be ALL about privacy since security isn't the goal in that case.
In fact, here's a verbatim quote from vpngate.net which is where I get most of my free public VPN configuration files.
You can disguise your IP address to hide your identity while surfing the Internet.
You see? They know it. I know it.
VPN is not only about security.
In fact,for my extremely simple use model
, VPN has (almost) nothing to do with security and all to do with privacy.
Nothing wrong with thinking that VPN is "only" about security, but that's sort of like thinking that a chainsaw is only for cutting down trees, and not for cutting lumber to size for personal use.
In my use model (which was described here
in detail), I keep a directory filled with VPN config files for every "task" that I do on the net.
1. If task A is "gmail", then I have a freely available public VPN configuration file in directory A only for use with Gmail.
2. If task B is "OpenVPN.net", then I have a freely available public VPN config file in directory B only for use with OpenVPN.net.
3. If task C is "Usenet", then I have a freely available public VPN config file in directory C only for use with Usenet.
I never mix them.
That's to keep my meta data private from cross-domain accumulators.
(I realize I need further encryption to keep the meta data private from the VPN servers themselves; but that's a different problem set.)
In practice, since freely available public VPN files are flaky, each directory can contain hundreds of unique VPN files
, where I order them in a certain repeatable sequence so that the first working file is what OpenVPN uses, but that's a technicality on the privacy issue.
TinCanTech wrote:Looks like you left the logs (x4) completely intact to me ? (Which is not really a problem as I have explained)
Naaah. I just fooled you by using sed/awk/grep to modify the files so that the privacy metadata was actually spoofed.
It's zero problem to spoof the metadata.
My problem, initially, was RECOGNIZING what each piece of meta data was.
Thank you for helping me, which will help others, in the future (which is alway the overarching goal and which is why I ask questions that typically have never been asked before but which are important to know the answers to).
Thank you for all your wonderful help!