For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Pippin
OpenVPN Expert
Posts: 248
Joined: Wed Jul 01, 2015 8:03 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by Pippin » Tue Jun 06, 2017 6:35 pm

We have to always keep in mind that VPN is all about privacy
Did this recently change?

To my knowledge, OpenVPN is about securing data transferred between endpoints over a unsecure channel.
That`s a bit different then all about privacy....isn`t it?
;)

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2818
Joined: Fri Jun 03, 2016 1:17 pm

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by TinCanTech » Tue Jun 06, 2017 7:15 pm

Pippin wrote:To my knowledge, OpenVPN is about securing data transferred between endpoints over a unsecure channel.
That`s a bit different then all about privacy....isn`t it?
Agreed.
woodrock wrote:
TinCanTech wrote:If your paranoia is over powering you .. then do this:
Thank you for that kind advice.
We have to always keep in mind that VPN is all about privacy.

I took your suggestion completely to heart, and immediately implemented your suggestion, just now, over here:
- Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn config files
Looks like you left the logs (x4) completely intact to me ? (Which is not really a problem as I have explained)

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Tue Jun 06, 2017 8:57 pm

Pippin wrote:OpenVPN is about securing data transferred between endpoints over a unsecure channel.
This is a good point where I thank you for catching that I sometimes forget people actually use OpenVPN for "security".
I think you feel VPN is all about security because you are probably used to dealing with IT networking professionals, and not home-owner laypeople of the sort that I am.

On a static IP address Corporate or Home-Built VPN server, then, of course, it's not going to be so much about privacy, but about data security.

I use VPN mostly to change my IP address on demand, and to hide my activities from large accumulators across the net (e,g., facebook, google, amazon, the government, my employer, etc.).

To understand why VPN is about privacy, you have to think about the other half of the OpenVPN users out there who use it for privacy.
a. Privacy from the ISP
b. Privacy from the snooping eyes of the government (and anyone else with nefarious purposes and a lot of money)
c. Privacy from snooping meta-data collectors such as Google and their ilk
d. Even privacy from web sites such as this very OpenVPN web site (and the Usenet, and any other "forum").

Notice that the web administrators of this forum have no idea what my IP address is.
Why is that?

Because I'm never NOT on VPN, and I change my IP address perhaps fifty times a day (which is why my use model must be push-button efficient!).

VPN is not just about security.
If you use freely available public VPN servers - then it can certainly be ALL about privacy since security isn't the goal in that case.

In fact, here's a verbatim quote from vpngate.net which is where I get most of my free public VPN configuration files.
You can disguise your IP address to hide your identity while surfing the Internet.
You see? They know it. I know it.
VPN is not only about security.
In fact,for my extremely simple use model, VPN has (almost) nothing to do with security and all to do with privacy.
TinCanTech wrote:Agreed.
Nothing wrong with thinking that VPN is "only" about security, but that's sort of like thinking that a chainsaw is only for cutting down trees, and not for cutting lumber to size for personal use.

In my use model (which was described here in detail), I keep a directory filled with VPN config files for every "task" that I do on the net.
1. If task A is "gmail", then I have a freely available public VPN configuration file in directory A only for use with Gmail.
2. If task B is "OpenVPN.net", then I have a freely available public VPN config file in directory B only for use with OpenVPN.net.
3. If task C is "Usenet", then I have a freely available public VPN config file in directory C only for use with Usenet.

I never mix them.
That's to keep my meta data private from cross-domain accumulators.
(I realize I need further encryption to keep the meta data private from the VPN servers themselves; but that's a different problem set.)

In practice, since freely available public VPN files are flaky, each directory can contain hundreds of unique VPN files, where I order them in a certain repeatable sequence so that the first working file is what OpenVPN uses, but that's a technicality on the privacy issue.
TinCanTech wrote:Looks like you left the logs (x4) completely intact to me ? (Which is not really a problem as I have explained)
Naaah. I just fooled you by using sed/awk/grep to modify the files so that the privacy metadata was actually spoofed.
It's zero problem to spoof the metadata.

My problem, initially, was RECOGNIZING what each piece of meta data was.

Thank you for helping me, which will help others, in the future (which is alway the overarching goal and which is why I ask questions that typically have never been asked before but which are important to know the answers to).

Thank you for all your wonderful help!
Much appreciated!

Post Reply