[bearbearbear]

All SSH does is move your traffic to a different computer.

When it leaves that computer it's no longer encrypted.

It's not hard to look at unencrypted traffic leaving the computer you've SSH'd into and associate the traffic with the computer you've SSH'd in through.

[jstanley]

> All SSH does is move your traffic to a different computer.

And browsing the internet over a VPN is different... how, exactly?

[subway]

Not to mention incredibly limited IP support. You can forward a few specific ports, or use SOCKS, but that's about it.

[earenndil]

Why is SOCKS limited? Just make whatever you want to send your traffic through proxy it through the SOCKS.

[_joel]

Indeed, ssh -D {port} is something I use heavily (to create a SOCKS5 connection to a remote server, effectively a VPN)

[cat199]

This assumes 'whatever you want to send traffic through' speaks SOCKS.. most things dont. Web yes, but not most other things.

[jsjohnst]

> most things don’t

That’s entirely not true. If you’d said “some”, you’d be right, but “most” is categorically incorrect.

[jsjohnst]

I guess you’ve never heard of TUN/TAP support in SSH?

[0xfeba]

Hm, do DNS queries go through an SSH tunnel?

[kibwen]

Presumably so; when I've tried the SOCKS support built in to Firefox, I've noticed that sites that I have blackholed via my hosts file begin working again.

[erikb]

And VPN encrypts your traffic directly to Facebook? No. At some point it also leaves the VPN's network.