|
|
|
|
|
|
by drivebycomment
1233 days ago
|
|
|
HTTPS already provides the same protection. VPN doesn't add anything for that. About the only meaningful feature VPN provides is presenting a different IP address to the server. VPN provides negligible extra security for most people, while adding extra exposure. |
|
|
VPNs create a separation between the client and the server (as you mentioned) so not only can the server (or those eavesdropping on the server's connection) not see the client's IP, those eavesdropping on the client can't see what services they are connecting to (other than the VPN).
Of course by combining knowledge from multiple sources you can still build a fingerprint but VPNs with sufficient utilization can serve as a mixer to obfuscate which users are taking part in which traffic. Doubly so if the VPN supports multi-hop routing where the client side VPN and the server side VPN are at different sites.
Really as long as you aren't leaking DNS and you use a reasonably secure + well utilized VPN, your client should appear as a black box that shouts opaque contents at a single server without leaking many details about the actual communication taking place.
Compare this with HTTPS + no VPN where only the contents are obscured and everyone eavesdropping (aka the ISP or anyone on the same network) can see every service you are connected to. That alone should be enough to fingerprint a given connection to a specific user.