76

I'm going to need an ELI5 because I have read several explanations online, and I still don't fully understand what makes them different. Why would you want to use one over the other? Don't they both just forward your internet traffic? How do they work, in general?

all 18 comments
sorted by: hot top controversial new old
[-] BlameThePeacock@lemmy.ca 63 points 2 months ago* (last edited 2 months ago)

The big difference is that VPNs encrypt all traffic between your computer and the VPN computer, while this is usually not the case with a proxy. The lack of encryption and decryption can make a proxy slightly faster, but obviously less secure if you're tying to hide what you're doing.

ELI5 version:

VPN - You write a note in code, pass it to your friend who then decodes it, and then gives the decoded note to your crush. Your crush doesn't know it came from you, and if the teacher caught you passing the note to your fiend, they wouldn't be able to tell what it was.

Proxy - You just pass a note to your friend, who then hands it to your crush. Your crush doesn't know if came from you, but If the teacher catches you, they can read it. It's faster than having to write in code and decode.

[-] xmunk@sh.itjust.works 17 points 2 months ago

* with a slight hiccup since nearly all web traffic is sent over HTTPS now - this distinction was a lot more significant ten years ago.

[-] ColeSloth@discuss.tchncs.de 12 points 2 months ago

You won't know what's in the note, but you can snoop enough to know which two people are passing the notes back and fourth. Https won't save you from letting me know you keep getting on furries.com or catching you downloading copyrighted material. A VPN will.

[-] xmunk@sh.itjust.works 10 points 2 months ago

A VPN may protect you. It depends if you trust the host. Even with a trusted VPN, however, dedicated snooping at the exit node may secretly reveal my deep love of furries.com - thank god that's a secret though.

[-] BackOnMyBS@lemmy.autism.place 4 points 2 months ago

that's fine because i don't download copyrighted material. everything on furries.com is freely available.

[-] user224@lemmy.sdf.org 6 points 2 months ago

I would recommend actually getting into contact with your crush. You could then establish means to use OTP and won't need to trust your friend at all.

You know, exchange each in and out OTP keys each of you will use, agree on a checkerboard to use, write a codebook for common words/phrases you will use, how you'll notifiy the other party of potentially compromised key(s).

[-] BlameThePeacock@lemmy.ca 7 points 2 months ago

Wrap it before they tap it?

[-] lord_ryvan@ttrpg.network 3 points 2 months ago

But then, there would be no difference between an encrypted proxy and a VPN. But that's not the case.

[-] TootSweet@lemmy.world 25 points 2 months ago

Ooo. This is a good one.

A computer can have more than one network interface, right? (Like, you can be plugged into ethernet at home but also connected to the WIFI of the coffee shop across the street.)

A VPN gives you a whole new network device ("virtual ethernet card" if you will) that works as if that card was connected to some LAN somewhere else. Typically, you'd forward "all" of your computer's/smartphone's/etc traffic through the VPN so that your computer "thinks it's on that remote LAN" rather than on your home WIFI or whatever.

Proxies... well the term can mean a few different things in different contexts, really. But generally you're not forwarding "all" traffic through them, just HTTP traffic (and usually only a subset of all HTTP traffic) or just traffic that is specifically told to be forwarded through them.

An opaque web proxy is one that you can point your browser (or other HTTP interface) to. It won't handle protocols other than HTTP. And when you want to use an opaque web proxy, your HTTP client has to know how to do that. (Whereas with VPN's, it's your operating system, not your individual applications, that need to know how to forward through it.)

A transparent web proxy can be something you (and your apps and OS) don't know you're even using. When you point your browser or app to a Lemmy instance, it's almost certain that the domain is pointed not at an application server that actually runs the Lemmy code, but rather at a transparent web proxy that does stuff on the instance-owner's end like preventing spamming or whatever. This type of proxy is sometimes called a "reverse web proxy" and can also only work with HTTP.

A SOCKS proxy, like an opaque web proxy, requires applications to know how to use it. (Ok, technically that's not 100% true. It's possible in some cases to have a transparent proxy of some sort forward through a SOCKS proxy in a way that the application doesn't know SOCKS is involved. There are also some cool OS-level hacks that can force an app to go through a SOCKS proxy without the app knowing anything about SOCKS. But if you're doing those things, you're a hacker.) And with a SOCKS proxy, your computer doesn't "think" it's connected to a whole different LAN. Individual applications know that they're forwarding through SOCKS. SOCKS supports more protocols than just HTTP. Probably all TCP-based protocols, but I don't think it has any support for UDP. So you won't be torrenting through SOCKS.

That's all I can think to say at the moment. There are special-purpose proxies for things like security auditing (like Burp Suite, for instance.) But I'm guessing that's not the sort of thing you're asking about.

[-] otter@lemmy.ca 4 points 2 months ago

Very detailed, thank you for writing it up :)

[-] takeheart@lemmy.world 2 points 2 months ago

Never knew about transparent web proxies. Neat. Do they play a part in commercial DDOS protection? I'm thinking of those please wait while we're evaluating your request messages that you get on some sites. But also about any methods used to prove that you are human.

[-] TootSweet@lemmy.world 3 points 2 months ago* (last edited 2 months ago)

Do they play a part in commercial DDOS protection?

Absolutely! As well as mitigating other types of threats. "Web Application Firewalls" (don't be fooled, they're not like regular firewalls really) are a type of transparent web proxy that watch requests for anything that "looks like" a SQL injection or XSS payload and block those requests if necessary. Transparent web proxies may also do things like caching or even "honeypot" functionality that may shunt likely bot traffic to a fake version of the website to prevent scraping of real site content.

[-] finn_der_mensch@discuss.tchncs.de 9 points 2 months ago* (last edited 2 months ago)

A VPN operates on the network layer (3) meanwhile a proxy works on the application layer (4) that sits on top of first.

This means that using a vpn will send all network traffic from all apps over it (if configured accordingly) meanwhile a proxy will only work for the http(s) traffic in a browser configured with it.

For most applications, you won’t be able to tell the difference.

[-] Wilzax@lemmy.world 6 points 2 months ago* (last edited 2 months ago)

In a technical sense, a consumer VPN service is really more of an encrypted proxy than anything else. It tries to obfuscate what network traffic and activity you're actually participating in by both appearing as the endpoint for your connection, and the destination for the connection of the sites you visit and internet services you use.

A true VPN does more than that, allowing multiple computers that are not sharing a router to communicate with each other as if they are. For context, certain IP addresses are local-only, such as any IP starting with 192.168.x.x. This means that when you access the broader internet, your IP is different than the one used when you try to use your WiFi printer on your same network. They're both your addresses, you have them at the same time, but one is really the address of your whole network while the other is the address of your computer in that network. Think "building street address" and "office number in that building"

For businesses and other organizations, a VPN is a useful way to allow users to connect using these local-only addresses without physically being connected to the network those local addresses are valid in. You don't have to expose the printer to the Internet, you just need to expose the VPN service to the Internet, and then allow VPN users to connect to the network when they need to use the printer

[-] lung@lemmy.world 2 points 2 months ago

Functionally the same for most people. A VPN is a virtual LAN so you can access other computers on it. Ex. company's internal websites from a remote location

Proxy just forwards traffic like a gateway. In both cases the source is hidden. LANs have gateways too

this post was submitted on 09 Sep 2024
76 points (100.0% liked)

No Stupid Questions

35868 readers
292 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS