I’m going to need an ELI5 because I have read several explanations online, and I still don’t fully understand what makes them different. Why would you want to use one over the other? Don’t they both just forward your internet traffic? How do they work, in general?

  • BlameThePeacock@lemmy.ca
    link
    fedilink
    English
    arrow-up
    65
    arrow-down
    2
    ·
    edit-2
    2 months ago

    The big difference is that VPNs encrypt all traffic between your computer and the VPN computer, while this is usually not the case with a proxy. The lack of encryption and decryption can make a proxy slightly faster, but obviously less secure if you’re tying to hide what you’re doing.

    ELI5 version:

    VPN - You write a note in code, pass it to your friend who then decodes it, and then gives the decoded note to your crush. Your crush doesn’t know it came from you, and if the teacher caught you passing the note to your fiend, they wouldn’t be able to tell what it was.

    Proxy - You just pass a note to your friend, who then hands it to your crush. Your crush doesn’t know if came from you, but If the teacher catches you, they can read it. It’s faster than having to write in code and decode.

    • xmunk@sh.itjust.works
      link
      fedilink
      arrow-up
      18
      arrow-down
      1
      ·
      2 months ago

      * with a slight hiccup since nearly all web traffic is sent over HTTPS now - this distinction was a lot more significant ten years ago.

      • ColeSloth@discuss.tchncs.de
        link
        fedilink
        arrow-up
        12
        ·
        2 months ago

        You won’t know what’s in the note, but you can snoop enough to know which two people are passing the notes back and fourth. Https won’t save you from letting me know you keep getting on furries.com or catching you downloading copyrighted material. A VPN will.

    • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 months ago

      I would recommend actually getting into contact with your crush. You could then establish means to use OTP and won’t need to trust your friend at all.

      You know, exchange each in and out OTP keys each of you will use, agree on a checkerboard to use, write a codebook for common words/phrases you will use, how you’ll notifiy the other party of potentially compromised key(s).

    • Fonzie!@ttrpg.network
      link
      fedilink
      arrow-up
      3
      ·
      2 months ago

      But then, there would be no difference between an encrypted proxy and a VPN. But that’s not the case.

  • TootSweet@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    2 months ago

    Ooo. This is a good one.

    A computer can have more than one network interface, right? (Like, you can be plugged into ethernet at home but also connected to the WIFI of the coffee shop across the street.)

    A VPN gives you a whole new network device (“virtual ethernet card” if you will) that works as if that card was connected to some LAN somewhere else. Typically, you’d forward “all” of your computer’s/smartphone’s/etc traffic through the VPN so that your computer “thinks it’s on that remote LAN” rather than on your home WIFI or whatever.

    Proxies… well the term can mean a few different things in different contexts, really. But generally you’re not forwarding “all” traffic through them, just HTTP traffic (and usually only a subset of all HTTP traffic) or just traffic that is specifically told to be forwarded through them.

    An opaque web proxy is one that you can point your browser (or other HTTP interface) to. It won’t handle protocols other than HTTP. And when you want to use an opaque web proxy, your HTTP client has to know how to do that. (Whereas with VPN’s, it’s your operating system, not your individual applications, that need to know how to forward through it.)

    A transparent web proxy can be something you (and your apps and OS) don’t know you’re even using. When you point your browser or app to a Lemmy instance, it’s almost certain that the domain is pointed not at an application server that actually runs the Lemmy code, but rather at a transparent web proxy that does stuff on the instance-owner’s end like preventing spamming or whatever. This type of proxy is sometimes called a “reverse web proxy” and can also only work with HTTP.

    A SOCKS proxy, like an opaque web proxy, requires applications to know how to use it. (Ok, technically that’s not 100% true. It’s possible in some cases to have a transparent proxy of some sort forward through a SOCKS proxy in a way that the application doesn’t know SOCKS is involved. There are also some cool OS-level hacks that can force an app to go through a SOCKS proxy without the app knowing anything about SOCKS. But if you’re doing those things, you’re a hacker.) And with a SOCKS proxy, your computer doesn’t “think” it’s connected to a whole different LAN. Individual applications know that they’re forwarding through SOCKS. SOCKS supports more protocols than just HTTP. Probably all TCP-based protocols, but I don’t think it has any support for UDP. So you won’t be torrenting through SOCKS.

    That’s all I can think to say at the moment. There are special-purpose proxies for things like security auditing (like Burp Suite, for instance.) But I’m guessing that’s not the sort of thing you’re asking about.

    • takeheart@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      2 months ago

      Never knew about transparent web proxies. Neat. Do they play a part in commercial DDOS protection? I’m thinking of those please wait while we’re evaluating your request messages that you get on some sites. But also about any methods used to prove that you are human.

      • TootSweet@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        2 months ago

        Do they play a part in commercial DDOS protection?

        Absolutely! As well as mitigating other types of threats. “Web Application Firewalls” (don’t be fooled, they’re not like regular firewalls really) are a type of transparent web proxy that watch requests for anything that “looks like” a SQL injection or XSS payload and block those requests if necessary. Transparent web proxies may also do things like caching or even “honeypot” functionality that may shunt likely bot traffic to a fake version of the website to prevent scraping of real site content.

  • finn_der_mensch@discuss.tchncs.de
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    2 months ago

    A VPN operates on the network layer (3) meanwhile a proxy works on the application layer (4) that sits on top of first.

    This means that using a vpn will send all network traffic from all apps over it (if configured accordingly) meanwhile a proxy will only work for the http(s) traffic in a browser configured with it.

    For most applications, you won’t be able to tell the difference.

  • Wilzax@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    2 months ago

    In a technical sense, a consumer VPN service is really more of an encrypted proxy than anything else. It tries to obfuscate what network traffic and activity you’re actually participating in by both appearing as the endpoint for your connection, and the destination for the connection of the sites you visit and internet services you use.

    A true VPN does more than that, allowing multiple computers that are not sharing a router to communicate with each other as if they are. For context, certain IP addresses are local-only, such as any IP starting with 192.168.x.x. This means that when you access the broader internet, your IP is different than the one used when you try to use your WiFi printer on your same network. They’re both your addresses, you have them at the same time, but one is really the address of your whole network while the other is the address of your computer in that network. Think “building street address” and “office number in that building”

    For businesses and other organizations, a VPN is a useful way to allow users to connect using these local-only addresses without physically being connected to the network those local addresses are valid in. You don’t have to expose the printer to the Internet, you just need to expose the VPN service to the Internet, and then allow VPN users to connect to the network when they need to use the printer

    • BlameThePeacock@lemmy.ca
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      This isn’t quite the right analogy. The traffic between you and the VPN is quite visible, so it’s more like the windows on the vehicle you’re using are blacked out so that nobody can tell what’s inside while it’s moving between those two points.

      • xmunk@sh.itjust.works
        link
        fedilink
        arrow-up
        5
        ·
        2 months ago

        Just to de-analogy this a bit for clarity… with a VPN you can see that there is traffic but not what that traffic is…

        The confusing thing is that the world is now running SSL by default so even with a proxy that traffic is hidden to intermediaries… so the distinction means a lot less than it once did.

  • Lung@lemmy.world
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    2 months ago

    Functionally the same for most people. A VPN is a virtual LAN so you can access other computers on it. Ex. company’s internal websites from a remote location

    Proxy just forwards traffic like a gateway. In both cases the source is hidden. LANs have gateways too