Is it necessary really or is using a normal VPN server fine? What exactly is secure core needed for, i heard that its good for stopping man in the middle attacks when the data is being transmitted but that’s it and of course it encrypted your data twice.
Secure Core works fine for me but just was wondering.
thanks
Well, depends on your threat model. In certain situations, yes, in other situations (which is probably most people) not really. Ultimately everyone has to decide for themselves.
Use secure core if you’re concerned the server located in the country you connect to might be compromised. The very existence of secure core means there is a possibility of that happening.
In my experience secure core slows down the connection so much that I can’t use it.
To be honest, no. Their article about it has a few points. I’ll try to explain in simple terms.
A. “more protection from timing/correlation attacks”. This just menas that a strong adversary (i.e. intelligence agency) can look at network traffic of a country/continent and see who uses a VPN and then see where VPN traffic connects to and compare those. So for example, if you’re using a vpn at 8:00 AM and they see that a website was accessed by that VPN at exactly 8:00AM they can narrow it down and further examine traffic. This is the basic concept.
Secure core just adds another server (or more) in between, to make this matching process more diffucult.
Real Talk: If an adversary has the option to perform timing/correlation attacks on that scale, it almost doesn’t matter how much servers are put in between unless more advanced obfucsation methods are used like ncr-mixing or level 0 delays to scramble timing attacks.
TL;DR: vs intelligence agencies, it’s useless.
B. “secure core servers are located in them bunkers”. Sounds fancy, but in practice it does mean jackshit if the adversary is big enough. To monitor a server farm you don’t need to sneak in James Bond style and plant a fancy device into that server that has a flashing “super secret” written on top of them. Intelligence agencies can just suck the traffic from traffic nodes outside the server center. Planting shit directly into server centers is more convenient but not neccessary these days.
TL;DR> vs intelligence agencies, it’s useless.
So is secure core useless? Yes, if you’re up against top nerds. But if it’s an adversary who hasn’t a lot of resources, secure core can hinder them a bit.
But it’s good from a business point of view. “Servers in Bunkers” is good for $$.