Security & Hack Scams Concern

graphomet · 10 Mar 2016

Hello Forum.

I've been told in the past from various work colleagues, that various sites uses HTTP protocols to locate
peoples IP address and gather information from their network. And that a VPN is the only way to secure
your online session and information you share with file transfers and such. And locations as Latin America
and Africa are key locations of stealing peoples information.

What what I have mentioned what is true and what false?

Thank you.

Alejandro85 · 10 Mar 2016

graphomet said:

that various sites uses HTTP protocols to locate
peoples IP address and gather information from their network.

Everything on internet relies on IP addresses, they're part of the fundamentals of the underlying TCP/IP protocol that supports the whole internet. Every connection you do, you send your IP address (being from a browser, mail program, a game, program update, chat client, whatever). Physically locating an IP address (approximately) is also an easy work, many sites will tell you that information and anyone can query them.
That by itself isn't important to security, that's why they call it "your public IP address", it's meant to be known by anyone you're connecting to. By that alone, it's not possible to relate that connection to any real life person however.
"Gather information from their network" is totally wrong. Servers you connect to only see your public IP (the final network gateway), but anything behind is totally invisible to internet, unless you explicitly open in.

graphomet said:

And that a VPN is the only way to secure your online session and information you share with file transfers and such.

A VPN has its merits, but it's far from being the only secure thing out there. First off, a site that uses plain HTTP should be considered insecure and any transfers from there can be tampered with (note that "can" doesn't necesarily means that it's actually happening), so for anything critical you must stay with sites that use HTTPS. When HTTPS is used, data is encrypted while in-transit, the server identity is verified and tampering can be detected, so it's considered secure to use in unreliable environments and critical sites.

Now to VPN, what it provides is encryption from your computer to some intermediate server, and that server does the connection itself with the website. It's useful when you use shared connections for example, but it doesn't makes HTTP sites secure at all (as the connection from the proxy to the site is still in the plain). Other than that, it gives no security benefits.
About privacy, sites you visit under VPN will not see your IP address, but the proxy's instead (as it's doing the connection). Who sees your real IP is the VPN provider, so the question is who do you trust more, the VPN vendor or the website owner. You IP is still disclosed as always. If you can't live with that, you should not be using internet to begin with

graphomet said:

And locations as Latin America and Africa are key locations of stealing peoples information.

This is blatantly wrong. Internet is world-wide. Any people with an internet connection is essencially the same as any other, no matter where he's physically located. Damage can be done from anywhere, since within internet everyone can be connected with everyone, and people from right next door can be equally dangerous as people on the other side of the world.
That said, some places can have more incidences of "cybercrimes" than others, but that's ultimately irrelevant, you want to protect your security and privacy, from anyone, no matter where he's located. Knowing who stolen your credit card could be interesting, but preventing it from being stolen in the first place is the real goal.