What does my ISP see when I am connected to Zerotier?

When I use common VPN providers it is clear enough what happens. There are plenty of explanations like this. But what`s about Zerotier? I read protocol description from here and some user discussions like reddit. As I understood, traffic between peers is encrypted even if I do not use full tunnel mode. It is OK. But what “private” info is exactly available for my Internet Service Provider?

  1. Does it detect IP addresses of nodes, when they are connected by Zerotier peer2peer, without full tunnel mode?
  2. Can it find out where Zerotier controller is placed (IP address)? Or does it have any data about roots, moons etc?
  3. Does it know, that Zerotier connection is used?

ZeroTier is not a “Privacy VPN.” It does not hide physical IP addresses and makes no attempt to. Any and all data sent over the network is encrypted and can’t even be decrypted by us.

1 Like

ZeroTier is designed to make an reasonable attempt to establish direct peer to peer connection to nodes to optimise performance. It does this through the help of proxy servers to allow nodes behind NAT and stateful firewalls to coordinate and attempt to punch a direct bidirectional peer to peer UDP flow through.The developers chose to forgo some more extreme/unusual ways to dig through middle boxes (stateful firewalls, NAT, etc.) to avoid lighting up security products common in the enterprise networking space into a christmas tree. Hiding the nodes WAN or LAN addresses from other nodes on the same ZeroTier networks your local node isn’t part of their design goals because it would conflict with auto discovering the best paths e.g. two nodes on the same overlay network attached to the same switch behind a NAT router or otherwise restrictive middle box like a locked down firewall.

In short ZeroTier doesn’t hide your IP addresses, it solves a different problem. It securely connects devices over untrusted fairly hostile networks allowing you to treat any sufficiently fast and reliable network connection between them as one more more VLANs on a single global managed switch e.g. allowing you to bridge to your home or office network and auto discover your printers and other cursed IoT devices or play old games in LAN multiplayer mode with friends long after the official match making service has shut down having to move to the same neighbourhood and lug your computers around like you’re in high school (again).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.