This is a Public Service Announcement. There is a lot of advertising about VPNs. They are pitched as necessary for your “security”, but how much do you really need one?
VPNs, that is virtual private networks, provide a user with a secure connection to their network. A VPN encrypts all the traffic that goes through it and ensures that it cannot be read by any third party. This makes it an excellent tool for privacy.
Enterprise VPNs usually initiate from the user device, all the way to the company’s gateway. By doing this, no part of the connection is exposed.
But the VPN that you contract from any of the commercial consumer VPN providers doesn’t work this way. So the statement that “you are secure” and even that you need one, is debatable in most cases.
Consumer VPNs are mostly used to hide your identity and location, providing you with a layer of privacy, and in some scenarios, the ability to overcome censorship. Let me explain why:
Consumer VPNs also originate from the user’s device, but they are terminated at one of the VPN provider gateways. Then, your connection continues by whatever other means you would connect. If you look at the graph, it is almost like your connection to the internet is stretched out to the point where the gateway is. This, can be sometimes in a different country, reason why it can be used to circumvent censorship.
Because the connection immediately after the device is encrypted, it also helps prevent some attacks, like those that could be done by exploring the WiFi network. But let’s say you are connecting to your bank. Once the connection goes from the VPN provider’s gateway, to your bank’s server, there is no more VPN. So if you don’t see the usual padlock and the https:// on the address, you may not be protected, from the gateway to the bank.
What Consumer VPNs provide, is privacy, in the sense that the connection you are creating comes out of the gateway, not from your machine. But that again falls on its face if you are logging into any page that has authentication , and that has your real name attached to it. Actually, it can look really weird, “why is joe connecting to the Bank from Malaysia?”, your Bank may say. Then, there is also cookies and other trackers that reside on your machine. Those are fetched by your browser., So if you are browsing the Internet through a VPN with your regular browser, make sure you are using “Private Mode”.