Securing a VPN (Virtual Private Network)
- bhwabeck3533
- Posts: 462
- Joined: Thu Sep 21, 2017 6:25 am
- Location: Baldwin County, AL
Securing a VPN (Virtual Private Network)
AARP is recommending the use of a VPN to avoid Airport and Hotel Wi-Fi hacks. Seems like a smart idea and relatively inexpensive (they quote $30 to $100 per year).
Two questions:
1. What are your experiences with a VPN services?
2. Where do I apply for one/which are the best?
Thanks.
Two questions:
1. What are your experiences with a VPN services?
2. Where do I apply for one/which are the best?
Thanks.
-
- Posts: 5994
- Joined: Mon Aug 22, 2016 3:22 pm
Re: Securing a VPN (Virtual Private Network)
I use Windscribe, it is free.
- RickBoglehead
- Posts: 7877
- Joined: Wed Feb 14, 2018 8:10 am
- Location: In a house
Re: Securing a VPN (Virtual Private Network)
Keep in mind that AARP is in the business of making money... While they may call themselves a non-profit, in 2019 they took in $1.7B, and had similar expenses. They have $2.1B of net assets.
I get a free VPN from the university I graduated from 40 years ago, free for all alum.
There is no reason to pay for a VPN. But AARP doesn't give you the list of free options, do they?
I get a free VPN from the university I graduated from 40 years ago, free for all alum.
There is no reason to pay for a VPN. But AARP doesn't give you the list of free options, do they?
Last edited by RickBoglehead on Thu Jun 10, 2021 4:13 pm, edited 1 time in total.
Avid user of forums on variety of interests-financial, home brewing, F-150, EV, home repair, etc. Enjoy learning & passing on knowledge. It's PRINCIPAL, not PRINCIPLE. I ADVISE you to seek ADVICE.
-
- Posts: 15371
- Joined: Fri Apr 10, 2015 12:29 am
Re: Securing a VPN (Virtual Private Network)
How do you know the VPN server is secure? It is likely configured to be reasonably secure, but it also may be viewed as a high value target by sophisticated attackers. It also may be run by people who do not actually understand how to secure such a service properly.
I think a better approach is to use an LTE connection on your phone or tablet. Configure a WiFi hotspot on the phone, tether your laptop to it, and use TLS (https) connections.
I think a better approach is to use an LTE connection on your phone or tablet. Configure a WiFi hotspot on the phone, tether your laptop to it, and use TLS (https) connections.
-
- Posts: 725
- Joined: Thu Jul 23, 2020 3:15 pm
Re: Securing a VPN (Virtual Private Network)
Any of the major VPNs will be fine as long as you’re not trying to outfox the CIA or something like that. Paying will get you better speed and service. Also the suggestion to use mobile data instead is a good one.
- bhwabeck3533
- Posts: 462
- Joined: Thu Sep 21, 2017 6:25 am
- Location: Baldwin County, AL
Re: Securing a VPN (Virtual Private Network)
I have been using my cell phone for the hotspot option. Always like to have a plan B. Still looking for where I can buy the VPN service. Who are the "major VPNs"?Impatience wrote: ↑Thu Jun 10, 2021 3:41 pm Any of the major VPNs will be fine as long as you’re not trying to outfox the CIA or something like that. Paying will get you better speed and service. Also the suggestion to use mobile data instead is a good one.
I understand that "you get what you pay for" can be argued, but FREE may have some downsides versus paying for the VPN.
Re: Securing a VPN (Virtual Private Network)
There are all kinds of crazy options.
If you are a tinkerer, and want to do it yourself, PiVPN works well. Software is open source, the hardware was about $50. Took about an hour or so to set up. I was surprised how well it worked when I was traveling for work. (The concept is that the encrypted traffic goes from your hotel, and is unencrypted back at your house, and out over your home connection). Only ongoing cost is the power to run the server at home.
I also use Proton VPN. I don't have much experience with it yet. But am testing out the free version.
If you are a tinkerer, and want to do it yourself, PiVPN works well. Software is open source, the hardware was about $50. Took about an hour or so to set up. I was surprised how well it worked when I was traveling for work. (The concept is that the encrypted traffic goes from your hotel, and is unencrypted back at your house, and out over your home connection). Only ongoing cost is the power to run the server at home.
I also use Proton VPN. I don't have much experience with it yet. But am testing out the free version.
Re: Securing a VPN (Virtual Private Network)
If you've got a nice router, you may have built-in VPN server capability available for free.
-
- Posts: 490
- Joined: Mon Sep 14, 2020 9:43 pm
Re: Securing a VPN (Virtual Private Network)
If something is free you are the product. Apples new OS will have one built in, I believe it comes out soonish.
Re: Securing a VPN (Virtual Private Network)
I would definitely avoid free options. I would search Google for reputable websites with articles discussing VPNs. You can find some decent (no way of truly knowing if they are secure) options that way. Personally, I do not trust any of them with my data. If I wanted a plan B, I would probably just get a separate wifi hotspot to have with me in addition to my smartphone. I do not believe using a VPN is any safer than not using one when it comes to hotel or other semi-trustworthy wifi connections. In fact, I would probably trust a reputable hotel chain to have better security than the vast majority of consumer grade VPN services.
Re: Securing a VPN (Virtual Private Network)
My "consumer grade" router uses OpenVPN which is open-source and has a free client as well. You can review all the code yourself, and if you aren't capable of that, then you aren't capable of concluding what does and does not have better security in the first place.yangtui wrote: ↑Thu Jun 10, 2021 4:07 pm I would definitely avoid free options. I would search Google for reputable websites with articles discussing VPNs. You can find some decent (no way of truly knowing if they are secure) options that way. Personally, I do not trust any of them with my data. If I wanted a plan B, I would probably just get a separate wifi hotspot to have with me in addition to my smartphone. I do not believe using a VPN is any safer than not using one when it comes to hotel or other semi-trustworthy wifi connections. In fact, I would probably trust a reputable hotel chain to have better security than the vast majority of consumer grade VPN services.
Also, regarding VPN providers; you only have to vet ONE business if you use a VPN provider and decide if you trust them enough... instead of EVERY business you connect to the wifi on.
-
- Posts: 152
- Joined: Fri Mar 08, 2019 11:36 am
Re: Securing a VPN (Virtual Private Network)
From what I understand some very good VPNs with respect to security are Mullvad and IVPN. I’ve heard windscribe is also a very good VPN and is good for Netflix, but the downsides is they are in Canada and thusly part of FVEY if that matters to you.
Re: Securing a VPN (Virtual Private Network)
Use Express VPN and have for about 8 years. About $100 a year. Always been happy and have used it in China, Europe and all over the globe. Just my 2 cents worth.
-
- Posts: 78
- Joined: Sat Jul 27, 2019 3:22 pm
Re: Securing a VPN (Virtual Private Network)
This guy does VPN reviews and maintains a list of all the major VPN providers: https://www.vpntierlist.com/vpn-tier-list/
You will be fine with any of the major VPN providers in his list.
Over the years, I've used a number of the major VPN services he has listed. I've jumped around based on whoever was offering an enticing promotion at the time, that is, whoever had an offer that I just couldn't refuse.
I'm currently using Surfshark as my general-purpose VPN. In the past, I've used Torguard, VPN Unlimited, Private VPN, and some very specialized ones you've never heard of for some particular needs I had that likely won't apply to you (e.g. needing to circumvent certain geographical restrictions but not using a shared-VPN that is likely to be blocked by the more sophisticated services that are able to detect common shared VPNs and some other specialized non-illegal reasons).
I'm not beholden to any particular VPN service that I've used in the past. The quality of service from all the major VPN providers is likely quite similar.
I would not recommend VPN Unlimited however. They have this authorized device limit that does *not* refer to simultaneous devices using their service. Instead, they do this crap where you have a limit of 5 devices that you can connect to the VPN service and if you want to connect a 6th device later on, you have to de-authorize one of your prior devices (even though you are only using one device at a time). VPN Unlimited then wants you to pay more to authorize more devices. The other VPN providers I've used haven't pulled this crap.
The other recommendation I would give you is to always sign up with a promo code. Never pay full price. Whatever VPN you are considering signing up for, just search for reviews on YouTube for that VPN service provider, then get the promo code from the YouTube description below the video and sign up with a huge discount.
You can't always trust the YouTube reviewers because they will often just recommend whoever is giving them the highest affiliate kickback when people sign up using their affiliate link.
I've personally had good experiences with Torguard and Surfshark, but I'm sure many of the other VPN providers are just as good. Many years ago, I appreciated that Torguard sold routers that were pre-configured with their VPN software, so that I could easily have two wireless networks in my house, one with a VPN service and one without (e.g. my Netflix TV would connect to a regional VPN to allow me to watch content only available in Germany, etc). You cannot however do this Netflix thing with most general purpose VPNs because Netflix can detect those (you typically have to pay more for a specialized VPN that won't be detected as a VPN). Netflix used to block VPNs, but Netflix no longer blocks them, but instead just restricts its catalog you can view to its general worldwide catalog if it detects that you are using a VPN. So, you have to search the Netflix catalog and see what movies you are able to view to determine whether Netflix is correctly determining you are using a VPN.
If you are looking for good quality wifi routers that can be easily configured to work with any of the major VPN providers, check out GL-iNet.com. This is a fantastic company with great products. You can buy their routers on Amazon as well. I have a couple of their tiny travel routers, fits in the palm of my hand and can be powered with a USB battery brick. Useful for many things, including connecting once to the hotel captive login page through the router. Then it repeats a new wifi network in your room without any of your devices having to mess with that pesky hotel captive login page. That is just one use case. Plus, the router can connect to your preferred VPN so that all your Internet traffic is protected. The small travel routers aren't super fast (especially when running the VPN software inside the router), but in most cases, hotel wifi isn't that super fast to begin with, so the tiny travel router isn't much of a limiting factor in that case. If you want a faster router, GL-iNet.com has higher grade models that are plenty fast also (but they cost more). The tiny travel routers are super cheap, like $27 for their mango model. But, I recommend paying the extra few bucks ($33) for their "Shadow" model GL-AR300M if you're going to be running a VPN on it. If you need higher speeds, their Slate model is very popular also (and still reasonably small for travel and won't break the bank).
You will be fine with any of the major VPN providers in his list.
Over the years, I've used a number of the major VPN services he has listed. I've jumped around based on whoever was offering an enticing promotion at the time, that is, whoever had an offer that I just couldn't refuse.
I'm currently using Surfshark as my general-purpose VPN. In the past, I've used Torguard, VPN Unlimited, Private VPN, and some very specialized ones you've never heard of for some particular needs I had that likely won't apply to you (e.g. needing to circumvent certain geographical restrictions but not using a shared-VPN that is likely to be blocked by the more sophisticated services that are able to detect common shared VPNs and some other specialized non-illegal reasons).
I'm not beholden to any particular VPN service that I've used in the past. The quality of service from all the major VPN providers is likely quite similar.
I would not recommend VPN Unlimited however. They have this authorized device limit that does *not* refer to simultaneous devices using their service. Instead, they do this crap where you have a limit of 5 devices that you can connect to the VPN service and if you want to connect a 6th device later on, you have to de-authorize one of your prior devices (even though you are only using one device at a time). VPN Unlimited then wants you to pay more to authorize more devices. The other VPN providers I've used haven't pulled this crap.
The other recommendation I would give you is to always sign up with a promo code. Never pay full price. Whatever VPN you are considering signing up for, just search for reviews on YouTube for that VPN service provider, then get the promo code from the YouTube description below the video and sign up with a huge discount.
You can't always trust the YouTube reviewers because they will often just recommend whoever is giving them the highest affiliate kickback when people sign up using their affiliate link.
I've personally had good experiences with Torguard and Surfshark, but I'm sure many of the other VPN providers are just as good. Many years ago, I appreciated that Torguard sold routers that were pre-configured with their VPN software, so that I could easily have two wireless networks in my house, one with a VPN service and one without (e.g. my Netflix TV would connect to a regional VPN to allow me to watch content only available in Germany, etc). You cannot however do this Netflix thing with most general purpose VPNs because Netflix can detect those (you typically have to pay more for a specialized VPN that won't be detected as a VPN). Netflix used to block VPNs, but Netflix no longer blocks them, but instead just restricts its catalog you can view to its general worldwide catalog if it detects that you are using a VPN. So, you have to search the Netflix catalog and see what movies you are able to view to determine whether Netflix is correctly determining you are using a VPN.
If you are looking for good quality wifi routers that can be easily configured to work with any of the major VPN providers, check out GL-iNet.com. This is a fantastic company with great products. You can buy their routers on Amazon as well. I have a couple of their tiny travel routers, fits in the palm of my hand and can be powered with a USB battery brick. Useful for many things, including connecting once to the hotel captive login page through the router. Then it repeats a new wifi network in your room without any of your devices having to mess with that pesky hotel captive login page. That is just one use case. Plus, the router can connect to your preferred VPN so that all your Internet traffic is protected. The small travel routers aren't super fast (especially when running the VPN software inside the router), but in most cases, hotel wifi isn't that super fast to begin with, so the tiny travel router isn't much of a limiting factor in that case. If you want a faster router, GL-iNet.com has higher grade models that are plenty fast also (but they cost more). The tiny travel routers are super cheap, like $27 for their mango model. But, I recommend paying the extra few bucks ($33) for their "Shadow" model GL-AR300M if you're going to be running a VPN on it. If you need higher speeds, their Slate model is very popular also (and still reasonably small for travel and won't break the bank).
-
- Posts: 189
- Joined: Wed Jan 27, 2016 11:19 am
Re: Securing a VPN (Virtual Private Network)
Expressvpn.com is the correct choice.
-
- Posts: 1329
- Joined: Wed Sep 26, 2012 5:30 pm
Re: Securing a VPN (Virtual Private Network)
As the saying goes, if it's free, then you are the product.
Re: Securing a VPN (Virtual Private Network)
But I have only two devices and I won’t be adding more, any reason then not to consider VPN Unlimited? How is its speed, reliability, # of servers, security, and so on?cheerfulcharlie wrote: ↑Thu Jun 10, 2021 9:32 pm I would not recommend VPN Unlimited however. They have this authorized device limit that does *not* refer to simultaneous devices using their service. Instead, they do this crap where you have a limit of 5 devices that you can connect to the VPN service and if you want to connect a 6th device later on, you have to de-authorize one of your prior devices (even though you are only using one device at a time). VPN Unlimited then wants you to pay more to authorize more devices. The other VPN providers I've used haven't pulled this crap.
Re: Securing a VPN (Virtual Private Network)
This!
VPN is a secure connection over an untrusted network *to somebody*. Your traffic passes through them as if no VPN st the “exit”. This necessarily includes flow data (tracking) even if your connection is secure/encrypted. Think motive. Aside from corporate or university “hookups”, why would an entity provide that service? Most likely monitoring for advertising. Could be more nefarious.
Btw, short of schemes like TOR, you’re always trusting your exit node. With LTE this is your phone company. Think of a VPN as extending that point to someone else.
VPN is a secure connection over an untrusted network *to somebody*. Your traffic passes through them as if no VPN st the “exit”. This necessarily includes flow data (tracking) even if your connection is secure/encrypted. Think motive. Aside from corporate or university “hookups”, why would an entity provide that service? Most likely monitoring for advertising. Could be more nefarious.
Btw, short of schemes like TOR, you’re always trusting your exit node. With LTE this is your phone company. Think of a VPN as extending that point to someone else.
Somethingwitty92912 wrote: ↑Thu Jun 10, 2021 4:00 pm If something is free you are the product. Apples new OS will have one built in, I believe it comes out soonish.
-
- Posts: 2352
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: Securing a VPN (Virtual Private Network)
A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
Re: Securing a VPN (Virtual Private Network)
+1 In this day and age, for the average user a VPN offers additional privacy but no additional security. If you do want to use a VPN, then I would use a reputable one that you pay for (I like Mullvad but there are other reasonable choices). If it's worth having, it's worth paying $5/month to have a decent one.HawkeyePierce wrote: ↑Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
As mentioned above, if you use apple products, then they will soon offer a VPN-like service for people who use Safari.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
-
- Posts: 145
- Joined: Sun Apr 11, 2021 12:22 pm
Re: Securing a VPN (Virtual Private Network)
If you get a VPN free through an institution you trust, that's probably OK for your needs. If you decide to become a power user someday, here are some things to consider:
-Does the VPN have sufficient bandwidth? A lot of free options are fine for sending email and reading the paper, but won't work well if you're trying to stream video (some of them specifically block this content to reduce cost).
-Does your VPN provider keep logs? If you don't want copies of everything you're doing online (that law enforcement could access), this is important.
-Where is your VPN provider based? If it's based in the US, chances are they'll cave to US law enforcement requests. If they're in Bermuda, that's less likely. If the VPN provider doesn't keep logs, then this question is less important.
-Who is your VPN provider really? Some providers are unreasonably cheap (or free) but may ultimately be backed by a foreign power that is specifically trying to get access to Americans' data.
I use Cyberghost. Outside of the factors above, the other selling point for me was that I could spoof my location in a lot of different countries, which is helpful for watching geography-restricted sporting events.
-Does the VPN have sufficient bandwidth? A lot of free options are fine for sending email and reading the paper, but won't work well if you're trying to stream video (some of them specifically block this content to reduce cost).
-Does your VPN provider keep logs? If you don't want copies of everything you're doing online (that law enforcement could access), this is important.
-Where is your VPN provider based? If it's based in the US, chances are they'll cave to US law enforcement requests. If they're in Bermuda, that's less likely. If the VPN provider doesn't keep logs, then this question is less important.
-Who is your VPN provider really? Some providers are unreasonably cheap (or free) but may ultimately be backed by a foreign power that is specifically trying to get access to Americans' data.
I use Cyberghost. Outside of the factors above, the other selling point for me was that I could spoof my location in a lot of different countries, which is helpful for watching geography-restricted sporting events.
-
- Posts: 78
- Joined: Sat Jul 27, 2019 3:22 pm
Re: Securing a VPN (Virtual Private Network)
According to the technophiles on the Reddit community, there seems to be a prevailing consensus that https is super awesome but definitely not a cure-all, replacement for all of the benefits that a VPN provides. According to what I was able to uncover (I had this same question at one point), it seems that even though the primary data to and from the web site you are communicating with is encrypted, there is still a substantial amount of other network traffic that is not encrypted such as your DNS queries. That information can be exploited for a variety of malicious attacks, including redirecting you to a copycat web site using malicious DNS injections. There are apparently a variety of other attack vectors that I am too technically dumb to comprehend.HawkeyePierce wrote: ↑Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
The Reddit consensus seems that to be that a VPN offers another protective general layer of encapsulation around all of your network traffic, including the network traffic that is not typically encrypted by https (such as your DNS queries if your VPN is configured correctly).
Then again, maybe this is all just propaganda spread by the VPN companies on the Reddit communities? In any case, I have not been using VPNs for protection-from-evil-hacker purposes but mainly for circumventing geographical restrictions. Based on what I've been reading though, I should probably get in the habit of using them more when I travel. Then again, what are the chances that a highly-technical evil-doer is in the vicinity of my wifi range in the budget hotel I happen to be staying in?
I'm guessing that htpps gets my 95% of the way there in terms of Internet safety, but adding a VPN on top of https is like icing on top.
-
- Posts: 35
- Joined: Mon Oct 02, 2017 9:27 pm
Re: Securing a VPN (Virtual Private Network)
most if not all web sites encrypt from the browser to the endpoint. the original post mentioned safe wifi in hotels and such. the way i address that is with a so-called jetpack. i connect to the internet with my jetpack and then connect my laptop to the jetpack via wifi. i dont use publicly available internet connections for this reason. if you have a smartphone, it most likely has the ability to be a hotspot like my jetpack.
this would seem to be one solution the stated problem. you totally avoid the use of public internet connections period.
this would seem to be one solution the stated problem. you totally avoid the use of public internet connections period.
Re: Securing a VPN (Virtual Private Network)
"And into the forest I go, to lose my mind and find my soul." |
|
- John Muir
-
- Posts: 3289
- Joined: Mon Nov 24, 2014 10:30 pm
Re: Securing a VPN (Virtual Private Network)
This.. i use my router, to run a VPN. it was like 5 button clicks.. I also have my router update a DNS entry so that if its IP changes, i can still connect.
Earned 43 (and counting) credit hours of financial planning related education from a regionally accredited university, but I am not your advisor.
-
- Posts: 3289
- Joined: Mon Nov 24, 2014 10:30 pm
Re: Securing a VPN (Virtual Private Network)
That isn't entirely true.. without a VPN if i run the hotel network, i can see what your going to (hostnames as an example).. and if i know what your room number is, because i forced you to log into a portal.. I can see that Joe in room 202 is on redtube.HawkeyePierce wrote: ↑Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
Earned 43 (and counting) credit hours of financial planning related education from a regionally accredited university, but I am not your advisor.
-
- Posts: 189
- Joined: Wed Jan 27, 2016 11:19 am
Re: Securing a VPN (Virtual Private Network)
SSL/HTTPS (these are appx the same thing) solves a different problem from VPN, but both are encryption wrappers.
SSL encrypts your traffic using the destination server's secret key, so that PAYLOAD traffic (the most important part) can only be decrypted by the server. An eavesdropper will be able to see every data packet, where you sent it and when - but they would not be able to de-crypt the contents. Basically they can look at your envelopes and see who they are addressed too. But they can't open them. If you don't mind the eavesdropper knowing WHO you are communicating with and when, then this is sufficient.
A VPN encrypts your whole internet pipe and funnels it through a 3rd-party server on it's way to the destination. All of the metadata (destination address, etc) is included in this encryption, so an eavesdropper can't see who you are communicating with or really anything else, EXCEPT the VPN service itself, which would in theory be able to see all of the packets (letters) you send as though there was no VPN. But when the final-destination server is also using SSL, then even the VPN service will not be able to open your envelopes.
Don't be confused that some VPNs (most consumer ones, actually), themselves run on SSL/HTTPS. So in that case, you would have your normal SSL internet traffic wrapped inside a VPN, which is in turn wrapped in SSL to the service. So the outer SSL connection wraps and encrypts the traffic to the VPN service, and then inside that another SSL connection that wraps and encrypts the traffic all the way to your bank or whatever.
Also, using HTTPS/SSL is not a choice that you can make as an end user (roughly). It either is, or is not implemented on the server, and that's that. The only question is whether or not to use a VPN with it, which is really a privacy choice more than a security one.
I use a VPN almost always, even at home: expressvpn.com
SSL encrypts your traffic using the destination server's secret key, so that PAYLOAD traffic (the most important part) can only be decrypted by the server. An eavesdropper will be able to see every data packet, where you sent it and when - but they would not be able to de-crypt the contents. Basically they can look at your envelopes and see who they are addressed too. But they can't open them. If you don't mind the eavesdropper knowing WHO you are communicating with and when, then this is sufficient.
A VPN encrypts your whole internet pipe and funnels it through a 3rd-party server on it's way to the destination. All of the metadata (destination address, etc) is included in this encryption, so an eavesdropper can't see who you are communicating with or really anything else, EXCEPT the VPN service itself, which would in theory be able to see all of the packets (letters) you send as though there was no VPN. But when the final-destination server is also using SSL, then even the VPN service will not be able to open your envelopes.
Don't be confused that some VPNs (most consumer ones, actually), themselves run on SSL/HTTPS. So in that case, you would have your normal SSL internet traffic wrapped inside a VPN, which is in turn wrapped in SSL to the service. So the outer SSL connection wraps and encrypts the traffic to the VPN service, and then inside that another SSL connection that wraps and encrypts the traffic all the way to your bank or whatever.
Also, using HTTPS/SSL is not a choice that you can make as an end user (roughly). It either is, or is not implemented on the server, and that's that. The only question is whether or not to use a VPN with it, which is really a privacy choice more than a security one.
I use a VPN almost always, even at home: expressvpn.com
-
- Posts: 3289
- Joined: Mon Nov 24, 2014 10:30 pm
Re: Securing a VPN (Virtual Private Network)
I provide my neighborhood with free internet that is throttled, so I have some built in anonymizing.
Earned 43 (and counting) credit hours of financial planning related education from a regionally accredited university, but I am not your advisor.
-
- Posts: 189
- Joined: Wed Jan 27, 2016 11:19 am
Re: Securing a VPN (Virtual Private Network)
Very dangerous thinking! The reverse is much more likely to be true: You could be blamed or liable for the deeds of your neighbors! I was just reading recently about someone who had a weak wireless password and and ended up under criminal investigation for the deeds of a stranger who had used his wireless. Don't be that guy!I provide my neighborhood with free internet that is throttled, so I have some built in anonymizing.
Edit to add source:
https://www.bbc.com/news/technology-57156799
-
- Posts: 3289
- Joined: Mon Nov 24, 2014 10:30 pm
Re: Securing a VPN (Virtual Private Network)
bah. its a unencrypted "guest" network. setup with logging, dns tracking, all the goodies to see what people are doing... I see what they are doing. I have traffic shaping setup to detect torrents, and it both throttles the connections and drops packets. most web traffic on "safe and sane" websites it allows a decent download rate.. sites that fail safe and sane websites, while it works. the traffic gets deprioritized to oblivion ..mdavis6890 wrote: ↑Fri Jun 11, 2021 11:35 pmVery dangerous thinking! The reverse is much more likely to be true: You could be blamed or liable for the deeds of your neighbors! I was just reading recently about someone who had a weak wireless password and and ended up under criminal investigation for the deeds of a stranger who had used his wireless. Don't be that guy!I provide my neighborhood with free internet that is throttled, so I have some built in anonymizing.
Edit to add source:
https://www.bbc.com/news/technology-57156799
its a social experiment to see if i can figure out who in my neighborhood is doing what..
So it probably is a good reason for others to use a VPN while they connect...
Earned 43 (and counting) credit hours of financial planning related education from a regionally accredited university, but I am not your advisor.
-
- Posts: 189
- Joined: Wed Jan 27, 2016 11:19 am
Re: Securing a VPN (Virtual Private Network)
Good luck! Hopefully it's not something you'll ever have to deal with, but if it does it won't be me that you have to convince
Re: Securing a VPN (Virtual Private Network)
I use Tunnelbear. Easy to use, has free or pay options. Your data is not kept and/or sold. Highly rated by several reviewers, including NY Times.
-
- Posts: 3061
- Joined: Mon Jan 22, 2018 2:55 am
Re: Securing a VPN (Virtual Private Network)
Surfshark at $60 total for a two year subscription. It seems to work well with regards to geoblocking. I rarely use it though, mainly just to hide my identity when browsing sites like Bogleheads.
Re: Securing a VPN (Virtual Private Network)
It does a little. Without a VPN, others on the network would know who you are communicating with. For example, they could see that you are connecting to Bogleheads.org. They couldn't see what you are sending and receiving, but they could see who you are talking to.HawkeyePierce wrote: ↑Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
So for the OP, I'd probably skip the VPN if I were you. If you're worried about somebody reading your e-mail, capturing your banking info, or getting your credit card while you are shopping, it isn't necessary. On the other hand, if you don't want anyone to know that you are spending time of adult websites, or regularly logging into your employer's competitor's site, or something like that, a VPN would be a good idea.
- bhwabeck3533
- Posts: 462
- Joined: Thu Sep 21, 2017 6:25 am
- Location: Baldwin County, AL
Re: Securing a VPN (Virtual Private Network)
MarkBarb, OP here.MarkBarb wrote: ↑Sat Jun 12, 2021 5:22 pmIt does a little. Without a VPN, others on the network would know who you are communicating with. For example, they could see that you are connecting to Bogleheads.org. They couldn't see what you are sending and receiving, but they could see who you are talking to.HawkeyePierce wrote: ↑Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
So for the OP, I'd probably skip the VPN if I were you. If you're worried about somebody reading your e-mail, capturing your banking info, or getting your credit card while you are shopping, it isn't necessary. On the other hand, if you don't want anyone to know that you are spending time of adult websites, or regularly logging into your employer's competitor's site, or something like that, a VPN would be a good idea.
I have enjoyed all the discussion generated from my initial post. Thanks for bringing it full circle to my original request. You hit it on the head regarding my objective, to have a secure connection while traveling. "I am worried about somebody reading my e-mail, capturing my banking info, or getting my credit card while I am shopping. I am not accessing adult websites, or regularly logging into an employer's competitor's site".
You say I don't need a VPN. Please suggest what I do need.
Re: Securing a VPN (Virtual Private Network)
For banking, and other financial concerns If I need to do banking on the road, I'd just hotspot my phone. That will get you off the free wifi and onto the cell network. That's safer than the free wifi.
For email I don't care. I don't believe someone can shadow me and read my email. MFA/2FA covers me if someone got my password.
Edit: I should add that I don't click on links or open attachments from unknown sources.
For email I don't care. I don't believe someone can shadow me and read my email. MFA/2FA covers me if someone got my password.
Edit: I should add that I don't click on links or open attachments from unknown sources.
-
- Posts: 4074
- Joined: Fri Jan 29, 2016 11:40 am
Re: Securing a VPN (Virtual Private Network)
An updated OS, current web browser, and safe browsing practices. When you get a warning about a certificate problem, take it seriously. Don't install things you don't understand.bhwabeck3533 wrote: ↑Sun Jun 13, 2021 6:50 amMarkBarb, OP here.MarkBarb wrote: ↑Sat Jun 12, 2021 5:22 pmIt does a little. Without a VPN, others on the network would know who you are communicating with. For example, they could see that you are connecting to Bogleheads.org. They couldn't see what you are sending and receiving, but they could see who you are talking to.HawkeyePierce wrote: ↑Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
So for the OP, I'd probably skip the VPN if I were you. If you're worried about somebody reading your e-mail, capturing your banking info, or getting your credit card while you are shopping, it isn't necessary. On the other hand, if you don't want anyone to know that you are spending time of adult websites, or regularly logging into your employer's competitor's site, or something like that, a VPN would be a good idea.
I have enjoyed all the discussion generated from my initial post. Thanks for bringing it full circle to my original request. You hit it on the head regarding my objective, to have a secure connection while traveling. "I am worried about somebody reading my e-mail, capturing my banking info, or getting my credit card while I am shopping. I am not accessing adult websites, or regularly logging into an employer's competitor's site".
You say I don't need a VPN. Please suggest what I do need.
Your computer and your behavior are the easiest vectors for someone to get your information, most likely by keylogging. No VPN will ever fix that. The VPN just adds an additional layer of privacy. The contents of what you're browsing are always (nowadays) encrypted on any modern website. The downsides of a VPN most commonly are bandwidth and latency since you're tunneling all your communications through a specific server rather than allowing the internet to do its thing.
-
- Posts: 4074
- Joined: Fri Jan 29, 2016 11:40 am
Re: Securing a VPN (Virtual Private Network)
Oh keep in mind some content providers, notably streaming services but also others, will block access if they detect you're coming from a known VPN provider. That's because the most common use for VPNs is for people in one country or region to access content that is geographically limited.
Re: Securing a VPN (Virtual Private Network)
Using VPN on public networks is a must. I use Nord VPN.
For private or sensitive browsing I also use Brave and private Tor windows.
For private or sensitive browsing I also use Brave and private Tor windows.
Remember when you wanted what you currently have?
-
- Posts: 2352
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: Securing a VPN (Virtual Private Network)
This is simply untrue. Adding a VPN, Brave or Tor to any of that adds no additional security. A public wifi network is made safe simply through HTTPS, which the vast majority of websites use.
-
- Posts: 2352
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: Securing a VPN (Virtual Private Network)
All you've done is change who can see the hostnames you're connecting to. Instead of the hotel it's now your VPN provider. Why are they any more trustworthy?Soon2BXProgrammer wrote: ↑Fri Jun 11, 2021 6:32 pmThat isn't entirely true.. without a VPN if i run the hotel network, i can see what your going to (hostnames as an example).. and if i know what your room number is, because i forced you to log into a portal.. I can see that Joe in room 202 is on redtube.HawkeyePierce wrote: ↑Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
Hint: they are not.
Re: Securing a VPN (Virtual Private Network)
To be fair, using a single reputable VPN is not the same level of risk as a dozen hotel/cafe/airport wifi nodes of unknown origin. I have more confidence in a company whose business model depends on having a good reputation for security and privacy than I do in a Joe IT who was paid peanuts ten years ago to set up the Holiday Inn wifi network.HawkeyePierce wrote: ↑Sun Jun 13, 2021 11:02 amAll you've done is change who can see the hostnames you're connecting to. Instead of the hotel it's now your VPN provider. Why are they any more trustworthy?Soon2BXProgrammer wrote: ↑Fri Jun 11, 2021 6:32 pmThat isn't entirely true.. without a VPN if i run the hotel network, i can see what your going to (hostnames as an example).. and if i know what your room number is, because i forced you to log into a portal.. I can see that Joe in room 202 is on redtube.HawkeyePierce wrote: ↑Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
Hint: they are not.
Even still the risk is almost entirely on the side of privacy, not security. With an up-to-date computer and browser, and being mindful that https is working properly on the sites you visit (by looking for the closed lock in the browser bar), the average person is plenty secure from hacks.
Admittedly, without a VPN there is a greater chance that in the OP's scenario someone could get info about their choice of bank, porn habits, what-have-you. And it is possible that they could use this info as, for example, part of a phishing attack in conjunction with knowing your email address, home address, dates of travel, etc. (which a person at the VPN wouldn't have).
But that is a tiny incremental difference in security. In the VPN vs. non-VPN scenario, the only difference is they know some websites you've gone to while at the hotel, which isn't much. There are other things (e.g. using a password manager, using two-factor authentication) which make infinitely more of a difference than a VPN when it comes to security. I use a VPN for privacy and for international travel reasons, not security. People who tell someone they need a VPN for security reasons are trying to scare them into buying something.
As mentioned above, I use Mullvad and have used Tunnelbear in the past. Both are great, widely recommended, and generally well regarded.
Tunnelbear allows for a small amount of VPNing for free, which makes it a good answer for the OP's original question.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
Re: Securing a VPN (Virtual Private Network)
HawkeyePierce correctly suggests using your mobile phone's network for secure browsing while you're travelling. They are almost certainly more trustworthy than a VPN or a random coffee house / hotel network provider -- the mobile provider has regulatory and reputation risks that force them to do better.
It's important to understand that phishing attacks operate on scale. Attackers these days don't bother getting phishing data by doing packet analysis on poorly secured networks, because the prevalence of encrypted transport killed it. They instead buy dumps of useful personal information from attacks on institutions that hold that information.
If you asked me to design an attack that requires collecting network traffic at scale, I'd go after the VPN. It's a fatter target.
The VPN business is filled with companies selling snake oil. There is not a single VPN provider that I trust. I feel exactly like Karl does in his post on TechDirt: https://www.techdirt.com/articles/20200 ... acea.shtml
If I really felt I needed VPN while traveling, and I didn't want to use mobile data, I'd make my own, either by setting up a machine in the cloud ($0.02/hour) or routing it through my home network.
Agree.DoTheMath wrote: ↑Sun Jun 13, 2021 4:31 pm Even still the risk is almost entirely on the side of privacy, not security. With an up-to-date computer and browser, and being mindful that https is working properly on the sites you visit (by looking for the closed lock in the browser bar), the average person is plenty secure from hacks.
I don't know how you assess the relative chance of a random WIFI network provider getting data like DNS queries, vs the chance that the VPN provider is doing the same thing. Both have exactly the same visibility into your network traffic. From my perspective, I would not trust either of them if I was concerned about queries leaking. If the coffee shop wifi operator can get your email address, so can the VPN operator.DoTheMath wrote: ↑Sun Jun 13, 2021 4:31 pm Admittedly, without a VPN there is a greater chance that in the OP's scenario someone could get info about their choice of bank, porn habits, what-have-you. And it is possible that they could use this info as, for example, part of a phishing attack in conjunction with knowing your email address, home address, dates of travel, etc. (which a person at the VPN wouldn't have).
It's important to understand that phishing attacks operate on scale. Attackers these days don't bother getting phishing data by doing packet analysis on poorly secured networks, because the prevalence of encrypted transport killed it. They instead buy dumps of useful personal information from attacks on institutions that hold that information.
If you asked me to design an attack that requires collecting network traffic at scale, I'd go after the VPN. It's a fatter target.
Read his disclosures. He is paid by VPN providers.cheerfulcharlie wrote: ↑Thu Jun 10, 2021 9:32 pm This guy does VPN reviews and maintains a list of all the major VPN providers: https://www.vpntierlist.com/vpn-tier-list/
The VPN business is filled with companies selling snake oil. There is not a single VPN provider that I trust. I feel exactly like Karl does in his post on TechDirt: https://www.techdirt.com/articles/20200 ... acea.shtml
If I really felt I needed VPN while traveling, and I didn't want to use mobile data, I'd make my own, either by setting up a machine in the cloud ($0.02/hour) or routing it through my home network.
Re: Securing a VPN (Virtual Private Network)
OP,
Check out Cloudflare 1.1.1.1 / WARP. Free version works just fine for me.
https://one.one.one.one/
Check out Cloudflare 1.1.1.1 / WARP. Free version works just fine for me.
https://one.one.one.one/
Re: Securing a VPN (Virtual Private Network)
I completely agree. That is the best option when it is an option.nordsteve wrote: ↑Sun Jun 13, 2021 5:23 pm HawkeyePierce correctly suggests using your mobile phone's network for secure browsing while you're travelling. They are almost certainly more trustworthy than a VPN or a random coffee house / hotel network provider -- the mobile provider has regulatory and reputation risks that force them to do better.
nordsteve wrote: ↑Sun Jun 13, 2021 5:23 pmI don't know how you assess the relative chance of a random WIFI network provider getting data like DNS queries, vs the chance that the VPN provider is doing the same thing. Both have exactly the same visibility into your network traffic. From my perspective, I would not trust either of them if I was concerned about queries leaking. If the coffee shop wifi operator can get your email address, so can the VPN operator.DoTheMath wrote: ↑Sun Jun 13, 2021 4:31 pm Admittedly, without a VPN there is a greater chance that in the OP's scenario someone could get info about their choice of bank, porn habits, what-have-you. And it is possible that they could use this info as, for example, part of a phishing attack in conjunction with knowing your email address, home address, dates of travel, etc. (which a person at the VPN wouldn't have).
It's important to understand that phishing attacks operate on scale. Attackers these days don't bother getting phishing data by doing packet analysis on poorly secured networks, because the prevalence of encrypted transport killed it. They instead buy dumps of useful personal information from attacks on institutions that hold that information.
If you asked me to design an attack that requires collecting network traffic at scale, I'd go after the VPN. It's a fatter target.
Sure, of course. I only mentioned a possible scenario for the sake of honesty. It was hopefully clear that what I described is a situation where you are specifically targeted. Which is vanishingly unlikely to ever happen for an ordinary person (although if I were, say, the head of the DNC I would take such risks more seriously). I didn't want to say that a VPN is never, ever useful for security as I don't think that absolutism is helpful. For specific people in specific scenarios, it could make sense. But such people should have a private VPN if security is their motivation.
For an ordinary person, a reputable VPN does not provide meaningful additional security. They have their uses and (IMHO) do no harm. On the other hand, a disreputable VPN is positively worse than none at all.
Agreed.
I would never, ever trust a VPN for anything of significance. But when I'm in, say, Vietnam or China, or at work, a VPN provides me with some extra privacy which I appreciate. YMMV.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
Re: Securing a VPN (Virtual Private Network)
Google: "Man in the middle attack." HTTPS in a public WiFi network does not secure against such an attack.HawkeyePierce wrote: ↑Sun Jun 13, 2021 10:52 amThis is simply untrue. Adding a VPN, Brave or Tor to any of that adds no additional security. A public wifi network is made safe simply through HTTPS, which the vast majority of websites use.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. |
(Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
Re: Securing a VPN (Virtual Private Network)
Instead of just doing a Google search on that term, try some graduate level courses in network security and cryptography. The conditions under which some type of MITM attack could be possible are much more nuanced than you think.samsoes wrote: ↑Sun Jun 13, 2021 7:57 pmGoogle: "Man in the middle attack." HTTPS in a public WiFi network does not secure against such an attack.HawkeyePierce wrote: ↑Sun Jun 13, 2021 10:52 amThis is simply untrue. Adding a VPN, Brave or Tor to any of that adds no additional security. A public wifi network is made safe simply through HTTPS, which the vast majority of websites use.
Edited to add: I had a nice exchange with Mudpuppy last week about this. He correctly points out that researchers discovered some sophisticated exploits against earlier versions of TLS, so TLS 1.3 might end up being vulnerable too. And there might still be a lot of vulnerable TLS 1.2 and earlier servers out there.
Last edited by warner25 on Sun Jun 13, 2021 8:30 pm, edited 1 time in total.
-
- Posts: 2352
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: Securing a VPN (Virtual Private Network)
HTTPS on public wifi protects exactly against a man-in-the-middle attack. An attacker between you and a website can't successfully intercept and decrypt that traffic without your browser throwing up lots of warnings about mismatched SSL certificates.samsoes wrote: ↑Sun Jun 13, 2021 7:57 pmGoogle: "Man in the middle attack." HTTPS in a public WiFi network does not secure against such an attack.HawkeyePierce wrote: ↑Sun Jun 13, 2021 10:52 amThis is simply untrue. Adding a VPN, Brave or Tor to any of that adds no additional security. A public wifi network is made safe simply through HTTPS, which the vast majority of websites use.
Successfully pulling off a MITM against a modern browser is far from trivial.
- Ozonewanderer
- Posts: 691
- Joined: Mon Apr 12, 2010 12:27 am
- Location: Southwest FL
Re: Securing a VPN (Virtual Private Network)
I read the same AARP article and actually subscribed to a VPN after reading this thread. Then I noticed this from Norton;:
Fortunately there was a 30-day trial period for my VPN so I have requested to cancel.Do you need a VPN if you’re logging onto the internet from your home?
Probably not. When you established your home Wi-Fi network, it is likely that you protected your network with a password. Because of that, you may not need the added security of a VPN to shield your online activity.