Securing a VPN (Virtual Private Network)

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
Topic Author
bhwabeck3533
Posts: 462
Joined: Thu Sep 21, 2017 6:25 am
Location: Baldwin County, AL

Securing a VPN (Virtual Private Network)

Post by bhwabeck3533 »

AARP is recommending the use of a VPN to avoid Airport and Hotel Wi-Fi hacks. Seems like a smart idea and relatively inexpensive (they quote $30 to $100 per year).

Two questions:
1. What are your experiences with a VPN services?
2. Where do I apply for one/which are the best?

Thanks.
runner3081
Posts: 5994
Joined: Mon Aug 22, 2016 3:22 pm

Re: Securing a VPN (Virtual Private Network)

Post by runner3081 »

I use Windscribe, it is free.
User avatar
RickBoglehead
Posts: 7877
Joined: Wed Feb 14, 2018 8:10 am
Location: In a house

Re: Securing a VPN (Virtual Private Network)

Post by RickBoglehead »

Keep in mind that AARP is in the business of making money... While they may call themselves a non-profit, in 2019 they took in $1.7B, and had similar expenses. They have $2.1B of net assets.

I get a free VPN from the university I graduated from 40 years ago, free for all alum.

There is no reason to pay for a VPN. But AARP doesn't give you the list of free options, do they? :wink:
Last edited by RickBoglehead on Thu Jun 10, 2021 4:13 pm, edited 1 time in total.
Avid user of forums on variety of interests-financial, home brewing, F-150, EV, home repair, etc. Enjoy learning & passing on knowledge. It's PRINCIPAL, not PRINCIPLE. I ADVISE you to seek ADVICE.
Northern Flicker
Posts: 15371
Joined: Fri Apr 10, 2015 12:29 am

Re: Securing a VPN (Virtual Private Network)

Post by Northern Flicker »

How do you know the VPN server is secure? It is likely configured to be reasonably secure, but it also may be viewed as a high value target by sophisticated attackers. It also may be run by people who do not actually understand how to secure such a service properly.

I think a better approach is to use an LTE connection on your phone or tablet. Configure a WiFi hotspot on the phone, tether your laptop to it, and use TLS (https) connections.
Impatience
Posts: 725
Joined: Thu Jul 23, 2020 3:15 pm

Re: Securing a VPN (Virtual Private Network)

Post by Impatience »

Any of the major VPNs will be fine as long as you’re not trying to outfox the CIA or something like that. Paying will get you better speed and service. Also the suggestion to use mobile data instead is a good one.
User avatar
Topic Author
bhwabeck3533
Posts: 462
Joined: Thu Sep 21, 2017 6:25 am
Location: Baldwin County, AL

Re: Securing a VPN (Virtual Private Network)

Post by bhwabeck3533 »

Impatience wrote: Thu Jun 10, 2021 3:41 pm Any of the major VPNs will be fine as long as you’re not trying to outfox the CIA or something like that. Paying will get you better speed and service. Also the suggestion to use mobile data instead is a good one.
I have been using my cell phone for the hotspot option. Always like to have a plan B. Still looking for where I can buy the VPN service. Who are the "major VPNs"?

I understand that "you get what you pay for" can be argued, but FREE may have some downsides versus paying for the VPN.
chet96
Posts: 219
Joined: Fri Feb 21, 2020 8:14 am

Re: Securing a VPN (Virtual Private Network)

Post by chet96 »

There are all kinds of crazy options.

If you are a tinkerer, and want to do it yourself, PiVPN works well. Software is open source, the hardware was about $50. Took about an hour or so to set up. I was surprised how well it worked when I was traveling for work. (The concept is that the encrypted traffic goes from your hotel, and is unencrypted back at your house, and out over your home connection). Only ongoing cost is the power to run the server at home.

I also use Proton VPN. I don't have much experience with it yet. But am testing out the free version.
Fclevz
Posts: 651
Joined: Fri Mar 30, 2007 11:28 am

Re: Securing a VPN (Virtual Private Network)

Post by Fclevz »

If you've got a nice router, you may have built-in VPN server capability available for free.
Somethingwitty92912
Posts: 490
Joined: Mon Sep 14, 2020 9:43 pm

Re: Securing a VPN (Virtual Private Network)

Post by Somethingwitty92912 »

If something is free you are the product. Apples new OS will have one built in, I believe it comes out soonish.
User avatar
yangtui
Posts: 545
Joined: Sun Mar 30, 2014 1:32 pm
Contact:

Re: Securing a VPN (Virtual Private Network)

Post by yangtui »

I would definitely avoid free options. I would search Google for reputable websites with articles discussing VPNs. You can find some decent (no way of truly knowing if they are secure) options that way. Personally, I do not trust any of them with my data. If I wanted a plan B, I would probably just get a separate wifi hotspot to have with me in addition to my smartphone. I do not believe using a VPN is any safer than not using one when it comes to hotel or other semi-trustworthy wifi connections. In fact, I would probably trust a reputable hotel chain to have better security than the vast majority of consumer grade VPN services.
User avatar
kevinf
Posts: 849
Joined: Mon Aug 05, 2019 11:35 pm

Re: Securing a VPN (Virtual Private Network)

Post by kevinf »

yangtui wrote: Thu Jun 10, 2021 4:07 pm I would definitely avoid free options. I would search Google for reputable websites with articles discussing VPNs. You can find some decent (no way of truly knowing if they are secure) options that way. Personally, I do not trust any of them with my data. If I wanted a plan B, I would probably just get a separate wifi hotspot to have with me in addition to my smartphone. I do not believe using a VPN is any safer than not using one when it comes to hotel or other semi-trustworthy wifi connections. In fact, I would probably trust a reputable hotel chain to have better security than the vast majority of consumer grade VPN services.
My "consumer grade" router uses OpenVPN which is open-source and has a free client as well. You can review all the code yourself, and if you aren't capable of that, then you aren't capable of concluding what does and does not have better security in the first place.

Also, regarding VPN providers; you only have to vet ONE business if you use a VPN provider and decide if you trust them enough... instead of EVERY business you connect to the wifi on.
Bogle64Pilot
Posts: 152
Joined: Fri Mar 08, 2019 11:36 am

Re: Securing a VPN (Virtual Private Network)

Post by Bogle64Pilot »

From what I understand some very good VPNs with respect to security are Mullvad and IVPN. I’ve heard windscribe is also a very good VPN and is good for Netflix, but the downsides is they are in Canada and thusly part of FVEY if that matters to you.
rrt
Posts: 49
Joined: Sun Feb 26, 2012 11:01 pm

Re: Securing a VPN (Virtual Private Network)

Post by rrt »

Use Express VPN and have for about 8 years. About $100 a year. Always been happy and have used it in China, Europe and all over the globe. Just my 2 cents worth.
cheerfulcharlie
Posts: 78
Joined: Sat Jul 27, 2019 3:22 pm

Re: Securing a VPN (Virtual Private Network)

Post by cheerfulcharlie »

This guy does VPN reviews and maintains a list of all the major VPN providers: https://www.vpntierlist.com/vpn-tier-list/

You will be fine with any of the major VPN providers in his list.

Over the years, I've used a number of the major VPN services he has listed. I've jumped around based on whoever was offering an enticing promotion at the time, that is, whoever had an offer that I just couldn't refuse.

I'm currently using Surfshark as my general-purpose VPN. In the past, I've used Torguard, VPN Unlimited, Private VPN, and some very specialized ones you've never heard of for some particular needs I had that likely won't apply to you (e.g. needing to circumvent certain geographical restrictions but not using a shared-VPN that is likely to be blocked by the more sophisticated services that are able to detect common shared VPNs and some other specialized non-illegal reasons).

I'm not beholden to any particular VPN service that I've used in the past. The quality of service from all the major VPN providers is likely quite similar.

I would not recommend VPN Unlimited however. They have this authorized device limit that does *not* refer to simultaneous devices using their service. Instead, they do this crap where you have a limit of 5 devices that you can connect to the VPN service and if you want to connect a 6th device later on, you have to de-authorize one of your prior devices (even though you are only using one device at a time). VPN Unlimited then wants you to pay more to authorize more devices. The other VPN providers I've used haven't pulled this crap.

The other recommendation I would give you is to always sign up with a promo code. Never pay full price. Whatever VPN you are considering signing up for, just search for reviews on YouTube for that VPN service provider, then get the promo code from the YouTube description below the video and sign up with a huge discount.

You can't always trust the YouTube reviewers because they will often just recommend whoever is giving them the highest affiliate kickback when people sign up using their affiliate link.

I've personally had good experiences with Torguard and Surfshark, but I'm sure many of the other VPN providers are just as good. Many years ago, I appreciated that Torguard sold routers that were pre-configured with their VPN software, so that I could easily have two wireless networks in my house, one with a VPN service and one without (e.g. my Netflix TV would connect to a regional VPN to allow me to watch content only available in Germany, etc). You cannot however do this Netflix thing with most general purpose VPNs because Netflix can detect those (you typically have to pay more for a specialized VPN that won't be detected as a VPN). Netflix used to block VPNs, but Netflix no longer blocks them, but instead just restricts its catalog you can view to its general worldwide catalog if it detects that you are using a VPN. So, you have to search the Netflix catalog and see what movies you are able to view to determine whether Netflix is correctly determining you are using a VPN.

If you are looking for good quality wifi routers that can be easily configured to work with any of the major VPN providers, check out GL-iNet.com. This is a fantastic company with great products. You can buy their routers on Amazon as well. I have a couple of their tiny travel routers, fits in the palm of my hand and can be powered with a USB battery brick. Useful for many things, including connecting once to the hotel captive login page through the router. Then it repeats a new wifi network in your room without any of your devices having to mess with that pesky hotel captive login page. That is just one use case. Plus, the router can connect to your preferred VPN so that all your Internet traffic is protected. The small travel routers aren't super fast (especially when running the VPN software inside the router), but in most cases, hotel wifi isn't that super fast to begin with, so the tiny travel router isn't much of a limiting factor in that case. If you want a faster router, GL-iNet.com has higher grade models that are plenty fast also (but they cost more). The tiny travel routers are super cheap, like $27 for their mango model. But, I recommend paying the extra few bucks ($33) for their "Shadow" model GL-AR300M if you're going to be running a VPN on it. If you need higher speeds, their Slate model is very popular also (and still reasonably small for travel and won't break the bank).
mdavis6890
Posts: 189
Joined: Wed Jan 27, 2016 11:19 am

Re: Securing a VPN (Virtual Private Network)

Post by mdavis6890 »

Expressvpn.com is the correct choice.
killjoy2012
Posts: 1329
Joined: Wed Sep 26, 2012 5:30 pm

Re: Securing a VPN (Virtual Private Network)

Post by killjoy2012 »

As the saying goes, if it's free, then you are the product.
Nicolas
Posts: 4923
Joined: Wed Aug 22, 2012 7:41 am

Re: Securing a VPN (Virtual Private Network)

Post by Nicolas »

cheerfulcharlie wrote: Thu Jun 10, 2021 9:32 pm I would not recommend VPN Unlimited however. They have this authorized device limit that does *not* refer to simultaneous devices using their service. Instead, they do this crap where you have a limit of 5 devices that you can connect to the VPN service and if you want to connect a 6th device later on, you have to de-authorize one of your prior devices (even though you are only using one device at a time). VPN Unlimited then wants you to pay more to authorize more devices. The other VPN providers I've used haven't pulled this crap.
But I have only two devices and I won’t be adding more, any reason then not to consider VPN Unlimited? How is its speed, reliability, # of servers, security, and so on?
Shorty
Posts: 231
Joined: Sat Feb 23, 2019 3:54 pm

Re: Securing a VPN (Virtual Private Network)

Post by Shorty »

This!

VPN is a secure connection over an untrusted network *to somebody*. Your traffic passes through them as if no VPN st the “exit”. This necessarily includes flow data (tracking) even if your connection is secure/encrypted. Think motive. Aside from corporate or university “hookups”, why would an entity provide that service? Most likely monitoring for advertising. Could be more nefarious.

Btw, short of schemes like TOR, you’re always trusting your exit node. With LTE this is your phone company. Think of a VPN as extending that point to someone else.
Somethingwitty92912 wrote: Thu Jun 10, 2021 4:00 pm If something is free you are the product. Apples new OS will have one built in, I believe it comes out soonish.
HawkeyePierce
Posts: 2352
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: Securing a VPN (Virtual Private Network)

Post by HawkeyePierce »

A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
DoTheMath
Posts: 671
Joined: Sat Jul 04, 2015 1:11 pm
Location: The Plains

Re: Securing a VPN (Virtual Private Network)

Post by DoTheMath »

HawkeyePierce wrote: Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
+1 In this day and age, for the average user a VPN offers additional privacy but no additional security. If you do want to use a VPN, then I would use a reputable one that you pay for (I like Mullvad but there are other reasonable choices). If it's worth having, it's worth paying $5/month to have a decent one.

As mentioned above, if you use apple products, then they will soon offer a VPN-like service for people who use Safari.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
Hannibal Barca
Posts: 145
Joined: Sun Apr 11, 2021 12:22 pm

Re: Securing a VPN (Virtual Private Network)

Post by Hannibal Barca »

If you get a VPN free through an institution you trust, that's probably OK for your needs. If you decide to become a power user someday, here are some things to consider:

-Does the VPN have sufficient bandwidth? A lot of free options are fine for sending email and reading the paper, but won't work well if you're trying to stream video (some of them specifically block this content to reduce cost).
-Does your VPN provider keep logs? If you don't want copies of everything you're doing online (that law enforcement could access), this is important.
-Where is your VPN provider based? If it's based in the US, chances are they'll cave to US law enforcement requests. If they're in Bermuda, that's less likely. If the VPN provider doesn't keep logs, then this question is less important.
-Who is your VPN provider really? Some providers are unreasonably cheap (or free) but may ultimately be backed by a foreign power that is specifically trying to get access to Americans' data.

I use Cyberghost. Outside of the factors above, the other selling point for me was that I could spoof my location in a lot of different countries, which is helpful for watching geography-restricted sporting events.
cheerfulcharlie
Posts: 78
Joined: Sat Jul 27, 2019 3:22 pm

Re: Securing a VPN (Virtual Private Network)

Post by cheerfulcharlie »

HawkeyePierce wrote: Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
According to the technophiles on the Reddit community, there seems to be a prevailing consensus that https is super awesome but definitely not a cure-all, replacement for all of the benefits that a VPN provides. According to what I was able to uncover (I had this same question at one point), it seems that even though the primary data to and from the web site you are communicating with is encrypted, there is still a substantial amount of other network traffic that is not encrypted such as your DNS queries. That information can be exploited for a variety of malicious attacks, including redirecting you to a copycat web site using malicious DNS injections. There are apparently a variety of other attack vectors that I am too technically dumb to comprehend.

The Reddit consensus seems that to be that a VPN offers another protective general layer of encapsulation around all of your network traffic, including the network traffic that is not typically encrypted by https (such as your DNS queries if your VPN is configured correctly).

Then again, maybe this is all just propaganda spread by the VPN companies on the Reddit communities? In any case, I have not been using VPNs for protection-from-evil-hacker purposes but mainly for circumventing geographical restrictions. Based on what I've been reading though, I should probably get in the habit of using them more when I travel. Then again, what are the chances that a highly-technical evil-doer is in the vicinity of my wifi range in the budget hotel I happen to be staying in?

I'm guessing that htpps gets my 95% of the way there in terms of Internet safety, but adding a VPN on top of https is like icing on top.
rotLobster
Posts: 35
Joined: Mon Oct 02, 2017 9:27 pm

Re: Securing a VPN (Virtual Private Network)

Post by rotLobster »

most if not all web sites encrypt from the browser to the endpoint. the original post mentioned safe wifi in hotels and such. the way i address that is with a so-called jetpack. i connect to the internet with my jetpack and then connect my laptop to the jetpack via wifi. i dont use publicly available internet connections for this reason. if you have a smartphone, it most likely has the ability to be a hotspot like my jetpack.

this would seem to be one solution the stated problem. you totally avoid the use of public internet connections period.
JS727
Posts: 14
Joined: Tue Jul 14, 2020 6:33 pm

Re: Securing a VPN (Virtual Private Network)

Post by JS727 »

I use this on all my devices. Love it and it works great:

https://www.expressvpn.com/
"And into the forest I go, to lose my mind and find my soul." | | - John Muir
Soon2BXProgrammer
Posts: 3289
Joined: Mon Nov 24, 2014 10:30 pm

Re: Securing a VPN (Virtual Private Network)

Post by Soon2BXProgrammer »

Fclevz wrote: Thu Jun 10, 2021 3:56 pm If you've got a nice router, you may have built-in VPN server capability available for free.
This.. i use my router, to run a VPN. it was like 5 button clicks.. I also have my router update a DNS entry so that if its IP changes, i can still connect.
Earned 43 (and counting) credit hours of financial planning related education from a regionally accredited university, but I am not your advisor.
Soon2BXProgrammer
Posts: 3289
Joined: Mon Nov 24, 2014 10:30 pm

Re: Securing a VPN (Virtual Private Network)

Post by Soon2BXProgrammer »

HawkeyePierce wrote: Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
That isn't entirely true.. without a VPN if i run the hotel network, i can see what your going to (hostnames as an example).. and if i know what your room number is, because i forced you to log into a portal.. I can see that Joe in room 202 is on redtube.
Earned 43 (and counting) credit hours of financial planning related education from a regionally accredited university, but I am not your advisor.
mdavis6890
Posts: 189
Joined: Wed Jan 27, 2016 11:19 am

Re: Securing a VPN (Virtual Private Network)

Post by mdavis6890 »

SSL/HTTPS (these are appx the same thing) solves a different problem from VPN, but both are encryption wrappers.

SSL encrypts your traffic using the destination server's secret key, so that PAYLOAD traffic (the most important part) can only be decrypted by the server. An eavesdropper will be able to see every data packet, where you sent it and when - but they would not be able to de-crypt the contents. Basically they can look at your envelopes and see who they are addressed too. But they can't open them. If you don't mind the eavesdropper knowing WHO you are communicating with and when, then this is sufficient.

A VPN encrypts your whole internet pipe and funnels it through a 3rd-party server on it's way to the destination. All of the metadata (destination address, etc) is included in this encryption, so an eavesdropper can't see who you are communicating with or really anything else, EXCEPT the VPN service itself, which would in theory be able to see all of the packets (letters) you send as though there was no VPN. But when the final-destination server is also using SSL, then even the VPN service will not be able to open your envelopes.

Don't be confused that some VPNs (most consumer ones, actually), themselves run on SSL/HTTPS. So in that case, you would have your normal SSL internet traffic wrapped inside a VPN, which is in turn wrapped in SSL to the service. So the outer SSL connection wraps and encrypts the traffic to the VPN service, and then inside that another SSL connection that wraps and encrypts the traffic all the way to your bank or whatever.

Also, using HTTPS/SSL is not a choice that you can make as an end user (roughly). It either is, or is not implemented on the server, and that's that. The only question is whether or not to use a VPN with it, which is really a privacy choice more than a security one.

I use a VPN almost always, even at home: expressvpn.com
Soon2BXProgrammer
Posts: 3289
Joined: Mon Nov 24, 2014 10:30 pm

Re: Securing a VPN (Virtual Private Network)

Post by Soon2BXProgrammer »

mdavis6890 wrote: Fri Jun 11, 2021 6:45 pm I use a VPN almost always, even at home: expressvpn.com
I provide my neighborhood with free internet that is throttled, so I have some built in anonymizing.
Earned 43 (and counting) credit hours of financial planning related education from a regionally accredited university, but I am not your advisor.
mdavis6890
Posts: 189
Joined: Wed Jan 27, 2016 11:19 am

Re: Securing a VPN (Virtual Private Network)

Post by mdavis6890 »

I provide my neighborhood with free internet that is throttled, so I have some built in anonymizing.
Very dangerous thinking! The reverse is much more likely to be true: You could be blamed or liable for the deeds of your neighbors! I was just reading recently about someone who had a weak wireless password and and ended up under criminal investigation for the deeds of a stranger who had used his wireless. Don't be that guy!

Edit to add source:
https://www.bbc.com/news/technology-57156799
Soon2BXProgrammer
Posts: 3289
Joined: Mon Nov 24, 2014 10:30 pm

Re: Securing a VPN (Virtual Private Network)

Post by Soon2BXProgrammer »

mdavis6890 wrote: Fri Jun 11, 2021 11:35 pm
I provide my neighborhood with free internet that is throttled, so I have some built in anonymizing.
Very dangerous thinking! The reverse is much more likely to be true: You could be blamed or liable for the deeds of your neighbors! I was just reading recently about someone who had a weak wireless password and and ended up under criminal investigation for the deeds of a stranger who had used his wireless. Don't be that guy!

Edit to add source:
https://www.bbc.com/news/technology-57156799
bah. its a unencrypted "guest" network. setup with logging, dns tracking, all the goodies to see what people are doing... I see what they are doing. I have traffic shaping setup to detect torrents, and it both throttles the connections and drops packets. most web traffic on "safe and sane" websites it allows a decent download rate.. sites that fail safe and sane websites, while it works. the traffic gets deprioritized to oblivion ..

its a social experiment to see if i can figure out who in my neighborhood is doing what..

So it probably is a good reason for others to use a VPN while they connect...
Earned 43 (and counting) credit hours of financial planning related education from a regionally accredited university, but I am not your advisor.
mdavis6890
Posts: 189
Joined: Wed Jan 27, 2016 11:19 am

Re: Securing a VPN (Virtual Private Network)

Post by mdavis6890 »

Good luck! Hopefully it's not something you'll ever have to deal with, but if it does it won't be me that you have to convince ;-)

:sharebeer
Cruise
Posts: 2750
Joined: Mon Nov 21, 2016 6:17 pm

Re: Securing a VPN (Virtual Private Network)

Post by Cruise »

I use Tunnelbear. Easy to use, has free or pay options. Your data is not kept and/or sold. Highly rated by several reviewers, including NY Times.
Doctor Rhythm
Posts: 3061
Joined: Mon Jan 22, 2018 2:55 am

Re: Securing a VPN (Virtual Private Network)

Post by Doctor Rhythm »

Surfshark at $60 total for a two year subscription. It seems to work well with regards to geoblocking. I rarely use it though, mainly just to hide my identity when browsing sites like Bogleheads. :twisted:
MarkBarb
Posts: 908
Joined: Mon Aug 03, 2009 11:59 am

Re: Securing a VPN (Virtual Private Network)

Post by MarkBarb »

HawkeyePierce wrote: Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
It does a little. Without a VPN, others on the network would know who you are communicating with. For example, they could see that you are connecting to Bogleheads.org. They couldn't see what you are sending and receiving, but they could see who you are talking to.

So for the OP, I'd probably skip the VPN if I were you. If you're worried about somebody reading your e-mail, capturing your banking info, or getting your credit card while you are shopping, it isn't necessary. On the other hand, if you don't want anyone to know that you are spending time of adult websites, or regularly logging into your employer's competitor's site, or something like that, a VPN would be a good idea.
User avatar
Topic Author
bhwabeck3533
Posts: 462
Joined: Thu Sep 21, 2017 6:25 am
Location: Baldwin County, AL

Re: Securing a VPN (Virtual Private Network)

Post by bhwabeck3533 »

MarkBarb wrote: Sat Jun 12, 2021 5:22 pm
HawkeyePierce wrote: Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
It does a little. Without a VPN, others on the network would know who you are communicating with. For example, they could see that you are connecting to Bogleheads.org. They couldn't see what you are sending and receiving, but they could see who you are talking to.

So for the OP, I'd probably skip the VPN if I were you. If you're worried about somebody reading your e-mail, capturing your banking info, or getting your credit card while you are shopping, it isn't necessary. On the other hand, if you don't want anyone to know that you are spending time of adult websites, or regularly logging into your employer's competitor's site, or something like that, a VPN would be a good idea.
MarkBarb, OP here.

I have enjoyed all the discussion generated from my initial post. Thanks for bringing it full circle to my original request. You hit it on the head regarding my objective, to have a secure connection while traveling. "I am worried about somebody reading my e-mail, capturing my banking info, or getting my credit card while I am shopping. I am not accessing adult websites, or regularly logging into an employer's competitor's site".

You say I don't need a VPN. Please suggest what I do need.
User avatar
mrmass
Posts: 1524
Joined: Thu Jul 26, 2018 6:35 pm
Location: MA

Re: Securing a VPN (Virtual Private Network)

Post by mrmass »

For banking, and other financial concerns If I need to do banking on the road, I'd just hotspot my phone. That will get you off the free wifi and onto the cell network. That's safer than the free wifi.

For email I don't care. I don't believe someone can shadow me and read my email. MFA/2FA covers me if someone got my password.

Edit: I should add that I don't click on links or open attachments from unknown sources.
dukeblue219
Posts: 4074
Joined: Fri Jan 29, 2016 11:40 am

Re: Securing a VPN (Virtual Private Network)

Post by dukeblue219 »

bhwabeck3533 wrote: Sun Jun 13, 2021 6:50 am
MarkBarb wrote: Sat Jun 12, 2021 5:22 pm
HawkeyePierce wrote: Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
It does a little. Without a VPN, others on the network would know who you are communicating with. For example, they could see that you are connecting to Bogleheads.org. They couldn't see what you are sending and receiving, but they could see who you are talking to.

So for the OP, I'd probably skip the VPN if I were you. If you're worried about somebody reading your e-mail, capturing your banking info, or getting your credit card while you are shopping, it isn't necessary. On the other hand, if you don't want anyone to know that you are spending time of adult websites, or regularly logging into your employer's competitor's site, or something like that, a VPN would be a good idea.
MarkBarb, OP here.

I have enjoyed all the discussion generated from my initial post. Thanks for bringing it full circle to my original request. You hit it on the head regarding my objective, to have a secure connection while traveling. "I am worried about somebody reading my e-mail, capturing my banking info, or getting my credit card while I am shopping. I am not accessing adult websites, or regularly logging into an employer's competitor's site".

You say I don't need a VPN. Please suggest what I do need.
An updated OS, current web browser, and safe browsing practices. When you get a warning about a certificate problem, take it seriously. Don't install things you don't understand.

Your computer and your behavior are the easiest vectors for someone to get your information, most likely by keylogging. No VPN will ever fix that. The VPN just adds an additional layer of privacy. The contents of what you're browsing are always (nowadays) encrypted on any modern website. The downsides of a VPN most commonly are bandwidth and latency since you're tunneling all your communications through a specific server rather than allowing the internet to do its thing.
dukeblue219
Posts: 4074
Joined: Fri Jan 29, 2016 11:40 am

Re: Securing a VPN (Virtual Private Network)

Post by dukeblue219 »

Oh keep in mind some content providers, notably streaming services but also others, will block access if they detect you're coming from a known VPN provider. That's because the most common use for VPNs is for people in one country or region to access content that is geographically limited.
Freefun
Posts: 1237
Joined: Sun Jan 14, 2018 2:55 pm

Re: Securing a VPN (Virtual Private Network)

Post by Freefun »

Using VPN on public networks is a must. I use Nord VPN.

For private or sensitive browsing I also use Brave and private Tor windows.
Remember when you wanted what you currently have?
HawkeyePierce
Posts: 2352
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: Securing a VPN (Virtual Private Network)

Post by HawkeyePierce »

Freefun wrote: Sun Jun 13, 2021 7:39 am Using VPN on public networks is a must. I use Nord VPN.

For private or sensitive browsing I also use Brave and private Tor windows.
This is simply untrue. Adding a VPN, Brave or Tor to any of that adds no additional security. A public wifi network is made safe simply through HTTPS, which the vast majority of websites use.
HawkeyePierce
Posts: 2352
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: Securing a VPN (Virtual Private Network)

Post by HawkeyePierce »

Soon2BXProgrammer wrote: Fri Jun 11, 2021 6:32 pm
HawkeyePierce wrote: Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
That isn't entirely true.. without a VPN if i run the hotel network, i can see what your going to (hostnames as an example).. and if i know what your room number is, because i forced you to log into a portal.. I can see that Joe in room 202 is on redtube.
All you've done is change who can see the hostnames you're connecting to. Instead of the hotel it's now your VPN provider. Why are they any more trustworthy?

Hint: they are not.
DoTheMath
Posts: 671
Joined: Sat Jul 04, 2015 1:11 pm
Location: The Plains

Re: Securing a VPN (Virtual Private Network)

Post by DoTheMath »

HawkeyePierce wrote: Sun Jun 13, 2021 11:02 am
Soon2BXProgrammer wrote: Fri Jun 11, 2021 6:32 pm
HawkeyePierce wrote: Fri Jun 11, 2021 3:10 pm A VPN provides no additional security over HTTPS, which your browser and the majority of websites out there already use.
That isn't entirely true.. without a VPN if i run the hotel network, i can see what your going to (hostnames as an example).. and if i know what your room number is, because i forced you to log into a portal.. I can see that Joe in room 202 is on redtube.
All you've done is change who can see the hostnames you're connecting to. Instead of the hotel it's now your VPN provider. Why are they any more trustworthy?

Hint: they are not.
To be fair, using a single reputable VPN is not the same level of risk as a dozen hotel/cafe/airport wifi nodes of unknown origin. I have more confidence in a company whose business model depends on having a good reputation for security and privacy than I do in a Joe IT who was paid peanuts ten years ago to set up the Holiday Inn wifi network.

Even still the risk is almost entirely on the side of privacy, not security. With an up-to-date computer and browser, and being mindful that https is working properly on the sites you visit (by looking for the closed lock in the browser bar), the average person is plenty secure from hacks.

Admittedly, without a VPN there is a greater chance that in the OP's scenario someone could get info about their choice of bank, porn habits, what-have-you. And it is possible that they could use this info as, for example, part of a phishing attack in conjunction with knowing your email address, home address, dates of travel, etc. (which a person at the VPN wouldn't have).

But that is a tiny incremental difference in security. In the VPN vs. non-VPN scenario, the only difference is they know some websites you've gone to while at the hotel, which isn't much. There are other things (e.g. using a password manager, using two-factor authentication) which make infinitely more of a difference than a VPN when it comes to security. I use a VPN for privacy and for international travel reasons, not security. People who tell someone they need a VPN for security reasons are trying to scare them into buying something.

As mentioned above, I use Mullvad and have used Tunnelbear in the past. Both are great, widely recommended, and generally well regarded.
Tunnelbear allows for a small amount of VPNing for free, which makes it a good answer for the OP's original question.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
nordsteve
Posts: 1104
Joined: Sun Oct 05, 2008 9:23 am

Re: Securing a VPN (Virtual Private Network)

Post by nordsteve »

HawkeyePierce correctly suggests using your mobile phone's network for secure browsing while you're travelling. They are almost certainly more trustworthy than a VPN or a random coffee house / hotel network provider -- the mobile provider has regulatory and reputation risks that force them to do better.
DoTheMath wrote: Sun Jun 13, 2021 4:31 pm Even still the risk is almost entirely on the side of privacy, not security. With an up-to-date computer and browser, and being mindful that https is working properly on the sites you visit (by looking for the closed lock in the browser bar), the average person is plenty secure from hacks.
Agree.
DoTheMath wrote: Sun Jun 13, 2021 4:31 pm Admittedly, without a VPN there is a greater chance that in the OP's scenario someone could get info about their choice of bank, porn habits, what-have-you. And it is possible that they could use this info as, for example, part of a phishing attack in conjunction with knowing your email address, home address, dates of travel, etc. (which a person at the VPN wouldn't have).
I don't know how you assess the relative chance of a random WIFI network provider getting data like DNS queries, vs the chance that the VPN provider is doing the same thing. Both have exactly the same visibility into your network traffic. From my perspective, I would not trust either of them if I was concerned about queries leaking. If the coffee shop wifi operator can get your email address, so can the VPN operator.

It's important to understand that phishing attacks operate on scale. Attackers these days don't bother getting phishing data by doing packet analysis on poorly secured networks, because the prevalence of encrypted transport killed it. They instead buy dumps of useful personal information from attacks on institutions that hold that information.

If you asked me to design an attack that requires collecting network traffic at scale, I'd go after the VPN. It's a fatter target.
cheerfulcharlie wrote: Thu Jun 10, 2021 9:32 pm This guy does VPN reviews and maintains a list of all the major VPN providers: https://www.vpntierlist.com/vpn-tier-list/
Read his disclosures. He is paid by VPN providers.

The VPN business is filled with companies selling snake oil. There is not a single VPN provider that I trust. I feel exactly like Karl does in his post on TechDirt: https://www.techdirt.com/articles/20200 ... acea.shtml

If I really felt I needed VPN while traveling, and I didn't want to use mobile data, I'd make my own, either by setting up a machine in the cloud ($0.02/hour) or routing it through my home network.
nano
Posts: 35
Joined: Sat Dec 05, 2020 12:04 pm

Re: Securing a VPN (Virtual Private Network)

Post by nano »

OP,

Check out Cloudflare 1.1.1.1 / WARP. Free version works just fine for me.

https://one.one.one.one/
User avatar
Fletch
Posts: 803
Joined: Thu Jun 04, 2009 1:25 pm
Location: USA

Re: Securing a VPN (Virtual Private Network)

Post by Fletch »

Nord.
DoTheMath
Posts: 671
Joined: Sat Jul 04, 2015 1:11 pm
Location: The Plains

Re: Securing a VPN (Virtual Private Network)

Post by DoTheMath »

nordsteve wrote: Sun Jun 13, 2021 5:23 pm HawkeyePierce correctly suggests using your mobile phone's network for secure browsing while you're travelling. They are almost certainly more trustworthy than a VPN or a random coffee house / hotel network provider -- the mobile provider has regulatory and reputation risks that force them to do better.
I completely agree. That is the best option when it is an option.
nordsteve wrote: Sun Jun 13, 2021 5:23 pm
DoTheMath wrote: Sun Jun 13, 2021 4:31 pm Admittedly, without a VPN there is a greater chance that in the OP's scenario someone could get info about their choice of bank, porn habits, what-have-you. And it is possible that they could use this info as, for example, part of a phishing attack in conjunction with knowing your email address, home address, dates of travel, etc. (which a person at the VPN wouldn't have).
I don't know how you assess the relative chance of a random WIFI network provider getting data like DNS queries, vs the chance that the VPN provider is doing the same thing. Both have exactly the same visibility into your network traffic. From my perspective, I would not trust either of them if I was concerned about queries leaking. If the coffee shop wifi operator can get your email address, so can the VPN operator.

It's important to understand that phishing attacks operate on scale. Attackers these days don't bother getting phishing data by doing packet analysis on poorly secured networks, because the prevalence of encrypted transport killed it. They instead buy dumps of useful personal information from attacks on institutions that hold that information.

If you asked me to design an attack that requires collecting network traffic at scale, I'd go after the VPN. It's a fatter target.

Sure, of course. I only mentioned a possible scenario for the sake of honesty. It was hopefully clear that what I described is a situation where you are specifically targeted. Which is vanishingly unlikely to ever happen for an ordinary person (although if I were, say, the head of the DNC I would take such risks more seriously). I didn't want to say that a VPN is never, ever useful for security as I don't think that absolutism is helpful. For specific people in specific scenarios, it could make sense. But such people should have a private VPN if security is their motivation.

For an ordinary person, a reputable VPN does not provide meaningful additional security. They have their uses and (IMHO) do no harm. On the other hand, a disreputable VPN is positively worse than none at all.

nordsteve wrote: Sun Jun 13, 2021 5:23 pm The VPN business is filled with companies selling snake oil.
Agreed.

I would never, ever trust a VPN for anything of significance. But when I'm in, say, Vietnam or China, or at work, a VPN provides me with some extra privacy which I appreciate. YMMV.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
User avatar
samsoes
Posts: 2802
Joined: Tue Mar 05, 2013 8:12 am
Location: Northeast Rat Race

Re: Securing a VPN (Virtual Private Network)

Post by samsoes »

HawkeyePierce wrote: Sun Jun 13, 2021 10:52 am
Freefun wrote: Sun Jun 13, 2021 7:39 am Using VPN on public networks is a must. I use Nord VPN.

For private or sensitive browsing I also use Brave and private Tor windows.
This is simply untrue. Adding a VPN, Brave or Tor to any of that adds no additional security. A public wifi network is made safe simply through HTTPS, which the vast majority of websites use.
Google: "Man in the middle attack." HTTPS in a public WiFi network does not secure against such an attack.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
User avatar
warner25
Posts: 934
Joined: Wed Oct 29, 2014 4:38 pm

Re: Securing a VPN (Virtual Private Network)

Post by warner25 »

samsoes wrote: Sun Jun 13, 2021 7:57 pm
HawkeyePierce wrote: Sun Jun 13, 2021 10:52 am
Freefun wrote: Sun Jun 13, 2021 7:39 am Using VPN on public networks is a must. I use Nord VPN.

For private or sensitive browsing I also use Brave and private Tor windows.
This is simply untrue. Adding a VPN, Brave or Tor to any of that adds no additional security. A public wifi network is made safe simply through HTTPS, which the vast majority of websites use.
Google: "Man in the middle attack." HTTPS in a public WiFi network does not secure against such an attack.
Instead of just doing a Google search on that term, try some graduate level courses in network security and cryptography. The conditions under which some type of MITM attack could be possible are much more nuanced than you think.

Edited to add: I had a nice exchange with Mudpuppy last week about this. He correctly points out that researchers discovered some sophisticated exploits against earlier versions of TLS, so TLS 1.3 might end up being vulnerable too. And there might still be a lot of vulnerable TLS 1.2 and earlier servers out there.
Last edited by warner25 on Sun Jun 13, 2021 8:30 pm, edited 1 time in total.
HawkeyePierce
Posts: 2352
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: Securing a VPN (Virtual Private Network)

Post by HawkeyePierce »

samsoes wrote: Sun Jun 13, 2021 7:57 pm
HawkeyePierce wrote: Sun Jun 13, 2021 10:52 am
Freefun wrote: Sun Jun 13, 2021 7:39 am Using VPN on public networks is a must. I use Nord VPN.

For private or sensitive browsing I also use Brave and private Tor windows.
This is simply untrue. Adding a VPN, Brave or Tor to any of that adds no additional security. A public wifi network is made safe simply through HTTPS, which the vast majority of websites use.
Google: "Man in the middle attack." HTTPS in a public WiFi network does not secure against such an attack.
HTTPS on public wifi protects exactly against a man-in-the-middle attack. An attacker between you and a website can't successfully intercept and decrypt that traffic without your browser throwing up lots of warnings about mismatched SSL certificates.

Successfully pulling off a MITM against a modern browser is far from trivial.
User avatar
Ozonewanderer
Posts: 691
Joined: Mon Apr 12, 2010 12:27 am
Location: Southwest FL

Re: Securing a VPN (Virtual Private Network)

Post by Ozonewanderer »

I read the same AARP article and actually subscribed to a VPN after reading this thread. Then I noticed this from Norton;:
Do you need a VPN if you’re logging onto the internet from your home?

Probably not. When you established your home Wi-Fi network, it is likely that you protected your network with a password. Because of that, you may not need the added security of a VPN to shield your online activity.
Fortunately there was a 30-day trial period for my VPN so I have requested to cancel.
Post Reply