So, correct me if I’m wrong here. When you use a VPN, the data you send gets encrypted when traveling from your location to a VPN server. In order to make a request, that server needs to decrypt the data. This makes it look like the request is coming from somewhere else, but doesn’t it also mean anyone who can monitor that site will also see your data?
Like, if I use a VPN to log into Netflix, they still see my username and password but just assume I’m logging in from, idk, Germany rather than Canada. If these login credentials need to get exposed anyway, why, except for geolocation reasons, does using a VPN matter at all? Someone might not be able to track the specific login back to me, but they could still either monitor the site to capture it or get it in a data breach.
In short, how exactly does VPN encryption up data security if the data needs to be decrypted along the way?
A VPN isn’t going to magically keep your userid and pw from being exposed if you log into a sketchy website
The VPN tunnel will provide encryption up until your request arrives at the VPN providers server. That means whatever local network your on when you make the request can’t see it. The ISP that supplies Internet to that local network is on can’t see it.
From the VPN providers server to the desired website is not encrypted by the VPN provider but assuming the site you will be accessing will likely have SSL, means that other than the site address itself, your credentials etc. are still encrypted.
Only when it reaches the site will those details be decrypted, validated and access granted. Netflix have to be able see what you’ve sent to validate it to grant access.
A VPN protects your data along the way as far as the VPN providers server. It doesn’t help you if Netflix themselves get compromised, by that’s something that’s out of your control completely anyway - the only way to avoid that is to not use their service.
Say I go into a McDonald’s and set up a mobile Hotspot to have the same name as McDonald’s free WiFi. You come in to enjoy your McFlurry and BigMac and think, “I’ll use the McDonald’s free WiFi to check my forum post on that old forum from 2010 I use that doesn’t have SSL.” You connect to my fake Hotspot, go to the site and enter your credentials.
I can see everything you’ve entered. Because you use the same password for everything, I now can access all your other services as well, because you didn’t setup MFA.
Had you used a VPN, I wouldn’t be able to see anything, other than that you were connected to my fake WiFi and that you were sending some sort of data (but not what) to a particular IP (the VPN providers server).
Thanks for the explanation. I take it the “protects you from hackers” bit they always emphasize in commercials is just a spiel then, or applies only if you connect via unsafe WiFi?
This claim really only applies when using a network that you don’t trust. E.g. public WiFi, or the network at a client’s office, etc.
In those cases it helps against sniffing. Sniffing is much less an issue now than it was a decade ago though. These days almost all websites use encryption anyway.