When my laptop is connected to my phone’s hotspot, on which device should I use my VPN to secure the connection?
Unless you’re using custom ROM or jailbreak it, a VPN running in your phone only handle apps in your phone, it doesn’t affect the hotspot connection. On the flip side, a VPN running in your laptop won’t even see traffic from your phone apps.
So if you want to secure traffic on both devices, run both, if you only care about one device, run it there.
So if I just want the usage on my laptop to be secure while having it connected to my phone’s 4G hotspot, using the VPN only on my laptop will be sufficient?
Yeah. Do note VPN isn’t magic, it merely hides your traffic from your ISP, and your ISP’s IP from the site you visit. It doesn’t stop the site and advertisers from profiling you, selling the data you enter, etc. Most sites and apps already use TLS and other encryption so even without a VPN your ISP mostly only see what you’re connecting to, not what you’re doing.
Thanks! And my own password protected 4G hotspot connected from my phone to my laptop is safer than using a non password-protected open public wifi, right?
Yeah, if you’re using a password-protected hotspot then only the mobile ISP can see the traffic. Even if you’re using open public wifi, the operator and anyone else in the network shouldn’t be able to see your Reddit username, password, comments, messages, etc since Reddit uses TLS, and this applies to most sites nowadays. If you have enough data package for your usage, then use your hotspot, but don’t worry too much if you don’t get a signal/the data runs out and have to rely on the open wifi.
Some DNS and packet redirection attacks attempt to tell your app/browser to load the attacker’s non-TLS phishing page, but they won’t work if the domain uses HSTS and you’ve visited it at least once in the past (or even never if they use HSTS preload). Encrypted DNS support in your browser/OS will also mitigate DNS hijacking without having to use a VPN.
Thus outside of those risks, a VPN will mostly only mitigate the packet redirection against non-TLS web pages, which is really rare. Try visiting httpforever or thelegacy.de, if your browser is recent, it will refuse to load them directly unless you specifically allow it to.
Thanks a lot for your reply! Really appreciate the help!
One more question: the only reason to use a VPN when connected to my password-protected 4G hotspot would be to prevent my ISP from seeing my activity? Or are there any other benefits?
Mostly that. It might help avoiding ISP blocking of sites, but this isn’t a problem for people living in free countries, it might bypass site’s geoblocking but this isn’t reliable since the IP can get recognized as belonging to a VPN.
Thanks a lot for answering my questions!