Hey what’s up guys, this question has probably been asked a million times, I’m new to the whole cyber security thing, I just started college in December. I’ve been learning about internet safety and all that fun stuff and I’m just curious how often/when should I be using a VPN? Should I be using one at home or just on other wifi networks?
A lot of people have this HUGE misconception of what a VPN is. That there’s some scary boogy man hiding behind their router and that a VPN will solve all their problems.
What is a VPN?
Virtual Private Network. In short, imagine dragging a really long ethernet cable between you and someone thousands of miles away because you want to play LAN games. A VPN basically “emulates” that. That’s the “virtual network” part of VPN.
BONUS! A VPN also allows tons of encryption to happen on that “really long ethernet cable”, so that anyone that tries to snoop on what you’re doing, only see’s a bunch of encrypted garbly gook. That’s the “P” That turns “Virtual Network” into “Virtual Private Network”.
Note that a VPN does not have to be encrypted. You can have a “virtual private network” and then choose not to encrypt it depending on how you setup the VPN.
What does a VPN do, exactly?
When you setup the VPN, you and the VPN provider mutually agree on the encryption algorithm, hashing algorithm, and preshare keys (or certificates). This is so that when one side receives encrypted traffic, the other knows how to decrypt it. You also need to know the VPN providers IP address (peer IP) so that your computer (or networking equipment) know where to send the encrypted garblygook.
When using a VPN, as your data leaves your computer, it gets encrypted (or networking equipment, if it’s setup on that). The networking equipment you’re using knows where you’re going, but not what you’re doing. Youtube streaming, a ping, minecraft game traffic; it’s unable to tell as it only sees it as “VPN traffic”. The traffic is sent to the destination, the VPN service/provider, where it is decrypted and sent to its destination.
Analogy time.
-
You mom gives you a locked box, you can’t open it. She tells you to go to your friends house. You don’t know why, you just go there.
-
You get to your friends house, and he is able to open the box. He then leaves without the box.
-
He then returns, and puts something in the box, locking it. You’re unable to open it
-
You get back home, and your mom opens the box, and says “thanks for going to the grocery store to get milk”
-
This makes the trip longer, if your mom just said to go to the store it would be a much quicker trip, but if your recently divorced dad ambushed you along the way and said “WHERE ARE YOU GOING?! YOU BETTER NOT BE GETTING MILK AT THE GROCERY STORE FOR YOUR MOM SO IM GOING TO INSPECT EVERYTHING ABOUT YOU” ,he would only see a locked box. If he followed you, he would only see you travel between your moms house and your friends house.
What does a VPN NOT do?
It doesn’t setup a end-to-end encrypted tunnel between you and that place you want to go, like your bank. In our analogy above, the box gets opened by your friend, and he then goes to the store without the box; anyone following him could see that he went to the grocery store and got milk. A VPN encrypts the traffic between you and the VPN service. That’s it. It will then leave the VPN service decrypted as if you weren’t using a VPN at all, it’ll just be from a different location from where you actually are.
Why use a VPN?
-
Say for example your college dorm blocks tcp/25565 traffic, which is the port minecraft uses for online play. If you used a VPN, your college dorm would see the ports used for the VPN (500, 4500, 1701, etc) and would have zero idea what the contents of your traffic contains. Your minecraft traffic travels alllllll the way to your VPN service providers network, where it is decrypted and sent to its true destination.
-
Say you’re an employee for a business. That business has a special server that can only be used from computers physically at that business so that they’re on the businesses network. You go on a business trip, and need to access the “inside only” servers. IT at the business would setup a VPN on the businesses network equipment so that even though your PC isn’t at the office, it can still function as if it were at the office and access the “inside only” server. If you were to browse the internet, the internet traffic would go from your PC at a coffee shop, to work, and then to the website. The bonus here is that if the coffee shop network was hacked by a bad actor, they could only see the encrypted garblygook to your employer
-
Say you’re in the US and you hear that Netflix has Studio Ghibli films, but only for EU customers. You could pay for a VPN service where the “destination” of the VPN is in the EU. Your traffic gets sent to the EU, decrypted, and goes to the internet from the VPN service provider. As far as Netflix knows, you’re accessing their content from the EU by way of the VPN provider, so you get EU content.
-
I personally use a VPN on my mobile phone, using a VPN that I built on my router at home. I have a pi-hole at my house that blocks ads, and if I use the VPN I built while on cell service, it travels ALLLLLLL the way to my house before going out to the true destination. My router at this point treats the traffic as if I were browsing at home and thus the ads get filtered.
So why do some people want to use a VPN 24/7?
Some, because they’re paranoid. It’s not a magic Harry Potter stealth cloak. Your ISP knows you’re sending something to this IP address. Ok, we’ve prevented your ISP from seeing what you’re doing. That data still gets decrypted once it reaches the VPN provider, meaning the VPN provider can still see what you’re doing. Some claim to never keep logs or keep track of what you’re doing, but those claims have been made and broken by VPN providers. People who pirate content or do VERY illegal things like to use VPN’s because it does add more elbow grease required to pinpoint traffic back to you.
People that live in dorms, or use a network all the time that may not be theirs, might be limited on where they can go or do, or may have privacy concerns from other people that can be on that network. If you’re at your house, with your own network, this isn’t a concern.
Most people however get fooled by marketing and think that without paying NordVPN however much a month that old-man Google is snorting your data and…I dunno poisoning your water or something. A lot of people will use “free” VPN’s because they know nothing about it and get scared into thinking they need one; and end up sending ALL of their traffic to some sketchy ass company that is 100% selling your data and pumping in ads into your traffic; or worse, is harvesting your data for sensitive info.
Source: CyberSecurity engineer with 5+ years experience. CISSP, Net+, Sec+. Literally build VPN’s from scratch daily both professionally and personally. Have rolled my eyes many times at extremely non-tech savvy co-workers that saw an ad on youtube and throw away their money (and data) at a problem that a marketing team invented.
When you connect to a public WiFi connection. You don’t know who is snooping.
When you want to access a home or business network from outside of the respective network.
When you want to access region locked content. Websites like netflix have different content available depending on the region so you may want to take advantage of that.
I suggest you to make some research about it, one thing: don’t use in any case free vpn.
Ignore the people who are saying ‘always’. Top comment understands thoroughly.
I’m using a VPN 100% of the time on all connections. My connection speed allows that without any negative effects, so I can afford that habit. But in some places with slower connections people may consider to only use it when it matters (security/privacy is strictly required).
That depends how crazy you’re about security. Always? Could be a good answer, but like myself, I use only when traveling and or connected to public places or networks that I consider insecure for internet access…
Basically, whenever you’re accessing the internet. Unless your bank blocks vpns(
)
If you’re using HTTPS, you already have some protection. But who knows if all the background services (updaters, cron jobs, etc) in your system are using HTTPS (TLS) ? I use a VPN 24/365.
Some benefits of using a VPN:
-
hide info from your ISP, a company which already knows far too much about you
-
hide info from other devices on your LAN, and your router, which is especially important if you’re on public Wi-Fi
-
make it a little harder for web sites to track you
-
defeat geo-locking by some services
-
some VPNs provide malware-site blocking, ad-blocking, parental controls features
It’s really not on most users top-10 list, but VPN is a great way of bypassing copyright restrictions.
Hey everyone!
I originally got a VPN (Nord VPN to be exact) when I had to travel for work. Given that hotel, airport and coffee shop wifis can be risky, I figured a VPN would be ok to try for a month.
Now the month mark is approching and I’m wondering if using a VPN is worth it in my case.
I’m mainly concerned about protecting any sensitive work info I have on my laptop and stored in the Cloud (especially client files).
Is a VPN worth it in this case?
I rarely travel for work, mainly work from home and sometimes go to the library or a coffee shop where I’d use their wifi.
And I just use way too much data to be able to get an internet USB stick because the plans that would be enough for me end up being quite a bit more expensive that a VPN service.
Thoughts and advice are welcome! 
Thank you!
As someone who hasn’t even started his Cybersec degree yet, thank you for this awesome information, super easy to follow along and I’ve already started committing this to memory. Thank you so much!
I’m saving this comment to share with clients that ask about VPN
Thanks for this I appreciate it!
Really missed at least two reasons:
-
Mix your traffic with that of thousands of other users (all sharing same IP address).
-
Hide traffic from ISP. Commenter mentioned it, but downplayed it. It’s a huge gain. Your ISP already knows far too much about you. Knows your name, home address, phone number, maybe sees your phone and TV traffic. Anything you can do to hide additional info from your ISP is a big win.
That saved me a lot of typing and for that, I’m thankful.
that has to be one of the most thorough and informative posts I’ve seen on VPNs. I appreciate the spread of good information on what VPNs really are. Hopefully, so people don’t get tricked!
A lot of people will use “free” VPN’s because they know nothing about it and get scared into thinking they need one; and end up sending ALL of their traffic to some sketchy ass company that is 100% selling your data and pumping in ads into your traffic; or worse, is harvesting your data for sensitive info.
I don’t really get why people saying they use a VPN 24/7 get down voted so much here. And I assume it is because of this reason you mentioned. When you use a VPN you are basically moving the trust from your ISP to your VPN provider right? Which means if you use a shitty VPN provider that is heavily marketed, you basically screw yourself over.
However what people down voting here seem to miss is that not ISP’s all over the world can be trusted. They are the shitty companies there. And in that case I would 100% use a VPN 24/7.
And what most people seem to miss is that there are good, be it paying VPN’s out there + if you have the technical knowledge you can easily self host a VPN as well.
amazing breakdown, thanks!
Sorry if this is spam but I’ve been having trouble finding someone qualified to answer this question. What do you think about services like AdGuard that do DNS level ad filtering and privacy.
I personally don’t care about my ISP knowing what i’m doing as long as nobody has access to my sensitive personal information and account logins etc. I do however hate all the spam ads that I get while browsing and like at least some level of “protection”. Is Adguard a safe medium for privacy with the bonus of blocking ads system wide?