When and why it's useful to use a VPN

in Project HOPE2 months ago (edited)


There are several reasons to use a VPN and, without going too much in details, these can boil down to the following:

  • hide internet activity
    as users have a reasonable expectation that whatever is done on the Internet is private, but oftentimes it's very easy to spy on any activity instead.

  • use public or guest Wi-Fi with fewer risks
    because there are very few circumstances that are more dangerous than a free hotspot, as explained in more detail below.

  • bypass local network restrictions
    to access content that, for one reason or the other, might be blocked by network administrators for reasons of opportunity (e.g. social networks in an office) or censorship (e.g. an oppressive government).

  • secure your privacy
    as everyone is entitled to safe communication, yet that is not granted by the standard web protocols without a secure overlay.

Most users may think that modern Internet communications are secure by design, but there are some misconceptions in the general knowledge that may be misleading and give a false sense of safety.

This website uses HTTPS, so it's secure

While most websites today make use of HTTPS and Brave itself (similarly to desktop-class web browsers equipped with the very useful HTTPS Everywhere extension) is enabling it for those that guiltily still don't, that is only protecting the content of web traffic between device and site: a lot of other potentially sensitive data that is exchanged outside of that (such as DNS requests that identify the destination website, and query parameters inside the URL used by search engine requests) remain visible in plain text and subject to network sniffing. For the more technically inclined, Ericlaw has written a detailed and comprehensive description of the limitations of HTTPS.

From a security standpoint, any time a device is outside its "home" network (that is, a network that is trusted and considered safe as managed by the user itself) it will then connect to and operate on a network that should be considered insecure by definition: they typically boil down to any random free Wi-Fi network available wherever and, for mobile devices, the cellular network.

Look Mum, free Wi-Fi!

The classic scene depicting people being hacked while surfing by a coffee shop is not dramatization: actually, it is accurate and realistic.

Public Wi-Fi hotspots are more or less a hacker's playground and represent a real threat: no sensitive operation such as accessing sensitive information or - God forbid - online banking should ever be performed there without additional layers of protection.

There are multiple reasons for this, starting from lack of access control: for convenience and ease of use, most public hotspots don't require a password. Visitors log in to a captive portal and are generally only required to accept some boilerplate terms of use about (in increasing order of severity) not committing acts of terrorism, perpetrate child trafficking, or downloading pirate music while on the network. Because of that, all traffic is not encrypted and anyone on the same wireless network can capture it and read its content. And - if a Wi-Fi password is required - then it's usually written in BIG LETTERS on the wall for all patrons to know, so people from across the street can't surf for free - but everyone inside is sharing the same encryption key, and therefore can capture and read everyone else's data packets.

Using free Wi-Fi without a password is tantamount to talking out loud in a crowded public place about personal matters; using free Wi-Fi with a password on the other hand is much better, as it's just like talking out loud about personal matters in a room full of people.
Either way, everyone else can listen (and someone will).

I'm on mobile, I'm ok

Of course, mobile networks (such as 3G and 4G) are encrypted, but that alone does not provide any kind of robust security. As explained by Prof. Bill Buchanan,

3G/4G network only supports encryption from phone to the base station, along with the possibility of it using a weak encryption cipher... and there is no encryption applied to the data when it reaches the wired network. To be fully secure, we must overlay our security with SSL/TLS, SSH, or a VPN tunnel.

(source: "What is the encryption in 3G/4G networks?")

The paper by Prof. Buchanan explains how in 2010 it was already possible to crack the encryption of GSM and 3G networks, and even with stronger ciphers in place today there is no encryption on the wired network after mobile base stations.
Therefore, while being better than public Wi-Fi, a cellular line must not be mistaken with a secure channel.

What to do then?

If privacy and security are of utmost concern, a VPN is a safe and practical way to obtain them. While the service comes for a price, not all VPN providers are equal, and "more expensive" doesn't necessarily mean "better". Some specific features must be present for an operator to provide an adequate level of service, and to help to make an educated choice they are nicely summarized in this article by TechRadar. When looking for this kind of information it is worth remembering that several VPN vendors are writing their own, which can be biased towards their specific features, so it's better to use an independent publication as reference.

As a rule of thumb, if an article contains lines such as "Unless you use an effective and reliable VPN like XYZ" or it is on top of search engine results with a title such as "Best VPN providers reviewed", then steer clear - it is likely advertising junk. Instead, reputable technology outlets such as PC Magazine, TechRadar and Tom's Guide regularly publish reviews of VPN services, and those can be considered good guidelines.

Remember VPN does not mean anonimity nor immunity

While there are several valid reason to use a VPN, it is extremely important to remember that VPNs do not provide any anonimity or immunity, as all they do is to tunnel a connection through a protected channel from one point to another; the exit point - which normally is one out of many gateways managed by the chosen VPN provider - is still connected to the public internet, and from there onwards all data, unless encrypted by a protocol such as TLS, is vulnerable again.


Congratulations @lucabarbera! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :

You got more than 100 replies. Your next target is to reach 200 replies.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Remember VPN does not mean anonimity nor immunity

I think this was a very key point for you to end on. Many do not know this and make the mistake of thinking VPN means totally secure.

Thank you for the tip!

I am planning a follow up to this article which will be focused on what a VPN cannot do, as there is a lot of disinformation and misconception fueled by ubiquitous marketing. Lately, everybody and their cousin are selling VPN subscriptions with ludicrous claims.

I look forward to the article.