A post from EEF says: it does not protect your data from people on the private network you’re using. If you are using a corporate VPN, then whoever runs the corporate network will see your traffic.
If it does not protect you from people on the private network, so how exactly does it protect you in public wifi?
I’m not an expert, but I imagine that’s because your corporate admin is the admin of both the VPN and your local network and can do anything they want with either (and quite possibly your device itself, for that matter, if it’s owned by them)
When you connect to a VPN on public wifi, your data is encrypted on your device, and unencrypted at your VPN provider and vice-versa. So a malicious public wi-fi operator could look at your data flowing through the local network before it goes out to the Internet sniffing for bank details and passwords, but they’ll only see encrypted data, and can’t unencrypt it because the key is on the remote server of your VPN.
VPN Tunnel is two way tunnel. When you open the VPN tunnel to some commercial or free VPN, you are putting awful lot of trust into the VPN provider, their security setup, and other VPN users. Most of these VPN companies are virtual companies with no infrastructure of their own. They rent servers and virtual private servers from data centers and hosting companies. They access the server using ssh or other remote access tools over the internet. So if they can login over the internet, so can any one else (hint hackers).
http://customrouter.blogspot.com/2016/05/what-no-one-tells-you-about-using-vpn.html
It doesn’t protect you on a corporate network because your end point is the corporation…
In addition to hiding any plain text you are sending, it also hides the addresses you are connecting to. Maybe you don’t want a nefarious sniffer to know your visiting Facebook, a bank page, or some knitting 101 site. All a sniffer would see is a steady stream of encrypted garbage between you and your Vpn provider.
This. When data is encrypted locally on the computer, then no one between VPN provider and you can tell what is the traffic transmitted. You lay trust on the VPN provider though to not log the traffic you are generating.
Right. And they’re also the admin of OP’s device. So they can capture traffic on the VPN tunnel interface. That traffic is not encrypted, unless there’s another layer of end-to-end encryption, such as HTTPS, SSL/TLS or SSH. And they can also see that before encryption.