Always wondered just how secure the Google 1 versus the commercial VPNs?
I know this sounds snarky, but I swear I’m asking in good faith:
Define secure. Who do you want to hide your activity from?
You’re hiding your traffic from potential peer attack on the network, but Google still sees all of it.
It’s set to only 1 location, which is Google’s HQ, so this VPN isn’t meant for streaming region-locked content or say torrenting.
It’s meant for casual users who are using public wifi to look at their emails or US-based banking systems, if they’re traveling internationally.
As secure as Gmail is for you
You’re taking all of your mobile traffic that is already all SSL encrypted, and wrapping it in additional encryption and 100% funneling it through Google. This lets Google side-channel information-mine 100% of your web and app behavior based on DNS and http requests, and gives you minimal usefulness.
VPN is way over-hyped and often leads to more problems than help, as well as using more data and battery life. Yes, there are use-cases, and good ones, but for normal day-to-day use, mostly pointless.
VPN is virtual private network, and security comes because the traffic is encrypted for this private network that is running over a public network. Thus, VPN is useful when you don’t trust a wifi that you are connecting to for internet access, and it’s secure for this use case. Similarly, it can also be used to hide traffic from your ISP. I have not read terms of fi vpn, but I am sure that they must be logging some basic things at their end.
On my P6, there are two VPNs listed. One is designated “legacy.”
When I loaded the March update, the VPN was turned off. I managed to enable it again and was going to do a post about it, but I couldn’t remember how I fixed the problem! Damn GUIs.
It’s not the logic I’d apply to the situation but there is an argument that Google is more likely to keep promises of not logging and fight any spying vs many smaller private companies.
VPN operators have more to gain over your data than Google, who would love it but have plenty of other data points into your life. They also have the legal resources to fight the government and selfish incentive to avoid problems by not logging.
That said, they are located in the US and aren’t going to defy a court order, nor are they going to fight to the death for a random user. They also don’t really tell you much about the encryption they use or market their no logging policy unless you look for it.
Google probably prefers that the people who worry about logging and protocols (torrent downloaders, nefarious actors, nerds who are going to strain the system, dissidents in autocratic countries - who will try to hack Google/ legally force active spying) stay away.
Don’t most email clients and banking apps/sites use HTTPS or SSL (or similar encryption)?
Just an FYI, I use the Fi VPN quite a bit, and it isn’t always out of the same location. It’s always a US location, but I’ve seen it ping back as being from California, Illinois, Virginia, and New York IIRC. So, almost definitely Google server hubs, but not necessarily Google HQ, it likely uses whichever server is convenient at the time.
It’s meant for casual users who are using public wifi to look at their emails or US-based banking systems, if they’re traveling internationally.
The idea that email/banking on public wifi is dangerous is almost entirely inaccurate propaganda perpetuated in large part by VPN services.
Bingo. I can’t speak for Fi specifically, but as a GCP and Workspace developer I can attest that Google takes data handling really seriously. One of my workspace apps was pulled down during security review because I hadn’t pushed an update for my GDPR/CCPA attestations after I got married and hyphenated my surname.
If you’re traveling internationally, some banks and credit unions will not allow the visitor to access the site, usually as a minor form of fraud prevention.
By using a VPN with the IP being a US location, the site becomes accessible.
It’s not about encryption, it’s about preventing geoblocking.
I am sure everyone who joined my gotsenet open wifi in college had the same ideas until they saw the images.
There are banks and credit unions that will block IP addresses that are from a different country as a form of fraud prevention.
If you’re traveling internationally and wanted to check your finances, only to be geolocked, that’s where the VPN comes in.
Careful with that though. I was in the U.S. and my bank picked up on me using a VPN and they locked me out of my account. Apparently it’s against their terms of use to use a VPN to access my online bank account.
Good point! I have run into that with my health care portal.
I lived through the Firesheep era. There’s a reason virtually everything has HTTPS now. It’s no longer a concern for anything serious.
Then the public nature of the wifi is entirely irrelevant.
Private wifi with, say, WPA3 would have the same issue of an overseas IP address.
Very good to know. Were you blocked until you called, or were you able to just shut off the VPN and access with no issue?