VPNs for consumers are worthless and infact make you less safe because the VPN providers keep netflow/sflow metadata on what you connect to (at least IP addresses, hopefully you aren’t also using their DNS servers) and that metadata links directly to your username on the VPN service.
Lol.
VPN services can be worse than the problem. But yes use your own VPN for most anything that has to cross Internet.
It definitely comes down to who you trust most and I trust Mullvad more than a cafe or my isp. Also, even if you’re doing DoH, ask server name headers still exist. Without a full tunnel, someone in the middle can still see revealing info of what you’re visiting over https.
As for risk 3: any vpn worth its weight will cutoff lan access either by opt in or opt out methods.
It’s a false sense of security really. All your traffic will just originate from your VPN provider.
On any network, you’ll get a popup for self signed / mitm attack attempt on your browser ONLY for HTTPS sites. I wouldn’t suggest using http on any untrusted networks.
The one thing is on any non-trusted network - make sure you having firewall in place or it can be attack upon.
My two cent worth, VPN connections encrypt your internet traffic, preventing people from packet sniffing or conducting man in the middle attacks.
I would say it helps prevent opportunistic hacking or snooping but it’s not 100% reliable and as someone else has pointed out, there is an issue around VPN providers keeping logs and I think it’s possible for data leaks even when connected to VPNs. I don’t know the exact technical reason for this.
I would say say it’s a lot safer but then again, it depends on what you are doing on that public network. It’s a benefit risk analysis
If you are engaged in illegal activities/espionage/organised crime, hacktivism through a public network then a VPN alone likely isn’t enough but if you are a nice law abiding citizen using the network legally then a VPN is safer and worth using.
My issue with the VPNs I use is they that tend to be slower, which can be a pain if you are using a streaming service.
It was from days where https wasn’t the standard everywhere.
Are you wondering if it’s safer? Or if the risk is high? It seems like you’ve already determined that there are various methods of attack that are mitigated via tunnel all vpn, so it’s obviously safer.
They’re not, it’s nonsense made up by the the big VPN companies like Nord, PIA etc to sell subscriptions
Privacy, a VPN is primarily a privacy tool.
First hop privacy. I.e. the connection between your machine and the ISP of the VPN is private. That’s it.
Security of HTTPS/TLS can alter based on ciphers used. There are weak ciphers still in use on some websites and new weaknesses can still be found in ciphers that are currently considered safe. This could make you suspecable to MITM attacks. Using VPN you can define strong encryption for the connection and because TLS will move inside the tunnel, the weak ciphers won’t matter as much.
There is also possibility that you’re being targeted as a cyber security person if you protect infrastructure critical clients or systems. This could mean that someone might use more advances tactics against you. Instead of interacting with your connections directly, the malicious actor could just record all the packages you send and they will be decrypted at later time when weaknesses in the used cyphers are found or if the malicious actor has access to quantum computer. With VPN you could probably use quantum proof encyptions before those are implemented in most of the websites using TLS.
Many of the VPN products have setting to block LAN connections and force all the connections to go through VPN interface, this would protect you from other LAN devices from snooping your open ports and what not.
Many VPNs also force DNS queries to go through the tunnel which mitigates DNS based attacks.
It is not, it just “hides” your real IP address.
Privacy? Not really as well. It just changes your IP address. Privacy problematic things still happen, mostly in the browser (tracking, cookies …).
I may be lacking in my understanding of TLS, but I was under the assumption due to the certificates and trust, one does not simply modify the traffic. I have done some labs in GIAC courses where we TLS stripped packets, but we had to have the client side accept the certificate first just to showcase the use of the lab. We were taught that this would only work if you tricked the client into downloading your certificate. From what I understand, the snooping would still be encrypted unless you downloaded a malicious certificate and were victim to MitM.
I think all points are valid and true but one key part is that when you make a VPN connection from a logic perspective you’re taking yourself off that public network and now your on the company/private network you’ve VPNed too. This means that not only can you access resources as @KindlyGetMeGiftCards stated BUT you’re also under the monitoring and security controls that are in place on the company side.
For instance like you stated earlier if you were to try to connect to a website using http and your company’s security or firewall rules block that traffic you wouldn’t be able to (unless they’re using a split-tunnel configuration)
When I lived in London and worked with the airport for a few years we once found a small device broadcasting the same ssid as the coffee shop. I guess it was waiting for connections. I now never connect to public wifi after then and just buy a big data plan for my phone. Presumably a vpn would assist in this for a user.
This is only partially accurate. You’re missing a massive part of the picture.
SSL has been standard for over a decade.. MiTM attacks are one of the key concerns when connecting to public networks, secure connection or no.
VPN’s create a secure tunnel that cuts through that threat.
i do trust more vpn providers then some shady public wifi…
same on comporate networks, gov networks etc…
proton is my fav…
I have thought about all the same things, live in the Nordics and work in the field. I trust my ISP for the most part and usually only use 4g/5g connection w/o VPN in order to avoid any janky networks e.g. school, public transit the likes. Local firewall Little Snitch and browser setting with proper https enforcement, DNS makes VPN useless. For redundancy during traveling and geo access good to have one public and one private VPS setup.
But it can’t snoop your traffic or intercept anything except the initial start of the TLS handshake. With dns over https/tls, you can even hide what websites you’re going to from any packet sniffing.
TLS defeats the purpose of VPN for most situations. It’s still very useful for corporate networks or connecting back to your home network.
Smartproxy really delivers when it comes to proxy services. Affordable rates and top-tier performance.