Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
No, Everyone Doesn’t Need VPN Service
First, my bonafides: I currently work for a global manufacturing company, and am responsible for network and server infrastructure throughout North and South America. I’ve worked in IT for nearly 30 years.
So trust me when I tell you that, contrary to what Rob Long told you on the flagship podcast, you do not need a VPN. Let me tell you why:
First, what is a VPN? As Rob said, it stands for “Virtual Private Network.” A VPN is, essentially, a way to use the public internet to create private communication between two endpoints. In a corporation like mine, rather than spending a bunch of money on private data communication lines that no one else uses, we create a “tunnel” between two locations, generally using firewall appliances. These two devices are configured in a pair, to pass traffic back and forth based on a set of rules. For example, perhaps there is a server in St. Louis hosting an application that a user in an office in Lubbock needs access to. I can create this tunnel that makes the traffic between the user and the server seem as if they were both on the same private network. I want to be sure the traffic that passes between the two sites over a public connection (aka the Internet) is secure. So the tunnel encrypts and “protects” the traffic. We call this a “point to point” VPN because we control the egress at both ends. I can do the same thing by dropping a VPN client on the user’s laptop so they can go home and get access to that same server from their home Internet connection. It is functionally the same thing, but instead of two firewalls, we have a firewall in St. Louis (the same one that is used for the point to point, often), but we have software on the laptop that helps create the tunnel and routes traffic through it. We call this a client-based VPN, because we control egress on one end, and the client on the other.
Now, unless this is what you are doing, you don’t need a VPN. If you sign up for Acme VPN services, you are in effect acting like our users in Lubbock, while the good people at Acme are me, the IT guy. There are still two endpoints: your computer and Acme’s endpoint. Your data is encrypted all the way to Acme’s endpoint. Then it goes out over there public internet, unprotected (by a VPN tunnel). This is great if you are trying to obfuscate where you are coming from. For example, perhaps you want to watch videos on the Sky News F1 page (like I do). Sky News makes those videos free to people in the UK. But if you aren’t in the UK, you can’t watch them. So you might want to use Acme’s VPN software to dump you out on their UK endpoint (assuming they have one), thus making it seem like you are a person sitting in the UK browsing Sky’s F1 page.
But forget the notion that you are making yourself more secure by using a VPN service for regular browsing. You just aren’t. In one sense you are less secure because you are giving Acme complete control over the data that leaves your Internet egress point. Now that risk is pretty low if you are using a “name brand” VPN service. But it’s still a waste of time and money.
Y’all come back now, y’hear?
Published in General
I think my cat has one. I keep getting little packages from Amazon with cat toys in them. I know she’s up late at night. I need to put a couple of cameras on her.
When I first heard Mark Levin babbling about my need for a VPN, I thought: If the data is encrypted, how does the site I’m trying to reach decrypt my data? And if they can, why can’t everybody else? Then, upon thinking a bit, I decided that there must be servers that can decrypt and forward the data. WTF does that accomplish for me? Thanks for elaborating and explaining.
La la la la la la.
*Looks very, very innocent.*
A youtuber I sometimes listen to had to apologize for apparently advertising a VPN service that was later hacked.
Spin, is there any validity to the idea that a VPN is helpful/necessary when abroad, especially in “less than free” countries?
Obscuring your location can be useful, particularly if you have concerns about surveillance by bad actors, like hostile governments. I’ve looked into this a bit, and am currently experimenting with the Tor browser to see if it would cut down on the amount of data that, say, Google is collecting about me. This is not a VPN per se, but it could be a useful alternative to signing up for a service.
One of my clients has a VPN set up through their corporate firewall for some remote locations, and for remote users. The one time a VPN would be really useful for general users would be if you were using a public wifi; there’s always a chance someone could be monitor the traffic on there. On the other hand, I now tell my clients to just make sure that they always use their cell phone as a hot spot when they can because that’s far more secure than using a public network.
Yes, great point. With a caveat: a lot of those same free countries don’t allow it. But if you have one and can use it with an end pout outside said less than free country, it does help a bit.
Everything gets hacked. Everything.
It is? Once the traffic hits the back haul, it gets out on the public Internet. So you are protected locally, at the cost of using a slower, more expensive on ramp. Use the public WiFi and the VPN. That’s another good use case, as I think about it. But it still leaves you vulnerable at the other end.
There are valid use cases. But I worry that folks will get one, turn it on, then think they can just do whatever they want, becuase Rob said they are protected.
Things a VPN doesn’t protect you from:
Someone hacking your device
E-mail Phishing
Viruses (I hate saying virii)
Social engineering
Password stealing
I used to use a VPN to watch the BBC and then they made it that you had to have a registered account at a valid UK address. Several million people all living in a small flat in Swansee made them suspicious.
The only valid use case I could think of was if someone was trying to sniff passwords that were not encrypted and I was on a public wi-fi network. I’m sure there are others, but I was never an IT person, just an engineer who used computers as tools.
EJ,
If people actually believe in AOC’s 95 trillion-dollar Green New Deal or Elizabeth Warren’s 65 trillion-dollar Health Balagan or Greta’s Climate Catastrophe in 11 years then why is it so hard to believe that there are several million people all living in a small flat in Swansea?
Let’s be reasonable.
Regards,
Jim
I use a VPN for torrents. I’ve had 2 copyright strikes (1 each, HBO and Warner Bros) dont want anymore.
I dont use the VPN to Geo-spoof netflix or other streaming services. Because they’ve been sued in the past over that, and could possibly ban users who do that. (BBC is probably different because they produce the content they stream, they probably wouldnt be sued over geo spoofing)
Gee, I hope the sponsor doesn’t see this post. ;-)
There’s only one exception, and it would only be useful in allowing secure communications between members of a community who had anticipated and planned in advance for the need to communicate with each other, by sharing single-use passwords in person.
Even it would be subject to theft, as opposed to hacking or computational decryption:
If I lived in certain countries, I would probably want to arrange such a security scheme very soon, while it still might be possible to meet people without officials knowing what we were doing.
Because this Comment isn’t protected by such a scheme, there’s a chance that it’s already kind of too late to implement such a scheme completely securely.
That’s because it’s being legally monitored and stored (though hopefully not being read!) by the NSA (under the FISA law, which if I understand it authorizes all Internet traffic to be captured and saved), and perhaps illegally by others with the same level of cryptographic skill, software for automatically flagging suspicious fragments of text (there’s plenty of that above), and computing horsepower.
If I were an NSA or FBI spook, I would certainly tell the IT folks that I wanted a comment like this flagged, or at least flaggable quickly in the future. That is because it is on a right-of-center political site (Ricochet). It communicates to other members that (electronically) unbreakable communications could be set up if we hurried.
That’s just the kind of intelligence that FISA was set up to capture, in the case of foreigners only. It was intended to be blocked (by the FISA court approval process) to protect US citizens, but as we know, thousands and thousands of illegal queries were being submitted by 2016, and I am not confident that the FISA court order (or executive decision by what’s his name, I can’t recall the history right now) that year to halt the practice has been permanently halted.
Don’t worry, Mark. You were already on the watch list.
There are two scenarios where an always-on VPN is a good thing for consumers to consider:
Since it’s on here. Just got a job where I can work from anywhere, so I plan to do some “working vacations”…what do you recommend re: solutions for mobile internet
If I can’t get WiFi I’ll use the mobile hotspot on my Verizon phone. You can get MiFi devices, I think still…which is basically a cellular device that puts out a WiFi signal. But they are kind of going the way of pagers. Since WiFi is almost everywhere and phone hotspots are now (mostly) included on cellular plans.
Item 1 is a certainly a good use case, but the risk is low if your computer is secured. I use VPN always in a coffee shop but that is mostly because I am doing work that requires it. You still need your computer to be secure, and be smart about what you are doing. As in, I don’t do my banking if I’m sitting at Starbucks.
Item 2 is less of an issue, particularly since you are trading one potentially bad actor (your ISP) for two others (your VPN provider and their ISP). If you do your research and pay good money, then the latter is probably not an issue. But if you don’t want to spend the time to find a good provider and you don’t want to pony up the do-ray-me…just forget it. “They” know all about you already, anyway.
Jeff,
USB tethering your computer to your mobile phone I’ve found to be very effective. If you have a good connection to your phone service the USB tether provides a connection that is usually faster than WiFi or Bluetooth. Just find where the control switch for tethering is in your operating system. I have an Android 8.1. I go to Settings, then Network & Internet, then Hotspot & Tethering.
Regards,
Jim
I’ve contemplated setting up a vpn server at the house (for funsies) to get around the open wifi spots.
That’s why I use a VPN — I assume my ISP is cooperating with some nefarious organizations, whether they are third party advertising, the NSA, or the GRU.
Why not all of them?
What makes you think your VPN provider, and their ISP aren’t also in cooperation with these same nefarious organizations?
The cynic inside me suspects that the #1 use case for VPNs is folk watching porn at a public library.
Our public library allows anyone to watch porn on their computers, right out in the open. I’ve seen it myself. They tried to block it, but someone sued. The public library, like the post office, has outlived its usefulness.
My ATT plan explicitly disallows hotspot unless I pay extra.
Get a better plan…