First, my bonafides: I currently work for a global manufacturing company, and am responsible for network and server infrastructure throughout North and South America. I’ve worked in IT for nearly 30 years.
So trust me when I tell you that, contrary to what Rob Long told you on the flagship podcast, you do not need a VPN. Let me tell you why:
First, what is a VPN? As Rob said, it stands for “Virtual Private Network.” A VPN is, essentially, a way to use the public internet to create private communication between two endpoints. In a corporation like mine, rather than spending a bunch of money on private data communication lines that no one else uses, we create a “tunnel” between two locations, generally using firewall appliances. These two devices are configured in a pair, to pass traffic back and forth based on a set of rules. For example, perhaps there is a server in St. Louis hosting an application that a user in an office in Lubbock needs access to. I can create this tunnel that makes the traffic between the user and the server seem as if they were both on the same private network. I want to be sure the traffic that passes between the two sites over a public connection (aka the Internet) is secure. So the tunnel encrypts and “protects” the traffic. We call this a “point to point” VPN because we control the egress at both ends. I can do the same thing by dropping a VPN client on the user’s laptop so they can go home and get access to that same server from their home Internet connection. It is functionally the same thing, but instead of two firewalls, we have a firewall in St. Louis (the same one that is used for the point to point, often), but we have software on the laptop that helps create the tunnel and routes traffic through it. We call this a client-based VPN, because we control egress on one end, and the client on the other.
Now, unless this is what you are doing, you don’t need a VPN. If you sign up for Acme VPN services, you are in effect acting like our users in Lubbock, while the good people at Acme are me, the IT guy. There are still two endpoints: your computer and Acme’s endpoint. Your data is encrypted all the way to Acme’s endpoint. Then it goes out over there public internet, unprotected (by a VPN tunnel). This is great if you are trying to obfuscate where you are coming from. For example, perhaps you want to watch videos on the Sky News F1 page (like I do). Sky News makes those videos free to people in the UK. But if you aren’t in the UK, you can’t watch them. So you might want to use Acme’s VPN software to dump you out on their UK endpoint (assuming they have one), thus making it seem like you are a person sitting in the UK browsing Sky’s F1 page.
But forget the notion that you are making yourself more secure by using a VPN service for regular browsing. You just aren’t. In one sense you are less secure because you are giving Acme complete control over the data that leaves your Internet egress point. Now that risk is pretty low if you are using a “name brand” VPN service. But it’s still a waste of time and money.
Y’all come back now, y’hear?Published in