Recommended by Ricochet Members Created with Sketch. No, Everyone Doesn’t Need VPN Service

 

First, my bonafides: I currently work for a global manufacturing company, and am responsible for network and server infrastructure throughout North and South America. I’ve worked in IT for nearly 30 years.

So trust me when I tell you that, contrary to what Rob Long told you on the flagship podcast, you do not need a VPN. Let me tell you why:

First, what is a VPN? As Rob said, it stands for “Virtual Private Network.” A VPN is, essentially, a way to use the public internet to create private communication between two endpoints. In a corporation like mine, rather than spending a bunch of money on private data communication lines that no one else uses, we create a “tunnel” between two locations, generally using firewall appliances. These two devices are configured in a pair, to pass traffic back and forth based on a set of rules. For example, perhaps there is a server in St. Louis hosting an application that a user in an office in Lubbock needs access to. I can create this tunnel that makes the traffic between the user and the server seem as if they were both on the same private network. I want to be sure the traffic that passes between the two sites over a public connection (aka the Internet) is secure. So the tunnel encrypts and “protects” the traffic. We call this a “point to point” VPN because we control the egress at both ends. I can do the same thing by dropping a VPN client on the user’s laptop so they can go home and get access to that same server from their home Internet connection. It is functionally the same thing, but instead of two firewalls, we have a firewall in St. Louis (the same one that is used for the point to point, often), but we have software on the laptop that helps create the tunnel and routes traffic through it. We call this a client-based VPN, because we control egress on one end, and the client on the other.

Now, unless this is what you are doing, you don’t need a VPN. If you sign up for Acme VPN services, you are in effect acting like our users in Lubbock, while the good people at Acme are me, the IT guy. There are still two endpoints: your computer and Acme’s endpoint. Your data is encrypted all the way to Acme’s endpoint. Then it goes out over there public internet, unprotected (by a VPN tunnel). This is great if you are trying to obfuscate where you are coming from. For example, perhaps you want to watch videos on the Sky News F1 page (like I do). Sky News makes those videos free to people in the UK. But if you aren’t in the UK, you can’t watch them. So you might want to use Acme’s VPN software to dump you out on their UK endpoint (assuming they have one), thus making it seem like you are a person sitting in the UK browsing Sky’s F1 page.

But forget the notion that you are making yourself more secure by using a VPN service for regular browsing. You just aren’t. In one sense you are less secure because you are giving Acme complete control over the data that leaves your Internet egress point. Now that risk is pretty low if you are using a “name brand” VPN service. But it’s still a waste of time and money.

Y’all come back now, y’hear?

Published in General
This post was promoted to the Main Feed by a Ricochet Editor at the recommendation of Ricochet members. Like this post? Want to comment? Join Ricochet’s growing community of conservatives and be part of the conversation. Get your first month free.

There are 40 comments.

  1. Brian Watt Member

    I think my cat has one. I keep getting little packages from Amazon with cat toys in them. I know she’s up late at night. I need to put a couple of cameras on her.

    • #1
    • November 11, 2019, at 7:35 PM PST
    • 15 likes
  2. Django Member

    When I first heard Mark Levin babbling about my need for a VPN, I thought: If the data is encrypted, how does the site I’m trying to reach decrypt my data? And if they can, why can’t everybody else? Then, upon thinking a bit, I decided that there must be servers that can decrypt and forward the data. WTF does that accomplish for me? Thanks for elaborating and explaining.

    • #2
    • November 11, 2019, at 8:13 PM PST
    • 3 likes
  3. Arahant Member

    Spin: This is great if you are trying to obfuscate where you are coming from.

    La la la la la la.

    *Looks very, very innocent.*

    • #3
    • November 11, 2019, at 8:30 PM PST
    • 1 like
  4. lowtech redneck Coolidge

    Spin:

    But forget the notion that you are making yourself more secure by using a VPN service for regular browsing. You just aren’t. In one sense you are less secure, because you are giving Acme complete control over the data that leaves your Internet egress point. Now that risk is pretty low, if you are using a “name brand” VPN service. But it’s still a waste of time and money.

    A youtuber I sometimes listen to had to apologize for apparently advertising a VPN service that was later hacked.

     

    • #4
    • November 11, 2019, at 9:18 PM PST
    • 1 like
  5. Chris Member

    Spin, is there any validity to the idea that a VPN is helpful/necessary when abroad, especially in “less than free” countries?

    • #5
    • November 12, 2019, at 4:25 AM PST
    • Like
  6. Belt Member

    Obscuring your location can be useful, particularly if you have concerns about surveillance by bad actors, like hostile governments. I’ve looked into this a bit, and am currently experimenting with the Tor browser to see if it would cut down on the amount of data that, say, Google is collecting about me. This is not a VPN per se, but it could be a useful alternative to signing up for a service.

    One of my clients has a VPN set up through their corporate firewall for some remote locations, and for remote users. The one time a VPN would be really useful for general users would be if you were using a public wifi; there’s always a chance someone could be monitor the traffic on there. On the other hand, I now tell my clients to just make sure that they always use their cell phone as a hot spot when they can because that’s far more secure than using a public network.

    • #6
    • November 12, 2019, at 5:04 AM PST
    • 1 like
  7. Spin Coolidge
    Spin Post author

    Chris (View Comment):

    Spin, is there any validity to the idea that a VPN is helpful/necessary when abroad, especially in “less than free” countries?

    Yes, great point. With a caveat: a lot of those same free countries don’t allow it. But if you have one and can use it with an end pout outside said less than free country, it does help a bit.

    • #7
    • November 12, 2019, at 6:29 AM PST
    • 1 like
  8. Spin Coolidge
    Spin Post author

    lowtech redneck (View Comment):

    Spin:

    But forget the notion that you are making yourself more secure by using a VPN service for regular browsing. You just aren’t. In one sense you are less secure, because you are giving Acme complete control over the data that leaves your Internet egress point. Now that risk is pretty low, if you are using a “name brand” VPN service. But it’s still a waste of time and money.

    A youtuber I sometimes listen to had to apologize for apparently advertising a VPN service that was later hacked.

     

    Everything gets hacked. Everything.

    • #8
    • November 12, 2019, at 6:29 AM PST
    • 5 likes
  9. Spin Coolidge
    Spin Post author

    Belt (View Comment):
    I now tell my clients to just make sure that they always use their cell phone as a hot spot when they can because that’s far more secure than using a public network.

    It is? Once the traffic hits the back haul, it gets out on the public Internet. So you are protected locally, at the cost of using a slower, more expensive on ramp. Use the public WiFi and the VPN. That’s another good use case, as I think about it. But it still leaves you vulnerable at the other end.

    • #9
    • November 12, 2019, at 6:32 AM PST
    • 1 like
  10. Spin Coolidge
    Spin Post author

    Django (View Comment):

    When I first heard Mark Levin babbling about my need for a VPN, I thought: If the data is encrypted, how does the site I’m trying to reach decrypt my data? And if they can, why can’t everybody else? Then, upon thinking a bit, I decided that there must be servers that can decrypt and forward the data. WTF does that accomplish for me? Thanks for elaborating and explaining.

    There are valid use cases. But I worry that folks will get one, turn it on, then think they can just do whatever they want, becuase Rob said they are protected.

    Things a VPN doesn’t protect you from:

    Someone hacking your device

    E-mail Phishing

    Viruses (I hate saying virii)

    Social engineering

    Password stealing

    • #10
    • November 12, 2019, at 6:35 AM PST
    • 4 likes
  11. EJHill Podcaster

    I used to use a VPN to watch the BBC and then they made it that you had to have a registered account at a valid UK address. Several million people all living in a small flat in Swansee made them suspicious.

    • #11
    • November 12, 2019, at 7:10 AM PST
    • 10 likes
  12. Django Member

    Spin (View Comment):

    Django (View Comment):

    When I first heard Mark Levin babbling about my need for a VPN, I thought: If the data is encrypted, how does the site I’m trying to reach decrypt my data? And if they can, why can’t everybody else? Then, upon thinking a bit, I decided that there must be servers that can decrypt and forward the data. WTF does that accomplish for me? Thanks for elaborating and explaining.

    There are valid use cases. But I worry that folks will get one, turn it on, then think they can just do whatever they want, becuase Rob said they are protected.

    Things a VPN doesn’t protect you from:

    Someone hacking your device

    E-mail Phishing

    Viruses (I hate saying virii)

    Social engineering

    Password stealing

    The only valid use case I could think of was if someone was trying to sniff passwords that were not encrypted and I was on a public wi-fi network. I’m sure there are others, but I was never an IT person, just an engineer who used computers as tools. 

    • #12
    • November 12, 2019, at 8:03 AM PST
    • Like
  13. James Gawron Thatcher

    EJHill (View Comment):

    I used to use a VPN to watch the BBC and then they made it that you had to have a registered account at a valid UK address. Several million people all living in a small flat in Swansee made them suspicious.

    EJ,

    If people actually believe in AOC’s 95 trillion-dollar Green New Deal or Elizabeth Warren’s 65 trillion-dollar Health Balagan or Greta’s Climate Catastrophe in 11 years then why is it so hard to believe that there are several million people all living in a small flat in Swansea?

    Let’s be reasonable.

    Regards,

    Jim

    • #13
    • November 12, 2019, at 8:20 AM PST
    • 7 likes
  14. OccupantCDN Coolidge

    I use a VPN for torrents. I’ve had 2 copyright strikes (1 each, HBO and Warner Bros) dont want anymore.

    I dont use the VPN to Geo-spoof netflix or other streaming services. Because they’ve been sued in the past over that, and could possibly ban users who do that. (BBC is probably different because they produce the content they stream, they probably wouldnt be sued over geo spoofing)

    • #14
    • November 12, 2019, at 8:22 AM PST
    • Like
  15. Spin Coolidge
    Spin Post author

    Gee, I hope the sponsor doesn’t see this post. ;-)

    • #15
    • November 12, 2019, at 8:43 AM PST
    • 2 likes
  16. Mark Camp Member

    Spin (View Comment):

    lowtech redneck (View Comment):

    Spin:

    But forget the notion that you are making yourself more secure by using a VPN service for regular browsing. You just aren’t. In one sense you are less secure, because you are giving Acme complete control over the data that leaves your Internet egress point. Now that risk is pretty low, if you are using a “name brand” VPN service. But it’s still a waste of time and money.

    A youtuber I sometimes listen to had to apologize for apparently advertising a VPN service that was later hacked.

     

    Everything gets hacked. Everything.

    There’s only one exception, and it would only be useful in allowing secure communications between members of a community who had anticipated and planned in advance for the need to communicate with each other, by sharing single-use passwords in person.

    Even it would be subject to theft, as opposed to hacking or computational decryption:

    • your notebook of passwords, if that’s what you used, being stolen by burglars,
    • someone arresting you and using drugs or torture to extract the passwords (or method of generating passwords from public information), if you chose to rely on human memory

    If I lived in certain countries, I would probably want to arrange such a security scheme very soon, while it still might be possible to meet people without officials knowing what we were doing.

    Because this Comment isn’t protected by such a scheme, there’s a chance that it’s already kind of too late to implement such a scheme completely securely.

    That’s because it’s being legally monitored and stored (though hopefully not being read!) by the NSA (under the FISA law, which if I understand it authorizes all Internet traffic to be captured and saved), and perhaps illegally by others with the same level of cryptographic skill, software for automatically flagging suspicious fragments of text (there’s plenty of that above), and computing horsepower.

    If I were an NSA or FBI spook, I would certainly tell the IT folks that I wanted a comment like this flagged, or at least flaggable quickly in the future. That is because it is on a right-of-center political site (Ricochet). It communicates to other members that (electronically) unbreakable communications could be set up if we hurried.

    That’s just the kind of intelligence that FISA was set up to capture, in the case of foreigners only. It was intended to be blocked (by the FISA court approval process) to protect US citizens, but as we know, thousands and thousands of illegal queries were being submitted by 2016, and I am not confident that the FISA court order (or executive decision by what’s his name, I can’t recall the history right now) that year to halt the practice has been permanently halted.

    • #16
    • November 12, 2019, at 8:46 AM PST
    • 1 like
  17. Arahant Member

    Mark Camp (View Comment):
    If I were an NSA or FBI spook, I would certainly tell the IT folks that I wanted a comment like this flagged, or at least flaggable quickly in the future.

    Don’t worry, Mark. You were already on the watch list.

    • #17
    • November 12, 2019, at 8:52 AM PST
    • 3 likes
  18. Phil Turmel Coolidge

    There are two scenarios where an always-on VPN is a good thing for consumers to consider:

    1. Use of an open wi-fi access point. Even if everywhere you go is https, all of the website names are out in the clear (via Server Name Indication) for your neighbors in the coffee shop to see. And for the operator of the wifi to collect.
    2. Use of a less-than-customer-focused internet service provider. Like mine (Comcast). Such ISPs are known to monitor your traffic just like an open wifi and sell the traffic profiles to advertisers.
    • #18
    • November 12, 2019, at 9:07 AM PST
    • 3 likes
  19. Jeff Hawkins Coolidge

    Since it’s on here. Just got a job where I can work from anywhere, so I plan to do some “working vacations”…what do you recommend re: solutions for mobile internet

    • #19
    • November 12, 2019, at 9:45 AM PST
    • Like
  20. Spin Coolidge
    Spin Post author

    Jeff Hawkins (View Comment):

    Since it’s on here. Just got a job where I can work from anywhere, so I plan to do some “working vacations”…what do you recommend re: solutions for mobile internet

    If I can’t get WiFi I’ll use the mobile hotspot on my Verizon phone. You can get MiFi devices, I think still…which is basically a cellular device that puts out a WiFi signal. But they are kind of going the way of pagers. Since WiFi is almost everywhere and phone hotspots are now (mostly) included on cellular plans.

    • #20
    • November 12, 2019, at 9:57 AM PST
    • Like
  21. Spin Coolidge
    Spin Post author

    Phil Turmel (View Comment):

    There are two scenarios where an always-on VPN is a good thing for consumers to consider:

    1. Use of an open wi-fi access point. Even if everywhere you go is https, all of the website names are out in the clear (via Server Name Indication) for your neighbors in the coffee shop to see. And for the operator of the wifi to collect.
    2. Use of a less-than-customer-focused internet service provider. Like mine (Comcast). Such ISPs are known to monitor your traffic just like an open wifi and sell the traffic profiles to advertisers.

    Item 1 is a certainly a good use case, but the risk is low if your computer is secured. I use VPN always in a coffee shop but that is mostly because I am doing work that requires it. You still need your computer to be secure, and be smart about what you are doing. As in, I don’t do my banking if I’m sitting at Starbucks.

    Item 2 is less of an issue, particularly since you are trading one potentially bad actor (your ISP) for two others (your VPN provider and their ISP). If you do your research and pay good money, then the latter is probably not an issue. But if you don’t want to spend the time to find a good provider and you don’t want to pony up the do-ray-me…just forget it. “They” know all about you already, anyway.

    • #21
    • November 12, 2019, at 10:00 AM PST
    • 1 like
  22. James Gawron Thatcher

    Jeff Hawkins (View Comment):

    Since it’s on here. Just got a job where I can work from anywhere, so I plan to do some “working vacations”…what do you recommend re: solutions for mobile internet

    Jeff,

    USB tethering your computer to your mobile phone I’ve found to be very effective. If you have a good connection to your phone service the USB tether provides a connection that is usually faster than WiFi or Bluetooth. Just find where the control switch for tethering is in your operating system. I have an Android 8.1. I go to Settings, then Network & Internet, then Hotspot & Tethering.

    Regards,

    Jim

    • #22
    • November 12, 2019, at 10:51 AM PST
    • 2 likes
  23. ChefSly - Super Kit Member

    I’ve contemplated setting up a vpn server at the house (for funsies) to get around the open wifi spots.

    • #23
    • November 12, 2019, at 11:03 AM PST
    • 1 like
  24. Mark Wilson Member

    Phil Turmel (View Comment):

    Use of a less-than-customer-focused internet service provider. Like mine (Comcast). Such ISPs are known to monitor your traffic just like an open wifi and sell the traffic profiles to advertisers.

    That’s why I use a VPN — I assume my ISP is cooperating with some nefarious organizations, whether they are third party advertising, the NSA, or the GRU.

    • #24
    • November 12, 2019, at 12:12 PM PST
    • 1 like
  25. Arahant Member

    Mark Wilson (View Comment):
    whether they are third party advertising, the NSA, or the GRU.

    Why not all of them?

    • #25
    • November 12, 2019, at 12:15 PM PST
    • 1 like
  26. Spin Coolidge
    Spin Post author

    Mark Wilson (View Comment):

    Phil Turmel (View Comment):

    Use of a less-than-customer-focused internet service provider. Like mine (Comcast). Such ISPs are known to monitor your traffic just like an open wifi and sell the traffic profiles to advertisers.

    That’s why I use a VPN — I assume my ISP is cooperating with some nefarious organizations, whether they are third party advertising, the NSA, or the GRU.

    What makes you think your VPN provider, and their ISP aren’t also in cooperation with these same nefarious organizations?

    • #26
    • November 12, 2019, at 12:27 PM PST
    • 1 like
  27. Misthiocracy grudgingly Member

    The cynic inside me suspects that the #1 use case for VPNs is folk watching porn at a public library.

    • #27
    • November 12, 2019, at 12:52 PM PST
    • 1 like
  28. Spin Coolidge
    Spin Post author

    Misthiocracy grudgingly (View Comment):

    The cynic inside me suspects that the #1 use case for VPNs is folk watching porn at a public library.

    Our public library allows anyone to watch porn on their computers, right out in the open. I’ve seen it myself. They tried to block it, but someone sued. The public library, like the post office, has outlived its usefulness.

    • #28
    • November 12, 2019, at 2:35 PM PST
    • 4 likes
  29. Miffed White Male Member

    Spin (View Comment):
    Since WiFi is almost everywhere and phone hotspots are now (mostly) included on cellular plans.

    My ATT plan explicitly disallows hotspot unless I pay extra.

     

     

    • #29
    • November 12, 2019, at 4:01 PM PST
    • Like
  30. Spin Coolidge
    Spin Post author

    Miffed White Male (View Comment):

    Spin (View Comment):
    Since WiFi is almost everywhere and phone hotspots are now (mostly) included on cellular plans.

    My ATT plan explicitly disallows hotspot unless I pay extra.

     

     

    Get a better plan…

    • #30
    • November 12, 2019, at 4:20 PM PST
    • 1 like