VPNs: Should You Use One? (It Depends...)

3 min read VPNPrivacySecurity
VPNs: Should You Use One? (It Depends...)
DALL-E's representation of a cartoon of a man contemplating the word VPN

I bet you've heard a lot of conflicting information about VPNs.

The ads make many claims.  VPNs protect your privacy and they let you watch US Netflix while you're in Timbuktu.  Maybe you have a friend, relative, or favorite YouTuber who uses one and swears by it.

But should YOU use one?  Well, it's complicated...

What is a VPN?

Let's get this out of the way up front...  What most people are talking about when they say "VPN" isn't really a VPN at all!  (LOL What?!)  It is in fact more closely related to a type of proxy server called an anonymizer, just with a connection that is fully encrypted for the leg between you and the VPN's server.  Ok so, some terms that will help here - this is from Wikipedia:

VPN: Virtual Private Network - a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.
Proxy server: In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.[1] It improves privacy, security, and performance in the process

An example of a "true" VPN:  The company you work for has an internal network, that you need to join in order to communicate with and use resources within the network.  They will set up an encrypted VPN tunnel for you, so that you can Virtually connect into their Private Network, as if you were directly connected to the network itself.  And, because it is fully encrypted, no one can snoop on your work communications as they traverses over the open internet.  This is the most common use of a VPN.

A proxy server essentially an intermediary that pretends to be you, and requests web sites and other data on your behalf, then hands them back to you, and vice versa.  The addition of end-to-end encryption between you and the "VPN" server is what sets it apart from a normal anonymizing proxy.

Now that we've established that a VPN is not a VPN, let's go back to calling it a VPN for the rest of this article so our new-found knowledge remains a secret. ;)

What a VPN does well

  1. A VPN hides your IP address.  This is the main reason that VPNs are touted for privacy.  Any website you visit (or that your device visits without your knowledge) will not be able to link your traffic directly to you based on your IP address alone.
  2. Obscures your traffic from your Internet Service Provider.  You should never trust your ISP with your data.
  3. Obscures what websites you visit and other traffic from a public WiFi provider, like a coffee shop, grocery store, or hotel.  These collect your web traffic too, believe it or not!  In fact, you should be wary of connecting to free hotspots anyway.
  4. Yes, I know, the part you're really waiting for...  It might let you (with the right VPN provider and the right server - more later) allow you to watch geo-restricted content from video streaming services.

What a VPN does NOT do well

  1. Provide anonimity.  While a VPN does indeed hide your IP address, it is not the only way that websites, services, and government entities can track you.  There are many popular methods, even some more reliable even than your IP address, like unchangeable device ID's (your phone's MAC address for example), tracking cookies, persistent cookies and ETags, invisible canvasing and other types of browser fingerpriting (combinations of your browser's version, OS version, screen resolution, what fonts you have installed, and hundreds of other properties that can make you unique).
  2. Provide a guarantee that your information won't still be collected and even sold.  Many "free" VPNs and even some paid ones fund themselves through data-brokering, targeted advertising, or even contain malware.  Many also cooperate with law enforcement or other government agencies, if that's what you're worried about.  Remember:  a VPN does not protect you from bad actors, it only shifts the burden of trust from your ISP or WiFi provider onto to your VPN provider.  You have to do a lot of research to find out which one (if any) is right for you, and whether one even fits into your own personal threat model.  This involves lots of reading privacy policies!
  3. Not all VPN servers will de-restrict region-locked or geo-restricted content.  In my experience it's actually very hit or miss, more so on the miss side.  In fact streaming services generally block all known VPN server IP addresses, even for legitimate customers who live in that region, even if the only reason you have a VPN is for privacy.

Conclusion

I'll stop short of recommending one in particular, as they are always popping up, changing hands, or folding, and I don't know when you'll be reading this.  Making a recommendation is definitely out of scope for this article, but I hope that this info can help you better understand and decide whether or not a VPN is right for you.

Cheers!

lxwagno

lxwagno

lxwagno is a data analyst and programmer, and is a privacy and cybersecurity enthusiast with more nerdy hobbies than one should ever be burdened with.
USA
Previous Post
Next Post