ELI5: Why is it advisable to use a VPN on public WiFi, How does it protect our security?
The ads you see about VPN services are misleading these days.
This video has a good summary of it: https://www.youtube.com/watch?v=WVDQEoe6ZWY
In older days when websites didn’t use https, ssl, etc. it was easy to intercept data since it wasn’t encrypted. Back then, a VPN on public wi-fi was not a bad idea as it would actually make sure the traffic between you and unsecured websites were not intercepted.
By the way, when you use a VPN, you shift trust to the VPN provider instead of the network owner.
That isn’t to say that VPNs can’t offer something to you, but it’s far from what is advertised. It can absolutely obfuscate which sites you are visiting from the network you’re on. The VPN provider will still know.
It can help with georestrictions on streaming content too.
Sometimes, it also routes traffic through a different part of the Internet. It can for example let you connect to game servers if it fails due to a bad node between you and said servers without the VPN.
If the network throttles certain types of traffic, using a VPN can also circumvent that. It’s a great way to know if your ISP (say Comcast) is throttling streaming websites (say Netflix).
The short of it is that today, it does very little to protect your security.
EDIT: There are multiple comments worth reading below this post that go into more details of why you may still want a VPN, might want to take a look at them.
The idea is that the VPN encrypts your data before sending it to the router, so the network admins can’t see your sensitive information. The fear isn’t so much that the McDonald’s network admins are gonna try and steal your data, but that hackers will set up fake McDonald’s networks to trick your device into auto-connecting.
The problem with this advice is that most modern web browsers do this same encryption natively, so the VPN is mostly just an unneeded redundancy.
That said, VPNs can still be useful for privacy, albeit in a more limited way. When connecting directly to the router, the data you send may be encrypted, but you still have to tell your router the domain name so it knows where to send it. With a VPN, the router is just told to send the data to the VPN’s server, so it doesn’t get to see the domain you’re trying to access. Which is useful if the website you’re trying to access is either prohibited by the network or otherwise compromising.
Many commodity routers, especially in public spaces such as bed and breakfasts, airbnbs, and coffee shops are poorly configured, set up primarily for ease of customer access with minimal fuss. Every router these days comes with secure wifi enabled, but many are factory defaulted to effectively rebroadcast certain protocols to every other device on the network, again to make device discovery easy for hard to configure devices like smart plugs, lights, etc.
If you’ve ever seen YouTube controls pop up on your phone even if you’re not playing YouTube, it’s because there’s a Chromecast plugged in somewhere on the motel wifi. Remember if you can see them, they can see you.
VPNs prevent this.
The usefulness of a VPN for such situation is limited.
In theory everything you send across the internet can be seen by anyone who controls any of the systems along the way.
You ISP knows what websites you visit for example.
If your ISP is temporarily some free wifi in a cafe, they will know too.
Under some circumstances some else on the same network or pretending to be that network or just having taken control of it can get the same level of access to your communications.
Using encryption like https means that nobody along the way knows what exactly you send and receive. They know you googled something or visited reddit and Wikipedia, but now what you googled, which subreddit you looked at and which article on Wikipedia you read.
This level of security is usually enough.
There is some concern about man in the middle attacks, where somebody between you and the place on the internet you visit manages to intercept and edit the messages and messes with DNS to send your inquiries to the wrong place, but those mostly are mitigated with the sort of encryption tech that is already standard.
The danger is still there, but it is not nearly as bad as the people trying to sell you VPN services try to make you think it is.
All a VPN does is send all your traffic through the VPN. So your ISP or anyone controlling or listening in on the free wifi will only be able to see that you are using the VPN and nothing more.
This increases your security on that end. It also marks you as someone who has something to hide and it means that the company that runs the VPN now has the sort of data and opportunity to mess with you that your ISP had.
It also means that when law enforcement or similar wants to know which websites you visited they will have to subpoena or politely ask you VPN instead of your ISP.
At the end of the day the question is how much you trust the company or person that supplies your internet connection and how much more you trust the VPN provider and if the difference is worth it to you.
There are good reason to use a VPN for some people in some situations in some places. You have to decide for yourself if you are one of them.
Ordinarily, anyone else on WiFi network can monitor what websites (IP addresses) are accessed by what devices
This could potentially reveal sensitive information if someone is able to associate a device with a person, such as what bank they use.
Most web traffic itself is encrypted, so the contents of webpages would still be invisible for anything sensitive, though.
Who is advising this? A VPN could potentially protect your data by additionally encrypting your data from someone snooping on all data being transmitted over local public network, if such data is not already encrypted (which most of it is), but generally this would be a fairly extreme measure to only be necessary if you are expecting to be attacked or you have an extreme importance of security (such as being a govt official)
For regular folks, this is not a concern, unless you’re in China.
Most ‘advice’ about VPNs tend to be pretty much a ploy to sell VPN services to people who do not need them
Its not, it’s snakeoil. There are really no security issues browsing Web on public WiFi over private WiFi. If you dont know exactly why you need VPN, then you dont need it.
The thing about security when it comes to any sort of communication on a network can be described using a famous ‘Alice-Bob-Eve’ example.
Say Alice wants to send something to Bob. This message will be sent over a network (WiFi, cellular or anything). Eve is an attacker who wants to listen to this message.
In your situation, Eve may be able to read things that are being sent over a network. This can be done using a man-in-the-middle attack or a compromised router.
Using a good VPN essentially masks your location, IP and adds an additional layer of encryption to your messages. This makes it much harder, and in turn, generally much less interesting for an attacker to target you.
Edit: This is usually not an issue for browsing something like YouTube at Starbucks. But it becomes relevant if you are transmitting sensitive information or are on an untrusted network like most public WiFi are.
VPNs create a “tunneled” connection. Meaning that all your traffic is encrypted between your device and the VPN server while its in transit. This includes the part of the traffic that says what website/system you are going to. If the public wifi is compromised, all the attacker can see is that your traffic is going to the VPN server, but not its true destination.
So not only does it protect the content of your traffic, like usernames and passwords, it also protects your privacy for what sites you are using.
while I’m aware of the privacy limitations regarding government and law enforcement being able to force the VPN company to turn over logs I do get few or no targeted ads. I also feel like I see different prices when browsing e-commerce sites versus when signed into sites. I guess in the end it’s worth it to me to keep some level of control over my PI.
Nowadays, the security aspect isn’t really necessary; most websites employ HTTPS as standard, which adequately protects you from other people on public WiFi.
Rather, VPNs offer you more privacy, since your ISP can’t see what websites you are accessing at all. This can be useful in some cases (pirating movies and software), or in the case of an oppressive government (China, etc) that monitors all of your internet access. The caveat of this is picking a proper VPN provider that doesn’t keep logs and is located in a country with strong privacy laws.
A VPN hides where the data is coming and going. Anyone looking at the network traffic will only see encrypted packets going to/from the VPN server. They will not see what websites you are going to.
Didn’t NordVPN get audited a few years back to prove they don’t keep logs ?
What about using different DNS servers?
Everything sent from your device, or received by your device will be encrypted and will be very difficult to view; almost impossible. And this will also make it extremely difficult for someone to hack your phone and for someone to track you.
Anyone else who’s also on the same public wifi could “watch” your connection to see what you’re doing.
Using a VPN gives you a “closed tunnel” from your device to your VPN provider, so no one else in the coffee shop / airport / etc. can snoop.
It is generally advisable to use a VPN on public WiFi. But a VPN you trust - exp. your own or your employers. All the traffic is 100% encrypted then to the point where the trusted VPN server is.
Using a VPN service that is advertised inbetween Youtube videos brings you nothing really in terms of security. You have 0% knowledge what is done with your data at the VPN provider.
Imagine you want to write a really secret letter (request) to a friend (website).
You could just write it. Put it in an envelope and write your address (your public ip) as well as your friends address (server ip) on it.
But what if you can’t trust the postal service (isp) ? Or you don’t want anyone else to get a hold on the letter and read it?
Thats where Vince Postal Network (VPN) helps you out.
First you take an envelop and write your and Vince address on it. Then you write your letter using a secret language that only you and Vince know (encryption) and in your letter you add the address of your friend next to the rest of the content.
Now the letter first is send to Vince that opens it, translates it and makes a new letter in a readable language and adds his address as well as your friends address on the envelop.
Now how is this safer.
First of all the postal service only knows that your letter is send to Vince but doesn’t know where it is really headed. On the other side if they check Vince letter they only know that it is headed to your friend but not where it originally came from. So they don’t know that you send a letter to your friend.
Secondly if someone would get his fingers on your letter to Vince in a public place while you are distracted (e.g. a public wifi) than they would only see scrambled text and wouldn’t know what is it’s original content.
But there is a catch: You need to trust Vince. Because not only does he now where a letter came from and where it is headed. He also knows the content of it. And if he would make a list (logs) of all of his clients, addresses or even worse contents then someone could break into his office (police) and check this data. They would then know that / what you wrote your friend.
Yes, using a VPN on public WiFi is strongly advisable because it significantly improves your online security and privacy. Public WiFi networks are often unsecured, meaning they are open to all users without requiring strong encryption. This setup makes it easier for malicious users, like hackers, to intercept data transmitted over the network.
Here’s how a VPN enhances security on public WiFi:
- Encryption: A VPN encrypts the data transmitted between your device and the VPN server, essentially creating a secure “tunnel” for your internet traffic. Even if someone on the same public network tries to intercept your data, they would only see encrypted, scrambled information that’s useless without the decryption key.
- Hides Your IP Address: When connected to a VPN, your real IP address is hidden, and only the VPN server’s IP is visible to websites or potential eavesdroppers. This makes it harder for others on the network to track your activity or pinpoint your physical location.
- Prevents Man-in-the-Middle Attacks: Without encryption, attackers on the same public WiFi can carry out “man-in-the-middle” (MitM) attacks, where they intercept and alter your data before sending it on to the intended server. A VPN’s encryption disrupts this type of attack, making it nearly impossible for attackers to modify your communications.
- Protects Sensitive Information: Any data you send over public WiFi, such as passwords, banking details, and personal information, could be at risk on an unsecured network. A VPN ensures this data stays encrypted, even if the WiFi network itself lacks encryption.
- Defeats Potential Tracking: Public WiFi networks can sometimes have tracking mechanisms that monitor user activities. Using a VPN masks your identity and activity, limiting the amount of tracking possible.
In short, a VPN provides an extra layer of security on public WiFi by encrypting data, hiding your IP, and reducing the risk of various attacks, making it much safer to browse, check emails, or conduct online transactions while on an open network.