(Reposted) Please Read This Before Getting A VPN or If You Have A VPN

(This has been reposted due to me deleting this by accident).

When I check out Reddit, I notice a lot of folks think VPNs are a magic shield against all malware, public Wi-Fi risks, and that they guarantee total anonymity. I just want to clarify that this isn’t entirely accurate. With my background in cybersecurity, I can tell you that whether or not a VPN is effective really depends on your specific threat model and personal preferences.

A VPN is ideal for people who want to access content that is blocked in their country, download torrents, hide their IP address, or keep their online activities private from their internet provider for sensitive reasons.

VPNs suggest that you are at risk on public networks, and this might have been true years ago. Today, most of our internet traffic is secured with TLS or HTTPS, which is used by many websites and apps. This means that while your Internet Service Provider or the public network owner can see the sites you visit, they cannot see your activities on those sites, like logging into your bank account. A VPN provides extra security by encrypting HTTP sites, but honestly, how often do you visit an HTTP site or enter personal information on one? The only precaution majority of people need is to check if they are connecting to a legitimate WiFi network.

VPN companies often claim they can keep your data and browsing private from your ISP and the government. However, when you use a commercial VPN, you are shifting your trust from your ISP to the VPN provider. Personally, I would prefer to trust a smaller British ISP, which is regulated by the government regarding privacy, rather than a large tech VPN company that might log my data. Some may argue that VPNs offer no-log encryption but there is no guarantee of that claim, even with audits. Just look at their privacy policy; it reveals a lot. There is no way to be completely private online, and sadly, in today’s digital world, you have to place your trust in someone. There is some value for high-targeted users but for most, it is redundant security. Oh, that’s also a message to tell you not to do anything illegal online when using a VPN.

Some VPNs can help block ads and protect against malware, but that’s not their main job. If you want to avoid annoying ads and malware, consider getting antivirus software and an ad-blocking extension. For general hacking threats, no product, including VPNs, can fully guarantee your safety. It’s important to use common sense: create strong passwords, enable two-factor authentication, limit personal info sharing, and avoid clicking on links or files from unknown sources. Interestingly, 81% of hacks happen due to weak passwords, so using a good quality password manager can help keep you safe.

VPNs definitely have their perks. For instance, if you want to access content that’s blocked in your country, you can just pick a VPN server from another location. Like, if I wanted to stream PBS Kids for family members while in the UK, I’d simply connect to a server in the US. People from countries with strict internet regulations, like Pakistan, Iran, and China, often use VPNs, but honestly, anyone can benefit from them regardless. And if you’re into torrenting, having a VPN is essential to keep your privacy and security intact. If you’re not torrenting or trying to access restricted content, just make sure you know when a VPN is necessary for your needs.

Some of you might be at a greater risk of being attacked, and I understand that. However, if you really care about extreme security and privacy, using a commercial VPN shouldn’t be your main focus. You can consider other options like avoiding public networks, using your own mobile hotspot, trying Tor, using decentralized VPNs, or even setting up your own VPN server for better privacy and anonymity. Those options are free or cheaper compared to a VPN so what’s not to like - apart from slower speeds on Tor?

I welcome everyone to share their opinions on this topic, and I don’t consider myself overly concerned about privacy. If you choose to use a VPN, that’s completely fine, but make sure that paying for a commercial VPN is worth it for you.

Regarding HTTP sites, browsers by default will complain on visiting such sites and will disable tons of the shiny new browser features, so sites have already migrated en masse to HTTPS. Even a VPN will only help between the device and VPN server, the traffic between the VPN server and the web server will be unencrypted, and such server likely have lousy security anyway, so it might already be compromised and a VPN won’t help in that case.

This also applies to apps, AppStore require exception request for HTTP endpoint so most libraries and services (including cross-platform ones supporting Android) already use HTTPS by default.

Most VPNs doesn’t help against tracking from the sites and ad servers at all. Some with adblocking feature might, but uBlock Origin will work much better for sites instead of the usual DNS blocking used by VPN services.

Most people only get a VPN because their YouTuber told them to. Unless they are torenting, they don’t actually need one. Those who have legitimate need for a VPN would’ve already have one.

I use my own wireguard vpn everywhere but at home.

A pihole and some browsers with some privacy plugins and I have 98 % security. The 2 % are open to keep my brain busy …

Really appreciate this. I was on the fence about getting a VPN however I think I’ll pass.

My reasons for not getting one is that I do not use public WiFi, have strong passwords with 2 factor Auth set up and I don’t browse the internet on dodgy websites. In fact, I barely use the internet for anything other than a bit of Reddit and to purchase items.

I use my data and the only time I use WiFi is at my own home. Fully aware I can fall victim to hackers however to date I’ve been just fine.

when you use a commercial VPN, you are shifting your trust from your ISP to the VPN provider.

This is not quite true. If you sign up for VPN without giving name and phone number etc (not hard to do), you end up splitting your data between the two companies. This is compartmentalization, and it is a win. Neither company will know all your data. This is better than having to trust one company (the ISP) with all your data.

I do t use a commercial VPN much. I use a OpenVPN that I set up on my home router to access my lab and home resources as well as appear to be connecting to resources from my home router.

I had a question regarding DDOS attacks through gaming platforms such as consoles. i recently set up a VPN through my netgear router’s admin page but im not entirely sure im secure.

i have been ddos attacked multiple times by 12-17 year old kids (i assume) with a laptop using those youtube programs like LANC and a stresser/botnet. i just want to be able to play without getting hit offline for even speaking through the VoiP.

is there a specific type of VPN i need to be using? if so, what is the best option? My isp is Xfinity and i recently purchased the XR1000 gaming router with DumaOS. my modem is a gateway from my ISP. i put the gateway in bridge mode already.

I’ve been looking around for a VPN for when we travel outside of the US. I’ve always heard about the dangers of public/hotel WiFi (we buy eSIM cards when we travel to reduce the need for public WiFi) and how individuals can steal your information.

I feel like I’m made to believe that if I don’t have a VPN, I might as well just publish my SSN, bank account, and other personal information for all to see!

I’m not downloading torrents or any questionable content, I’m not worried about regional streaming services, and I have iCloud Relay turned on. I might check my bank account or CC occasionally, but that is through the respective apps, which you say likely have their own security features.

Do I really have any need for a VPN?

Exactly. It baffles me how a lot of YouTubers try to use fear to get a lot of viewers to sign up for VPNs and splash their cash without even knowing it is a waste of money for majority of them.

So you build your own VPN? That’s pretty cool. I rarely meet anyone who builds their VPN

That’s good to hear. I am glad you took those precautions on the strong password and 2FA. You’d be surprised how many people don’t follow your practises or anything similar to those.

Not exactly true. They get this:

Your IP address

Service and duration of your internet sessions

Full port information

Unencrypted data

And you also provide your email address, billing address and credit card details too so you still give your data to the VPN company. 100% privacy is not possible online nowadays.

Your ISP has data regardless because when you sign up, you have to provide your legal identity. And as I mentioned, HTTPS is there to encrypt your online activities meaning that your ISP is able to see which website you access, they cannot decipher what you are doing on there. So unless you are doing something sensitive or illegal, your ISP is not a bad company to store data. It is also regulated by your government depending on the country.

Okay. I want to ask this question. Why would you not want your ISP to know which websites you go to that a commercial VPN would be a better option? You talked about being able to be “anonymous” on a VPN but why would a VPN be worth paying for?

You know what, why are we even going on in this? Let’s end it here. I should’ve realised that we are both different and have different threat models.

If you travel a lot, a VPN is useful to unblock content. For Public Wi-Fi, as long as your connection is connected by HTTPS/TLS, you should be fine. Yes, the ISP and the Owner may see which websites you visit but that’s as far as they can see. For example, if you went to your bank right now (assuming the website has HTTPS), your ISP and Owner can see you went to your bank’s website, but they can’t see your personal information, your credentials, banking info etc. HTTPS’s job is to encrypt your activity from your computer to web servers through the internet. It is not E2EE but it is better than nothing. But the number 1 precaution I will tell you to do is to not connect to WIFI networks that you either don’t know of or trust. Only use legitimate WIFI networks only or just don’t use them.

So in summary, unless you have a high threat profile or you want to torrent or unblock content, a VPN isn’t needed.

It peaks my anxiety seeing people make online purchases when they’re using free WiFi.

Not all websites/ organisations use 2FA though? Is there a way to have 2FA on absolutely everything?

you also provide your email address, billing address and credit card details too so you still give your data to the VPN company

No, you can sign up with a throwaway email address, and pay with gift card or cash or Monero or virtual card. They don’t care about anything except your payment works. Quite different from an ISP.

I’m objecting to the “[just] shifting trust to VPN” part. You are shifting only part of the data, and that separation is a win.

Why would you not want your ISP to know which websites you go to that a commercial VPN would be a better option?

I want to control who knows about my activities and can tie them to my ID. By using a VPN, I can be sure that neither ISP nor VPN can see the whole picture. It’s my data, I want to control it.