VPN technology and proxy technology are two separate technologies. You can construct VPNs that don’t proxy, you can build proxies that do not do any kind of VPN-like encryption, or you can combine the two and build a proxy that also allows for VPN-like connectivity to one of the proxy’s interfaces. All three types of solutions exist and have their uses.
Understood. But the context here is privacy/security/identity theft protection.
A VPN with no proxy is useful for corporate networks and the like. Not particularly useful for individuals, except in special situations. A proxy with no VPN has its uses, but also not under discussion here. It’s a VPN service with proxy that has potential security benefits, and the features that give these positive benefits are the same ones that allow more dubious applications.
Just about everyone with a home internet connection is using a form of “IP spoofing”. It’s called NAT (Network Address Translation) and is built into every consumer router. It means that your externally visible IP address is not the same as the IP of your device–that is to say, it’s being spoofed.
Of course, most of the time your external IP is from the same general (physical) location as your computer, and that’s no longer the case with VPNs. But that’s true of all of them, and has nothing to do with the target demographic their marketing department selected. Decoupling the apparent source of the traffic from the physical source is the whole point.
The use of a VPN if you are somewhere where you really don’t trust the connection is not unreasonable. Such a somewhere can be anywhere from a random internet café to a pretty large number of countries. And which countries depends upon context.
I could definitely see needing a VPN in some places I have been. A VPN that simply popped out in a server in a country I was happy with, rather than a VPN to a particular company. Often a VPN to a company pops out inside their network inside their firewall. So you may find that the corporate rules prevent access to all you may need.
Although you might be seeing https: in the header, that will not guarantee that the entire content you send and receive is encrypted. It secures the critical parts of the negotiation, but can leave large swaths of content in the clear. So you can still be subject to a range of attacks.
A VPN is simply an encrypted tunnel through the internet. It may be (1)my-router-to-your-router, or (2)my-PC-to-your-router, or (3)my-PC-to-your-destination-computer.
(1) is what is used to connect a branch office to a head office, or two closely linked businesses.
(2) is what “workers in the field” or others with need for a secure connection into a remote network (i.e. head office LAN) might use.
(3) might be for secure connections between two computers. however, that specific is rarely needed.
A VPN typically appears as network connection (hence “Virtual Private Network”). While HTTPS or SSL may connect you with encryption to a specific service (i.e. bank website, email server) VPNs more typically allow a greater range of traffic through, often any network traffic. With a “remote desktop” I get a window into a server, say, as if I were seated at the console. With a VPN, I can connect to the file shares, the database, the printers, etc. as if my PC were plugged into the network locally.
Where VPNs can be used to hide (not spoof) IP addresses, is with commercial services that offer the service to many users. If someone monitors my IP traffic - they can see what website I go to, and sometimes even the content of the transactions (if it is not HTTPS).
I buy a VPN proxy service, such as ProXPN, and I can connect to it from my devices; what I send from those devices is hidden from anyone monitoring my IP traffic - it all goes to the VPN proxy server. From there it goes out onto the internet with the VPN proxy server’s public IP address. Perhaps the NSA could watch in and out traffic and match it up - but the average Joe monitoring traffic out of the VPN service, or tracking traffic on his web server, would not be able to identify my home address. All they would know is that the web browsing comes from the IP address belonging to the VPN service. (It is possible to use a proxy service without a VPN encrypting traffic to their server from your PC, but that kind of defeats one part of the whole privacy motive, so not typically done).
Of course, if I am, say, logging into Straight Dope, they still know my userid. They know they can associate my userid with which of my particular PC’s signature (version of windows, version of Internet explorer, what version of Flash I run, etc. etc.) but they can’t tell what my home IP address is, or even what country I originate in. So I gain some privacy.
But then, really nosey web companies like Google probably drop cookies on your PC, and track you ten ways from Sunday, so unless you ALWAYS use a VPN proxy or started using a brand new PC with the proxy service and never used, say, Google without the proxy - then they have on file your real IP and also know what proxy service you use.
So what do you really gain? Only the NSA or some entity like Google with the resources and reach to track and your real IP address (which likely narrows you down to a neighbourhood). For the casual website that you only visited a few times, always with the VPN proxy, they don’t know your real IP. However, if you have an infected PC “phoning home” to its master control center over the internet, being behind a proxy won’t protect you - as typically the virus on your PC initiates the connection, the same way as you initiate web browsing.
Another side note - Google the story by a NYTimes reported about being hacked on an airplane. If you are using public Wifi, typically everything between you and the wifi router is broadcast open; it is trivial for a hacker to read everything going over the air, including the name of websites you go to, and if it is not HTTPS, the content. Sometimes, even email is unencrypted. A VPN to your head office (2) or (3) or a VPN proxy will encrypt everything right on your PC, so all wifi traffic should be unintelligible.
(Warning though - if you are sitting in Starbucks - remember when the wifi connection is made the first time, it asks if this is a home, work, or public network? If you answer Home or work, your typical PC can allow PCs on the same network - i.e. that guy over in the corner of Starbucks - full access to all your shared files - which for most home users, means the entire computer. be careful what you are sharing with a dozen strangers. Never call a public network anything but public, turn off as much file sharing as you can - anytime, since even at work, someone could sit outside in the parking lot and maybe read your files…)
At the present time, this would be the closest to my understanding.
But I’m going back to square one and trying to understand as best I can without having the benefit of taking any network training courses.
I’m going to comply with ECG and not mention any specific companies.
But you can always use Google to search for any number of them.
I believe ECG however in that there are likely a wide range of companies. Some who are reputable and some who are not. So it seems to me that one really does have to know as much as possible about how these things work.
ETA: md2000’s post above seems very accurate to me - for whatever that may be worth.
As I said - there are two types of VPN’s - router to router and PC to router/server.
Generally, a VPN will handle (almost) all traffic. Let’s just talk about the PC-to-(server/router) VPN.
-the VPN once started will appear as a “virtual” network interface with the same functionality like your Wifi or network cable.
-the “P” means private. All data (all packets send and received) are encrypted before being sent, so eavesdroppers cannot tell what is being sent.
-the more secure versions will force ALL your traffic to go through that network. (A typical VPN configuration option) This is a security measure. It prevents someone from “taking over” your computer from remote then exploiting its connection to the corporate network; only traffic to/from corporate over the VPN gets through while connected, so the hacker cannot relay himself into the corporate network. The downside is that “all traffic” may be a lot of traffic (depending on what else your PC is doing) However, the upside, is any internet activity goes through the VPN tunnel to the corporate network, and then through their fancier, more secure firewall filter before hitting the open internet. More secure.
How does the VPN app on my iPhone help me?
It says VPN by the internet connection. It’s my understanding that it “helps” when I’m connecting to a public wifi connection. Does it really help? How? In general, is it safer to connect using the phone line data rather than wifi?
I know nothing…obviously.
My VPN app on my phone allows me to VPN to a proxy address in the USA to see Netflix content not available in Canada. In fact, also the opposite - while travelling to the USA, I could proxy back to Canada to watch a hockey game (how cliché!) that was blacked out in the American market. A more legitimate example, you could VPN to your corporate network to run a web application that is not available on the public internet… or RDP to a desktop not available to the external internet. (I have actually done this as a demonstration -download an RDP client for iOS, fire it up in my iPhone, and login. Just make sure you have your glasses handy and put the phone in landscape. )
Let’s stay away from subjects like gaming netflix, as that gets into areas of murky legality.
The main benefit of using a VPN on a public wifi is that it encrypts the data while it is going through the public wifi area, making it much more difficult for hackers to listen in on your data for passwords and such.
Your phone data is already encrypted, but with most phones you pay for data usage, so using your data might end up being costly if you go over your limit for the month.
Getting hacked on a public wifi isn’t a huge risk, though it is a non-zero risk. If you are on a public wifi at McDonald’s, for example, the hacker would have to be in the McDonalds or at least be fairly close to it. Just about every McDonalds in the U.S. has free wifi. Most of them don’t have hackers sitting in them scanning for data.
Do you have a citation about the legality being even murky? Any case of anyone being prosecuted for it? Because, as far as I can tell, this is not true. It can violate the terms of the website. But that simply means they can cancel your account.
This is actually a bit of a pet peeve for me, so I would really appreciate it if you actually can back up what you are saying.
(And, note, this is not a comment on what should be allowed here. It would be perfectly in line with other moderating to be against violating another site’s EULA…)
Free WiFi is a risk for a range of reasons. Some more nefarious than others.
You need to know you can trust the owner of the WiFi. If you go into a well known coffee chain, and use their WiFi, it probably isn’t that big a deal. (You are still potentially at risk from an employee who has access to the base station. They have direct access to data.) But there are many new free WiFi outlets appearing that simply seem to be “free”. What you don’t know is how much packet inspection they are doing. Indeed it appears that there is a business being built that involves setting up free WiFi in public places and on-selling the data harvested from the users. I am getting to the point where I won’t use external WiFi networks unless I know exactly who has set them up.
If you are in a foreign country you have even less confidence in the security of carriage. Something that applies no matter how you connect, be it wired, wireless, or via cellular data.
WiFi has a whole range of attacks possible. Spoofing your home base station is trivial in many cases.
Well, first of all, I’m an engineer, not a lawyer, so I’m doing the best I can here with the legalities.
But it seems to my non-lawyer mind that this falls under theft of services by getting something that you are not entitled to. As far as I am aware it isn’t being prosecuted, but that may only be because Netflix thinks that it is more bother than it is worth and might give them negative publicity or whatever.
But again, I am not a lawyer. So if there is anyone out there who is a lawyer and can shed more light on this, it would be appreciated.
“Security of carriage”
Does that mean the security of the path your data travels from the moment you enter it into your PC until it leaves the property of whoever set up the WIFI?
Maybe it would be better if instead, I could just ask you just what is the meaning of “security of carriage” and whether there is anything an individual can do to determine just how secure my connection is at any one location. I can’t imagine walking into a coffee shop and asking someone, “what is your security of carriage here”?
Is there some question I can ask and is there some way I can interpret the answer.
This is the first term I’ve seen in a while that completely stumps me. I have no idea what any part of this means. But, I sure would like to know.
Also, I’d very much like to know if you can advise me of any way or any web site that explains how I can determine how safe or how vulnerable I am when using the net in an individual public WiFi setting.
Finally, do you know of any good tutorial I could take that would help my understanding of these basic issues? Primary issue for me is “privacy and/or security when using the Internet”.
Ah, well, yes. Sorry, I’m not even sure it is a proper term, but you got the idea.
Not really. Pretty much asking someone if they are a crook.
It isn’t really possible on an individual basis. Any unknown service is equally insecure. Known services provide some level of trust. But you are never really secure.
Depends upon your level of understanding. A quick Internet search throws up a lot of sites, many of which are pretty awful. This CNet one is an OK commentary on the public WiFi angle. But the risk move, and active exploits change.
Essentially you can’t 100% trust any Wi-Fi at all. Not even the one in your home. You *can *trust it something less than 100%. How much less? The devil is in the details.
Somebody like McDonald’s does an OK job on Wi-Fi security overall on a corporate basis. But there is nothing to prevent some bad guy from setting up a hotspot named “McDonalds” running on his laptop sitting in the restaurant or out in the parking lot. So you’re at risk of connecting to what you think is the restaurant’s system when you’re really connecting to the bad guy’s system.
Depending on how good corporate IT is, bad guys could have gotten malware into the Wi-Fi & network gear in the store. Or there could be a rogue employee who did the same thing. These are less likely attacks, but the risk is not zero. I’d expect such things to be more common at Starbucks or similar next to a corporate headquarters than I would at some random location in a random middle class suburb. More valuable targets worth snooping for at one place vs. the other.
Nobody at the store can tell you anything useful about their security or trustworthiness. All in all I’d sooner trust a corporate environment than a mom and pop.
Beyond all that, any time you are using a wifi system, anyone nearby can snoop all your traffic. If that traffic is encrypted you’ll have less exposure. networks that need passwords are more encrypted than those that don’t. https is better than http. But even with all that stuff in effect the bad guys who might be listening can pick up some valuable clues.
Thanks for the responses.
As has been mentioned several times already, a VPN is no real protection against identity theft. Most identity theft takes place via malware, phishing, or social engineering attacks. Keep you OS, anti-virus, and anti-malware software up to date. Don’t open dodgy emails and don’t visit dodgy websites.
Lemme see. If you don’t have proper passwords, your computer can be attacked via your WiFi, but VPN won’t help you there. However, without passwords your laptop traffic to your node could be sniffed out by mysterious vans parked outside, right? (Or sophisticated neighbors.) So VPN could be helpful in that (sub)scenario, though there are other more straightforward shields. (Right? Q: Is my laptop traffic to my Wifi node likely to be encrypted or not?)
Another safety measure which is mission critical for businesses is to visit financial websites and emails attached to financial websites via dedicated computers known to be clean. That means Linux. Small businesses with limited space should opt for a Live Linux CD.
General Tips. Note there is no mention of VPN: Tools for a Safer PC – Krebs on Security
Methods of credit card fraud. No, this is not a how-to: How Was Your Credit Card Stolen? – Krebs on Security
Business Best Practices: Online Banking Best Practices for Businesses – Krebs on Security
…and banking on a Live-CD:
This thread has been interesting.
Most modern Wi-Fi can be hacked after catching enough traffic, to reveal the login password. (although newer stuff may be better - Wi-Fi is changing all the time). Once the van outside is connected to your network, you better have your sharing limited and your windows firewall on, even though it’s your private home network.
The latest fraud - nothing to do with computers - is the guy on the crowded subway holding a portable credit card processor in his hand. He enters a small transaction, then wanders around trying to get close enough to someone’s wallet or purse to generate a “tap” and presto, you’ve given $30 to some random guy. Read your credit card bill closely.