Pedantic public wifi security questions

[Rhythmdvl]

I have a paid account with a VPN provider ([url=https://www.privateinternetaccess.com/]Private Internet Access), a paid subscription to Malware Bytes and MSSE is up to date.

I’m sitting in a public library, connected to the Internet via an open connection that I assume is the library’s (but anyone can name their SSID to match the library’s naming convention). After activating the VPN, my public IP address changed and its general location matches the region I set in the VPN panel.

Assuming I didn’t make a mistake in connecting (and assuming no keyloggers or other malicious local programs), am I now relatively free to treat this computer as if I’m at home? That is, can I log in to sites with my password, enter credit card information, download Windows and other updates, etc.? Or am I vastly misunderstanding the use/function of a VPN?

Paranoidly yours,

Rhythm

[Reply]

If the VPN connection is encrypted (they usually are), and if it’s properly configured with public key handshaking, and if you trust your VPN provider, then yeah, you should be reasonably safe. Usually all traffic will be routed (unless your VPN client or OS specifically sets it otherwise, but on Windows the default is to route everything).

As for passwords, etc., most sites use HTTPS anyway and the VPN would be an additional, redundant layer of encryption on top of that. On the sites that don’t, the library can’t see what you’re dong, but your VPN provider still can, and any sys admin or security agency between them and your destination website can too.

Also, your information might be secured over the network, but it can still be stolen through physical proximity: somebody looking at your screen, or somebody listening to keystrokes or CPU cycles and performing statistical analyses, recording your typing with their casually placed cell phone, etc. All very minor risks, but you did say you’re paranoid.

[Blakeyrat]

Reply’s answer is good, but I’d like to emphasize that it all depends on how the VPN is configured.

A VPN can route all traffic, or only traffic going to/from a particular network. Most workplaces I’ve worked at who have provided VPN have had it set to only route traffic intended for that work network-- if your VPN is configured that way, it’s not safe to assume your internet usage is safe.

Check with your VPN provider to be absolutely sure.

[LSLGuy]

If you are using the library’s public access computer, I’d say the real;risk is entirely in the “… (and assuming no keyloggers or other malicious local programs), …” part. I’d consider such a PC about as reliably hygenic as the toilet in a truck stop.

If you brought your own PC then your thinking, as amplified by **Reply **, is correct.

[Rhythmdvl]

Thanks. It’s my laptop (and phone, and wife’s laptop, etc. when we travel). I get that there are lots of other vulnerabilities that have nothing to do with VPNs (keyloggers, and targeted personal attacks). But we’re not particularly paranoid, just want to be as prudent as reasonably possible.

The VPN is recommended in a few places, and it’s one of PC Magazine’s Editor’s Choices, so I figure it’s safe (for restricted definitions of ‘safe’) to take their descriptions at face value. According to their literature, all traffic is encrypted. In fact, from what I’ve seen reading through support questions, there are steps I may need to take to get some applications to work.

Again, there are other things to be done (e.g. using extensions like HTTP Everywhere whenever possible), but from what I understand it’s important to use a well-administered VPN when travelling and accessing unknown wifi networks. Since I don’t have the time to devote to be sure I’m running one effectively, I turned to a commercial provider. This was my last check on my assumptions to say that it’ll be (relatively) okay to use CCs and whatnot online in a library or hotel if I need to.