When it comes to protecting your online privacy, you'll come across Virtual Private Networks (or VPN in short) services at some point.
While VPNs offer privacy protection, secure connections, and even anonymity in some cases, they're not a silver bullet. What's more, if they’re not used appropriately, VPNs can end up backfiring, exposing more of your data, and slowing your online browsing to a crawl.
In this post, I'll guide you through what VPNs are and how they work.
You’ll discover you probably don't need one, except in a few special cases.
VPNs (short for Virtual Private Networks) create secure private connections across a public network.
They first appeared around 1996 when Microsoft created the peer-to-peer tunneling protocol (PPTN) as a mechanism to provide a secure and encrypted channel between two devices on any network.
The typical use case for a VPN is that of a corporation that wants its employees to have access to sensitive data in their private network even when the employees are not in the office— where the IT department can ensure everybody is on a secure connection.
From a bird's eye point of view, VPN services are just programs that provide means to encrypt and secure your network traffic, as shown in the chart below.
VPNs were not created to protect our privacy and anonymize our traffic.
They're just a mechanism to provide a secure connection between two specific points (your computer and your corporate servers).
So, why is it that we read over and over that VPNs can help us protect our privacy?
You guessed it. Because it's good for business.
According to Statista, the VPN market is worth more than 30 billion USD. So, of course, savvy marketers are going to tap into the increasing number of privacy-concerned users. They tell us that by paying for and installing a VPN service, they'll provide us with (1) a more secure connection and (2) anonymous web navigation.
But it turns out that neither of these assertions is true. Let's see why.
VPNs provide a more secure connection if the data or resources you want to access are in the same secure network as the VPN itself or the connections between the VPN and the server you want to reach are encrypted. Otherwise, they provide no additional security.
If you're using a VPN to navigate the web, the VPN service provider can't give any guarantees about the security of the connection between them and the sites you're visiting.
So, if someone wants to tap into your connection and log your traffic, they can still do it; they just need to tap into the connection as soon as it leaves the VPN server.
Moreover, if you're using a modern web browser, I'm sure that more than 99% of your traffic is already encrypted as these browsers and most websites use HTTPS (Secure HTTP) to send and receive traffic.
This is another big claim you'll see on most ads for VPN services. Marketers like to scare us by telling us that without VPNs, third-party services can track our IP addresses and our locations, letting them identify who we are.
While this is true—tracking services can use your IP address and location to build a better picture of who you are—there exist far more powerful mechanisms like cookies and fingerprinting that make the quest of obfuscating our IP addresses futile.
So if your objective is to protect your privacy online, you're much better of changing your digital defaults first rather than paying for a VPN service.
Having put the privacy concerns aside, there are still cases where you'll want to use a VPN.
If you're on the road or working from home (we're in the middle of a pandemic), your employer will want you to access sensitive corporate data securely, so they'll make you install a VPN client. And if you're in an unsecured network like a public airport or café WiFi, you can't trust the network security policies. It’s a public network. Anyone could intercept your network traffic and hunt for sensitive data (personal information, passwords, etc.). Using a VPN service here is sensible.
You also want a VPN if you’re going to bypass geo-blocking fences (the mechanism by which websites restrict access to their content based on your location) or to bypass certain government-imposed restrictions. For example, in China.
To end, I want to point out that if you still decide to use a VPN, you should be careful and do your research before choosing your provider.
Do you trust a provider headquartered in China or Russia?
How sure are you that they're not logging all your data and making money off you?
Remember, your connection is secure from your computer to the VPN server, but this means that the provider gets to see—and probably log—all your data.
Of course, if you have the chop s, you can set up your own VPN server (I've used OpenVPN), but this choice comes with technical challenges.