Imagine you’re sending a postcard on public WiFi; anyone can read it. A VPN acts like a sealed envelope, hiding your message. It encrypts your data, making it unreadable to hackers snooping on the network, protecting sensitive information like passwords, banking details, and private conversations.
The ads you see about VPN services are misleading these days.
This video has a good summary of it: https://www.youtube.com/watch?v=WVDQEoe6ZWY
In older days when websites didn’t use https, ssl, etc. it was easy to intercept data since it wasn’t encrypted. Back then, a VPN on public wi-fi was not a bad idea as it would actually make sure the traffic between you and unsecured websites were not intercepted.
By the way, when you use a VPN, you shift trust to the VPN provider instead of the network owner.
That isn’t to say that VPNs can’t offer something to you, but it’s far from what is advertised. It can absolutely obfuscate which sites you are visiting from the network you’re on. The VPN provider will still know.
It can help with georestrictions on streaming content too.
Sometimes, it also routes traffic through a different part of the Internet. It can for example let you connect to game servers if it fails due to a bad node between you and said servers without the VPN.
If the network throttles certain types of traffic, using a VPN can also circumvent that. It’s a great way to know if your ISP (say Comcast) is throttling streaming websites (say Netflix).
The short of it is that today, it does very little to protect your security.
EDIT: There are multiple comments worth reading below this post that go into more details of why you may still want a VPN, might want to take a look at them.
@Sparrow
To add to that.
Nowadays websites uses HTTPS hence why it’s safer. However, if you’re using public wifi for umprotected connections such as FTP or Samba…then it’s very risky.
A public wifi is…well, public. So public that anyone with some knowledge can create a network within with the same wifi name and password and easy to trick you that you’re connected to the real public wifi but instead you’re connected to the attacker network instead.
The attacker can sniff the traffic you do and act as an intermediary between sites you visit and you. I mentioned about HTTPS before, he can’t see through encrypted traffic what exactly are you doing but he can see that you visited that website and the total traffic bandwidth.
Also, the same attacker can alterate DNS so whenever you try to connect to a site, lets say bank.com, you’ll be redirected instead to a fake bank.com site that looks almost perfectly identical and can steal your data if you insert any sensitive info there.
That’s just a few examples here.
@Merrick
> Also, the same attacker can alterate DNS so whenever you try to connect to a site, lets say bank.com, you’ll be redirected instead to a fake bank.com
This is exactly the kind of attack that HTTPS was created to prevent. Nobody but the bank can offer a valid certificate for bank.com, so redirecting traffic in this way does not enable the middleman to pose as the bank. Every modern browser will give you a huge warning in this case.
@Jonah
Yeah TLS, formerly SSL, the S in HTTPS meaning Secure requires a certificate chain of trust leading up to the root certificate that comes included with your browser or operating system. If that chain is broken, your browser will warn you and in many cases will actually completely disallow you to view DNS spoofed sites.
@Denali
What about SSL Decryption on the gateway? Doesn’t the gateway/firewall impersonate you to the bank, and also imperaonate the bank to you, thus maintaining separate secure sessions with both and the ability to decrypt and re-encrypt data as it passes through them?
@Van
The attacker would need an SSL certificate signed by a CA that is trusted by the victim’s browser. Half of SSL is encryption, the other half is the chain of trust for who you’re connecting to. While theoretically possible, it’s extremely unlikely outside of targeted attacks.
@Van
That only works in company networks where the company controls both your browser and the gateway, so they can force the browser to trust the gateway.
@Merrick
DNS spoofing on its own doesn’t work against HTTPS sites. The attacker won’t be able to present a valid SSL certificate without possession of the private key.
@Merrick
this is probably a dumb question, but: when i get a non-https warning on a website, i ignore it if im just browsing/reading the website (eg not going to provide any info the the site). Is that the correct take or is there another danger?
@Axel
Yes. It is possible that the connection is compromised.
@Sparrow
I am glad to see this comment on top. People have no idea how computers/electronics work including influencers who’s advertising for it. VPN is this age’s snake oil. (unless you just want to watch region locked content or live in a a country with great censorship. Looking at you, China.)
@Cameron
Or you don’t want to get slapped with DMCA notices from your provider. 
Zenith said:
@Cameron
Or you don’t want to get slapped with DMCA notices from your provider.
If that is the reason, its better to spend that VPN money on a seedbox.
Zenith said:
@Cameron
Or you don’t want to get slapped with DMCA notices from your provider.
Yup, I haven’t gotten a notice in years. My default VPN connection location is Switzerland which has strong data privacy laws.
Zenith said:
@Cameron
Or you don’t want to get slapped with DMCA notices from your provider.
Sure, if you actually believe they run a zero log policy. I don’t.
Zenith said:
@Cameron
Or you don’t want to get slapped with DMCA notices from your provider.
Sure, if you actually believe they run a zero log policy. I don’t.
I mean, has an ISP ever gotten logs from a VPN provider and slapped the user with a DMCA notice as a result? I don’t think what you’re saying is relevant.
@Zinn
Perhaps not the ISP but they’re not the ones to worry about anyway. There has been several instances where vpn providers have cooperated with law enforcement. So don’t believe that no log BS.
Cameron said:
@Zinn
Perhaps not the ISP but they’re not the ones to worry about anyway. There has been several instances where vpn providers have cooperated with law enforcement. So don’t believe that no log BS.
The ISPs are the one you need to worry about, as they will terminate your access after X notices within a time period. This is a perfect use case for VPNS or Proxies.
Cameron said:
@Zinn
Perhaps not the ISP but they’re not the ones to worry about anyway. There has been several instances where vpn providers have cooperated with law enforcement. So don’t believe that no log BS.
Law enforcement isn’t getting involved if you’re just pirating movies or games. VPNs are great if you just want to avoid those notices and potential termination from your ISP.