Got a question about VPN security and privacy

Recently, I’ve noticed more articles questioning VPNs for security reasons. Tom Scott had a popular video and now Motherboard has a piece saying you probably don’t need a VPN. They often talk about HTTPS making VPNs unnecessary for protection against man-in-the-middle attacks.

But what about privacy? Don’t VPNs help hide your IP address? Isn’t that a big plus if you’re worried about surveillance capitalism and want to pull away from Big Tech as a political choice?

Isn’t masking your IP also beneficial for protecting against targeted harassment? So there’s security in that too, right?

Am I missing something? Why don’t they mention these advantages?

A lot of people confuse the web with the internet. There’s way more to the internet than just HTTP. A well set-up VPN protects all that, while HTTPS doesn’t cover everything.

Fifer said:
A lot of people confuse the web with the internet. There’s way more to the internet than just HTTP. A well set-up VPN protects all that, while HTTPS doesn’t cover everything.

That’s probably the case for many people. But how do you explain why Tom Scott or Joseph Cox are speaking against VPNs? They definitely understand the difference.

@Teal
I don’t know who they are. Maybe they just don’t trust centralized solutions, or maybe they don’t trust VPN providers. They could be against corporate VPNs, which would be unwise. Who knows what their motivations are?

But I really know about computer networks. If we ever manage to encrypt all network packets, VPNs could become obsolete. But we are nowhere near that yet. Anyone saying that VPNs are made pointless by HTTPS is either misinformed or spreading false info.

@Fifer
I agree with this. Here’s a short list of things a VPN can protect you from that HTTPS can’t:

  1. ISP packet sniffing and manipulation
  2. LAN sniffing and manipulation
  3. IP exposure to LAN admin
  4. IP exposure to ISP
  5. IP exposure to the destination website
  6. DNS issues at LAN (Even with DNS over HTTPS, many DNS packets stay unencrypted)

VPNs also help to bypass regional censorship.

@Fifer
Regarding corporate VPNs, there are actually better secure alternatives available now…

I think the argument they may be making is focused on how VPN ads claim they protect you from dangers that are becoming less relevant, especially concerning man-in-the-middle attacks. People know that visiting sensitive sites on public Wi-Fi can be risky, but that view isn’t as accurate anymore. The ads usually push you to buy a VPN solution as the only way to be safe.

I’m a fan of VPNs but find their marketing based on fear misleading. It’s tough to explain their benefits especially when many haven’t the time or interest to understand how VPNs offer protection. It can get complicated quickly, particularly when discussing tracking, since it varies so much based on how you use the internet.

A straightforward fact is that ISPs do collect and sell your usage data, profiting from it. Mentioning this can make others say they have nothing to hide. However, they are paying for a service while their data is being sold off. This alone can compel people to consider their privacy and security, and that doesn’t account for those who track you regardless of VPNs.

Just saying that makes me suspicious of Tom Scott.

Anyone stating that shows a poor grasp of how this tech, especially cryptography, truly functions or they’re just being deceptive.

Orin said:
Just saying that makes me suspicious of Tom Scott.

Anyone stating that shows a poor grasp of how this tech, especially cryptography, truly functions or they’re just being deceptive.

I don’t believe any VPN, no matter how well off it is, can hide your HTTP traffic because it’s still an insecure connection.

@Kyrie
That’s not right. It encrypts the connection from your device to the VPN server regardless of whether you are using HTTP.

Orin said:
@Kyrie
That’s not right. It encrypts the connection from your device to the VPN server regardless of whether you are using HTTP.

Only the connection from your device to the VPN server is secured. If the VPN server connects to an HTTP site, that route remains unsafe and exposed.

I’m curious about this topic too. I use a VPN daily across my devices. Like you, I find them valuable for hiding my IP address and avoiding surveillance capitalism. Still, I see a VPN as just one of the tools needed for privacy. Hiding the IP address isn’t the only step required for online safety.

The articles might suggest that if you are overly concerned about privacy, you would have to sacrifice many practical features of your devices or stop using major platforms like Reddit.

Yes, your IP can reveal some details, but remember about other factors like browser fingerprinting or even the DNS server you pick or skip. Fingerprinting means that you’d probably need to give up features crucial for proper website functionality.

It’s really about weighing benefits against risks. If the benefit of hiding your IP isn’t worth the risk of exposing your data to a shady VPN provider, then you might want to skip it.

I won’t stop using VPNs since they give me a sense of security while browsing, but it’s good to hear you share similar thoughts.

@Landry
I completely agree, VPNs are part of the bigger picture. I’m just rethinking my usage and whether I’m confusing the issue… Glad to hear you think the same!

VPNs are great for bypassing content blocks and getting around geo-restrictions too.

After reading the article, I think it’s misinformed or possibly misleading. Yes, VPNs are not a complete solution, and it’s crucial to understand online mechanics, but they definitely add some degree of privacy and security. Without a VPN, your ISP can see all your traffic, might alter it (like injecting ads), or even slow down your connection on specific types of content. With a VPN, the ISP can only tell that you’re connecting to secured tunnel to another server, nothing more. They can’t see exactly which websites you visit or alter your data. Plus, you don’t know who’s using your info or compiling a profile on you later.

That said, hiding your IP isn’t everything. For instance, if I go to two unrelated sites without logging in, and I’ve cleared cookies and caches, with a VPN, those sites remain blind to my identity. They won’t have my IP or location, or personal details. However, if they use Google Analytics, then Google can see that someone with a device similar to mine has visited both sites. If I log into my Gmail, that ties my visits together. So I’d still have to trust my VPN provider along with Google, but it offers more protection than my ISP or the site owners.

One clear benefit of hiding your IP is against stalking threats. If you share your thoughts on a public forum and a moderator takes an interest in you, using a VPN means they might only get your email (using a temporary one could help), whereas if they have your IP, they might find out where you live, or even worse. They might not have your exact address, but it can link things together.

Public Wi-Fi networks present risks too. While HTTPS protects quite a bit today compared to 10 years ago, it pays to be cautious in untrusted networks. You could be at a coffee shop and while HTTPS might guard against password theft, a lot of traffic can still be unprotected. A potential hacker in the shop could monitor your connections, seeing domain names for analysis. They might deduce details about your bank or workplace, hobbies, etc. They can compile this to conduct convincing social engineering attacks, like pretending to be from Wells Fargo to verify charges with your Amazon account. Using a VPN helps dodge this risk.

Overall, there aren’t many situations where a VPN isn’t worthwhile. The only downside is the trust you need in your VPN provider. Researching respected providers can help ensure they’re as trustworthy as your ISP, which we know collects and sells data. And we’re aware that public Wi-Fi is often insecure if you care about your privacy. VPNs do provide some protection against big tech surveillance, but extra measures like disabling scripts, using ad blockers, etc., are essential too. In short, you should be using a VPN. I think those who oppose them don’t know the full story or have a hidden agenda.

Why aren’t those benefits ever mentioned?

It’s probably that many people like to believe they have nothing to hide, only from hackers.

Hiding your IP is one of the key benefits. The websites don’t know where you are and therefore can’t log that information against you. Remember that authorities can figure out both your location and identity.

Another bonus is that your ISP can’t track which sites you visit.

If you don’t trust centralized VPNs, you might look into decentralized options.

Most online attacks focus on the browser. There have been recent vulnerabilities in iOS that led to urgent patches being made.

You should be looking for a secure virtual browser, not just a virtual network. Even with a VPN, your browser still brings in code using a different IP.

Check out www.APLens.co for a disposable browser that works on smartphones and desktops.