Why is a VPN "safer" on public networks? No really...why

Hello everyone. I have been working in cyber security for about 2 years now. I try my best to get down to the technical “whys” for practices whenever possible. Something I have been researching off and on now for a month is the technical benefits of client-focused VPN usage.

I know the basics of how a VPN works, pay for, and use one personally because when I broke into the career field I always heard it was safer to use one.

I have seen many many people say and post something like this “I don’t use a VPN at home but you should always use a VPN in a public network like a hotel or restaurant”

I realized last month that I don’t necessarily know the why for this as much as I thought I did and my research online and discussions with others has not really left me satisfied. I was hoping to get some perspectives from people that have been in the industry for a bit.

If I was in an untrusted public network, I am tracking a couple risks:

  1.  Evil twin -> I connected to a malicious device and am going through them to make request now
    
  2.  Compromised router -> Potential access to see my packets coming and leaving network
    
  3.  Sharing a network with someone potentially malicious -> I am sure they could arp-scan and probe my device
    

I am sure there are gaps in my knowledge as to why I am having an issue answering this, so please let me know if there are things I am not considering as I hope to learn from this.

For risk 1 and 2: I ran some Wireshark before making this post to spot check some of my basic understanding of TLS before making this post. When I browsed to reddit, it looks like I was indeed using TLS. From what I understand, most websites utilize HTTPS. If a “bad guy” was sniffing me out, even on a public network, they would see my ClientHello which does contain the SNI for reddit and my JA3 information. After that, all the application data is encrypted. So they would essentially know that someone with my private IP and MAC establishing a TLS connection with reddit.

Now in a more serious attack like Evil Twin, I suppose there is the risk of getting sent malware from a legit MitM position depending if the website uses any unencrypted things like JavaScript files if I am solely relying on TLS with no VPN.

For risk 3: I could be pinged and probed sharing a network with someone. With proper endpoint device security, this doesn’t seem too bad, not ideal, but the VPN does not fix this problem. Me establishing a tunnel to the VPN server does not eliminate the fact that someone in my same network can try to interact with my Private IP/MAC.

These are the benefits of a VPN that I am tracking:

  •      Geolocation spoofing/Privacy
    
  •      Encrypted tunnel from client to VPN server. So if I browse to something that is not HTTPS, my unencrypted web request will be inside the encrypted VPN tunnel on the way to the VPN server; however, the traffic from the VPN server to the HTTP server will be unencrypted.
    
  •      Maybe its harder to strip encryption from a VPN provider than TLS?
    

Is there anything I am missing in the risks above or benefits of VPN usage within the context of an untrusted network. I am under the impression someone is probably fine if they are going to reputable websites even when on a public network. Some snooper will just get a bunch of SNIs and anything else in that client hello and server response.

I’m looking to fill my technological gaps instead of just agreeing that “VPN is good, so safe!”.

Edit:

Thanks for everyone that participated in this discussion! Learned a lot of different perspectives and technical deetz!

VPN at the coffee shop was made popular by the FireSheep software:

https://en.wikipedia.org/wiki/Firesheep

This was back when SSL wasn’t popular so you could see what someone was browsing on facebook.

So with SSL (TLS) it’s much safer, but similar issue are still around, do you trust that the gateway isn’t snooping your traffic, is it modify your traffic, some ISP or cafes put AD’s in the web pages you browse, yes really.

So it’s all about trust, do you trust the café, do you trust your ISP, do you trust your VPN provider, etc.

The real reason we have VPN is to communicate to recourses behind a firewall, it was standard corporate access before most cloud services, still is, so you can see it’s a technology that has been repurposed and mostly marketed to make a buck.

@Indigo
I may be lacking in my understanding of TLS, but I was under the assumption due to the certificates and trust, one does not simply modify the traffic. I have done some labs in GIAC courses where we TLS stripped packets, but we had to have the client side accept the certificate first just to showcase the use of the lab. We were taught that this would only work if you tricked the client into downloading your certificate. From what I understand, the snooping would still be encrypted unless you downloaded a malicious certificate and were victim to MitM.

@Piper
Yes you are correct. Stuff like sslstrip could work back in the day but with things like HSTS that is long gone.

@Piper
While it should be that difficult, in practice its not perfect

https://www.grc.com/fingerprints.htm

Further, you dont know what access points are doing break and inspect. Also, the SNI, as you said, is often revealed anyway

@Joey
Key point, though: breaking SSL (TLS) and inspecting means you (end user) will be presented with a certificate error. It works in enterprise deployments because we can administratively push a root cert to the trust store.

Now, most people probably hit “accept” on SSL cert errors - so definitely an issue. But the user was warned.

@Bowie
Nuh uh. A legit AP such as one at a hotel, etc would deploy a real certificate froma trusted root and would be able to do proper break and inspect without the user knowing, unless you test the certificate fingerprint. Check the grc.com link I put in my above comment.

If an threat actor or a legit AP that doesnt use a real cert tried to do break and inspect then you would get a cert error.

@Joey
You can’t just deploy a “real certificate” from a trusted root.

Please do your research before speaking with such authority on something you’re not super well versed in.

Westin said:
@Joey
You can’t just deploy a “real certificate” from a trusted root.

Please do your research before speaking with such authority on something you’re not super well versed in.

How dos godaddy for example deploy certs for their customers?

@Maxwell
Because you can do challenge validation on the HTTP endpoint or by creating DNS TXT records, e.g. through LetsEncrypt. GoDaddy in this case really does technically control what they’re validating technical control of, so this is to be expected.

@Zhen
Sure, thaht who they check if you really own the domain. But I was more aiming at what can godaddy do with his cert when it comes to deploying certs, and will godaddy checked by Apple or Microsoft for example, the ones who holds the top root certs, when it comes to what certs are deployed by godaddy. And there is a No No.

So some bad employee or a hacker who stole the godaddy cert, or you open up some company like godaddy and gets trusted by the top root certs holders, you could basically deploy every cert you want.

@Maxwell
Yeah, a Certificate Authority being compromised is a very bad thing and it’s happened in the past - not often mind you - but that’s more an issue of state-financed advanced persistent threats, not something that can be trivially done at a coffee shop wifi network by some rando.

@Zhen
This comment is empty, admin should fix

Westin said:
@Joey
You can’t just deploy a “real certificate” from a trusted root.

Please do your research before speaking with such authority on something you’re not super well versed in.

Thats not what I said. You absolutely get certificates by doing a CSR and submitting that to a certificate authority. Thats what Im talking about

@Joey
So you’re saying that enterprise WAPs submit CSRs to trusted cert authorities and they just… issue the cert to them? All in realtime with no verification?

Bowie said:
@Joey
So you’re saying that enterprise WAPs submit CSRs to trusted cert authorities and they just… issue the cert to them? All in realtime with no verification?

I think you might have issues following implicit assumptions

I never said this was a threat actor flow. I said a established large business who has a really invested interest in preventing malicous traffic on their free wifi (like a hotel chain) would obviously put real certificates from a CA on their infrastructure as I assumed you could understand I meant the normal CSR and verification workflow.

@Joey
What in the world does the certificate on a WAP have to do with SSL inspection?

@Joey
A CA is not going to sign a certificate for a domain you don’t own.

Flynn said:
@Joey
A CA is not going to sign a certificate for a domain you don’t own.

What if you are the CA?

Maxwell said:

Flynn said:
@Joey
A CA is not going to sign a certificate for a domain you don’t own.

What if you are the CA?

Good question. This scenario means that you’re self-signing the certificates. These certs will not be trusted by browsers with out-of the box trust stores. You would have to install this cert on each device as a trusted root. Now, you could just present the certificate anyway but the user would be presented an untrusted certificate error in the browser.