Hi everyone. I’ve been in the cyber security field for about two years now. I try to understand the technical reasons behind practices whenever I can. Lately, I’ve been looking into the technical benefits of using client-focused VPNs.
I know the basics of how VPNs operate, I pay for one, and I use it myself since I’ve heard that it’s safer.
I’ve seen many people say something like, I don’t use a VPN at home, but you should always use a VPN on public networks like hotels or cafes.
Last month I realized I didn’t really know why that was the case as well as I thought, and my online research hasn’t made me feel satisfied. I would appreciate some insights from those more experienced in the industry.
If I’m on an untrusted public network, I’m aware of a couple of risks:
-
Evil twin: I might connect to a fake device that is pretending to be legitimate.
-
Compromised router: It could be possible for someone to see my data packets coming and going from the network.
-
Sharing a network with potentially malicious users: I bet they could scan my device for vulnerabilities.
I know I might not have all the knowledge here, so if I’m missing something, I’d appreciate your input.
Regarding risks 1 and 2: Before writing this, I used Wireshark to check some basics of TLS. When I went to Reddit, I saw that I was indeed using TLS. Most websites use HTTPS. If someone harmful were snooping on me, they would see my ClientHello, which has the SNI for Reddit and my JA3 information. After that, all my application data is encrypted. So, they would know that a device from my private IP and MAC is trying to connect to Reddit.
For a serious attack like Evil Twin, I suppose there’s a risk of receiving malware from a Man-in-the-Middle situation, especially if the website uses unencrypted elements like certain JavaScript files, assuming I rely solely on TLS without a VPN.
For risk 3: I could definitely be scanned or probed by another user on the same network. With good security on my device, this doesn’t seem too risky, though. The VPN doesn’t solve this issue. Just making a tunnel to the VPN server doesn’t stop someone on the same network from trying to access my Private IP or MAC.
Here are the benefits of a VPN that I’ve identified:
- Geolocation masking and privacy
- An encrypted tunnel from my device to the VPN server. If I visit a non-HTTPS site, my unencrypted request will be encrypted inside the VPN tunnel when going to the server; the traffic from the VPN server to the HTTP server remains unencrypted.
- Maybe it’s harder to strip encryption from a VPN compared to TLS?
Is there something I’ve overlooked regarding risks or VPN benefits in a public network context? I think as long as someone visits trusted websites, they should be okay even on a public network. Snoopers will mostly just gather SNI and some data from the ClientHello and server response.
I’m more interested in filling in my knowledge gaps rather than just saying, VPNs are good and safe.
Edit:
Thanks to everyone who joined this discussion! I learned a lot from the various perspectives and technical details!