Monty
Group Buy Coordinator
After reading Keith's thread about internet security, I was wondering if there was any need or advantage to getting a VPN?
Any thoughts on VPNs???
- Thread starter Monty
- Start date
Signed-In Members Don't See This Ad
Signed-In Members Don't See This Ad
So, I think there is a fundamental lie from VPN hosts that needs to be cleared up. Your internet traffic these days, is usually already encrypted. One of the things VPN hosts "sell" is that your data will be "encrypted" which is good. Yes, it is good, however, these days, the majority of internet traffic IS already encrypted. Which is the lie of omission from VPN providers. For pretty much any site you visit where you log into it, either with an open identity (i.e. google, facebook, openid, etc.) or a personal account, you will be visiting with HTTPS which stands for HyperText Transport Protocol Secured. HTTPS connections are ALWAYS secured, with very strong encryption through a mechanism called TLS or Transport Layer Security.
Your banks, IAP itself, and just about any other site that matters, is going to be using HTTPS these days. Go back a decade, and most things used unencrypted HTTP, but there were a few things that catalyzed a massive shift to using HTTPS for everything. One of those was the advent of free or very cheap TLS certificates for web servers, which are used to perform the encryption in a regulated and verified secure manner. (The other was...you guessed it, the exposure that governments all around the world were involved in massive snooping campaigns...go figure.)
So, you are already using the internet in a secure manner. TLS uses a variety of secure protocols to encrypt your connection, including the use of a mechanism to securely and safely "exchange" very long, high bit count symmetric encryption keys which are used for the strongest possible encryption. When you connect to an HTTPS site, you should see a lock icon in your browser's address bar, and it should be closed. This indicates you are secure. You can click that lock icon to check the sites security status:
So regarding VPNs. VPNs can help anonymize your IP address. There can be pros and cons to this. In the western world, I'd say VPNs are less useful than in other parts (i.e. China), but they do have their uses.
However, at the same time, they have their drawbacks. Consider your bank web site. They can recognize YOU being logged in, because you will frequently visit from the same small subset of IP (Internet Protocol) addresses. Your bank can help secure your account, by looking for attempted logins from other random IP addresses as one of the security measures they can employ to detect identity theft. If someone tries to connect from some "unknown" IP address (one you do not normally use), and tries to say reset your password, or tries to log in by guessing your password (i.e. by using a Rainbow table attack, or one of a variety of other common mechanisms to hack people's accounts by guessing commonly used passwords), your bank can combine these "vectors" and detect that someone is hacking your account....then possibly proceed to send you emails and SMS messages alerting you to this fact!
If you use a VPN, you will never visit your bank from the same IP address (or at least, you might visit from a small pool of IP addresses instead of the one assigned to your...phone, home, etc.) and this potential option for detecting fraud and identity theft would become unavailable to your bank. It could open the doors for hackers to break into your accounts with less options for those sites to detect the attempts. Your bank will likely have to challenge you for additional login criteria every time you log in, to verify you are indeed who you say you are (i.e. MFA factors, secret questions and answers, etc.) This just makes it harder to use your bank.
Because most of the web is now secured by default because most web sites use HTTPS, the benefit that VPNs offer, that of "we encrypt your traffic and anonymize your IP address" reduces to largely just anonymizing your IP address. If you lived in North Korea, or China, then anonymizing your activity online has VASTLY GREATER benefits than here in the western world (at least as of yet). Encrypting your traffic also has IMMENSE value in places such as those. However, here in the US, Canada, or most of the EU, your internet traffic should already be secure and encrypted, so the VPN adds no additional benefit there.
Enterprise scale (i.e. big corporate) web site/web app/phone app development, security of internet and corporate systems, etc. is what I do, and have done for a couple of decades now. If I was answering this question say 5-7 years ago, I'd probably say that using a VPN still offered benefit because of the encryption...but in the intervening time, the internet became encrypted by default. I've set up countless servers with HTTPS encryption using TLS 1.3 verified certificates. Even when I'm working on small projects for small companies, EVERYTHING these days is secured with a TLS certificate. If the company cannot afford to pay for one from one of the "big names" in TLS security certificates, then you can get one for free from a number of places (in some cases even the big names now) such as LetsEncrypt. This provider in particular, was one of the organizations that helped catalyze the "secure by default" revolution that happened with the web over the last 7 years I'd say. For those interested in learning more about how HTTPS with TLS works:
Anyway. I don't see much value in VPNs these days. They cost money, and all they are really going to do is semi-randomize your IP address. Which you can also do with a Proxy Server, which is by design intended to highly randomize not only your IP address, but also highly randomize the geographic locations your requests come from. Proxy servers have the same problems VPNs do, when it comes to things like your bank...where allowing your bank to know "its you" is actually valuable...
Your banks, IAP itself, and just about any other site that matters, is going to be using HTTPS these days. Go back a decade, and most things used unencrypted HTTP, but there were a few things that catalyzed a massive shift to using HTTPS for everything. One of those was the advent of free or very cheap TLS certificates for web servers, which are used to perform the encryption in a regulated and verified secure manner. (The other was...you guessed it, the exposure that governments all around the world were involved in massive snooping campaigns...go figure.)
So, you are already using the internet in a secure manner. TLS uses a variety of secure protocols to encrypt your connection, including the use of a mechanism to securely and safely "exchange" very long, high bit count symmetric encryption keys which are used for the strongest possible encryption. When you connect to an HTTPS site, you should see a lock icon in your browser's address bar, and it should be closed. This indicates you are secure. You can click that lock icon to check the sites security status:
So regarding VPNs. VPNs can help anonymize your IP address. There can be pros and cons to this. In the western world, I'd say VPNs are less useful than in other parts (i.e. China), but they do have their uses.
However, at the same time, they have their drawbacks. Consider your bank web site. They can recognize YOU being logged in, because you will frequently visit from the same small subset of IP (Internet Protocol) addresses. Your bank can help secure your account, by looking for attempted logins from other random IP addresses as one of the security measures they can employ to detect identity theft. If someone tries to connect from some "unknown" IP address (one you do not normally use), and tries to say reset your password, or tries to log in by guessing your password (i.e. by using a Rainbow table attack, or one of a variety of other common mechanisms to hack people's accounts by guessing commonly used passwords), your bank can combine these "vectors" and detect that someone is hacking your account....then possibly proceed to send you emails and SMS messages alerting you to this fact!
If you use a VPN, you will never visit your bank from the same IP address (or at least, you might visit from a small pool of IP addresses instead of the one assigned to your...phone, home, etc.) and this potential option for detecting fraud and identity theft would become unavailable to your bank. It could open the doors for hackers to break into your accounts with less options for those sites to detect the attempts. Your bank will likely have to challenge you for additional login criteria every time you log in, to verify you are indeed who you say you are (i.e. MFA factors, secret questions and answers, etc.) This just makes it harder to use your bank.
Because most of the web is now secured by default because most web sites use HTTPS, the benefit that VPNs offer, that of "we encrypt your traffic and anonymize your IP address" reduces to largely just anonymizing your IP address. If you lived in North Korea, or China, then anonymizing your activity online has VASTLY GREATER benefits than here in the western world (at least as of yet). Encrypting your traffic also has IMMENSE value in places such as those. However, here in the US, Canada, or most of the EU, your internet traffic should already be secure and encrypted, so the VPN adds no additional benefit there.
Enterprise scale (i.e. big corporate) web site/web app/phone app development, security of internet and corporate systems, etc. is what I do, and have done for a couple of decades now. If I was answering this question say 5-7 years ago, I'd probably say that using a VPN still offered benefit because of the encryption...but in the intervening time, the internet became encrypted by default. I've set up countless servers with HTTPS encryption using TLS 1.3 verified certificates. Even when I'm working on small projects for small companies, EVERYTHING these days is secured with a TLS certificate. If the company cannot afford to pay for one from one of the "big names" in TLS security certificates, then you can get one for free from a number of places (in some cases even the big names now) such as LetsEncrypt. This provider in particular, was one of the organizations that helped catalyze the "secure by default" revolution that happened with the web over the last 7 years I'd say. For those interested in learning more about how HTTPS with TLS works:
How It Works
The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server. To understand...
letsencrypt.org
Anyway. I don't see much value in VPNs these days. They cost money, and all they are really going to do is semi-randomize your IP address. Which you can also do with a Proxy Server, which is by design intended to highly randomize not only your IP address, but also highly randomize the geographic locations your requests come from. Proxy servers have the same problems VPNs do, when it comes to things like your bank...where allowing your bank to know "its you" is actually valuable...
1080Wayne
Member
Thank you for the excellent answer to the question
jttheclockman
Member
I actually learned something. Look at me. 
Thanks Jon. I wish I knew more about the computer world sometimes.
Thanks Jon. I wish I knew more about the computer world sometimes.
Monty
Group Buy Coordinator
Thanks Jon.
I was asking because of a small annoyance.
It bugs me when I visit a certain pen supplier website just to look something up and then, later that day I get an email from them referring to my visit and asking if I forgot about purchasing that item. I guess that's just a small annoyance compared to the bank asking for me to verify myself every time I visit although some already ask this by sending a code to my phone for my verification.
I was asking because of a small annoyance.
It bugs me when I visit a certain pen supplier website just to look something up and then, later that day I get an email from them referring to my visit and asking if I forgot about purchasing that item. I guess that's just a small annoyance compared to the bank asking for me to verify myself every time I visit although some already ask this by sending a code to my phone for my verification.
BULLWINKLE
Member
Zjrista,So, I think there is a fundamental lie from VPN hosts that needs to be cleared up. Your internet traffic these days, is usually already encrypted. One of the things VPN hosts "sell" is that your data will be "encrypted" which is good. Yes, it is good, however, these days, the majority of internet traffic IS already encrypted. Which is the lie of omission from VPN providers. For pretty much any site you visit where you log into it, either with an open identity (i.e. google, facebook, openid, etc.) or a personal account, you will be visiting with HTTPS which stands for HyperText Transport Protocol Secured. HTTPS connections are ALWAYS secured, with very strong encryption through a mechanism called TLS or Transport Layer Security.
Your banks, IAP itself, and just about any other site that matters, is going to be using HTTPS these days. Go back a decade, and most things used unencrypted HTTP, but there were a few things that catalyzed a massive shift to using HTTPS for everything. One of those was the advent of free or very cheap TLS certificates for web servers, which are used to perform the encryption in a regulated and verified secure manner. (The other was...you guessed it, the exposure that governments all around the world were involved in massive snooping campaigns...go figure.)
So, you are already using the internet in a secure manner. TLS uses a variety of secure protocols to encrypt your connection, including the use of a mechanism to securely and safely "exchange" very long, high bit count symmetric encryption keys which are used for the strongest possible encryption. When you connect to an HTTPS site, you should see a lock icon in your browser's address bar, and it should be closed. This indicates you are secure. You can click that lock icon to check the sites security status:
View attachment 363879
So regarding VPNs. VPNs can help anonymize your IP address. There can be pros and cons to this. In the western world, I'd say VPNs are less useful than in other parts (i.e. China), but they do have their uses.
However, at the same time, they have their drawbacks. Consider your bank web site. They can recognize YOU being logged in, because you will frequently visit from the same small subset of IP (Internet Protocol) addresses. Your bank can help secure your account, by looking for attempted logins from other random IP addresses as one of the security measures they can employ to detect identity theft. If someone tries to connect from some "unknown" IP address (one you do not normally use), and tries to say reset your password, or tries to log in by guessing your password (i.e. by using a Rainbow table attack, or one of a variety of other common mechanisms to hack people's accounts by guessing commonly used passwords), your bank can combine these "vectors" and detect that someone is hacking your account....then possibly proceed to send you emails and SMS messages alerting you to this fact!
If you use a VPN, you will never visit your bank from the same IP address (or at least, you might visit from a small pool of IP addresses instead of the one assigned to your...phone, home, etc.) and this potential option for detecting fraud and identity theft would become unavailable to your bank. It could open the doors for hackers to break into your accounts with less options for those sites to detect the attempts. Your bank will likely have to challenge you for additional login criteria every time you log in, to verify you are indeed who you say you are (i.e. MFA factors, secret questions and answers, etc.) This just makes it harder to use your bank.
Because most of the web is now secured by default because most web sites use HTTPS, the benefit that VPNs offer, that of "we encrypt your traffic and anonymize your IP address" reduces to largely just anonymizing your IP address. If you lived in North Korea, or China, then anonymizing your activity online has VASTLY GREATER benefits than here in the western world (at least as of yet). Encrypting your traffic also has IMMENSE value in places such as those. However, here in the US, Canada, or most of the EU, your internet traffic should already be secure and encrypted, so the VPN adds no additional benefit there.
Enterprise scale (i.e. big corporate) web site/web app/phone app development, security of internet and corporate systems, etc. is what I do, and have done for a couple of decades now. If I was answering this question say 5-7 years ago, I'd probably say that using a VPN still offered benefit because of the encryption...but in the intervening time, the internet became encrypted by default. I've set up countless servers with HTTPS encryption using TLS 1.3 verified certificates. Even when I'm working on small projects for small companies, EVERYTHING these days is secured with a TLS certificate. If the company cannot afford to pay for one from one of the "big names" in TLS security certificates, then you can get one for free from a number of places (in some cases even the big names now) such as LetsEncrypt. This provider in particular, was one of the organizations that helped catalyze the "secure by default" revolution that happened with the web over the last 7 years I'd say. For those interested in learning more about how HTTPS with TLS works:
How It Works
The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server. To understand...letsencrypt.org
Anyway. I don't see much value in VPNs these days. They cost money, and all they are really going to do is semi-randomize your IP address. Which you can also do with a Proxy Server, which is by design intended to highly randomize not only your IP address, but also highly randomize the geographic locations your requests come from. Proxy servers have the same problems VPNs do, when it comes to things like your bank...where allowing your bank to know "its you" is actually valuable...
I agree 100%. I still chose to use a VPN.
I Do turn it off when logging into financials.
My main reason: The one I use does an excellent job of blocking trackers. It's cut down tremendously on my spam (which was overwhelming). I'm gonna go out on a limb and say that five eyes can decrypt data. We lost the right to privacy, just as so many rights we had are being eradicated. I have nothing to hide but I want to make it as difficult as possible to track and sell personal info. I route through a country that values privacy and under law cannot release or sell information.
Perhaps it's wasting money. I'm not as knowledgeable on computers as you.
I do know that my spam has decreased by about 90% since I started using a VPN.
montmill
Member
I use one and have no problem logging into my bank with it on. I don't get any solicitation emails on the devices that use the VPN, while I get too many on the device I don't use it. It is a problem with some bigger places like Home Depot or Target. They have the wrong area for my location, which is what I want. I have to change to a store in my area. Amazon however is no problem, probably be cause they have no stores.
Its not that you can't log onto your bank.
Its that, by randomizing your IP addresses when you do use your banking site, that eliminates an option that the bank can use to detect vectors of fraud and other hacking attempts.
sorcerertd
Member
Some sites will detect you are using a VPN and reject your connection or login. If you are only worried about the tracking, you can just open a private or incognito browser window. Usually CTRL + ALT + N works on most browsers, or you can right click and select private/incognito window from there. I do this quite a bit. It works well, because most sites track you by browser cookies rather than IP.
For trackers, there are two things you can do to block the vast majority of them. One is using an ad blocker. They do a pretty good job. The other, is to use a "hosts file" table of ip addresses known to be trackers, and redirect them to 127.0.0.1. You can find these online on security sites these days. This can be a very effective way of preventing trackers from tracking you, as the requests will simply never make it to their servers.
That's not your internet link. That's the website tracking you via your account. It's called abandon cart save.
I like ublock origin + privacy badger as add-ins as a first layer of defense. Sometimes I forget to open up in private mode.
And anecdotally, I seem to be seeing less VPN hate for when I'm on Mozilla's VPN service. At least lately.
Last edited:
That's not really how that works. VPN just moves your internet IP address. Spam targets your email address.
If you noticed a drop in spam, I'd guess that your email provider probably upped their anti-spam software/algorithms.
And of course the big scary gubbment can get in. So can the Russians, the Israelis, Chinese Ministry of Security, etc.
The thing is - they don't care.
The spuds you need to worry about are the ransomware and business email compromise crews.
And a vpn isn't going to help much with them either.
VPNs are good if you are in an untrusted location, like connecting to a hotel or a coffee shop wifi AND if you have a trusted VPN provider.
Because what makes you think the bad guys can't hack or even setup their own VPN service just to monitor traffic AFTER people have established their connections.
BULLWINKLE
Member
Thanks ! I hadn't thought
Thanks ! Hadn't thought of that. 127.0.0.1
Is a loop back if I'm not mistaken. That IP will keep tracker from reaching you. Great idea. Thanks. !!!!!
BULLWINKLE
Member
One other thing I've done is to drop Google account and Gmail. That's made a huge difference.
I invested in a domain. Pretty cheap to do.
The company I use allows several aliases included. All goes to the same email program but the alias email is put in a separate folder. I only give my email to friends. Businesses and websites requiring your email address get the alias. What little spam I get is confined to a separate folder. I just select all in the alias folder and delete contents.
First year securing my domain was $1.00.
About $15/year after that. .com,.org or.net are that price. Other extensions cost more.
Company is Ionos. Cheap, great service and never had downtime in the six years I've used them. Costs more if you want them to host your website, which I have no need for. Their pricing for that is excellent also.
https://www.ionos.com/
I also use DUCKDUCKGO for my browser.
I highly recommend it and it's free.
One FREE way to hide your email (I haven't tried it yet) is a new feature on DuckDuckGo. You can request an email address (free) and they forward your email to your real email address, supposedly with all known trackers removed.
I do like the idea of host file redirected to 127.0.0.1 I'm going to do that today !
All this may be overkill, but so is the excessive spam and selling of your personal information.
Last edited:
sorcerertd
Member
For what it's worth...
I'm not affiliated or promoting anything, but Bitdefender security software has a VPN function. I've used it in the past and been happy with it, but have been using Malwarebytes for security for a long time now. Bitdefender is cheaper, has more features, and is higher rated, so I bought it for several devices. It will install on Android and IOS devices, too. I don't set them to auto-renew because they renew at full price and you can always get them at a deal on Black Friday/Cyber Monday. It can be purchased in different numbers of devices, some for a year and others for 2 years. This is just an example.
I'm not affiliated or promoting anything, but Bitdefender security software has a VPN function. I've used it in the past and been happy with it, but have been using Malwarebytes for security for a long time now. Bitdefender is cheaper, has more features, and is higher rated, so I bought it for several devices. It will install on Android and IOS devices, too. I don't set them to auto-renew because they renew at full price and you can always get them at a deal on Black Friday/Cyber Monday. It can be purchased in different numbers of devices, some for a year and others for 2 years. This is just an example.
This appeared in this week's WSJ. It addresses internet security (seems more like an illusion according to the article.) I still try to do what the "experts" say: WSJ Internet Security
Sadly, in the long run, the underlying reality is that security IS more illusion than anything. As I mentioned before...everyone who browses the internet, has been tracked for decades now. At least 20 years.
The computer systems, which are increasingly becoming more and more intelligent AI now, know an unholy amount about every person who browses the web. This information can be queried, and it can be associated with data from other sources (even, if someone who had access wanted to, say hacked PII and account information from one of the countless myriad of major data breaches we've had over the years.) This effectively opens up the possibility of associating every leaked password, home and business address, and other information with extensive behavioral information. Run that through a modern AI algorithm (machine learning algorithm)....and there is very little that someone couldn't glean about anyone. Once your PII, security credentials, and behavior are known...well, there ain't much that could be secured anymore. Even new passwords, could be guessed easily enough by AI these days.
So, here is a real world scenario for you. I am still baffling over this myself. I frequently leave my phone at home when I do errands these days. I "unplugged" from social media and all that years ago...2014, 2015. So, I just...don't need my phone a lot of the time. So I frequently forget to grab it, as I'm just not plugged in. One day, I went out, did some errands, and spent a while at the local Woodcraft. Spent a good while looking at a wall of clamps and other drill press accessories. Kreg, IIRC. Yeah, Kreg. I ended up buying a few things...some wood, I forget what else, I think a Jet air filter and some sandpaper and something else.
About a half hour later, I get home, then a short while after that I hop online. I disable the ability for browsers to use a "personal advertising id", so I don't have one, and usually get random ads that mean nothing to me (the vast majority of which are blocked by an ad blocker.) Browsing around, I visit some pen kit/blank sites, then some wood and woodworking sites. And I notice....the few ads that are slipping through....are for Kreg clamps. The exact same kind of Kreg clamps that I was looking at on that wall. Then I noticed a Norton sandpaper ad. And more Kreg ads.
I did not have a phone on me. As far as I know, there are no cameras in that store, although I could be wrong. Even if there were cameras in the store, they SHOULDN'T be connected to some background internet algorithm that could link my time in that store, to those Kreg clamps. I figure, maybe, somehow, buying the sandpaper on my credit card, may have somehow allowed an association between my credit card number, and my ip address at home, and...me....to be created? Thus allowing the norton sandpaper ad? But, within just about a half hour???
I think this was about a year and a half ago, that this happened. Somehow, my time spent browsing around a Woodcraft store, ended up ASSOCIATED to ME when I started browsing online when I got home a little while later. THAT, honestly creeped me out. I kind see how using the credit card maybe could have eventually resulted in the necessary associations to feed me norton sandpaper ads, but, not that quickly...and, the Kreg stuff!! I had no phone on me...so, how the heck did the algorithms figure out that they should show me Kreg camp ads when I got home??? I've been programming for over 30 years... I still don't know how that happened. But my already security paranoid mind, has been kind of crippled by that incident. Some people have FAR TOO MUCH access to information about...well, all of us!!
Its down right creepy!
Monty
Group Buy Coordinator
Won't let me access the complete article.
Guess you have to subscribe to WSJ to read it.
I will try to print and scan, basically it says (according to this expert) that you can minimize exposure but not come close to eliminate it even with all the tools that are currently out thee, Just his/hers opinion. Jeff would probably know better.