VPN's

[Voleak]

It is my understanding that a virtual private network (VPN) is the best way to protect a computer while doing online banking, shopping, and browsing. I only recently found out about VPN's. It sounds like it is nearly impossible for hackers, ransom, and other bad people to get into a VPN protected computer. I am seriously considering getting a VPN for the alleged protection and privacy. Any VPN brands highly recommended?

Anyone with experience using a VPN, or knowledgeable about the product, I would like to hear feedback, please.

 

[eljefino]

No. HTTPS keeps you protected in banking and shopping.

A VPN lets you disguise your geographical area so you can do stuff like watch region-limited videos out of that region. It disguises your IP address which can be useful if you want to read news bypassing a pay wall, or order airline tickets without appearing desperate to buy space on that flight. If you're into file sharing "they" can't find you as easily.

Persons living in "oppresive countries" can use VPNs to get "the real google" and not their country's limited version. Americans paranoid about such topics can VPN tunnel to a place of their choosing as well.

I get annoyed when I'll look at something on ebay/ amazon on my work computer and somehow my home computer later has an ad for said item. I would need to do some cookie destroying and ad blocking but a VPN may be a good tool in addition, especially if it's reputable and has a software suite tailored for privacy.

 

[bdcardinal]

I use PIA and have been happy.

 

[Voleak]

Originally Posted by bdcardinal
I use PIA and have been happy.


Is that "Private Internet Access" brand of VPN?

 

[Ethan1]

VPNs are *not* magical hacker protection but they are also *not* just for hiding your location. Nowadays your ISP monitors and sells your browsing history to anyone who's willing to pay. Even first-world governments who pay lip service to "muh freedoms" are storing the browsing info of their citizens, et cetera.

Read the terms of service on your ATT contract. Read the Edward Snowden docs.

 

[StevieC]

Originally Posted by bdcardinal
I use PIA and have been happy.

+1

Also, a VPN service along with HTTPS (Secure Website) and a good anti-virus / malware on your computer is the best protection we have right now. You can also use Opera which in the settings you can turn on the option to use their free VPN service for your web traffic. Not sure I would trust this as much as Private Internet Access (PIA)'s VPN service but it's an option for you.

 

[simple_gifts]

A point of clarification; a VPN and a VPN service are two different things; People say they are getting a VPN when in fact they mean a VPN service.

A VPN is an encrypted tunnel between two devices; Someone I met once has a streaming service thru his cable provider and it doesn't work unless he is streaming for the address space owned by the cable company. Not a problem, he just sets up a VPN from his laptop to his home router, which 'extends' his home network to wherever his laptop is. All internet requests go back to his house and then appear to the cable company to be coming from his router. So a VPN does not require any type of service, paid or free; it is simply an encrypted tunnel.

eljef sums up a VPN service well. A VPN service uses a VPN, but only to an intermediate server to create the anonymous nature of the user

 

[Garak]

Originally Posted by Ethan1
VPNs are *not* magical hacker protection but they are also *not* just for hiding your location. Nowadays your ISP monitors and sells your browsing history to anyone who's willing to pay. Even first-world governments who pay lip service to "muh freedoms" are storing the browsing info of their citizens, et cetera.

Sites that use https for everything do help.

Originally Posted by Ethan1
Read the terms of service on your ATT contract. Read the Edward Snowden docs.

If one really wants to do something productive about privacy, learn to use encryption and Tor.

 

[webfors]

Use complex 16 digit passwords for everything, enable 2 factor authentication everywhere possible, install a UTM (IDS/IPS) web proxy based device on your home network (I use Sophos UTM) with strict filtering logic, and ideally have end point protection that communicates with your firewall/UTM for a complete end to end network security solution.

Do that, and maybe you'll be ok

 

[webfors]

Regarding VPN, when I'm on a public network I connect to my home network via 2FA SSL VPN to create a secure tunnel away from public wifi eavesdroppers. This provides the same level of protection I have when on my home network (assuming you configure your UTM/firewall with split tunnelling disabled).

VPN provides an additional level of security when on unknown/unsecured networks.

 

[Voleak]

Great feedback. Sounds like some other options to look into for protection and privacy online, that I wasn't aware of.

 

[StevieC]

PFSense router setup is excellent with the Squid snap-in for really locking down your Internet traffic as well as most consumer grade routers are easily hackable, at the very least you could run DD-WRT on a consumer grade router. I'm running PFSense. It's also great in terms of logging.

 

[rubberchicken]

Originally Posted by eljefino
No. HTTPS keeps you protected in banking and shopping.

A VPN lets you disguise your geographical area so you can do stuff like watch region-limited videos out of that region. It disguises your IP address which can be useful if you want to read news bypassing a pay wall, or order airline tickets without appearing desperate to buy space on that flight. If you're into file sharing "they" can't find you as easily.

Persons living in "oppresive countries" can use VPNs to get "the real google" and not their country's limited version. Americans paranoid about such topics can VPN tunnel to a place of their choosing as well.

I get annoyed when I'll look at something on ebay/ amazon on my work computer and somehow my home computer later has an ad for said item. I would need to do some cookie destroying and ad blocking but a VPN may be a good tool in addition, especially if it's reputable and has a software suite tailored for privacy.


This is only partially correct, and I applaud your simplification, but let me clarify. HTTPS is doing encryption of that protocol, generally from your web browser to the remote side which is generally some secure web presence like a bank or online retailer. There is also a verification process where the remote side SSL certificate is validated. Lets take Amazon.com as an example- any traffic between your device (your browser, be it on PC, iPhone or tablet) and Amazon.com is encrypted , and the certificate validates they are really who they claim to be. All good so far. But lets say you open up a new window or browser tab and go to another website- this now has nothing to do with Amazon.com, so you are now relying on this other website to support any security and encryption.
The VPN however is encrypting data from your computer to the remote side VPN device, so ANY data going down that path is being encrypted, not just https / ssl. In practice it may or may not make much difference, but if your in IT and using something that does not use HTTPS then you might be exposed if your data is intercepted. In either case the data is encrypted fairly well, but a VPN is popularly considered to have stronger encryption. There are a couple of gotchas though: Https has the option of supporting no encryption , but any organization dealing with https should not be choosing this option. And vpns generally used specialized hardware at the remote end point because the encrypt-decrypt process was very compute intensive , while https / SSL accelerators are a more recent innovation compared to VPN hardware.
I am sure there are many more tidbits and omissions I made, as this is getting really into detail, but now you have a bit more insight.

 

[BobsArmory]

I have been using Nord VPN on my laptop and cell phone for about a year now and am very happy with it. My work requires me to run a VPN if I use my computer for work purposes and Nord was on the approved list. You would be surprised on how sloppy most public WiFi is. I have also installed HTTPS Everywhere on all my computers. Its a pretty cool browser extension that forces websites to run HTTPS. I have the ability to install Nord in my router but I haven't attempted that yet.

 

[Ethan1]

Originally Posted by Garak
If one really wants to do something productive about privacy, learn to use encryption and Tor.

Can you trust Tor's exit nodes?

Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise

Tor is not a security panacea. In fact, we learned from the Snowden leaks that "Tor" is one of the search terms that will get you flagged for permanent web tracking by the NSA.

 

[HemiHawk]

Originally Posted by bdcardinal
I use PIA and have been happy.


Yep this is what I use. I have my router at home setup with DD-WRT so all traffic flows this way. Then I have the app on my phone to use.

 

[OVERKILL]

A few points of clarity here with respect to VPN's specifically, as it seems HTTPS has been well covered.

- A VPN changes the egress point of the traffic from your endpoint or from your network depending on how you have it configured. It does not provide security beyond that egress point.
- A VPN's encapsulation is secure, but you are still relying on name resolution and other services being transmitted inside that tunnel that can expose your identity or true location depending on how they are leveraged by the party who runs the VPN or service
- A VPN doesn't protect you from Phishing, Ransomware or anything else that's the result of an exploit or bad click
- A VPN is an excellent tool to leverage on public WiFi where any manner of ill-intentioned may be snooping on the traffic.
- A VPN is an excellent tool if you think your ISP is spying on you in some manner, but ultimately your traffic is exposed at some juncture to another ISP

I've been setting up VPN's of various types for almost 20 years. From PPTP to SSL, they come in many different types, tunnel configurations..etc. The primary purpose for their existence is to provide a secure tunnel between a remote endpoint and an employer's network. Whether this is achieved via a router-router setup (ISR), firewall-firewall setup (ASA/PIX) using IPSEC or via a software client of some sort residing on alternative hardware or the endpoint itself leveraging IPSEC (OpenVPN..etc) or SSL (AnyConnect and similar) the intention is the same: Provide security between point A and B.

Using HTTPS where possible, using encrypted DNS with a trusted provider, using a robust firewall solution at home that isn't vulnerable to exploitation and manipulation. Using a secure browser that blocks scripts, popups and potentially malicious content, all of these things can be far more valuable than changing where your traffic comes out.

 

[LoneRanger]

Get a TP-LiNK router. They have a private VPN built right in. My budget 2017 (discontinued) TP-LiNK C59 which I bought for $43 free shipping from Berlin Germany (Euro spec) features a private VPN that works absolutely flawlessly to run all traffic through my home router (the C59...) nice and ENCRYPTED (key shaped icon top of phone screen). TP-LiNK chose to use the OpenVPN specification in their firmware, so all you need to do is go on the App Store or Google Play and download the OpenVPN app, being sure to only select the genuine one from OpenVPN (see link below). Then you just go into your TP-LiNK router's setup options and generate the Certificate for the VPN and Export the Configuration file for the VPN to your phone or device that will be connecting via the OpenVPN app.

The one thing TP-LiNK's built-in OpenVPN doesn't do however, is anonymize you by substituting an IP for your normal public IP assigned by your Internet Service Provider. So if you want to be anonymous you'll need to take it a step further and activate with a 3rd party for that. I don't need anonymization. If I'm using the VPN on a public WiFi for online banking or bill pay, having my home IP log into the bank's site simply helps the bank or whatever site recognize that it's me.

OpenVPN app for Android: https://play.google.com/store/apps/details?id=net.openvpn.openvpn

TP-LiNK C59's VPN page in router setup:

 

[Quattro Pete]

Originally Posted by LoneRanger
Get a TP-LiNK router. They have a private VPN built right in.

Correct me if I'm wrong, but the VPN Server function of this router basically just allows your external devices to seurely access your home network, and the resources within, via a VPN connection.

I don't believe it does what the OP was asking. For that, you'd need a VPN service such as PIA mentioned earlier.

 

[LoneRanger]

Originally Posted by Quattro Pete

Correct me if I'm wrong, but the VPN Server function of this router basically just allows your external devices to seurely access your home network, and the resources within, via a VPN connection.

I don't believe it does what the OP was asking. For that, you'd need a VPN service such as PIA mentioned earlier.


He wants to do safe online banking and bill pay over public WiFi was the main take away I got. The VPN function of the TP-LiNK will get that done for him in fine fashion without the worry of some VPN server in Canada, Belize, or Timbuktu monitoring his traffic.

Not that they would, but the capability is there.

In other words, he's gaining a secure encrypted tunnel through the public WiFi and his own ISP and his own home network instead of relying on someone else's, either domestic or foreign, to pass his traffic through. But he won't be anonymous or receive a remote IP with the TP-LiNK router option, he will be exposing his own public IP as assigned by his ISP.