web analytics

A virtual private network has its uses. But only in limited and narrow cases.

Most people don’t need a VPN. That won’t stop advertisers barraging you with scare stories.

The Electronic Frontier Foundation points out in Why public Wi-fi is a lot safer than you think. It says widespread use of HTTPS encryption means a virtual private network is often overkill.

“In general, using public Wi-Fi is a lot safer than it was in the early days of the Internet. With the widespread adoption of HTTPS, most major websites will be protected by the same encryption regardless of how you connect to them.”

If you are still scared of public Wi-fi, use a mobile data connection. They are far more secure and it works out far cheaper in the long term.

Digital snake oil

VPNs are often sold to people who don’t need them. For most users they are digital snake oil. You might as well buy a charm to ward off evil spirits.

Companies selling virtual private network services charge a lot for not much. They are cheap to set up. Which means VPN margins are high. It’s a lucrative business.

If you are tech savvy you could build your own. It isn’t hard.

Although most people don’t need VPNs most of the time, a minority do.

Helpful when government is repressive

Say you live in or travel to a place where the government restricts internet activity. A VPN can help. In effect it digs a tunnel for your data to pass through firewalls and other digital obstacles.

At least, they do that until the government concerned cracks down on VPNs.

On my first visit to China a VPN helped me get around internet restrictions.

With a VPN I could use Gmail and Outlook.com to send mail. It let me connect to Google and popular social networks. I used it to connect to my WordPress account. There was no problem using iCloud or OneDrive with the VPN switched on.

None of this worked if I switched off my VPN.

What happens in China stays in China

By the time I returned two years later, China was better at frustrating the VPN.

My VPN’s activity was erratic. It disconnected again and again. Some of the time it didn’t work at all. It’s reasonable to assume governments have now figured out their VPN workarounds.

That’s not to say a VPN isn’t useful in these circumstances. Governments tend to be more concerned about restricting their citizens. Overseas visitor are not the main target, the governments may tolerate some use.

Although I couldn’t use my VPN on public networks on my last China trip, I could use it from my hotel room.

Big end of town

You may also need a VPN if you work for a large corporation. They may insist you use a VPN when connecting to the digital mothership. Corporations can be targets for online criminals. Insisting on a VPN may reduce the threat.

HTTPS encrypts data end-to-end. People watching don’t know what’s going on in your messages, but they can view your metadata.

In other words, they know which sites you visit, but not the pages on a site. Metadata may be all a criminal need to find vulnerabilities if they have other parts of the jigsaw.

This argument doesn’t apply when you use your device to check your bank balance or read Gmail. Knowing you’ve connected to Westpac or Gmail isn’t that helpful to a criminal.

Geo-blocking

A second practical VPN application is bypassing geo-blocking.

Bypassing a block doesn’t have to be illegal. There are legitimate reasons to do this. And there are activities that are, well, let’s say ambiguous.

Services like Netflix negotiate content rights on a territory by territory basis.

Say your favourite TV show to is available to US Netflix customers but not New Zealand.

A VPN can make your connection appear to be coming from wherever you choose. To Netflix, a New Zealand customer may appear to be in the US.

Using a VPN terminating in the US makes it look as though you live there. Some streaming services don’t ask questions if you use a New Zealand credit card to subscribe. Others do. There’s a wealth of expertise around the subject of getting past geo blocks1.

Pirates, criminals, persons of interest

Pirates use VPNs to hide their illegal activities from authorities. There is no grey area here, piracy is illegal. By using a VPN their ISP has no idea what is going on, nor do the authorities.

There are worse criminal online acts where a VPN can cover the tracks, up to a point. One thing to keep in mind is that anyone looking hard enough can tell a VPN is being used.

Not all VPNs are create equal. Some are trustworthy even if the sales pitch might be a touch insincere. Take extra care with free VPNs. They are often data gathering exercises. It may hide your information from your ISP and the authorities but it is being stored elsewhere. These ratbags then share your data with other companies.

Some free VPNs are criminal in intent. As is often the case, the worst examples are in the Android world. Some Android VPNs push malware on to your computer. .

“In 2017, researchers from Australia, the UK, and the US studied 234 VPN applications available on the Google Play Store. They discovered that more than a third of these apps used malware to track users’ online behaviour.”

Ciso Magazine.

See also 29 VPN Services Owned by Six China-Based Organizations.

Virtual private network overview

At this point there’s little practical advice to offer readers other than “be wary of free VPNs”. If you are squeaky clean, don’t deal in secrets and don’t travel to locked down countries you don’t need a VPN. If you think you do need one, take care. It’s a minefield out there.

 


  1. Go and look elsewhere. It’s not hard to find ↩︎

33 thoughts on “The great virtual private network con job

  1. My limited experience of using a VPN tells me it slows your connection speed also (or at least increases latency)

  2. Nice overview, Bill. Companies charge a lot for not much? I don’t agree. Some are overpriced and many are cheap. And I think there’s another valid use case. Corporate networks snoop on staff. This may be unfair to consultants as they are not in an employer-employee relationship.

  3. Nice overview, Bill. Companies charge a lot for not much? I don’t agree. Some are overpriced and many are cheap. And I think there’s another valid use case. Corporate networks snoop on staff. This may be unfair to consultants as they are not in an employer-employee relationship.

  4. I just signed up for one of the more well known commercial VPNs for the first time ever. At $3.49/month I don’t see how they make money if people are using it at home, where people average 500ish GB/month now.

  5. I only use a VPN to get around geoblocking (Netflix, etc.) or for security if connecting to a public hotspot, so my total monthly usage is way less than 500 gb.


  6. VPN with Duck Duck go allows me to browse without getting spammed with adds from things I previously visited. It also stops (reduces) Google / Facebook from knowing everything….

  7. Forgot to add: also our ISP use our traffic data for commercial purposes.. Was one of the use cases for Qrious from Spark: knowing when a person was home 🙂

Want to have your say on this? Over to you:

%d bloggers like this: