Why You Need a VPN

Not all websites protect your data as best as they should. And, you’re a bit more exposed than you think when browsing on public WiFi networks. Consider your banking passwords, credit card information, emails, and all other confidential information you send over the web. An extra layer of protection can help to seal a number of security gaps when you’re online away from home.

A VPN (Virtual Private Network) allows computers or networks to connect to each other securely over the internet.

In older models of communication, data was transmitted through central hubs. And, with this structure, the integrity of the network would depend on all central hubs being online and operational.

The model evolving from the internet created a network of millions of routers for communication to pass through. Transmissions here could survive the destruction of multiple routers. And, in such an event, the system would self-heal so that each message could discover a new path for transmission.

VPNs provide a solution to secure data transmitted over the internet using two primary mechanisms: tunneling and encryption.

Right… so what does all of this mean?

Whenever you visit a website, your browser makes a request to a server. The server then responds by sending the desired content back to you. Browsing without a VPN, is kind of like sending a postcard to your friend, Mike, where your browser’s request is the postcard and your internet service provider (ISP) is the mailman. Your mailman can see your entire message before passing it along.

Tunneling (envelope)

Now if we add the first layer of VPN protection, tunneling, your data is encapsulated inside other data so it is harder for third parties to see. This is similar to sealing your postcard (data) inside an envelope (tunnel) addressed to a mail forwarding center (VPN). The mailman delivers the envelope to your mail forwarding center, where it is opened and passed along to Mike. Mike then sends his response back to the mail forwarding center who then puts it back into an envelope and sends it back to you.

Wait.. can’t the mailman open the envelop before passing it to the mail forwarding center? Yes. However, if the VPN senses that someone is trying to penetrate the tunnel, it will drop and recreate the tunnel using a new path. These penetration attacks are often defined by heuristics that the VPN uses to determine if the connection is subject to a hacking attack such as: too many dropped packets or the data stream becoming significantly unsteady or slower.

Encryption (lock + 2 keys)

Tunneling alone isn’t enough to protect your privacy. Encryption uses an algorithm to encode your message such that only the intended recipient may read it. Using our mail metaphor, encryption is a lock with two keys, where you hold one key and your VPN holds the other. Before sending your postcard to the mail forwarding service, you place it in a box with your key. Then your mailman carries that box to your mail forwarding service, which then unlocks the box and delivers the contents to Mike. When Mike responds, your VPN locks his message in a box with their identical key and sends it back to you.

Yes. No. Well, it depends…

While VPNs serve to protect your privacy online there are other protocols to secure your connections. Technologies such as SSL (Secure Sockets Layer) and SSH (Secure Shell), amongst others, provide encryption of data transferred between a client such as a browser or a terminal with a server. However, the scope of that encryption is limited only to that client. I.e. all data transmitted outside of the browser such as in an e-mail client like Outlook or via Torrent applications is not inherently secured.

A VPN ensures that all data transmitted, including those in improperly secured websites as well as other applications on your computer is protected from nosey eavesdroppers.

Sites with improper security measures leave you open to hackers on public networks sniffing out your data while it’s being transmitted. By design, VPNs protect your privacy by limiting the exposure of the data you transmit to 3 parties: you, your VPN provider and the recipient. Your data is tunneled and encrypted so snooping eyes cannot tap into it from a vulnerable router. A good VPN provider will go one step further and anonymize all requests passing through it so even they themselves won’t be able to distinguish your information from anyone else using that provider.

Every device connected to the internet has a unique IP (Internet Protocol) address issued by their ISP. And, each country has a number of designated ranges/blocks of IP addresses that they may issue to internet users. Websites with geo-restrictions on content use various techniques to determine the location of visitors. The most common technique is using the IP address of the visitor and mapping it in a geo-ip location database to determine the country.

Data trafficked through a properly configured VPN is proxyied before it reaches its recipient. This means that, to the receiver, it appears as if all traffic is coming from the VPN server and not your computer. So, when connected to a VPN server in another country, websites that apply country-level restriction on content via IP address, will detect your IP address to be that of the VPN server, which effectively subverts the imposed restrictions.

What about password-protected public WiFis: is that enough?
WiFi passwords help to protect against unwanted guests on a WiFi network. It does not do much to prevent a hacker from doing damage once he gains access to that network (typically from a publicly posted password or from the network being open). A poorly configured WiFi router can leave eavesdropping vulnerabilities open for any reasonably skilled hacker on the same network. And, since you typically can’t trust the integrity of the setup of public routers, it is best to opt with added security. While using a VPN, all your data is encrypted on your computer before being transmitted to the router.

Can someone steal my VPN password and see my data?
No. VPN technology requires a client and a server. Depending on the type of VPN, the client is an application which may be built into your operating system or can be downloaded separately.
A password is only used as the first step in authenticating with the VPN. Once the password is authenticated, an encrypted message is exchanged between the VPN client (on your computer) and the VPN server using a key or certificate that both your VPN client application and VPN server share. If that message is successfully decrypted after transmission, the VPN connection is established.

Who will know which sites I browse?
Unfortunately, you can’t completely hide which websites you visit. Website URLs contain a DNS hostname which must be transmitted in plain text in order to be resolved by DNS servers which point to the IP address of the server hosting that site. However, the actual URL path is encrypted. So, someone snooping will only be able to see what website you are on (e.g. medium.com) but can’t see what pages you are viewing.

Great! I’ll be able to watch Netflix from another country
Not necessarily. Netflix and many other media streaming sites recognize that persons primarily use VPNs to hide their IP address in order to get around geo-restrictions on content. And, they are steadily building a database of blacklisted IP addresses of public VPNs, which persons are using to avoid geo-location detection. Setting up your own private server and VPN in a different country could allow you to get around these countermeasures.

As there are hundreds of VPN services available out there it will boil down to some research to determine the best option for you. Some things to consider are:

A quick search for “best VPN” will yield a number of comparisons you may use to help your decision along and get you started with more complete online protection.

Related posts:

We performed dry runs for tens of technical presentations and found ourselves repeating the same comments and advice on nearly every dry run. So we decided to compose a comprehensive checklist.

I have been trying to find a credit reporting site that is actually free. No credit card required but even if the site says free it’s not. They always ask for a credit card.And I don’t have one…

You never know where you’re going until you’re gone.. “New Jersey.” is published by Parkcent. in Aphorisms..