We're looking for a recommendation for a free VPN that will allow us to safely and securely do some limited internet banking while on the road and using wifi hotspots. Are there any of you who use "Hotspot Shield" or similar services like "Free VPN", and what kind of results are you experiencing? Thanks in advance for any suggestions.

A VPN is a private connection between two or more computers you control. I'm not sure how it could be made to work unless it's between your traveling computer and your stationary one back home.Any financial institution will use a secure website - https - for on-line transactions. The chances of having that compromised are almost nil.Of course, if you're going to use a "community" computer like those at a public library while you're on the road, then all bets are off.al

A VPN is an excellent idea and should be taken seriously whenever you travel and use public WIFI. If you are using a MIFI hotspot I would be less concerned. Using public WIFI is very dangerous even when using SSL. I use a number consistently when doing Penetration Testing at work, so many exploits that can be leveraged and they are so easy to do on public internet. You can do a Man in the middle attack by pretending to be the campground WIFI. This will gain large amounts of data secure and non secure that can be either used to break into your banking or to harvest enough info to other sites to be able to build a profile to be able to guess common passwords, common "forgot password" answers etc. As part of a man in the middle attack, you can do deep packet inspection by providing the end user with a legitimate certificate (just not the one for the bank and they likely won't notice) to decrypt their data inline. There are many SSL flaws floating around right now, SHA1 has been end of life'd by all the Certificate authorities due to its insecurity and there are still a large majority of sites that have not yet upgraded to SHA2 because they are waiting for their current Cert to expire before doing it. This is just a small number of the many exploits that can be leveraged against you today with minimal skill, as so many exploits are already in hacker toolkits like the Metasploit Framework.I would not rely on SSL alone, there are too many ways to compromise it.I user CyberGhost. It has a free option as well as some premium options that are pricy. I managed to get a deal several times for about $20/year for a "basic premium" package. Their service has been rock solid. No need to worry about stability or security of "free" services. Remember free always costs someone, weather it is advertising, selling your surfing habits to third parties etc. Identity privacy is far more important that saving a few bucks on a free service. I would go with a service at a minimum offers both a free and paid option, their free option is far more likely to be trustworthy.

aslakson wrote:A VPN is a private connection between two or more computers you control. I'm not sure how it could be made to work unless it's between your traveling computer and your stationary one back home.Any financial institution will use a secure website - https - for on-line transactions. The chances of having that compromised are almost nil.Of course, if you're going to use a "community" computer like those at a public library while you're on the road, then all bets are off.alI agree. The security provided by a secure website is more than adequate to protect the common banking transaction from a public wifi system. Sure, there are many theoretical ways to defeat that security, but campgrounds, McDonalds, Starbucks and the like are hardly target rich environments. As Willie Sutton famously responded when asked why he robbed banks "That's where the money is". The same can be said for hackers. Public wifi connections are mostly a gaggle of photos, personal messages, facebook, videos, sports scores, news, Hollywood gossip and Porn. Just not the pond the professional data fisherman is going to be fishing in.

As I have pointed out before... using a VPN that entails trusting an intermediate service provider - whether free or paid - is still a trust thing. In both cases the VPN provider not only can collect every bit of information a bogus open wifi network can, but in the case of a paid-for service, they also know your name and probably your credit card information. It really is a matter of who you trust. Personally I would prefer to ask the library, Starbucks, McDonalds or wherever for the exact name of their free wifi service and then connect to that and trust SSL (https) to provide end-to-end protection.Dave

VE3ESN wrote:We're looking for a recommendation for a free VPN that will allow us to safely and securely do some limited internet banking while on the road and using wifi hotspots. Are there any of you who use "Hotspot Shield" or similar services like "Free VPN", and what kind of results are you experiencing? Thanks in advance for any suggestions.I have a few thoughts on this.1. Free.. you get what you pay for.2. Remember that you have to be able to trust your VPN service. The encryption is only to them. They decrypt the info and then pass it on. The VPN provider is "able" to see all of the raw non-https traffic that you are trying to protect by using a VPN. 3. They only thing you are protected from is others on the hotspot site being able to see your traffic with a sniffer. Remember that any sites you connect to using HTTPS are already encrypted traffic and yes using a public wifi and if it has been compromised you could become a victim of a man-in-the-middle attack where your encrypted https traffic is decrypted by the bad guy read and then forwarded on without you knowing it.4. If you are truly concerned then I would use my phone's data plan and a wifi hotspot. You control who else is using that connection and I find that the speeds I get on the internet is faster than using the local campground wifi. I would trust that better than a 3rd party free vpn provider.5. You are more likely to be compromised by an e-mail with an attachment. For example it is well known that the hackers craft e-mails that look official from banking, shipping and even co-workers at your company.. with an attachment or link that looks real. BUT once you click on it your system is compromised and your antivirus will not help you. Many many people have been victim to this and don't even know it. Every keystroke is sent to the bad guy and they may even have remote control of your computer and be able to turn on the camera without your knowledge. Just my thoughts and I'm sure others have their opinions.

Virtual Private Network (VPN) - Free if possible

27 Replies

2oldman
Explorer II
May 04, 2015
Seeing how it's "never happened" it just might be that most people do NOT do banking et al on free wifi. I usually do not, but, in a pinch, yes I will.
rwbradley
Explorer
May 04, 2015
bwanshoom wrote:
2oldman wrote:
LittleBill wrote:
let me clarify, please provide real life examples of this happening. i am well aware of how it works
Yes, because I can't recall a single report on this board (in 13 years) of it happening to anyone.
I agree that a MITM is a considerably rare likelihood for the average person. But anyone who was a victim of it would almost certainly never know that it occurred. They might see the symptoms, but never any evidence of the attack.

A better question is has anyone ever had their financial information compromised (bank account, debit card, credit card) and if so, do you know with 100% certainty exactly how it happened? I've had my credit card compromised twice (and reissued twice by the bank out of caution), but I never knew how they got my information. But I doubt either case was from a MITM.

The problem is that it is very difficult to prove. I have had my Credit card replaced twice and Debit card twice in the last few years. In all 4 cases I called the bank and insisted I speak to a supervisor in their security department and got the same answer every time "they cannot disclose which of their clients was compromised, or how they were compromised".

Add to that, that as pointed out, the end user has no way of knowing they were compromised, until their credit score goes down the toilet. This is why it is so dangerous.

Finally when using most public WIFI the "agreement" page you are clicking on in your browser often includes language that they are not liable for anything that happens on the public WIFI, Si it is in the best interest of McDonalds or Starbucks to not monitor the traffic for MIM attacks, and even if they did detect one it is in their interest to not disclose it as the customer was warned of the risk and it would only make them look bad.

The point is not to prove it has been done to one of us, the point is it is very easy to do and the risks are quite high if it does happen. And I can say that I legally cannot give any details on any cases I may or may not have been involved in, but I can say I have seen it happen, I have collected forensic evidence for it, and I have seen successful prosecutions of it.

Just remember the next time you go to a campground and the neighbors bored kid or grand kid who really did not want to go camping, could VERY easily with virtually no skill, in a few minutes harvest enough information about you and sell it on the internet for some money to buy the next Call of Duty or Grand Theft Auto.

I cannot force or convince anyone to use a VPN when doing sensitive tasks on public WIFI like banking, but my professional opinion is: it is possible, I have seen it happen, it will happen again, and just because you are a camper in a less populated area does not make you immune.

As the OP originally asked for VPN recommendations as opposed to political statements on the need, likelihood, or risk of VPNs, I will get off my soap box and stand by my original recommendation that Cyberghost is a good choice.
bwanshoom
Explorer
May 04, 2015
2oldman wrote:
LittleBill wrote:
let me clarify, please provide real life examples of this happening. i am well aware of how it works
Yes, because I can't recall a single report on this board (in 13 years) of it happening to anyone.
I agree that a MITM is a considerably rare likelihood for the average person. But anyone who was a victim of it would almost certainly never know that it occurred. They might see the symptoms, but never any evidence of the attack.

A better question is has anyone ever had their financial information compromised (bank account, debit card, credit card) and if so, do you know with 100% certainty exactly how it happened? I've had my credit card compromised twice (and reissued twice by the bank out of caution), but I never knew how they got my information. But I doubt either case was from a MITM.
2oldman
Explorer II
May 04, 2015
LittleBill wrote:
let me clarify, please provide real life examples of this happening. i am well aware of how it works
Yes, because I can't recall a single report on this board (in 13 years) of it happening to anyone.
LittleBill
Explorer
May 04, 2015
rwbradley wrote:
LittleBill wrote:
AllegroD wrote:
2oldman wrote:
rwbradley wrote:
You can do a Man in the middle attack by pretending to be the campground WIFI. This will gain large amounts of data secure and non secure that can be either used to break into your banking or to harvest enough info to other sites to be able to build a profile to be able to guess common passwords, common "forgot password" answers etc.
I'm sure this happens all the time.

Yes. It does.

link?

Not enough room for them all :)
Search on news.Google.com for "man in the middle attack" (in quotes), you will get 1710 links.

let me clarify, please provide real life examples of this happening. i am well aware of how it works
rwbradley
Explorer
May 04, 2015
LittleBill wrote:
AllegroD wrote:
2oldman wrote:
rwbradley wrote:
You can do a Man in the middle attack by pretending to be the campground WIFI. This will gain large amounts of data secure and non secure that can be either used to break into your banking or to harvest enough info to other sites to be able to build a profile to be able to guess common passwords, common "forgot password" answers etc.
I'm sure this happens all the time.

Yes. It does.

link?

Not enough room for them all :)
Search on news.Google.com for "man in the middle attack" (in quotes), you will get 1710 links.
LittleBill
Explorer
May 04, 2015
AllegroD wrote:
2oldman wrote:
rwbradley wrote:
You can do a Man in the middle attack by pretending to be the campground WIFI. This will gain large amounts of data secure and non secure that can be either used to break into your banking or to harvest enough info to other sites to be able to build a profile to be able to guess common passwords, common "forgot password" answers etc.
I'm sure this happens all the time.

Yes. It does.

link?
AllegroD
Nomad
May 03, 2015
2oldman wrote:
rwbradley wrote:
You can do a Man in the middle attack by pretending to be the campground WIFI. This will gain large amounts of data secure and non secure that can be either used to break into your banking or to harvest enough info to other sites to be able to build a profile to be able to guess common passwords, common "forgot password" answers etc.
I'm sure this happens all the time.

Yes. It does.
2oldman
Explorer II
May 03, 2015
rwbradley wrote:
You can do a Man in the middle attack by pretending to be the campground WIFI. This will gain large amounts of data secure and non secure that can be either used to break into your banking or to harvest enough info to other sites to be able to build a profile to be able to guess common passwords, common "forgot password" answers etc.
I'm sure this happens all the time.
Seattle_Steve
Explorer
May 02, 2015
I use Tunnel Bear. First 500 mb per month is free. Great interface, and no perceptible slow downs.

I use a Mac, but it is available for PC as well, and reviews seem to be good for either OS. Also available for Android and IOS, but I've not used that.

Forum Discussion

Virtual Private Network (VPN) - Free if possible

27 Replies

About RV Must Haves

Related Content

Just bought a used rv from private seller

Can I have a virtual background for virtual meeting...?

Private property parking

Private Seller - Financing

Private Arkansas campground