HTTPS and VPN

A VPN is encrypted from your PC VPN client application to te VPN server and then is unencrypted from the VPN server out to the “rest of the internet” and the reverse for “inbound traffic”. A VPN is generally used to allow access to a closed network that is attached to a public network. A by-product of a VPN is that the originating location is masked and appears to the internet as the point where the VPN connects to the internet. Keep in mind that the unencrypted traffic from a VPN server to the public internet may still contain data encrypted by an HTTPS session as described below.

By contrast, an HTTPS session is encrypted from your PC browser application to the endpoint server (such as your bank) and only the communication between your PC and the endpoint is encrypted, and your PC location is not masked.

I am not familiar with all VPN clients but would imagine most use TLS for session security just as HTTPS now does and therefore both would be subject to the same vulnerabilities (and likewise are both equally secure at this point in time). On an unencrypted WiFi network a VPN would hide all of your traffic from a local sniffer, not just your individual sessions as with HTTPS. Neither will provide protection from things like connecting to a bad WiFi network and ignoring certificate warnings.

Dave