cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

HTTPS and VPN

Bachelor
Explorer
Explorer
I was wondering if one is on a secure website does using a VPN provide extra protection, or is it just redundant? Thanks.
31 REPLIES 31

fj12ryder
Explorer III
Explorer III
"He has a dedicated hardwired PC that is ONLY used for financial transactions."

Big deal, most data theft occurs after the data is "secured" at the other end.
Howard and Peggy

"Don't Panic"

philh
Explorer II
Explorer II
Friend mine is a super high end security guy... He doesn't talk about it at all, but I suspect NSA.

He was in an airport once and got pinged by someone in the airport. He was able to electronically identify the culprit and from there physically identified him. Broadcast a popup directly to the guys computer describing his clothing and told him you're being watched. Guy packed up and immediately left.

Some day I'm going to spend some time with him securing my network and computers better. He has a dedicated hardwired PC that is ONLY used for financial transactions.

ljr
Nomad
Nomad
mike-s wrote:
Bachelor wrote:
I still don't get it, when all the popular VPN providers provide excellent encryption such as Nord, Express, PIA and several others. They've all been tested and receive generally high marks. How can they be useless, as many of you say? This enquiring mind seeks answers.
For those types of VPN the encryption is only between your PC and the VPN provider. From there it flows across the public Internet, just as it would if there were no VPN. VPNs hide your IP address (there's a NAT gateway at the provider). They don't provide any more connection security than an HTTPS connection, but are popular for use with geographically restricted services (e.g. get US Netflix from some country where it isn't offered).

There are also enterprise VPNs (which were around first), where the VPN provides a tunnel between a client and an enterprise network (or between enterprise networks). Those encrypt all traffic crossing the public Internet, so are basically as secure as being directly on the enterprise network.


Excellent clarification! All my experience is with the latter. I knew the former existed but never quite understood why.
Larry

mr__ed
Explorer
Explorer
I think I understand better now. Thanks to everyone.
Mr. Ed (fulltiming since 1987)
Life is fragile. Handle with prayer.

2007 Hitchhiker II LS Model 29.5 LKTG (sold)
2007 Dodge Ram 3500/6.7 CTD/QC/4X4/SB/SRW/6-speed man/Big Horn edition (sold)

mike-s
Explorer
Explorer
Bachelor wrote:
I still don't get it, when all the popular VPN providers provide excellent encryption such as Nord, Express, PIA and several others. They've all been tested and receive generally high marks. How can they be useless, as many of you say? This enquiring mind seeks answers.
For those types of VPN the encryption is only between your PC and the VPN provider. From there it flows across the public Internet, just as it would if there were no VPN. VPNs hide your IP address (there's a NAT gateway at the provider). They don't provide any more connection security than an HTTPS connection, but are popular for use with geographically restricted services (e.g. get US Netflix from some country where it isn't offered).

There are also enterprise VPNs (which were around first), where the VPN provides a tunnel between a client and an enterprise network (or between enterprise networks). Those encrypt all traffic crossing the public Internet, so are basically as secure as being directly on the enterprise network.

magicbus
Explorer
Explorer
A VPN is encrypted from your PC VPN client application to te VPN server and then is unencrypted from the VPN server out to the โ€œrest of the internetโ€ and the reverse for โ€œinbound trafficโ€. A VPN is generally used to allow access to a closed network that is attached to a public network. A by-product of a VPN is that the originating location is masked and appears to the internet as the point where the VPN connects to the internet. Keep in mind that the unencrypted traffic from a VPN server to the public internet may still contain data encrypted by an HTTPS session as described below.

By contrast, an HTTPS session is encrypted from your PC browser application to the endpoint server (such as your bank) and only the communication between your PC and the endpoint is encrypted, and your PC location is not masked.

I am not familiar with all VPN clients but would imagine most use TLS for session security just as HTTPS now does and therefore both would be subject to the same vulnerabilities (and likewise are both equally secure at this point in time). On an unencrypted WiFi network a VPN would hide all of your traffic from a local sniffer, not just your individual sessions as with HTTPS. Neither will provide protection from things like connecting to a bad WiFi network and ignoring certificate warnings.

Dave
Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

mr__ed
Explorer
Explorer
Good point, Mr. Wizard. I had never considered that. Interesting that the VPN providers advertise security on public connections. Maybe it's all a sham. :h
Mr. Ed (fulltiming since 1987)
Life is fragile. Handle with prayer.

2007 Hitchhiker II LS Model 29.5 LKTG (sold)
2007 Dodge Ram 3500/6.7 CTD/QC/4X4/SB/SRW/6-speed man/Big Horn edition (sold)

Bachelor
Explorer
Explorer
Posted in error

MrWizard
Moderator
Moderator
i don't 'yet' use a VPN
but it would depend on whether the security starts in your PC or at the VPN server

if the data is encrypted inside your PC or at the VPN server

even if the data is encrypted from your browser to the vpn server

the data between your PC and the public wifi is not

every device connected to the public wifi is logging in with the same password "if a password is even needed"

which allows any evil pert, to monitor your signal traffic and attempt to break the encryption key of your VPN
I can explain it to you.
But I Can Not understand it for you !

....

Connected using T-Mobile Home internet and Visible Phone service
1997 F53 Bounder 36s

Bachelor
Explorer
Explorer
I still don't get it, when all the popular VPN providers provide excellent encryption such as Nord, Express, PIA and several others. They've all been tested and receive generally high marks. How can they be useless, as many of you say? This enquiring mind seeks answers.

ljr
Nomad
Nomad
mike-s wrote:
Gdetrailer wrote:
A VPN is no more "secure" than an open wifi, period.
A lot of people don't get that, though. I'm assuming the current popular use of "VPN", which is a simple attempt at disguising where you're geographically located.

VPNs are just fine, if they connect to the endpoint's network. Otherwise, they add exactly zero additional security (or perhaps less than zero, since they introduce an new "choke point").


Iโ€™ve never used a commercial VPN provider. Youโ€™re saying IPSec tunneling is not enabled? Makes it kind of pointless, doesnโ€™t it?
Larry

mike-s
Explorer
Explorer
Gdetrailer wrote:
A VPN is no more "secure" than an open wifi, period.
A lot of people don't get that, though. I'm assuming the current popular use of "VPN", which is a simple attempt at disguising where you're geographically located.

VPNs are just fine, if they connect to the endpoint's network. Otherwise, they add exactly zero additional security (or perhaps less than zero, since they introduce an new "choke point").

MitchF150
Explorer III
Explorer III
The thing with those pay as you go VPN services is that you are being routed thru their servers and they can log, track, control all of your internet activities..

You can choose the country you want your VPN ip address to be coming from, so say you are connected to an open wifi in the US, but if you choose a VPN connection to come out of say Canada, that's really the only thing that's happening with that VPN connection.

No additional "security" from that same open wifi.

Your computer is still using an IP address to that open wifi connection it gave you to connect in the first place. The VPN connection you have is just changing the IP address that the web sites you are going to sees..

Anyway, I looked at the Nord VPN and tried it, but cancelled it a couple of days later, as I found out that it simply does not make an open wifi any more secure than just using the open wifi.

When you connect to a new network, your computer should prompt you to select the type of network you are connecting to. At that point, you should select the "public network" option, as that will set your computers firewall to be not let your computer to be visible on the open network.. Nothing is ever 'secure' as such, but I still would not conduct my banking or other password entered web sites from an open wifi, even using a so called "VPN" connection..

Good luck!

Mitch
2013 F150 XLT 4x4 SuperCab Max Tow Egoboost 3.73 gears #7700 GVWR #1920 payload. 2019 Rockwood Mini Lite 2511S.

2oldman
Explorer II
Explorer II
Bachelor wrote:
I guess, as some of you mentioned, you're more safe using your own hotspot, such as cell phone, your own router, etc.
You're fine with that. If you weren't the banking and shopping industries would be collapsing.
"If I'm wearing long pants, I'm too far north" - 2oldman