There are good reasons to use a VPN, and there are bad reasons to use a VPN. We will articulate some common reasons VPNs are deployed in this article.
VPN stands for Virtual Private Network. It is a layer on top of your Internet connection to provide access you otherwise may not have, or to provide a layer of security and encryption so as to hide your otherwise visible network traffic or metadata.
VPNs can be complex to setup for the non-technical person because there are so many options and purposes for one. I’m going to focus on VPN use from a mobile or desktop device. Enterprise use of VPNs will be out of scope for the purposes of this article.
Top 3 GOOD reasons to use a VPN
- You are online via a public hotspot such as a coffee shop or hotel. Now you have a very good reason to protect yourself. The layer of the VPN makes it impossible for a sniffer to gather anything useful from your activities. Even if your traffic were all captured by a WiFi Pineapple (an “evil twin”), it would be meaningless noise to them. This is assuming, of course, that your VPN itself is secure and of good quality.
- Your work requires one. Many corporate resources provide an excellent layer of protection by limiting all access to LAN and VPN users only. While this is inconvenient, it is an excellent strategy for a better level of security.
- Circumvent unreasonable content filtering and/or censorship.
Top 3 BAD reasons to use a VPN. Even though you will often see these as reasons *to* use a VPN, we explain why not.
- Anonymity. As explained in a previous blog post VPN PROVIDES FALSE SENSE OF SECURITY, a VPN simply shifts visibility of your traffic to a different location on the network. So you may hide from the ISP that connects you to the Internet, but you still expose those same details to the VPN provider and ISP at the VPN exit point. So much for anonymity.
- Access geo-locked content. Say you’re travelling outside of your home country and suddenly you have a different Netflix catalogue (or worse, none at all). Using a VPN for this is highly inefficient because it completely breaks how Content Delivery Networks operate to bring the content to the edge of the Internet. This causes the Netflix experience (via VPN) to be unreliable and at best gives you a low-resolution experience. Forget HD.
- Download or upload illegal content via peer-to-peer. Again, a VPN simply shifts your identity from one IP to another. All other signals that your computer emits are also shifted to this IP so don’t count on anonymity protecting your illegal uploads or downloads.
Not all VPNs are the same
It is worth noting that corporate VPNs very often provide no hotspot visibility protection except for their own traffic. In other words, the VPN may be used to encrypt the traffic to and from your corporate network, but the rest of your Internet traffic may not be protected at all. Look for settings such as “split tunnel” or an unchecked setting of “Send all traffic over VPN connection”.
If not VPN, then what?
DNS-based inverse proxy solutions solve this problem in an elegant way without breaking any SSL security. There are quite a few out there now including services such as Unblock-US. However, the one shortcoming in those services is that sending all of your DNS queries to one provider, breaks Content Delivery Networks (CDN) technology. Netflix, for example, uses Akamai’s CDN technology. Akamai is then unable to serve you from the server geographically closest to you and instead may be serving a video to you from across the world.
DNSthingy, by contrast, uses deterministic DNS and continue to benefit from CDN’s technology.