[PaulB]

Just been reading a review of something on a tech review site and there was an ad on the page that said "If you're not already using a VPN, you should be."

It then promoted, normally I'd ignore such ad (and I don't know why I even read this one, but it was advertising paid VPN services like this one (there are others).

So, is it just a money making business or do the savvy users use such services and why?

Just curious..... my default would be to think no more about it, but I could be persuaded.

[carlmeek]

Have you got anything to hide?

Certainly if you need to buy some guns and drugs, it's the way forward! Or... if you are in China and need the real internet.

Technically a VPN means you are shooting your traffic over to someone else's network and then browsing from there. As such the VPN provider needs to be trustworthy.

A VPN will increase latency and slow down your link. Some services may not work at all.

I use private VPNs all the time, used to connect between us and our customers and used by our staff to connect into the office network from home. That's what VPNs were invented for.

[GolfHotel]

Like Carl I use vpn's all the time for secure access to work data from outside work.

I have no need to hide/secure my other web activities.

[Colonel Panic]

I have no need to hide/secure my other web activities.

Nor I, but there are times when I thought that using a VPN was considered to be "good practice", such as when sending financially sensitive data / passwords etc when using public wi-fi?

They can also be handy when trying to watch a film on Netflix which is only available in another country (although this is becoming less easy to do these days).

FWIW, I use https://www.tunnelbear.com (when I can remember to do so )

[GrahamB]

Like the others have said above, VPNs are a standard way by which a secure corporate network can be extended to other devices for home or mobile working.

Other legitimate personal use cases might be:

- you are working in China or some such place and you want to be able to access resources which may be blocked
- you have a place abroad and want to stream BBC iplayer content.
- you want to browse or send highly confidential information.
- you may want to otherwise obscure your content, IP address or location, for example you want to send reports or images of atrocities from inside an oppressive regime to a human rights organisation or the press, or you are being tracked by an aggressive divorce lawyer!

Some of the above can be done via a TOR browser, of course, without the need for a VPN.

[Spooky]

They'll probably be quite popular once the war-on-porn kicks off.

https://www.gizmodo.com.au/2017/07/ther ... pril-2018/

[OCB]

Been a hard advocate of VPN and other privacy tech for ...oh...more than 20 years.

Even used to run a website dedicated to such matters.

Nothing to hide...but from whom? You might trust your govt (more fool you...how many hundreds of thousand "civil servants" do you really trust?), but do you trust the call center in Bangalore that's selling your details to Russian hackers for 50 bucks per thousand logins? Do you trust the army of Chinese hackers who are actively harvesting left right and centre?

Western governments go through phases. They get massively authoritarian depending on how they're being led by the nose via the Tabloids.

Remember Key Escrow? The digital equivalent of handing a spare set of keys to your bank account, email etc to pretty much anyone who called themselves "government".

Remember the numerous times hard disks chock full of NHS or MOD data ended up left in taxis, copied onto unsecured networks at 3rd parties outside U.K or even EU/NATO grasp?

Remember the "weapons grade encryption" farce that was PGP?

As I said, I used to dedicate my free time to this subject. I gave up.

My advice- use VPN for no other reason that being a consiencious objector against the lazy authoritarian tendency of central and local govt. it's also useful for expats like me who are "IP blocked" for having the temerity of no longer living in the U.K. For example I can't change password on my UK bank's PC banking from abroad. With VPN into the UK and a little extra jiggery pokery I can.

One note on TOR. In theory it gives obscurity. It can never give anonymity. I am a fan of the idea, but it's too easy for govts to set up "rings" and reverse engineer from there.

[rikur_]

Nor I, but there are times when I thought that using a VPN was considered to be "good practice", such as when sending financially sensitive data / passwords etc when using public wi-fi?

Like most security things it's relative. If you are just checking the BBC news or weather, I can't say that I would bother. If I'm accessing Gmail I'm content that this is already over https. I generally use VPNs when accessing corporate systems, or to access UK only content when I'm not in the UK.

There are pros and cons to VPNs ..... you only get encryption as far as the VPN provider - the connection from there to whatever website or service you are using is not protected by the VPN.
This is ok if you are accessing your company's systems via your company's VPN - but if you are using a public VPN to access e.g. Youtube then the traffic can still be intercepted between the VPN provider and Youtube......
If I was interested in surveillance I would probably pay particular attention to traffic originating from VPN concentrators, whereas traffic from 'just another IP address' is a bit like a needle in a haystack. It's a bit like people that put padlocks on suitcases, it might make it more secure, but also raises interest in what it contains.
There are other downsides - for example authentication heuristics: - some providers (e.g. Google) use heuristics around login patterns (e.g. if you normally login from uk broadband network and suddenly attempt to login from China you might get prompted for additional security questions) ... if you regularly login via a VPN, then if I was hacking into your account, I'd probably hack in through the same VPN provider so that it looked like normal traffic.

[Colonel Panic]

If I'm accessing Gmail I'm content that this is already over https..

As an aside, if I log on to my bank through a dedicated bank app, can I assume that the connection is "secure" (despite not showing an https header, as the app doesn't have/show any headers)?

[rikur_]

If I'm accessing Gmail I'm content that this is already over https..

As an aside, if I log on to my bank through a dedicated bank app, can I assume that the connection is "secure" (despite not showing an https header, as the app doesn't have/show any headers)?

Yes - I would generally trust dedicated banking apps from the bank more than their online banking website - and in all likelihood will be using https in the background.
The reasons - generally they override the phone's keyboard and use their own 'mock' keyboard, this reduces the risks of key stroke logging (did you know that some mobile phone keyboards send all your typing to third party services to help develop predictive text - not a good idea!). Secondly bank apps generally use two factor authentication - creating a token on the phone as part of the initial installation in addition to partial password, and associating the token with your account. They are therefore checking 'something you own' (the phone) and 'something you know' (the password).
Of course it is always possible that a bank makes an error in the implementation of their security - but my current view is that app security is better than website.