VPN question

[Vilian]

Hey guys,

I have a general new-bie question about VPNs

I understand the general idea, people want to stay anonymous by using the VPN server  as proxy to hide their identity.

What I do not understand is why people keep on talking about the idea  security.  

It's said that if you do not use a VPN, many users may use that to their advantage to snoop and exploit your data traffic.

Well, are we just going to pretend that HTTPS does not exist?
But that is clearly not the case, since if that were to be true, there could never be any sort of online backing and document management services.

 

If you need access to a PC, why not use SSH, if you need access to the file system why not use some form of SFTP client.
To me, a VPN seems only useful for changing your geo location and bridging into a foreign local network.
Given the hype for VPN services nowadays, I'm sure i'm missing some key feature.

So please, tell me why they are so useful.

[tikker]

8 minutes ago, Vilian said:

So please, tell me why they are so useful.

Safer browsing on public or unprotected networks (encrypting traffic), circumventing geo-blocking measures, putting an extra curtain between your ISP and your internet activity and maybe make tracking you ever so slightly more work (alhtough Google and like's tracking is quite advanced).

 

Like you say it's not something that makes you completely anonymous nor something to hide from the authorities with. It's an extra layer of privacy. This is why people sometimes throw the "if you have nothing to hide..." argument at it. No, browsing LTT forums is not illegal (I guess), but that doesn't mean my ISP or anyone else needs to know I'm visiting it.

[jj9987]

5 minutes ago, tikker said:

Safer browsing on public or unprotected networks (encrypting traffic), circumventing geo-blocking measures, putting an extra curtain between your ISP and your internet activity and maybe make tracking you ever so slightly more work (alhtough Google and like's tracking is quite advanced).

 

Like you say it's not something that makes you completely anonymous nor something to hide from the authorities with. It's an extra layer of privacy.

Basically this. You are switching your trust from ISP to the VPN company. Depends on who do you trust more.

Secondly, while HTTPS is secure and third-parties can not see your traffic, they can still see which IPs you are connecting to, which may or may not reveal information.

Thirdly, TLS Client Hello in HTTPS is not encrypted, so it is quite easy to see the domain you are connecting to.

Tracking is still possible, if you are still using same browser as usual.

 

16 minutes ago, Vilian said:

If you need access to a PC, why not use SSH, if you need access to the file system why not use some form of SFTP client.
To me, a VPN seems only useful for changing your geo location and bridging into a foreign local network.
Given the hype for VPN services nowadays, I'm sure i'm missing some key feature.

VPNs are critical in enterprise world. You can remotely access the internal network, be that web, file or some other servers.

[SorryBella]

20 minutes ago, Vilian said:

why not use SSH

Famous last word, considering how insecure SSH is in context of public usage.

[Windows7ge]

Well, using your own examples as an example. Just because HTTPS encrypts your network traffic for web browsing it doesn't hide the source or destination address. If you were in a public environment doing web banking or making a purchase it still gives hackers an idea of what you are doing and that can give them a starting point to exploit you further. Not to mention there are various MITM (Man In The Middle) attacks that can be initiated to potentially capture authentication requests and gain unauthorized access.

 

SSH & SFTP are all well and good and by themselves can get the job done fine but if you ever found yourself targeted by someone competent. These protocols have their flaws in how they work and if not implemented correctly can result in unauthorized access.

 

The various ways in which VPN's can be implemented don't stop at publicly available ones. You can build your own VPN to access systems/servers at home. If you're a power user instead of Port Forwarding several servers using various protocols you can encapsulate everything down to one port/service and encrypt the traffic on the public domain. This reduces the likelihood that a port scanner or bot on the internet finds a open port on your router and cracks your authentication key or just guesses your password.

 

But in the end you're not entirely wrong either. Nothing is full-proof. Noting is 100% un-hackable but making it harder discourages hackers who are either just passing by looking for easy targets or trying to target you specifically.