I was going to begin with an assumption that everybody knows what a VPN is and what a VPN does.
This might not be the case, so let’s start with a quick explanation. In a nutshell:
- VPN = Virtual Private Network
- It creates a private connection between you and another entity (user, website, server, etc.) on the network. Remember, your regular Internet connection via ISP or mobile carrier is not private!
- You connect as a remote user to a network as if you were a local user on that network.
- A VPN creates an encrypted tunnel by connecting to a proxy IP address and only then connecting you to your destination. Therefore, it hides your real IP address and your geo-location.
- This can be useful for bypassing content restricted to a particular country. With a VPN, you can connect to a server in that country and then connect to your destination using the VPN IP address.
- VPN offers an extra layer of privacy when connecting to an untrusted public network (pub, hotel, airport, etc.).
- VPN can be a software solution (a VPN server / client built into or installed onto your operating system) or a hardware solution such as a dedicated device that can be plugged directly into the router.
Why is a VPN important?
Instead of harping on about privacy and scaremongering about what could go wrong if you do not use a VPN, it’s best to illustrate this point with real life examples:
Reason 1 – The ISP snooping
It’s unlikely that somebody at an ISP level (a nosy employee for example) is snooping on your Internet traffic, but this is not beyond the realm of possibility.
However, what’s more likely is the fact that an ISP is capitalizing on aggregated usage statistics data by selling it off to third parties such as insurance, health or marketing companies.
You more than likely already heard some general online safety advice to the tune of “always use HTTPS, not HTTP” and “make sure the URL bar displays a padlock icon”.
HTTPS encryption ensures that information you enter while interacting with a website (your login and password for example) is private, but the fact of you interacting with a website on a DNS level (DNS = Domain Name System). This means you typing in a specific website address and going to that website is visible to the ISP.
Why would this matter? Well, it’s no secret that metadata analysis can provide a wealth of knowledge, even if you don’t see the actual information entered into a website by users. Sometimes a lot can be revealed by gathering only DNS usage info.
For example, what can we tell about a user who visits the following websites in this sequence?
[2020/06/20 21:15:30] www.healthline.com
[2020/06/20 21:21:42] www.aidsinfo.nih.gov
[2020/06/20 21:45:07] www.hiv.gov
[2020/06/20 22:06:15] www.sexualhealthcentre.com
Even though as an ISP we don’t know if the user was interacting with these website by sending specific queries to them and what they were asking about, we have a pretty good idea of what is going on here just from the context created by the metadata alone.
But if the user was on a VPN, his/her traffic would not be visible to to the ISP – the only thing visible to the ISP is the initial connection made from the user’s IP address to the VPN server.
If you use a VPN, no details of DNS traffic can be observed.
Reason 2 – ISP carelessness / incompetence
This is a pretty valid reason for shielding your Internet usage from your ISP.
Here is an example why:
In March 2020 one of the largest UK-based ISPs – Virgin Media – announced they suffered a data breach, which affected nearly 1 million customers. The company attempted to minimise the backlash and initially called the breach a “data incident” that resulted in unauthorised disclosure of “limited contact information”.
The company then had to backtrack when it became evident that their “data incident” happened as result of misconfiguration of one of their databases by Virgin Media employees. What was worse was the fact that subsequent security monitoring audits did not reveal the data exposure for another 10 months (April 2019 – February 2020). Virgin Media was ultimately notified by a third party about the breach (source).
The scope of this breach was huge from the digital privacy perspective. The leaked data included customers’ names, addresses, dates of birth, phone numbers, and IP addresses; but in some cases this information was coupled with customer requests to block / unblock websites with mature content, including gambling and pornography.
So not only did Virgin Media customers suffer unauthorised disclosure of personal information; they also had private details of their online habits disclosed, some of which could have caused discomfort and embarrassment to say the least.
The solution to the problem, before it arose, would have been simple. If the affected individuals were using a VPN service, it would have removed the need for block / unblock requests to Virgin.
Moreover, even if their home IP addresses were disclosed, they would not have been associated with any specific types of Internet usage because the ISP would not have had this knowledge.
Reason 3 – Bypassing the geo-location restrictions
There are many online services out there (for instance streaming platforms like Netflix) that serve users content based on their IP address and its geographical location.
So for instance, any European user who attempts to connect to the US version of a streaming service will be blocked and informed that the content they are trying to access is not available in their country.
Connecting to a VPN means the freedom of being able to change your IP address.
It also means that services restricted due to geo-location can be accessed freely from anywhere in the world, of course on the condition that your VPN service provider has access to servers in the country of destination.
PS. Platforms like Disney or Netflix often blacklist known IP address blocks identified as belonging to VPN servers. If accessing foreign media content is your priority when choosing a VPN, pick the one that is reliably able to by-pass VPN bans put in place by these companies.
Reason 4 – Avoid censorship and connection throttling
Censorship can have a twofold meaning here – it can be imposed by the country of residence on certain websites, or it can be controlled at the local network level (hotel WiFi, etc.).
Either way it means that you cannot access a particular online resource if connecting directly to it.
An indirect connection however, via a VPN, will allow you to bypass any restrictions implemented either by the ISP or by the network administrator. An outgoing connection to an external server in another country that is not subject to any restrictions will enable unfettered access.
There is a similar use case whenever your ISP is throttling your connection speed. There could be many reasons for this: from trying to pressure users to buy a more expensive broadband plan, to attempts to minimise torrenting or similar illegal downloads.
VPN usage allows to mitigate that due to encryption – the ISP cannot see the nature of your traffic so they won’t throttle network speed based on the content accessed.
PS. Ensure you are using a software or hardware VPN, and not a browser based one (e.g. Opera).
A browser based VPN will only shield your browser traffic, but it won’t cover anything else, like specific applications, file sharing, and so on.