• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Public VPNs Don’t Always Make You Any More Secure

November 22, 2019 By Trevor Collins

VPN Protection

Recent news on a compromised NordVPN server highlights a concern that when you want to use a public VPN, it doesn’t necessarily add any additional security. Some VPN providers want you to think that simply using a public VPN will make your connection perfectly secure, but this doesn’t hold true. While a compromised VPN connection allows hackers access to your Internet traffic, if you use HTTPS to access sites then you still can rest assured that your connection is still secure.

The weakest link in your connection should determine what you access. VPN providers aren’t without fault and can still suffer compromises and risks just like your local connection. Therefore, connections to servers over a secure connection like HTTPS don’t gain additional security by using a VPN, unless you connect to a public Wi-Fi. In the case of a public Wi-Fi connection, a VPN can help prevent some exploits. So, if you use a VPN over public Wi-Fi,  you’re totally secure, right? Not so fast. Many VPN connections only pass traffic outside of your local subnet. For traffic inside your local subnet your computer doesn’t pass traffic through the VPN. If a hacker sets a malicious server on your local subnet then this traffic doesn’t get encrypted through the VPN. They don’t even need to create a server since they could also proxy the connection and read your traffic. It’s possible to change this behavior though. Simply put, you should never fully trust your connection when connected to an unknown public Wi-Fi.

In another case, let’s say your connection to the server uses an insecure connection without HTTPS encryption. If you don’t use a secure connection to a server then the traffic between the VPN provider and the final responding server isn’t encrypted. A public VPN doesn’t add additional security to secure connections or insecure connections.  It only prevents monitoring through the local ISP connection and individuals that share your local network. To clarify, I’m not talking about private VPNs that you use to connect to your office at work.  These necessary VPNs allow access to work resources in an encrypted tunnel that would otherwise be accessible to anyone with access to the connection.

Using a public VPN won’t make you less secure, but when you use a public VPN ensure you still check that your connection to the final destination is secure too by checking the lock in your browser and not passing private information if insecure.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Hacking

Comments

  1. Ali Harris says

    November 22, 2019 at 8:42 am

    No, but they do help in many situations and it’s important to note that public VPNs much more often help than not.

    Reply
    • Trevor Collins says

      November 22, 2019 at 2:02 pm

      Hey Ali, thanks for your comment.

      I agree in some situations a public VPN makes you more secure. In fact I use a public VPN myself. Most of the time though, when accessing the internet through your home network, you’re betting the VPN provider has better security then your home network. The real security for a public VPN comes when accessing the internet through a network with unknown security. My point being, you shouldn’t let your guard down just because you use a public VPN.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use