3

Please forgive my basic ignorance regarding a VPN connection.

As I understand it, a VPN connection encrypts all the data between my computer and the VPN provider. Thus preventing my ISP from seeing my data.

But on the VPN providers side of the connection, surely the VPN provider uses an ISP of some sort. So they send out requests I have made over their ISP, just as if I were sitting there using the ISP they pay for. And they send the data back to me, encrypted.

So on the ISP side they use, the data they send is unencrypted, so it can be understood by other sites/services.

If this is the case, am I not just pushing my data further along. Its still unencrypted but at a different end (VPNs Webside). Its only the data back to me, which is encrypted.

Thanks.

  • [Related](http://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn/72729#72729) – RoraΖ Jan 19 '15 at 19:58

3 Answers3

5

If this is the case, am I not just pushing my data further along?

Correct. A VPN is designed to give you a secure connection to the VPN provider; it essentially simulates your being physically on their network. For instance, a corporate VPN simulates being in the office physically connected to the corporate network. This is great when there's some reason to trust the VPN network more than the network you're on for the things you're doing; however, all it amounts to is substituting the VPN provider's network for the network you're on.

cpast
  • 7,263
  • 1
  • 30
  • 35
2

"Secure" is a big term. VPNs do not provide perfect security against all threats. VPNs are a way of provide a secured channel in an insecure environment. That's it. You are correct when you say that after the VPN there is exposure, but what is it that you want to secure against?

If you could create a VPN tunnel between yourself and your endpoint (the server/website) then you would resolve the threat you mentioned. But you have a specific implementation of using a 3rd party VPN provider that allows your traffic to jump off from there.

It is important to understand what you are securing against (what threats?), and how a solution protects you against those specific issues. Just using a VPN provider will not make you "secure".

schroeder
  • 125,553
  • 55
  • 289
  • 326
2

Keep in mind that just because some traffic is not flowing inside a VPN doesn't necessarily mean that it is not secure or encrypted. The easy example would be HTTPS: the information you are exchanging with the server is encrypted even if you are not on a VPN. So, no VPN doesn't necessarily equal no security.

A VPN will not make you more secure in terms of anonimity (e.g. if you are trying to perform some not-so-legal operations online), but it will make communications more secure than they would be without it. Sure, the information will be unencrypted sooner or later, but in the meantime, you are encrypting it so that anybody listening on that section of the network will not be able to access your information.

I will give you another example: suppose you are running your own VPN server at home. You are out in a coffee shop and decide to browse the internet, but you connect first to the VPN. Of course the information will not be encrypted after it has reached your VPN server, but the chances of somebody actively sniffing your home connection are much lower than somebody doing the same thing in the coffee shop.

user1301428
  • 1,947
  • 1
  • 23
  • 29