2

I use my trusted VPN primarily for the sake of anonymity (to avoid data being collected about my Internet browsing), although I am aware of its security benefit -- traffic encryption. My question, however, stems from an unsubstantiated fear I have of using the VPN when accessing sensitive sites (banking, primary email, billing, PayPal, etc.). When accessing sensitive sites I am not seeking anonymity, in fact, quite the opposite; unavoidably such access requires the exposure of personal information (hopefully under the sound encryption that these sites themselves provide).

Several questions related to my title or umbrella question:

  1. Is it advisable to still use a trusted VPN when accessing sensitive sites?

  2. Does using a VPN in such circumstances jeopardize the sensitive information I'm accessing?

  3. Regardless of whether using a trusted VPN inconsequentially effects such access and surveying, do you yourself switch off your own trusted VPN when accessing sensitive sites?

(I am aware of my persistent use of the phrase "trusted VPN". It does seem quite silly and was likely unnecessary. Also, feel free to critique my understanding of "trusted VPNs", the benefits they provide, and so on. I can only begin to conceptualize how a VPN works, although I do know conflicting views exist on the security and general benefit they provide. I use several other mechanisms to enhance my anonymity and my security, none of which include TOR, as I am under the impression it requires legitimate knowledge of CompSci, a "domain" which is widely foreign to me.)

Steve Dodier-Lazaro
  • 6,828
  • 29
  • 45
Donald
  • 29
  • 1
  • Relevant quote from the Grugq: "VPNs provide privacy - Tor provides anonymity. Confuse the two at your peril." – tlng05 May 23 '15 at 18:41
  • Welcome on Security StackExchange. You may find useful information below the following question which seems to match your request: [Disadvantages of Using a VPN?](https://security.stackexchange.com/questions/86806/disadvantages-of-using-a-vpn) – WhiteWinterWolf May 23 '15 at 21:54
  • Welcome to the site. I've edited your question to make it more fit for the StackExchange format. Please note that your questions 1 and 3 are partly redundant and very subjective, and hence not suitable for StackExchange. You should only ask questions that can be answered objectively, or for which evidence of correctness can be provided. The personal habits of other members or their wise opinion on the vast topic of VPNs in general falls short of this category. Please consider editing your questions. – Steve Dodier-Lazaro May 24 '15 at 00:04
  • Also, do have a look at the question linked by WhiteWinterWolf. If you find that your question is different, please link to the above question and explain how yours differs, to avoid this question being closed as a duplicate. Thanks! – Steve Dodier-Lazaro May 24 '15 at 00:04

3 Answers3

3

What is your threat model ? Why do you want to use the VPN ?

You seem to think that a VPN is the silver bullet for privacy (thanks to all these ads to fool naive users, even though these VPN providers will probably be the first ones to hand over your data in case of a government/attorney request).

Sorry to disappoint you, it is not. All the VPN does is create an encrypted tunnel between your computer and the VPN server, and all your traffic appears to come from that server to the eyes of websites. That's it.

Why do you think Google or evil advertising companies will have trouble tracking you ? They couldn't care less as to where your IP is your real IP or the VPN server's one. They use cookies to track you. If you want privacy, install a good ad blocker, block all the advertising/analytics crap and you'll regain some privacy.

The only benefit of a VPN is either when you need to connect to your workplace's network remotely (and appear as if you were on their network), or use unencrypted protocols (HTTP, IMAP, SMTP, FTP, etc) over untrusted networks (public unencrypted and often overpriced Wi-Fi garbage, rogue ISP that spies on your unencrypted traffic or alters it, etc).

To actually answer your question, any serious bank uses HTTPS, which is safe to use even on untrusted networks. The VPN won't add any security (but may trigger some alarms on the bank's side because your IP suddenly changed) because it's already secure.

  • Doesn't the VPN guarantee that you're not using a rogue DNS server too? – Neil Smithline May 24 '15 at 03:22
  • 1
    If the VPN server pushes DNS settings to your client then no. Some VPN servers will alter the client's DNS settings and some won't. It all depends on how the server is configured. – Tim Jonas May 24 '15 at 06:08
1

For the bank scenario: any respectable bank uses HTTPS and SSL to protect the traffic from being read by third-parties, including your VPN. If you are using a public wifi, using your VPN during banking is highly recommended, but it doesn't hurt to do it in the home setting either.

Minor disadvantages of constant VPN usage: 1. Some websites block VPN IPs because people have used their VPNs for illegimate purposes as spamming, advertising, hacking etc.
2. You could be blocked out from your own "userspace" for your own security. An example is hotmail sending you a mail notifying that your mail has been locked down due to someone from Germany logging in with the right password, obviously the VPN is working here. This can easily be added to exceptions after one occurence, unless your VPN changes IP from time to time.
3. Flash player update might fail requiring you to disable vpn and simply click retry.

I would say most VPN services are trusted, but if you're touchy with your privacy principles there are VPN services that log only the minimal amount of your data usage. See this link: https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/

Manumit
  • 579
  • 1
  • 5
  • 19
1

A VPN can protect you in cases where you're on a very untrusted network, like wifi at a coffee shop or airport, and someone performs SSL strip and redirects you to a different site than your bank. Are you really sure the links you're clicking on link you to the https site?

The only disadvantage of using a VPN is that depending on how the VPN works, you might be coming from the same IP address as thousands of other people. If your bank is basing any security on IP address, you could compromise this.

The former very real attack is more likely than the latter potential and speculative disadvantage though.

Steve Sether
  • 21,530
  • 8
  • 50
  • 76