Helping people with computers... one answer at a time.
A VPN or Virtual Private Network is a fully encrypted and private internet connection via a VPN provider. I'll look at what protection it offers.
I use a VPN - how and what are the protections of this versus just connecting through my ISP? What limitations does this have? Can they "see" what I'm doing (like using a Bit Torrent), and that is coming from my account?
A VPN, or Virtual Private Network, is an approach to safely connecting to a remote resource. Depending on the VPN that privacy can extend from one end of the connection to the other, or it can protect you only for a certain portion.
I'll describe the different scenarios and how you are, and perhaps are not, protected by a VPN.
I'll use this scenario as the base: you're in an open WiFi hotspot, and connecting to a remote resource like Ask Leo!:
The red dotted lines are unencrypted - in other words open - connections.
Typically the largest area of concern is the connection from your laptop to the WiFi router. That open WiFi signal traveling through the air can be "sniffed" or read by anyone in range with a laptop and the appropriate software.
The normal reaction is to use WiFi WPA encryption to the hotspot to remove the sniffing vulnerability:
There are two problems with this approach:
Most open hotspots simply don't use encryption - that's how and why they're "open".
Even if used, it's only the connection to the WiFi device that's protected - everything past that point in the diagram above remains "in the clear".
That last point is important because, for example, someone could connect to the WiFi router directly to sniff the traffic, and of course all of the traffic is also visible to the Hotspot's internet service provider to which that hotspot is connected.
To protect yourself further, a VPN is a common solution.
Using a VPN provider gives you a very high level of security - the entire path from your laptop to the VPN provider is securely encrypted. No one along that path can see your data; not other WiFi users, not the people managing the hotspot and not even the hotspot's ISP.
In an open WiFi or other situation with questionable security (such as connecting to the internet at your hotel), a VPN is a great solution.
But ... it's not perfect.
There are two things to note:
Your data leaves the VPN provider's servers unencrypted. That means that the VPN provider, as well as any other networking equipment between them and the server you're accessing can see your data. In practice this is extremely rare.
You're adding additional steps between you and the server you're accessing - typically this slows down the connection somewhat. How much varies based on the VPN service you're using, their capacity, and the server you're attempting to access.
So, no, the ISP you're connecting to the internet through can't see that you're using bittorrent, only the VPN service can. However your ISP would still see that you're sending and receiving an awful lot of data.
The only truly private solution is end-to-end encryption. Unfortunately that isn't possible in many cases.
Https is end-to-end encryption. That means that connections you make which use https are completely encrypted along the entire path from your machine to the remote server you're accessing. That's why banks and other services that allow you to access sensitive data all should be using https. Many web-based email providers are now also providing full https connectivity. However not all sites support https. Sites which don't deal with sensitive information - like Ask Leo! - typically don't provide https access.
SSL is end-to-end encryption. When configuring a POP3, IMAP or SMTP connection in your email program, if your email provider supports it choose SSL or TLS - that way your email uploads and downloads - as well as your login information - is completely encrypted along the entire path to your mail server.
Your own VPN can be end-to-end encryption. Services like Hamachi, which allow you to set up your own VPN that interconnects your own machines are also fully encrypted.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.