Data protection scandals, security breaches, hacking, and various mass surveillance scenarios have led users to worry about their privacy on the Internet. They often then turn to VPN services, but they are not always useful.
VPN encryption is not useful for all scenarios
The Internet is seemingly becoming an increasingly dangerous space for its users. “However, many Internet users then seek their salvation in VPN encryption, which is usually aggressively advertised. Slogans such as “surf anonymously,” “stream online securely,” “100 percent anonymity” or other promises are commonplace. And here it is important to check exactly how secure this VPN encryption really is in the modern World Wide Web,” draws the attention of Christian Heutger, CTO of PSW Group.
In a VPN, data remains protected on its transport route. Anyone using VPN software first connects in encrypted form to their VPN provider, who then forwards their customer to the Internet. “During the process, all data is anonymized. The connection request passes through the VPN provider’s server (node), and the user is assigned a new IP address in the process to protect the actual IP address, which is the recognition number of a computer. Put simply, the goal of a VPN is to make a computer invisible on the Web,” explains the IT security expert.
However, VPN encryption only protects traffic from the user to the provider’s VPN servers. So when a connection is established, only the potential point of attack shifts. If the data sent is not protected in any other way, it can still be read between the VPN server and the actual destination. “Another issue is that users may end up with dubious VPN providers. It may be that the providers want to join the trend and only offer insufficiently mature software. Or even worse: Some providers disguise their software like a VPN tool, but behind it is viruses or Trojans.
Users should be extremely careful, especially with free tools,” warns Heutger. All too often, VPNs are also advertised with the topic of data protection – after all, in times of mass surveillance, it is also important to protect metadata.
Metadata is information about other information resources, for example, when sending an email: In addition to the content of the message, there is the metadata, which consists of the sender, the recipient, the sending time, date, and other information. “This is where you have to understand how VPNs work: This leads to a centralization of all data connections at one point.
If an intelligence agency now wants to efficiently monitor data traffic, it would make the most sense to do so strategically close to the VPN access nodes. So a VPN does not offer real data protection,” says Christian Heutger.
Instead of only encrypting the path between the VPN client (the user) and the VPN server (the provider), it, therefore, makes more sense to encrypt the entire path from sender to destination. “And this is also standard nowadays. Using SSL certificates, numerous websites are already end-to-end encrypted. Via HTTPS, a large number of all websites are delivered with TLS encryption. This not only protects against curious third parties but also against data manipulation. Technologies such as HSTS ensure that unencrypted HTTP connections are not possible,” the expert clarifies.
There are very useful application scenarios for VPNs
Now VPNs are not bad per se – there are also very sensible usage scenarios. VPNs were not originally designed for “100 percent anonymous” and trace-free surfing of the World Wide Web. It was intended for other uses in which VPNs are still useful: “Anyone who is on a public WLAN, for example, and wants to protect themselves from unwanted fellow readers should use VPNs.
VPN encryption also makes sense when external employees are connected to the company network. In addition, in countries where the Internet is censored, these geoblocking blocks can be circumvented using VPN. Of course, the risk of incomplete VPN encryption remains,” informs Christian Heutger and adds: “In addition to SSL encryption on the Internet, the use of the Tor Browser also ensures strong data protection. This combination makes sense and is secure for the normal web user.”
Information Security Asia is the go-to website for the latest cybersecurity and tech news in various sectors. Our expert writers provide insights and analysis that you can trust, so you can stay ahead of the curve and protect your business. Whether you are a small business, an enterprise or even a government agency, we have the latest updates and advice for all aspects of cybersecurity.