Why You Don’t Need a VPN
I’m gonna start this off by saying my title is wrong. I wanted something short and snappy, and “Why a VPN Shouldn’t be a High Priority for Your Privacy Model” was too wordy. So before anyone jumps down my throat, don’t?
VPNs are kind of a staple of privacy and security. They are most people’s first introduction into this kind of stuff. Maybe they use for one work, or maybe – like me – they were alarmed by the US Government allowing ISPs to sell your browsing data and the many ways that would definitely be abused. Maybe they just wanted to watch something that wasn’t available in their area. At any rate, most people are familiar with the basics of VPNs. If you need more information, check the website.
You might be confused why I listed VPNs in the lowest section of concern on the site, but it’s actually not as confusing as you might think. The reason is because these days, most of the privacy and security features that a VPN offers can be replicated in other ways. Privacy and security technology has come a long way.
What Does a VPN Do?
A VPN provides an encrypted connection between your device and the VPN server, and from there it goes out to the website in question. This all traffic on your device is hidden from anyone in between your device and the VPN server, including your local router, your service provider, and anyone else who might be looking along the way. Additionally, your traffic essentially appears to be coming from that server. So rather than appearing to come from your IP address in Portland, Maine, you might appear to be living in Los Angeles, California. Or Geneva, Switzerland. Or anywhere else you choose.
How Is That Replaced?
For starters, TLS/SSL, better known as “HTTPS.” TLS allows encryption between your device and the server you’re accessing, and this is the technology that allows you to securely transmit login information and credit cards over the internet. The days of sitting in a Starbucks with a laptop and stealing the logins of other customers are pretty much over. As long as a site is using HTTPS – which most do, these days – you’re reasonably secure. Most apps also use TLS to communicate, meaning that almost all activity on your phone should be relatively encrypted (however it is hard to verify this so never assume that’s the case).
Another powerful technique that helps is the resistance to tracking cookies and browser fingerprinting (at least, for VPN providers who provide their own DNS resolvers that block trackers, which the ones I recommend do). Under the Most Important section of my website, I have a chapter called “Securing Your Browser,” and several chapters on phones called “Securing Mobile.” These chapters share steps on how to institute anti-tracking measures on your phone and your web browser, which in turn help to eliminate some of the tracking that a VPN would help to protect you from.
So Is a VPN Useless?
No, not at all. TLS only hides everything after the slash, in essence. So for example, if you visited my blog, your internet service provider can see that you visited Write.As, a minimalist blogging website, but they can’t see exactly what posts you clicked on. A VPN tells them nothing, they can’t even see that much because all traffic is encrypted from your device to the server. Additionally, with a VPN, you’re encrypting everything on your device. With services like TLS and tracking protection you’re only protecting your web browser or specific app. With a VPN you’re protecting all the apps, telemetry, updates, and background stuff that may not be using TLS (or may be using an old, less effective version). Not to mention, last but least, a VPN will hide your IP address. There are many other ways of tracking you across the internet, but that's a pretty surefire one that a VPN can fix with a click.
In short, I’d put it this way: if you’ve already done all the other more important stuff and you have the money, a VPN is a great addition to your privacy and security model. But focus on other, more effective and more important stuff first. VPNs are still an important layer of protection for privacy and security, and lately I’ve seen a lot of debate over whether or not they matter. I think everyone should still be using a reputable VPN provider these days, but I do think there’s more critical steps to be addressed first. Using a VPN with Google still doesn’t help much. But coupled with other privacy-respecting services and techniques, it’s a powerful link the chain.