VPN (Virtual Private Network) is one of the most misunderstood technologies among non-technical people. Actually, I have come across even many technical people with complete and total misunderstanding of what VPN is and is not. These days the term VPN is touted as a solution for all things security and is advertised by VPN vendors as the one-size-fits-all security solution. This is a misconception and a false sense of security; VPN solution is not a magic shield for online safety. Let’s take a look at what VPN is and is not.
What VPN is?
Simply put, VPN creates an encrypted network tunnel between your device (laptop, phone etc.) and a VPN server. All your data pass through the tunnel in an encrypted form to the VPN server to make it harder for anyone to track your online activity and most importantly where you are located. The websites you visit will only see the VPN server’s IP address not your device’s IP address. It is this aspect that allows journalists, activists and the like to hide from governments that watch everything they do. Similarly, cyber criminals can leverage this to mask their identity. It also allows people who want to get access to services (for example: video streaming) that are "geo-fenced" i.e. not allowed from certain countries due to regulation etc. Finally, corporations use VPN to prevent sensitive corporate data travelling from employee laptop via public network and to provide access to company resources. That is pretty much VPN is in a nutshell.
What VPN is not?
VPN does not protect you from cybercriminals or viruses or trojan or spam or adware or identity theft etc. Remember I mentioned above that VPN would prevent anyone from tracking your online activity? Well, it is not entirely true. Logged-in accounts and browsing habits can still be tracked (see my earlier blog on 3rd party cookie) by websites you visit. As mentioned earlier VPN isn't antivirus! So even with VPN running, you still need separate protection from malware, virus, trojan etc. Also, there is no guarantee on complete safety, as leaks can happen at the VPN server and some VPN providers log your activity and hand over to authorities when requested depending on local and international laws.
Do you need VPN?
The short answer is no, unless you have a specific reason to hide your online activity. For most everyday users, this isn't necessary. With the widespread adoption of https protocol, which encrypts data between your browser and the websites you visit, VPN adds little value for general online safety. In fact, using a VPN can significantly reduce your bandwidth despite the vendor’s claims of a "fast" solution. About 15 years ago, when the https protocol was not widely implemented, using a VPN was the only way to encrypt data from prying eyes -- up to the point where the VPN tunnel ended. However, this is no longer the case today, as all websites are protected by end-to-end secure connectivity.
Ultimately, whether you use a VPN or not, inherent risks are associated with using public Wi-Fi, which is beyond the scope of this blog. Unless your device runs on a secure operating system, such as Linux or Apple’s macOS, there is always a risk of compromise on public networks — even with an active VPN. It’s possible for someone sitting nearby in a coffee shop to hack into your device.