VPN, is it really necessary?
With the constant increase in internet usage, it’s increasingly common for confidential data to be shared online. And with this, concerns about data security also increase. Using a VPN can be a solution to protect personal information and ensure online privacy. However, when we use a VPN service, we are transferring our trust (or lack thereof!) from the ISP (Internet Service Provider) to a company, possibly unknown (the VPN service provider). To understand this statement, it might be better to review some concepts first.
How does the Internet and the relationship with the ISP work?
In very simple terms, when we connect to the internet, we are actually connecting to the network of our internet provider (ISP). This allows the ISP’s computers to see our traffic and know exactly which websites we are accessing, and they can use this information for various purposes.
How does a VPN work?
When we connect to a VPN, we are actually connecting to a third network, and encrypting our traffic before it leaves our computer, thereby preventing both the ISP and any other network through which the traffic passes from peeking into our traffic.
The Transfer of Trust!
So, if by using a VPN I am encrypting the traffic and preventing my ISP from knowing what I do on the internet, then the problem is solved and nobody can see what I am doing on the internet!
Wrong!
As mentioned earlier, by using a VPN we are only encrypting the data before sending it to the internet. This data must indeed be decrypted somewhere, in this case, the VPN provider can decrypt the traffic and see as much as the ISP could see without the VPN. And in this case, we are placing our trust in the VPN provider. Although many claim that they do not keep logs, records, or any information, it only takes a few minutes on Google to find numerous data leaks from these providers, to realize that it is not always as it seems!
So, should I use a VPN or not?
The right answer is the same as always… It depends!
Using a VPN can be beneficial for online privacy and data security. However, it is not the solution for everything and, as mentioned before, it might even be a worse solution! If the concern is only with the ISP, and cosidering that most traffic is already encrypted when accessing websites with https, perhaps it would be simpler and cheaper to use a different DNS provider, DoH, or if possible even change ISP! If the concern is only about protecting your IP from websites or other users, let me tell you that it is not worth it! Gone are the days when your public IP was directly associated with your computer. Nowadays, just with the IP address, there is not much anyone can do. Moreover, many times, the IP address does not even point directly to your router, since many ISPs use CGNat, which means that the exit node to the internet is not your router, but a router somewhere in the ISP’s network and the IP address is shared by more users. Even if the IP address is directly linked to your router, more often than not, it is enough to turn off the router for about 1 hour so that the IP is changed the next time you turn it on!
However, for those in a country with an authoritarian regime, if the country forces the ISPs to block certain websites (some cases all it takes is changing the DNS to work around this!) or protocols, or if you often travel and access the internet in cafes, hotels, restaurants, then perhaps, yes, you might need a VPN!
VPN? Where to?
That said, if you come to the conclusion that you really need a VPN, I strongly advise you to carefully consider what type of VPN you need. A long time ago, I wrote an article that explains what type of VPN we should use for each situation. Perhaps hosting a VPN at home might be a good solution for many cases; for others, hiring a VPN service provider might be the best solution, and in this case, I recommend to carefully evaluate the company offering the service before subscribing.