Author Topic: Do you use a VPN while traveling?  (Read 1906 times)

Sunday_day

  • New Member
  • *
  • Posts: 8
Do you use a VPN while traveling?
« on: 08:11:20, 23/05/19 »
I can’t decide if I should get a VPN. I often use public wi-fi while on the road, and as I understand, it is not safe to use it without VPN https://medium.com/@mill.brucon/why-you-need-a-vpn-when-accessing-public-wi-fi-76978f3a7a77 [nofollow]. Does anyone have thoughts?

Rob Goes Walking

  • Veteran Member
  • *****
  • Posts: 1418
Re: Do you use a VPN while traveling?
« Reply #1 on: 08:25:25, 23/05/19 »
I can’t decide if I should get a VPN. I often use public wi-fi while on the road, and as I understand, it is not safe to use it without VPN https://medium.com/@mill.brucon/why-you-need-a-vpn-when-accessing-public-wi-fi-76978f3a7a77. Does anyone have thoughts?

I think this belongs in the Hikers Bar but to answer your question public WiFi is safer with a VPN but most important sites use encryption so are safe enough. I personally don't use a VPN when connecting to public WiFi despite having a premium VPN account and have never had my passwords stolen. It doesn't keep me up at night. Use a VPN if you're the careful type.

Oh as for emails they're easier to snoop on. The encryption is easier to perform a man-in-the-middle attack on I believe.

Edit: I forgot about unencrypted session cookies so I edited what I said.
« Last Edit: 08:37:04, 23/05/19 by Rob Goes Walking »

jimbob

  • Veteran Member
  • *****
  • Posts: 2503
Re: Do you use a VPN while traveling?
« Reply #2 on: 10:09:11, 23/05/19 »
I never use public wifi.
It loads too many cookies and data harvested things into your phone, nearly all of that is harmless per se  but it uses memory and takes up storage space of some sort, even if using VPN.
The signing in process is also tedious. More important there is very little availability of public wifi when out walking.
Too little, too late, too bad......

ninthace

  • Veteran Member
  • *****
  • Posts: 11821
Re: Do you use a VPN while traveling?
« Reply #3 on: 10:38:54, 23/05/19 »
I do not use VPNs either but I will sometimes piggy back on other folks' wifi when passing their houses.
Solvitur Ambulando

gunwharfman

  • Veteran Member
  • *****
  • Posts: 10255
Re: Do you use a VPN while traveling?
« Reply #4 on: 10:40:00, 23/05/19 »
I have to confess that I don't understand the subject at all.

I use a two SIM card phone. SIM 2 is used for WiFi only but I only use it (PAYG £5 per 30 days) as a last resort. When hiking I carry a MiFi (£10 PAYG) as my main access to the internet and to date have never had a problem. Whenever possible I use public WiFi (pubs, restaurants, etc)  to make my telephone calls on the MobileVoip app. I also use my SIM 1 PAYG exclusively as telephone money and will only use it when nothing else is available, £10 often lasts me months!

No idea if the following is relevant to the subject of VPN but when at home I use my PC to make my outgoing telephone calls, (the person receiving cannot identify me at all unless I choose to tell them) we never use our landline, this number is for incoming calls only.

For those who do know about these things, how does my method compare with VPN? Am I any less, or more vulnerable? If I'm more vulnerable, what am I more vulnerable to?

Rob Goes Walking

  • Veteran Member
  • *****
  • Posts: 1418
Re: Do you use a VPN while traveling?
« Reply #5 on: 14:31:29, 23/05/19 »
For those who do know about these things, how does my method compare with VPN? Am I any less, or more vulnerable? If I'm more vulnerable, what am I more vulnerable to?

Arguably less vulnerable using the SIMs and more vulnerable when using public WiFi. Vulnerable to having the Internet communications intercepted by hackers so anything they can do with that really. Mostly hijack accounts you use on public WiFi and steal your passwords you use on public WiFi. A lot of this will be encrypted which makes it a whole lot harder to hack. A VPN encrypts your entire connection so as long as you trust the VPN company not to get hacked/hack you (which would be bad for their business) it's more secure. If you want one, don't use a free one they're problematic. You can get a decent VPN for £2 a month or so.

gunwharfman

  • Veteran Member
  • *****
  • Posts: 10255
Re: Do you use a VPN while traveling?
« Reply #6 on: 14:41:54, 23/05/19 »
Being older and lacking in knowledge about such things how can I know that the VPN route is the best one or not? Is this information really correct, or is it just another sales ploy to encourage us to part with our money? Some people I know encrypt their whole phone, why not do this and save yourself £2 a month? Or use What's App, because that's obviously bombproof, it's encrypted, its totally safe and we know this because What's App told us this TRUTH didn't they!  8)

gunwharfman

  • Veteran Member
  • *****
  • Posts: 10255
Re: Do you use a VPN while traveling?
« Reply #7 on: 14:43:49, 23/05/19 »
I'm just going to stick with my present set up, I may experience a problem, I'll wait and decide what to do when it actually happens.

Rob Goes Walking

  • Veteran Member
  • *****
  • Posts: 1418
Re: Do you use a VPN while traveling?
« Reply #8 on: 15:00:15, 23/05/19 »
Encrypting your connection with a VPN is not the same as encrypting your phone. VPNs are a widely used system, you can create your own VPN with a spare Internet connection and the know how it's not a marketing ploy. Corporations usually have their own VPN. VPNs have other uses (I have one) but I'm not overly worried about getting hacked via public WiFi either (I don't use it on public WiFi). As worried as you are about IT security I'm a little surprised you're not remotely interested but if it ain't broke don't fix it I guess.

ninthace

  • Veteran Member
  • *****
  • Posts: 11821
Re: Do you use a VPN while traveling?
« Reply #9 on: 15:13:19, 23/05/19 »
When my daughter recently returned from a 3 week trip to NZ via Dubai she found that someone, based in Poland, had managed to get into her Microsoft account and change her password.  We are not sure how this happened but she had been using public WiFi without VPN throughout her trip and the silly girl had not set up 2 factor authentication.  Fortunately, she got control of her account back with bit of help from dad and as far as we can tell no lasting was done to her business.
Solvitur Ambulando

Guy

  • Full Member
  • ***
  • Posts: 221
Re: Do you use a VPN while traveling?
« Reply #10 on: 21:44:55, 23/05/19 »
Access to a secure website (https with a padlock) is secured end-to-end (i.e. data is encrypted by your browser and decrypted by the remote web server and vice versa).  So it doesn't matter if you connect to those sites over a public Wifi or a VPN.

There is some limited "meta information" that will get leaked (i.e. the public Wifi/VPN provider will know what site you are connecting to).  However, the public Wifi probably has limited information about you to be able to track it (unlike the VPN provider which is more likely to have your name, address etc).

Most sites are now secure.  However, there are a handful which still aren't (including this one).  For those, the public Wifi operator or the VPN provider (or your ISP) will be able to see all the traffic including your username/password.
« Last Edit: 21:52:50, 23/05/19 by Guy »

Rob Goes Walking

  • Veteran Member
  • *****
  • Posts: 1418
Re: Do you use a VPN while traveling?
« Reply #11 on: 03:10:08, 24/05/19 »
Access to a secure website (https with a padlock) is secured end-to-end (i.e. data is encrypted by your browser and decrypted by the remote web server and vice versa).  So it doesn't matter if you connect to those sites over a public Wifi or a VPN.


Most people just put ebay.co.uk into the address bar, not https://www.ebay.co.uk. This is problematic. On one network I used, the ISP had been hacked (DNS poisoned). When I put eBay into the address bar it took me to http://www.ebay.co.uk. The site looked legit, Chrome's password manager input my saved password. I submitted the page and it asked me to verify my account with my credit card details. Given eBay have never had my credit card details I grew suspicious, checked the URL bar and noticed the connection was unencrypted. I then checked the DNS record and sure enough www.ebay.co.uk resolved to an IP address in Russia. I changed my password.

Point being, there are still ways to hack that surface which don't require breaking the SSL encryption even if they just rely on the user being lazy when typing the address. Other exploitable mechanisms may exist we haven't thought of. Some sites just encrypt the login then transmit the session cookie without SSL (though I wouldn't expect your bank to do this). It's not sensible to assume we've thought of everything and "can't be hacked".

Sunday_day

  • New Member
  • *
  • Posts: 8
Re: Do you use a VPN while traveling?
« Reply #12 on: 08:07:46, 24/05/19 »
Thank you all for the answers, but after Guy and RobGoesWalking experiences I am more worried about my online security because I often pay bills while using public Wi-Fi, so I guess it is easy to see my credit card details.

Rob Goes Walking

  • Veteran Member
  • *****
  • Posts: 1418
Re: Do you use a VPN while traveling?
« Reply #13 on: 09:08:25, 24/05/19 »
Thank you all for the answers, but after Guy and RobGoesWalking experiences I am more worried about my online security because I often pay bills while using public Wi-Fi, so I guess it is easy to see my credit card details.

Not easy unless the site your using doesn't use encryption (I've never seen a payment system online that doesn't use encryption), just possible. It still requires effort (though a lot less once the initial effort has been put in).

Guy

  • Full Member
  • ***
  • Posts: 221
Re: Do you use a VPN while traveling?
« Reply #14 on: 09:29:47, 24/05/19 »


Most people just put ebay.co.uk into the address bar, not https://www.ebay.co.uk. This is problematic. On one network I used, the ISP had been hacked (DNS poisoned). When I put eBay into the address bar it took me to http://www.ebay.co.uk. The site looked legit, Chrome's password manager input my saved password. I submitted the page and it asked me to verify my account with my credit card details. Given eBay have never had my credit card details I grew suspicious, checked the URL bar and noticed the connection was unencrypted. I then checked the DNS record and sure enough www.ebay.co.uk resolved to an IP address in Russia. I changed my password.



 
I assume this happened a LOOONG time ago.  This wouldn't work now for two separate reasons :-

 
1. Ebay issues a permanent redirect from http to https.  Your browser caches this, so on all subsequent requests to http://www.ebay.co.uk/ your browser would automatically send you to the secure site https://www.ebay.co.uk/ without it ever visiting http://www.ebay.co.uk/

 
2. Secure sites can tell browsers to only every access the secure version.  Your browser would refuse to serve the domain from a non-secure site.  (For the technically minded see the http strict transport security setting for ebay at https://www.ssllabs.com/ssltest/analyze.html?d=www.ebay.co.uk)  


Separately, I'm amazed that the password manager copied over a username/password from a secure site to a non-secure one.  I'd assume that wouldn't happen now too.

 
 

Other exploitable mechanisms may exist we haven't thought of. Some sites just encrypt the login then transmit the session cookie without SSL (though I wouldn't expect your bank to do this).



As you say, a bank would never do this and to be honest I can't remember the last time that I saw any site do this as it's fundamentally insecure.




 
Point being, there are still ways to hack that surface which don't require breaking the SSL encryption even if they just rely on the user being lazy when typing the address... It's not sensible to assume we've thought of everything and "can't be hacked".  
 



Yes, there's phishing attacks, XSS attacks etc too.  There is also the (in)famous quote that the only secure computer is one that's turned off, udnerground etc (http://www.anvari.org/fortune/Random_Fortunes/105_the-only-secure-computer-is-one-thats-unplugged-locked-in-a-safe-and-buried-20-feet-under-the-ground-in-a-secret-location.html)

But if you're accessing a site over https (and it's the correct site!) then in general it's secure and I wouldn't worry about your public Wifi/VPN/ISP.


 

Terms of Use     Privacy Policy