Yes, you need a VPN, too Parts 1 and 2

This was originally published in two parts. I'm maintaining that separation here.

Part 1: What is a VPN and why do you need it?

Last week we discussed password managers and I hope you took advantage of the Black Friday deals on at least one of them. This week we’ll take up another “must have” – VPN (Virtual Private Network).

Why is it a “must have?” It encrypts ALL of the traffic to and from your device (phone, tablet, laptop, whatever) so that NO ONE besides the site you’re talking with can read your data (that’s not strictly true – I’ve taken a little liberty here in the interests of understandability and brevity – but it’s close enough for our discussion). Why is this an issue? There are bad people (known as “bad actors” in the cybersecurity business) who set up WiFi networks that look like the network at your favorite restaurant or coffee shop or grocery store. How do they do that? We know WiFi networks by their SSID (remember that from the column on November 17? – https://go.ttot.link/SSID). The SSID isn’t reserved – anyone with a device capable of sending out an SSID and accepting connections can broadcast any SSID they choose. And there’s no easy way to tell if the device broadcasting that SSID is really who you think it is. So, if you usually connect with your Kroger store’s WiFi and they use an SSID of Kroger, there’s nothing stopping a bad actor from setting up their own WiFi using an SSID of Kroger. If you connect to the bad actor’s Kroger WiFi instead of your store’s WiFi, the bad actors get to see all of the unencrypted traffic between your device and the Internet. And, by the way, you should know that if you connect to the store’s WiFi, the store can see all of your unencrypted traffic – that’s the way it works! All unencrypted traffic to and from your device is visible to all the devices through which that data flows. That includes your cellular carrier!

So, you ask, which traffic IS encrypted. Well, if you connect to a website using HTTPS, rather than HTTP, that traffic is encrypted. HTTP traffic is not. But what about apps? How do THEY connect? Are they encrypting their traffic? Some apps publish how they make their connections but most do not. Does your bank’s app encrypt their connection? I hope so but is hoping they do enough?

This is where a VPN helps. It handles all traffic to and from your device. When you install and start a VPN on your device the VPN connects to and establishes an encrypted connection with a machine (known as an “endpoint”). As long as your VPN is connected, all traffic to and from your device flows through that endpoint over that encrypted connection. So, if you go to that restaurant or coffee shop or grocery and you use their WiFi with your VPN, you’re assured that your traffic is safe, even if you happen to connect to a rogue WiFi network.

Pretty much all VPNs let you choose your endpoint and some people use that capability to “geoshift” – appear to be in a different location than where you are really located. Why do people want to do that? Well, some services are only available to people in a certain geographical area. Some music streaming services, for instance, are only available in certain countries. People who live in countries where that service isn’t available will choose an endpoint in one of the countries served by the streaming service so they can use the service. Another example, the BBC (https://bbc.co.uk) shows different content if you’re using their services from the United States. Personally, I don’t geoshift – I use a VPN strictly to ensure my traffic is encrypted so I almost always choose an endpoint that’s geographically close to me but I want to make you aware of this because when you read about VPNs you’ll see that they publish the locations of their endpoints. Also, some VPNs have specialty endpoints that are optimized for certain types of traffic like streaming movies. I’ve never had a need for those types of endpoints but, again, I want you to be aware of it.

Since your VPN is handling all your traffic it’s important that you trust them and the best way to establish trust is to use an established, well known, and reviewed VPN. There are free and paid VPNs, and many paid VPNs have free plans. Free VPNs often restrict their use in some way like reducing the speed or limiting the number of connections. If you think you want to use a free VPN, do some searches to see what the industry thinks of it and read some reviews so you know what they provide to free accounts. Here are the free VPNs PC Magazine likes https://go.ttot.link/FreeVPNs1 and here’s what CNet likes https://go.ttot.link/FreeVPNs2.

If I’ve piqued your interest enough with this column, there are some good deals available right now (I’m writing this on the Black Friday/Cyber Monday weekend) but they may not last. Nonetheless, I’m going to post a link or two, just in case. But always look for deals if you want to purchase a VPN. ‘Nuff said, here are 2 VPN sale links – https://go.ttot.link/VPNDeals1 and https://go.ttot.link/VPNDeals2.

OK, I’ve covered VPN basics and I hope it’s all been clear – if you have questions or need clarification, please don’t hesitate to contact me. Next week we’ll discuss a few of the VPNs I like and use including one that operates a little differently and has a pretty good free option.

Part 2: What are some worthwhile VPN providers

Last week we covered some of the concepts embodied in Virtual Private Networks (VPNs). This week we’ll discuss several VPNs and go into some details around them.

As a quick review, why do you need a VPN? If you care about your privacy or are worried about your personal interests being sold elsewhere or you are concerned that some of your credentials might be stolen, you want a VPN. It ensures that the data leaving from or coming to your device is securely encrypted so nothing between you and your VPN can “see’ your data.

For the most part I encourage you to actually pay for your VPN. It’s an expensive service to run and, in general, anyone that provides it for free is using other means to defray their costs…possibly even selling your information. There is one free VPN that I recommend and we’ll cover that a little later.

As with any business there are some VPN providers whose privacy practices aren’t the best, so it’s important to check some trustworthy sites for reviews. Three good sites to check: https://www.cnet.com/tech/services-and-software/best-vpn/, https://www.pcmag.com/picks/the-best-vpn-services, and https://www.forbes.com/advisor/business/software/best-vpn/. “Best” is a label that changes with just about every review so read the reviews, pick one or several that sound good to you, and look for deals! Just about every VPN provider offers deals throughout the year. Personally, I check https://www.stacksocial.com/ every so often, and I’ve gotten some really good deals.

One term you should be familiar with is “split tunnel.” That’s a fancy term that’s pretty simple in concept. There are some apps that for one reason or another, don’t operate correctly over a VPN. You can exclude those apps from the VPN and the fact that they can be excluded is what’s called a split tunnel. As an example, some streaming apps won’t work if they detect you’re using a VPN (perhaps they don’t want you to geoshift – see last week’s column for a definition) so they need to be excluded from the VPN. As far as I’m aware all good VPNs have the ability to provide a split tunnel but, if possible, you should verify that your selected VPN has that capability.

I have several VPNs that I use. My two main VPNs that I pay for are NordVPN (https://nordvpn.com/) and CyberGhost (https://www.cyberghostvpn.com/en_US/). Why did I choose them? Honestly, they tend to rate pretty well in reviews and I got a good deal on both of them. In fact, they both have deals going on as I write this but so does just about every other VPN provider so be sure to check around. All reliable VPNs have free trials or money back guarantees so, rather than just taking my word for it, I encourage you to give several a try. While they all provide pretty much the same service, each has their own user interface and one might make more sense to you than another. Some offer additional services like secure file storage or a password manager so take those into account, too.

The one free VPN I can recommend is WARP by Cloudflare (https://www.cloudflarewarp.com/). Cloudflare is a CDN (Content Delivery Network). They provide sites like Doordash and Lyft a way to deliver their content more quickly to users like you and me. How they do that isn’t important for this discussion, what IS relevant is that Cloudflare has a very large network that you can tap into with their VPN client. You don’t choose an endpoint, Cloudflare does that for you, choosing one that will provide the best service. Since it chooses the endpoint, you can’t use it to geoshift. Even so, many streaming services like Netflix won’t work with it but you can use the split tunnel to exclude them from the VPN

One other term you might encounter is the “Internet kill switch,” sometimes known as “Always On VPN.” Enabling this will prevent Internet access if your VPN isn’t active. Enabling this switch means that you have to have your VPN running all the time and it’s not something I recommend to new or inexperienced users. Why? The VPN will have to be active all the time even when you’re at home and some apps and services that you use at home will have to be made a part of that split tunnel. Have a printer at home? That service needs to be part of that split tunnel and it’s not always easy to figure out what to add. Some VPNs provide ways around this – some might allow you to exclude certain WiFi networks (e.g. your home or work network) from the VPN so, while technically you’ve got Always On VPN, it’s not really on when you’re connected to specific WiFi networks and your traffic isn’t encrypted. My recommendation is to forget about Always On VPN and just remember to turn it on when you leave home.

OK, I’ve covered VPNs and I hope it’s all been clear – if you have questions or need clarification, please don’t hesitate to contact me. And, as always, let me know if you have any topics you’d like me to cover.

As always, my intent is to help you understand the basics and equip you to search for more detailed information.

Please feel free to email me with questions, comments, suggestions, requests for future columns, to sign up for my newsletter, or whatever at [email protected] or just drop me a quick note and say HI!

You’ve got choices as to how you read my columns! You can read all my columns and sign up for my newsletter to have them delivered to your email when I publish them at https://go.ttot.link/TFTNT-Newsletter. You can read the most recent column in the Hillsboro Times Gazette at https://go.ttot.link/TG-Column - it should be updated shortly after this column appears in the online version of the newspaper.