VIDEO: What is a VPN, and why should you be using one?

WTF are you doing not running a VPN?


We really blew the budget on this video, going to a top secret mystery location to film me blabbering about why you should install a VPN on your computers and smartphone.

What's a VPN I hear you ask?

It's a Virtual Private Network, I answer.

"Thanks Graham, that doesn't help very much... Why would I want one of them then?"

  1. It will encrypt your internet communications, creating a secure tunnel through which you will be able to surf the web without anyone snooping on what you're doing. That's particularly a good idea if you are using a public Wi-Fi hotspot at a cafe, hotel lobby or airport lounge where you don't know who might be interested in sniffing the radiowaves...
  2. Aside from protecting your privacy you can also use a VPN to disguise where you are in the world. So, if you want to access your favourite TV show ("Doctor Who", obviously) on BBC iPlayer but you happen to be overseas, you can use a VPN that will let you pop your head out of the secure tunnel in Britain, fooling iPlayer into think that you're back home in old Blighty. As well as helping you waltz around the geographical blocks that some media companies try to impose on the world, hiding your location also obviously has privacy benefits too.
  3. VPNs are handy for work too. They make it possible to securely connect to your office network from anywhere with an internet connection, without having to worry that your confidential documents might be being intercepted.

If you connect to public Wi-Fi and don't bother to use a VPN, you are putting yourself at greater risk of having your online accounts hijacked and your private information stolen.

My advice? Use a VPN.

Check out my YouTube video, and if you want me to make more videos please consider subscribing to my YouTube channel.

For more tips on staying secure on public Wi-Fi, be sure to listen to this edition of the "Smashing Security" podcast:

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

11 Responses

  1. Bob

    March 18, 2016 at 10:43 am #

    VPN's are not a panacea for secure connections. If you're using public WiFi to connect to a VPN then any attacker can just as easily intercept your traffic as he could without a VPN. Providing that he intercepts at the handshake stage then he's in.

    There are all sorts of clever certificate pinning methods that can be used to prevent the above mentioned attack but your average VPN user isn't technical enough to configure this – and there are no good automated options to do this for you.

    The other issue is that many sites (like Netflix) now block VPN traffic/discriminate against you. I know banks which won't allow you to connect to online banking because they see a VPN as as security risk and Netflix successfully block VPN users to protect their right-holders.

    Lastly more and more public WiFi and corporate networks are blocking users from connecting to VPN's. With public WiFi you need to get past a captive portal (long enough to capture an unsecured user's details) and then they disallow VPN's so they can filter your traffic. Corporate networks block VPN's to ensure the security of their network and for security, regulatory and compliance reasons.

    • Graham Cluley in reply to Bob.

      March 18, 2016 at 12:46 pm #

      VPNs aren't perfect, but I think you would probably agree that it would probably be better if the general public used them than if they didn't. If you don't use a VPN it's clear that bad guys will find it easier and have much more of an opportunity to have a crack at intercepting your online activity than if you do run a VPN.

      And, like I say in the video, if you're feeling paranoid your best bet may be to use a 3G cellular signal rather than a public Wi-Fi hotspot.

      Yes, I'm aware that the likes of Netflix are trying to block the use of VPNs, and telling customers to disable them if they want to watch their TV shows and movies online. I guess if your VPN is blocked by Netflix you will need to make a decision as to what's more important – watching House of Cards or your online privacy.

      FWIW, I just successfully accessed BBC iPlayer from Australia (just for research purposes, you understand) using a VPN.

      • Bob in reply to Graham Cluley.

        March 18, 2016 at 12:57 pm #

        I've just seen your reply, just after I'd responded to 'Carol Wiles' message below. I agree with you for the reasons I've given below.

        For some reason the BBC aren't enforcing their VPN ban (they do have one) as aggressively as Netflix; I'm not sure why… maybe they don't care.

        Enjoy your holiday ;-)

  2. Carol Wiles

    March 18, 2016 at 11:34 am #

    Over to you then, Graham?

    • Bob in reply to Carol Wiles.

      March 18, 2016 at 12:55 pm #

      The top line is: there's no way for your average user to fully protect themselves. What Graham is saying is that using a VPN is better than not.

      Unfortunately a VPN won't protect you against a computer-savvy attacker. It MAY provide you with a LITTLE BIT of protection against 'script kiddies' (when using public WiFi).

      However, for the reasons I went into in my earlier post many places/websites block VPN's which make their use impracticable or even impossible.

      The research continually bears out what I'm saying – if you go back even further you'll find plenty of other examples.

      90% of SSL VPNs are ‘hopelessly insecure’, say researchers (2016)
      http://www.theregister.co.uk/2016/02/26/ssl_vpns_survey/

      VPNs are so insecure you might as well wear a KICK ME sign (2015)
      http://www.theregister.co.uk/2015/06/30/worlds_best_vpns_fall_flat_in_security_tests/
      http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf

      Even with a VPN, open Wi-Fi exposes users (2015)
      http://arstechnica.com/security/2015/06/even-with-a-vpn-open-wi-fi-exposes-users/

  3. Aaron

    March 18, 2016 at 5:48 pm #

    Graham, you say that a VPN encrypts communication between your device and the Web site you're visiting. Is that true? My understanding is that encryption occurs only between your device and your VPN provider's server. The latter fetches the Web page on your behalf (i.e. anonymously) but it can't force a Web site to use encryption. The anonymity will not help you if the traffic contains, say, your personal/bank details. If I'm right, then a VPN is not a substitute for end-to-end TLS encryption, particularly where a Web server has a defective TLS implementation (which I find is often the case with e-commerce sites).

    You say "VPNs aren't perfect, but … it would probably be better if the general public used them than if they didn't". Probably true but there is always the danger of making people feel more secure than they really are. So we must not over-sell any single security measure.

    Keep up the excellent work.

    • Graham Cluley in reply to Aaron.

      March 18, 2016 at 7:22 pm #

      Hi Aaron

      Thanks for taking the time to comment, and yes, you are right. My apologies for the sloppy wording in the video. The VPN software encrypts the communications between the client (laptop, desktop, smartphone) and the VPN service provider.

      The use of a VPN doesn't negate the need for more websites and apps to use HTTPS/TLS. I was deliberately being wary of using too many acronyms as the video was spurred by somebody asking "What is a VPN?" after watching the Volvo digital key video!

      As with just about everything in security, what is important is a layered defence – which includes running a VPN, choosing a VPN provider you trust, choosing a VPN provider that doesn't log your usage beyond your comfort level and helps you to preserve your anonymity online, and using websites and apps that take your privacy seriously, etc etc..

      A VPN isn't a panacea. But I think for the average person in the street are a step-up from what they are currently doing (which is connecting to any open Wi-Fi network without any consideration of how to preserve their security).

  4. Fenix

    March 19, 2016 at 7:14 pm #

    What VPN services would you recommend for iPad?

    • Bob in reply to Fenix.

      March 20, 2016 at 12:40 pm #

      iOS limits the use of strong VPN's because Apple don't like you accessing the relevant API. You're stuck with using these insecure methods: L2TP/IPSec, MS-CHAPV2, PPTP etc. The more secure option is OpenVPN but this app hasn't been updated in a long time.

      Even if you use a VPN some traffic leaks around it (because of how iOS is designed) so you won't get perfect privacy/anonymity/security. One example is email… even with a VPN the traffic goes directly through the network (3G/4G/WiFi) and not the VPN. Changing the default behaviour is sometimes impossible and, when it can be done, extremely difficult.

      I therefore can't recommend any services other than suggesting you look for one that supports OpenVPN and making sure you understand the downsides.

      My final piece of advice would be to look for a VPN that is based OUTSIDE the UK/USA (and certain other countries). Do your research, be confident that they retain no logs and make sure it's compatible with the devices you want to use it on.

    • AlexBright in reply to Fenix.

      March 21, 2016 at 7:42 pm #

      The UI from the video is from Freedome VPN, which is light and easy, i use it myself. Also not based in America, which is a big deal for some

  5. Pete

    April 15, 2016 at 11:49 pm #

    I have had experience with most of the VPN providers on this list, http://vpnranked.com , but Nord is the only one that continues to work with Netflix flawlessly.

Leave a Reply