This video is sponsored by [VPN]… “. You’ve probably heard this phrase in several videos before, and for good reason: Consumer VPN providers are now communicating across all media to promote their products. These advertisements promise several things: greater control over our personal data, anonymity, internet security, and the ability to locate us in another country to get around geo-blocks. Not everything in this marketing process is totally fake … But it’s still advertising and things are sometimes over the top. Let’s take stock.
What is a VPN?
Put simply, a VPN allows you to connect a device to a network by creating a private, encrypted (and not “encrypted”) tunnel that isolates communications between the two entities. There are many uses for a VPN, and the definition can vary slightly.
Originally, VPNs are used in businesses. Imagine a scenario where an employee works from home but has to log into the corporate LAN to read a confidential file. For security reasons, the local network is inaccessible from the Internet, but employees who are not physically on site must still be able to connect to it. Using a VPN allows you to connect securely here the computer present at the employee’s home to the company’s local network, as if the computer were in the corporate building.
A VPN prevents a device from communicating directly with a website by adding a layer of security.
In recent years we have seen the emergence of consumer VPNs, which no longer serve to connect a device to a private corporate network, but add an extra step when browsing the Internet.
Here, the VPN server acts as a relay between our device and the website, preventing the two from communicating directly. This further step would improve both privacy – by replacing our IP address with that of the VPN server that takes care of forwarding our request to the website – and our security, thanks to the creation of an encrypted tunnel between our device and the VPN server. in which our data travels, preventing it from being intercepted, modified or read. In reality, things are a bit more complex.
VPN and security
It is often said, as we have already pointed out, that VPNs should improve our internet security. This is probably the most controversial point: VPNs are pretty useless security tools, with a few exceptions. The argument advanced by VPN providers is, as we briefly explained above, that the VPN client (application) creates an encrypted tunnel between the user’s device and the VPN server. Therefore, the data is protected from modification by third parties and is not accessible either to our Internet Service Provider (ISP) or to anyone who controls the network. And, while the truth is increasingly blurred, it is relatively true. The problem is rather at the level of the VPN server.
When the data arrives at the server, it is decrypted. This is necessary so that the server knows which site we want to visit and so that it can send the request to our destination on our behalf, but also so that the latter can read this request, making the visited site believe that the request comes from the VPN server. instead of our device. Once the data leaves the VPN server, it is then transmitted the same way it would be directly from our device, with no additional encryption.
A VPN cannot protect us from malicious sites, phishing attempts, or malware on the Internet.
The good news is that, VPN or not, our data is generally not sent unencrypted over the internet, at the mercy of prying eyes. Thanks to the work of many organizations, most modern websites have adopted the HTTPS protocol. To check if a site uses it, just look at the URL visited, see if it starts with “https” and check if our browser displays a small padlock next to it.
In other words, the HTTPS protocol allows us to be sure that the exchange of data between our browser and the site we want to visit is safe, thanks to the use of TLS (Transport layer security). Without going into technical details, TLS allows the browser and the site to implement a common language encryption method to ensure that the communication remains secret, with no risk of eavesdropping.
Using a VPN can be useful for our safety in a particular scenario: when connecting to public wifi. Some believe that visiting sites in HTTPS is enough to protect themselves from the dangers of an unsecured network, since the connection is encrypted. Using a VPN in addition doesn’t really have a downside in this specific case, as long as the VPN is reliable and proves to be reassuring additional protection.
A VPN, on the other hand, cannot protect us from malicious sites, phishing attempts, or malware on the Internet. Some VPNs include threat protections, which usually come in the form of a list of sites that are considered dangerous.
However, listing all the malicious sites is titanic and impossible. Some IT professionals, like Dennis Schubert, Mozilla engineergo even further: using a VPN can be dangerous, as it gives a false impression of security and anonymity that can lead to risky behavior on the internet.
VPN and personal data protection
We come to the most important point. Of the arguments in favor of using a VPN, that of protecting personal data is probably the most repeated. A VPN should make us anonymous and prevent third parties from tracking our browsing.
Specifically, a VPN prevents the sites we visit from obtaining our IP address, which can give a general idea of our geographic location, although it is rarely accurate. And there could be good reasons to hide your IP address: a reporter from New York Times who was investigating a corruption case it had been detected by the subjects of his investigation because his IP address, identified as belonging to the newspaper, had appeared numerous times on the visit logs of the company’s website.
While a VPN helps prevent certain information from being recovered, it cannot guarantee anonymity.
But the giants of the web have long since stopped relying on IP addresses to identify and build a profile on their visitors. Another preferred method is the Fingerprints, a set of specific data of a user: his browsing habits, the size of his screen, the way he moves the mouse, the version of his browser, the plugins installed, the fonts used, the sites visited, the language , etc. . This information, taken individually, is completely useless. But taken together, they create a profile to uniquely identify a person, like a fingerprint.
While a VPN helps prevent some of this information from being recovered, it cannot guarantee anonymity. Also, as soon as we connect to an account, the service can recognize us and the rest of our business can be linked to this connection. Not for nothing Tor discourages form filling when using the network. And, unlike tools like an ad blocker, a VPN doesn’t prevent the installation of cookies and ad trackers, which can be used to track a person’s navigation during a session.
VPNs, especially for US users, offer the ability to hide browsing from their ISP. If in some cases it may be necessary, understand that this data is still going somewhere. It’s a change of trust – instead of trusting your ISP not to sell our data or use it in a negative way, we are now trusting a VPN service.
Sometimes there are good reasons to choose to rely on a VPN company over its internet provider. But it is still important to ask yourself if, in your particular case, it is really necessary to entrust your data to a company that is difficult to identify, sometimes located in a country with very different laws from yours and which has the possibility to resell or transmit this information.
In an effort to build trust, several VPNs claim to be “no logwhich means they do not collect any information linking a user to the activities they undertake when the VPN is activated. This claim is rather difficult to verify and has been proven many times over not everyone honored their commitmentsas well as being subject to the laws of the country from which they operate.
A useful use of a VPN: bypassing blocks
While VPNs don’t always live up to their promises, we’ve already highlighted two cases where they can be useful: a corporate VPN is used to connect to a remote network, and a consumer VPN serves as additional protection on a public wifii.
Another useful use of a commercial VPN is to bypass blocks. For example, if you are in France and you connect to an American VPN server, the sites you visit will have the impression that you are in the United States, which can have several advantages. We are obviously thinking of streaming platforms, which do not offer the same content in all countries for rights issues. But bypassing a geoblock can also allow you to visit sites that are inaccessible in the European Union because they do not comply with European data protection laws, sites that are blocked at the level of ISPs or by countries for political reasons.
Again, the VPN doesn’t hide its activities. And if circumventing restrictions or censorship is illegal in your country, a consumer VPN isn’t the solution and we don’t recommend it. But sometimes you want to read a story on a local American site, which didn’t find it necessary to comply with the GDPR, or to continue a series when you are on vacation in another country. A VPN is therefore a good solution.
VPNs can be very useful tools to add to your arsenal, as long as you use a reliable VPN and know exactly what it can and cannot do.