Do I really need a VPN? The answer is probably no.

Status
Not open for further replies.

Oeck

Junior Member
Joined
Mar 17, 2020
Posts
49
Hello everyone,

As some of you may have recently seen, my company purchased advertising here. We are a VPN company and decided to write this short article as there is a lot of misinformation and fearmongering going around the internet regarding VPN services. I will try and write this article in a way where non-tech users also understand it. If you have any questions at the end of the article, please ask them in this thread.

Do I need a VPN for...

Preventing hackers stealing my passwords over public WiFi?
Preventing hackers stealing my data and other sensitive information?
Adding security to my online banking?
Being completely anonymous whilst I am online?

No, you do not need a VPN. A VPN will not help with any of these issues ( regardless of what you may have read online ). Although we do recommend users use a VPN generally speaking ( I never turn mine off ), if you are looking to buy a VPN for these reasons, a VPN will not help and you are literally throwing money down the drain.



Do I need a VPN for...

Preventing my ISP or public/private WiFi being able to see what websites I access and when I access them?
Prevent the government from seeing which websites I access and when I access them?
Access content that is blocked by my ISP or WiFi?
Accessing streaming services and regions not available in certain locations?
Block most Phishing, Malware, Ads and online trackers?
Bypassing firewalls ( such as hotel, company and government restrictions )?
Torrenting?

Yes, a VPN can help in these situations. However, you should always practice good privacy and security in addition to using a VPN. We will always suggest using a good password manager and never using the same password twice.

If anyone has any questions please feel free to comment and create a discussion for all to partake.

Regards,
Peter @ Oeck.
 
Prevent the government from seeing which websites I access and when I access them?

If you'd followed conversations here and there on AFF (well before you joined!), you'd have seen that I am the least paranoid or worried that the government might see, know, care about etc what websites I visit :) . I don't give a rats .. but I do like that if there is any public gazing to be had, I allow it, not anyone else.

But I'm curious about the above point. I use Nord VPN from time to time, mainly for geo-location purposes and often when I'm overseas.

My (very limited!) understanding is that use of a VPN does not - cannot - conceal from your ISP what web-sites you type in and probably those where you follow links to. The VPN will only conceal from the 'other end' the source of the connection. If that is correct, and assuming the federal government has, or could have the power to demand an Australian ISP to hand over user data, is it still true to say that an ISP will prevent the government from seeing which web sites I access?

PS I have a query on VPNs and Microsoft which I'll ask in one of your other threads.
 
Hi @RooFlyer,

I will try and answer your questions as best I can, as well as provide some commentary where possible.

If you'd followed conversations here and there on AFF (well before you joined!), you'd have seen that I am the least paranoid or worried that the government might see, know, care about etc what website I visit :) . I don't give a rats .. but I do like that if there is any public gazing to be had, I do it, not anyone else.

I won't tell you how to live your life, that is up to you. But personally I believe my business is just that - mine. I don't need nor want someone I don't know having access to anything I like, don't like, what I watch, what times I browse etc. In addition to that, governments have a really bad record of keeping user data safe. Added to that they have stupid laws which they pass without knowing what they are talking about. All of this information can be used against you at any time.

My (very limited!) understanding is that use of a VPN does not - cannot - conceal from your ISP what web-sites you type in and probably those where you follow links to.

This is a very good reason to use a VPN. If the VPN provider is reputable and is doing everything correctly, it is literally made for this. Nobody can see what you are doing. They can't see which websites you are visiting, where you follow links, etc. This is done by creating an encrypted connection from your computer to the VPN server. The server then does the surfing on your behalf, then sends the information back to you using the encrypted tunnel.

The VPN will only conceal from the 'other end' the source of the connection.

This, but the other way around. The connection between you and the VPN is secure.

If that is correct, and assuming the federal government has, or could have the power to demand an Australian ISP to hand over user data, is it still true to say that an ISP will prevent the government from seeing which web sites I access?

In Australia the law for ISPs is to retain metadata of its users for two years. If anyone needs access to that data the ISP is legally obliged to hand it over. This is where a VPN comes in handy. The ISP can only know that you connected to a VPN, not what you did whilst on the VPN. The VPN provider should not be keeping any logs, and should be established in a jurisdiction where data-retention is not a law.

PS I have a query on VPNs and Microsoft which I'll ask in one of your other threads.
Sure, not a problem. Let me know if I can help :)

Regards,
Peter @ Oeck.
 
  • Like
Reactions: RB
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

Many thanks for that Peter. I don't doubt what you are saying, (honestly!) but what I grapple with understanding is the immediate connection between my laptop and the ISP, who charges me to access the web. When I connect, I thought I first go via Telstra's servers (you'll have to tolerate layman's terminology :) ) and then out to the world, including the VPN servers, if subscribed. Surely Telstra has to know its me (a customer) so that they accept the connection.

If the VPN causes my connection to go via itself first, and then to the ISP (thereby concealing me from the ISP and therefore the government), why would they permit the connection - the VPN isn't identifying to the ISP that I'm one of their customers.

Or, is the big trick that if I have a VPN, I don't need a local ISP? :oops:
 
Hi RooFlyer,

I will try my best to explain this as it is technical.

You are correct in saying that you must communicate with your ISP first as they give you internet access. However, once you connect to the VPN everything you do is going through an encrypted tunnel. The easiest way I can explain this is there are 2 people, each with a phone. The ISP is the party who is transferring data to and from each phone. When the VPN is enabled, each person on the phone switches to a language that nobody in the world other than those two can understand. The ISP is still transferring that data, but it has no idea what is being said. Even if they were to record the conversations, due to the complexity of the language being spoken, computers will take thousands and thousands of years to finally understand what is being said.

And yes, you still need an ISP as they are the ones providing you with the access to communicate with others, regardless of which language you are speaking.

Regards,
Peter @ Oeck.
 
Ah, understood ... you've done this before :) . So the way to picture it is that the identification to the ISP is at the start of the connection session, without touching a key. With the VPN, the first touch of the key is encrypted and what does the ISP care, as they have their money ...

All you have to do is look at my other query and you might have anew customer this weekend :cool:
 
Ah, understood ... you've done this before :) . So the way to picture it is that the identification to the ISP is at the start of the connection session, without touching a key. With the VPN, the first touch of the key is encrypted and what does the ISP care, as they have their money ...

All you have to do is look at my other query and you might have anew customer this weekend :cool:

Hi @RooFlyer,

I am not sure what you mean by Key, sorry. Using a VPN is not illegal in Australia. So, even though your ISP can see you are connecting to VPN servers, they won't do anything about it as you are not doing anything wrong by simply connecting. They also can't see what you are doing whilst connected. Many businesses use VPN technology and it is a vital part of the internet. What you use it for however may be illegal, but the VPN company ( again, assuming they are reputable and don't log anything ) will never know what you're doing.

Of course, I am not telling you to go and break the law. But from a technical point, this is what the case is.

But jump aboard! It is free for 3 days. We would love to have you as a customer. We would also love to hear what you think about the service.

Regards,
Peter @ Oeck.
 
  • Like
Reactions: RB
Do I need a VPN for...

Preventing hackers stealing my passwords over public WiFi?
Preventing hackers stealing my data and other sensitive information?
Adding security to my online banking?
Being completely anonymous whilst I am online?

No, you do not need a VPN. A VPN will not help with any of these issues ( regardless of what you may have read online ).

Good on you for being honest (unlike the majority of the super discounted sign-up VPN providers and their band of commission YouTube ads)

HTTPS has been standard for many years on the majority of websites, and effectively encrypts the connection, the only difference being the ISP can see the target website.

But as you outline there are plenty of other reasons to use a VPN service.
 
Hi @moa999,

Good on you for being honest (unlike the majority of the super discounted sign-up VPN providers and their band of commission YouTube ads)
Hey no problem! This is something we strongly believe in so we conduct ourselves as such. Wait until you find out about the "top sites" that rank VPNs. We can't even get reviewed and we are 2 months old!

HTTPS has been standard for many years on the majority of websites, and effectively encrypts the connection, the only difference being the ISP can see the target website
Indeed. Security just isn't as much of an issue anymore.

But as you outline there are plenty of other reasons to use a VPN service.
Yes. I always keep mine on but that does not mean everyone else needs one. If you are in the boat of why you should use a VPN, then you should probably purchase one.

Regards,
Peter @ Oeck.
 
Hi @moa999,


Hey no problem! This is something we strongly believe in so we conduct ourselves as such. Wait until you find out about the "top sites" that rank VPNs. We can't even get reviewed and we are 2 months old!

Sounds like the "top sites" that rank airlines/airports 🙃
 
Sounds like the "top sites" that rank airlines/airports

Hi @TomVexille,

I am not familiar with those sites, but if you link me and explain it I will take a look.

The VPN "top sites" I am referring to 'rank' VPNs from best to worst. They do speed tests, etc. We have asked many of them to review us and the first message we receive back is "Where do we sign up to your affiliate programme?". Affiliate programmes allow anyone with a special link to earn a commission on the sale. This is a huge conflict of interest as the sites can ( and do ) rank the VPNs they deem 'the best' high even though it is usually just the VPNs who pay the most commission.

We don't have an affiliate programme for that exact reason.

Regards,
Peter @ Oeck.
 
Hi @TomVexille,

I am not familiar with those sites, but if you link me and explain it I will take a look.

The VPN "top sites" I am referring to 'rank' VPNs from best to worst. They do speed tests, etc. We have asked many of them to review us and the first message we receive back is "Where do we sign up to your affiliate programme?". Affiliate programmes allow anyone with a special link to earn a commission on the sale. This is a huge conflict of interest as the sites can ( and do ) rank the VPNs they deem 'the best' high even though it is usually just the VPNs who pay the most commission.

We don't have an affiliate programme for that exact reason.

Regards,
Peter @ Oeck.

Skytrax for one. As you point out. Rankings can be bought
 
There's a bit more to it... yes VPN's can be useful in certain circumstances.. but in most cases you will still leave an identity trail in some form.



Do I need a VPN for...

Preventing my ISP or public/private WiFi being able to see what websites I access and when I access them?

- ISP perhaps/questionable, but the search engines can still track your activity, your WAN interface can be logged locally and forensically analysed, or your browser history can be remotely monitored/captured. Most users would not know how to avoid this. There are plenty of non-nefarious out of band monitoring/analysis tools available which can be legitimately installed on end user devices.

For example, in your phone analogy, handsets can log the call and the ID of the parties connected, and record the conversation at either end.


Prevent the government from seeing which websites I access and when I access them?
- see above. Also, if you are using e-commerce sites, you will still leave a financial trail. 3rd party Identity brokers can also log authentication requests.

Access content that is blocked by my ISP or WiFi?
- Assuming your ISP doesn't block certain "default" UDP ports, or providers tag your L3 traffic as suspicious and block it altogether.

Accessing streaming services and regions not available in certain locations?
- Unless the streaming services actively block the VPN provider's IP range(s) / servers. Also, if it is a subscription service, they can block you based on your credit card issuer's ID number / country.

Block most Phishing, Malware, Ads and online trackers?
- Most yes.

Bypassing firewalls ( such as hotel, company and government restrictions )?
Torrenting?

- Again, some organisations actively block some UDP ports, or can detect tunneling protocols to block encrypted connection establishment at their firewalls.
 
Hi Guvner,

Fantastic reply!!

ISP perhaps/questionable, but the search engines can still track your activity, your WAN interface can be logged locally and forensically analysed, or your browser history can be remotely monitored/captured. Most users would not know how to avoid this. There are plenty of non-nefarious out of band monitoring/analysis tools available which can be legitimately installed on end user devices.

For example, in your phone analogy, handsets can log the call and the ID of the parties connected, and record the conversation at either end.

Search engines for example can get information from you using webrtc. This can be ( and in my opinion should be ) disabled in your browser.

For the phone analogy they can record the call, but still not know what you are saying, as stated in my post above.

see above. Also, if you are using e-commerce sites, you will still leave a financial trail. 3rd party Identity brokers can also log authentication requests.

Exactly this. It is a good privacy tool, but not an anonymity tool. If you go and login to Facebook, general accounts tied to you, there will be a record.

- Assuming your ISP doesn't block certain "default" UDP ports, or providers tag your L3 traffic as suspicious and block it altogether.

This is extremely unlikely to happen. There is also the option of using TCP on 443. For something like this to happen I would assume the user is already on some sort of watch list.

- Unless the streaming services actively block the VPN provider's IP range(s) / servers. Also, if it is a subscription service, they can block you based on your credit card issuer's ID number / country.

Yes, but the purpose of this point is to unblock streaming services, such as Netflix. For this purpose it is fine, and I have as of yet to hear about a streaming service shutting down an account. This is also not an illegal activity.

- Again, some organisations actively block some UDP ports, or can detect tunneling protocols to block encrypted connection establishment at their firewalls.

This is also why you can use TCP on 443. I can't speak on behalf of other VPN services, but we also have OBFS4 for extreme firewalls ( such as GFC ). We have been successful in getting around it.

But you make some really good points and you're correct. A VPN is not a "flick the switch and you're good to go" service. You also need to change your behaviours in general.

Regards,
Peter @ Oeck.
 
For the phone analogy they can record the call, but still not know what you are saying, as stated in my post above.

Thanks. but that's not what I meant. Your analogy states the Telco can't understand your conversation because the language is unknown. I'm saying the voice can be recorded pre-encryption, i.e. in a known language, at the point of origin and, similarly, post decryption at the destination, by the devices themselves, not the telco.

Your voice isn't encrypted before the sound hits the microphone in your handset, nor as it leaves the speaker.
 
Hi Guvner,

Fantastic reply!!


Yes, but the purpose of this point is to unblock streaming services, such as Netflix. For this purpose it is fine, and I have as of yet to hear about a streaming service shutting down an account. This is also not an illegal activity.

I'm not saying its illegal. T&C's and regional pricing come in to play.


This is also why you can use TCP on 443. I can't speak on behalf of other VPN services, but we also have OBFS4 for extreme firewalls ( such as GFC ). We have been successful in getting around it.

I think we are talking about two different things here. Most firewalls can certainly detect IPSec or SSL headers. and drop the outbound handshake packets trying to establish the tunnel. I've stayed in hotels that have done this.. surprisingly..
..though not in China.


Anyway, we both agree it's not the perfect solution for every problem. I'll give your service a try.

Regards,
Peter @ Oeck.
 
Last edited:
Thanks. but that's not what I meant. Your analogy states the Telco can't understand your conversation because the language is unknown. I'm saying the voice can be recorded pre-encryption, i.e. in a known language, at the point of origin and, similarly, post decryption at the destination, by the devices themselves, not the telco.

Your voice isn't encrypted before the sound hits the microphone in your handset, nor as it leaves the speaker.

I believe I know what you're saying here, but if I am wrong please feel free to correct me. If the device is already compromised, then yes, the VPN will not help. But that will take a tremendous amount of effort on behalf of the person who has compromised your device. If we are talking general use ( with a clean device ), the ISP can record but not understand the traffic. But please feel free to speak in technical terms so we are both on the same page if I didn't understand what you are saying.

The firewalls detecting SSL headers is correct. Which is why ( at least for Oeck ) we use OBFS4. It is resource intensive, but it helps to prevent detection. When our new apps are released you can test this for yourself. The feature is called Obfuscation but it will drop your speed dramatically. However, it will bypass heavy firewalls ( such as the Great Firewall of China ). We have successfully tested this and it was happy enough - but slow.

You seem to know your stuff well, what do you do for a living?

Regards,
Peter @ Oeck.
 
Fair enough, I was trying to avoid technical terms given the broad spectrum of AFF'ers.
 
Status
Not open for further replies.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..
Back
Top