Network and Communications Security is not one of my strong areas so I'm hoping maybe a fellow CISSP who specializes in that area can answer my question about why there would be a need to have a personal VPN. As I understand, web traffic like when you go to a website the combination of the using https protocol and use of transport layer security (TLS) as your website traffic is exchanged between say your banks website and you, is supposed to be encrypted and secure that it shouldn't be able to be read by say a sniffing tool being used by a malicious actor right?
So why is there a growing market for personal VPN services like NordVPN or VPN that comes with your home internet security software, Norton, Trend Micro, McAfee?
@jbacon83 wrote:So why is there a growing market for personal VPN services like NordVPN or VPN that comes with your home internet security software, Norton, Trend Micro, McAfee?
You know what PT Barnum said, right? Something else you get with a VPN is the proxy ability - being able to have traffic relayed through some other IP, which may or may not provide some value to people. A personal VPN can provide a bit more protection. HTTPS, obviously, only deals with content exchanged over the browser, even then, there is the mixed content vulnerability where some of that content delivered to the browser might be coming over HTTP even though the URL says HTTPS (images, scripts, stylesheets that are referenced via HTTP). Overall, though, I think your assessment is correct: these "personal VPN" are not necessary and are predicated on convincing people that security is a matter of having more acronyms.
@jbacon83 "So why is there a growing market for personal VPN services like NordVPN or VPN that comes with your home internet security software, Norton, Trend Micro, McAfee?"
One core reason for a third party VPN is to prevent you internet service provide (ISP) from tracking your connections on the net. This is particularly important when using public access wifi, such as at a coffee shop or hotel. But it still is important for protection from abuse by your own home ISP.
My ISP is AT&T. They are now trying to sell us all on buying the ATT VPN as part of our service.
Hmmm, so the VPN to keep my ISP from spying on my traffic would be run by my ISP< such that they can spy on all my traffic (even while protecting me while on the public wifi at Starbucks).
Not the best idea in the world.
@CraginS wrote:My ISP is AT&T. They are now trying to sell us all on buying the ATT VPN as part of our service.
Hmmm, so the VPN to keep my ISP from spying on my traffic would be run by my ISP< such that they can spy on all my traffic (even while protecting me while on the public wifi at Starbucks).
Or to flip it around, these VPN services will be putting themselves in a position to build quite a marketing profile as they capture all your Internet traffic. They will even be in a position to inject advertising inline. The ones that double as an ISP are especially suspect as they likely already have a "privacy" policy that says they are allowed to share data. That said, some, like Nord, promise a no-logging policy, but that could all be potential bait-and-switch. Hook a few million users, then update the policy.
And don't forget there are places on earth being ruled by tyranny government, suppressing freedom of speech, persecuting people looking for democracy.
Personal VPN, if somehow legal or risk criminal charges using, still offer a little protection for people living in those countries to hide their online identity, and possibly let them access google that is otherwise impossible.
In a country of freedom, anything not prohibited is allowed. In a country of dictatorship, anything not allowed is prohibited.
You really need to thoroughly understand what is really being captured and who your information is being sold to and to whom before suggesting you need a VPN. Many of these services package your browsing behavior and sell it back to the very people you are trying to hide from.
As for keeping your browsing history a "secret". We have ways of tracking your history from your ISP back to the VPN provider and so on through law enforcement so its not like your completely off the hook, yet people actually believe they can view and do anything, anywhere on the net with no fear of being caught.
Is it really necessary? No, not really. Then again, I'm not the person browsing anything I would fear to see printed on the front page of the Washington Post, etc.
If this is your fear, you have other things to worry about.
- B/Eads
HI All
I think you need to go back to basics: Does your host country have similar laws to the Telecommunication Interception Act or Law? Which allows the Government to plant black boxes into the Telecommunications networks lawfully for interception purposes?
https://www.legislation.govt.nz/act/public/2013/0091/latest/DLM5177930.html
Regards
Caute_Cautim