VPN provides false sense of security

Posted March 28, 2014 by David Redekop to VPN

VPN has many legitimate functions. We use it on a daily basis in order to access services that are not available to the public for reasons of security.

A VPN in most cases is analogous to having a key to a building. Once you are inside the physical building, security is relaxed and you can accomplish what you need to get done.

A lot of marketing of VPN services out there appears to be geared towards our need or want for anonymity. Don’t fall for that because it provides neither privacy nor anonymity. It simply shifts the exposure to another part of the network. As for the signals that server-side services receive, everything (other than your Internet exit IP) remains the same.

Let’s talk about signals. Here are just a few:

  1. IP address. In the consumer’s mind, this is the most obvious signal that a web server has on you. Provided the public IP databases are accurate, it may narrow it down as far as a city, state, country. Most IP lists are about 97% accurate to the country, and about 90% accurate to the city/state level.

  2. Location data – try going to http://mylocation.org/ and you will see additional location data signals that you may be sending unknowingly. The accuracy doesn’t even matter because in aggregate, you may be sending the same location data as previously

  3. Cookies – unless you’re running in incognito mode all the time, Google (and others) can easily identify you from a previous visit

  4. When you’re logged into any website – as soon as you’re logged into a website, a record now exists on a web server somewhere that matches your username with a public IP address

  5. Garden varieties “phone home” protocols including any of the following services you may have running on your computer:

    • dynamic software updates

    • remote access software (logmein, back to my mac, team viewer, gotomypc, etc)

    • calendar, contacts or email software that synchronizes

    • and many more pieces of software that have one reason or another to phone home

  6. Email software that sends/receives email in clear-text

  7. Any “Internet Account” that is configured on any software application on your Mac, Windows or Linux
Again, VPNs are a very necessary part of everyday security on the Internet. Just don’t be fooled into thinking it provides you anonymity or security from prying eyes. It simply shifts the visibility from your Internet access location and ISP to the VPN provider’s location. If you believe that the VPN exit point country has a lower likelihood of spying on your traffic, then there may be a little safety there, but most of us will just never know and certainly never be able to confirm that.