The questions may be naive, but please bear as I wish to clear my doubts after reading about VPN from various sources. 1. Many articles including PCMag, Forbes etc advise using a VPN to protect against hackers etc. Other than ISP and agency snooping and circumventing censorship, how does a VPN protect against hackers? 2. Many places write generic advice like using VPN for banking security. However many Wilders users advise against it for setting alarm bells in bank security systems as they flag VPN connections suspiciously. So does VPN play any role in security (not privacy and censorship), if it is not advisable to use for banking, stock trading etc? 3. Do apps open their own connection circumventing VPNs? 4. Finally MITM attacks between my and VPN server can be averted by using it. What about MITM attack between VPN Server and final destinantion websites? Thanks
1. VPN can protect you from hackers if you use untrusted gateways to connect to internet (free Wifi and similar). It could also protect you by hiding your real IP address. 2. Personally I don't use VPN for online banking and similar for reasons that you've mentioned. I would only use it if I were on untrusted network and I would use a server located in my country. 3. Usually they don't circumvent VPN connection and pass network traffic through it. You can use firewall to make sure no traffic circumvents VPN if connection drops or similar. 4. If website is important always use https and check certificate before doing anything sensitive. If connection between you and webpage is encrypted, MITM would not be able to monitor content of network traffic between VPN server and final destination.
I always use my VPN when I am on my laptop. The laptop cannot go out into the "wild" unless it does so through my tunnel. Since its UP already I simply connect to my Bank using the connection without any issues at all. When I am on my Pixel XL I use normal https and my home LAN without any VPN. Both connections are secure and neither causes any issues or headaches for me. BTW - I am lucky enough to have full U2F for my bank connection and do so on ANY connection as I have it set as a requirement to log on. Very comfortable with knowing that only I will connect to my accounts. There is a huge difference in the "quality" of the term VPN. Any of the top 5 that circulate around here as trusted, secure, etc.... would be good to go. I mention this because there are some providers out there that claim all sorts of things regarding their security. Sadly, under testing they don't hold up. Your bank connection should be secure in spite of those, but if you are going to pay for a VPN just make sure to get one that does the job.
For what it's worth, I use a VPN for reason #1 above, public wifi in hotels, airports, coffee shops, etc. Nowadays I think it is just foolish not to. I don't use a VPN for privacy--that's not my reason--and I doubt the VPN I use is a complete privacy solution anyway. But it isn't anonymity I'm after. Again, FWIW.
Thanks for your replies. @Palancar - yes, security of a bank connection is paramount. I have a bank connection that will fail if I set security.ssl.require_safe_negotiation as true. As for bank going into a tizzy while using a VPN, one bank tracks machine id and whenever I use a different machine, it flags it and prompts for additional security. It will be interesting to see what happens using a VPN. After reading your replies I understand that to use my banking, stock, funds accounts through my phone (mobile data connection), VPN will not be necessary. It will be useful only for public wifi connections. Is that correct? As for point no. 3, iPad does not have a firewall. How can I stop apps from connecting by themselves?
If you chose bad VPN service, it can decrease your security depending on your arrangement as it allows bypassing firewall. See this MRG article. https://www.mrg-effitas.com/how-your-vpn-can-be-a-front-door-access-to-your-system/ HMA is not recommended here Wilders, and you'll be safe if you set VPN up on your router. I personally only use VPN on public Wi-Fi, restricted country, or when for some reason I don't want websites to track me (with other privacy measure). VPN for banking appears not to make much sense to me, tho it means double encryption and adds 1 more security layer so that even if an attacker can MITM your https still you may be safe (most if not all banks deploy HSTS and it prevents some attacks on public Wi-Fi). It also doesn't make much sense regarding privacy as banks anyway know who you are. Needless to say, if your browser was exploited or you have malware on your computer, VPN is no help. Strange, that rather can mean the bank website has improper security. That all depends on your threat model, i.e. what do you want to protect from whom? But as long as you only care about common criminal, that'll be correct. I used OpenVPN official app on iPad but it sucks, no automatic reconnection after disruption. The best way will be set VPN on router level, but maybe it's not your option? Some VPN service provides their own apps and they might be better. But again, what's your threat model and do you care IP leak? If not, just set VPN app either OpenVPN or providers' and all connection will go through VPN tunnel in theory. (Firewall is somewhat vague term, and I guess you just mean per-app outbound control which is not necessarily be firewall. I don't think iPad don't have firewall.)
