Will i need a VPN easily have https? A reader question, answered

#@@#@!!

#@@#@!! #@@#@!!

#@@#@!! #@@#@!! ZDNet Recommends #@@#@!! #@@#@!!

#@@#@!! #@@#@!!

I recently got another letter from a reader that can serve as a great foundation to have an article. Our reader asks:

Is not really the encryption offered by my browser around the data I exchange by having an https: site sufficient to protect the data? My understanding has been that it is. If so, a VPN is just not needed for this purpose. Furthermore if you do, it’s perfectly safe for me to exchange private data (say, account info with my bank or stock broker) over any public, open network. #@@#@!!

Naturally , VPN’s provide a number of other valuable functions, but when i understand it they cannot provide any additional security towards the actual data exchanged. VPN providers may likely not want to highlight this. #@@#@!!

Which lot to unpack within our reader’s letter. Let’s dig into each question/statement one-by-one. #@@#@!!

#@@#@!! #@@#@!!

#@@#@!! Perfectly safe #@@#@!!

Separate through the technical questions, our reader makes an assertion I think deserves an immediate and somewhat forceful correction. Our reader states: #@@#@!!

It’s perfectly safe to exchange private data (say, account info with my bank or stock broker) over any public, open network #@@#@!! [using https]. #@@#@!!

Let’s have this out of the way: It really is never, ever, by any means, #@@#@!! ever #@@#@!! “perfectly safe” to switch data over the internet, whether using a public, open network (shudder) and even from your home or office. #@@#@!!

If #@@#@!! reading #@@#@!! ZDNet #@@#@!! regularly lets you know anything , it’s there are security breaches and security flaws throughout our networks that occur with constant, never-ending, and virtually overwhelming regularity. #@@#@!!

Also:   The best VPN services for 2020   CNET #@@#@!! #@@#@!!

I’m not going to go into either all of the breaches as well as all of the ways message traffic can be intercepted while in motion. Suffice to state, our data is never “perfectly safe, ” therefore we must always take action to guard ourselves, our data, through extension, our financial and physical security. #@@#@!!

#@@#@!! #@@#@!!

#@@#@!! #@@#@!!

Just because you’re not paranoid doesn’t mean they’re not out to get you. #@@#@!!

Because of this reality, we often practice a #@@#@!! belt-and-suspenders #@@#@!! approach to all of our security practices. That means, despite the fact that we may have one amount of security, it’s never enough. That way of security may be cracked or buggy, or there might be some other reason it’s leaky. It’s always best to have multiple approaches to keeping safe. #@@#@!!

Must read:

#@@#@!! Is https enough? #@@#@!!

Let’s begin with what https does. It secures (through encryption) an http connection between an internet site as well as your browser. This means that the contents of what you’re transmitting are unlikely to be read or changed between your browser as well as the website. #@@#@!!

However, you aren’t in charge of this connection. It’s up to the website operator (and any associated services it calls on) to be sure to properly setup and operate the secure connection. #@@#@!!

Not every websites use https, so whatever you do with an unencrypted connection is visible. What’s actually of far greater concern with unencrypted traffic is that an attacker (usually called a #@@#@!! Man in the Middle attack ) can modify what is sent, injecting tracking bits — or worse, malware — in to the stream. #@@#@!!

Probably the most visible of such are #@@#@!! Great Cannon-style attacks #@@#@!! that inject JavaScript and HTML payloads into unprotected web traffic. These payloads then conduct denial of service attacks (hence: cannon) against targets of interest towards the hackers. #@@#@!!

Nobody wants their web browser unwittingly changed into a denial of service weapon. #@@#@!!

One more thing to consider about https encryption could it be only encrypts your web traffic. Some other internet activity is not touched by the https protocol and so requires its encryption. Samples of other activity include web-based video games that may send your, password, and even credit card information in the clear; an e-mail program; or perhaps a locally run accounting program. #@@#@!!

So , yes, https helps. But it’s just one security accessory in a belts-and-suspenders-security ensemble. #@@#@!!

#@@#@!! Wireless router encryption #@@#@!!

There’s another encryption element that sometimes makes the chain. Which is Wi-Fi encryption you get when you use a Wi-Fi router having a password. #@@#@!!

Naturally , here’s another point of risk: You have absolutely no way of telling when the Wi-Fi router continues to be spoofed, and you’re really sending all of your data through a #@@#@!! pineapple #@@#@!! or various other data spoofing device. #@@#@!!

#@@#@!! #@@#@!!

#@@#@!! VPN encryption #@@#@!!

This statement by our reader is difficult to unpack: “VPN’s provide a number of other valuable functions, but as I understand it they do NOT provide any extra security to the actual data exchanged. ” #@@#@!!

I believe what our reader says that VPNs provide other services, however they don’t provide any other data security services. But VPNs do. In addition they encrypt data. #@@#@!!

VPNs absolutely do provide data security services. Packets are encrypted through the local browser towards the VPN service agency. All packets. #@@#@!!

Now, you need to understand where this encryption helps and where it doesn’t. Should you be on your web browser within a coffee shop and you’re speaking with your bank’s web interface, your traffic is encrypted inside your browser, goes from your device to some local router, towards the local ISP, across a whole bunch of hops, and for your bank, where it’s decrypted. #@@#@!!

Https will encrypt that entire pipe, but only if everything is to establish correctly. #@@#@!!

Now, in case you are utilizing a VPN (with https or not), your data is encrypted on your computer. If you’re using https, the https-encrypted data is encrypted again by VPN. That data then travels over the usual hops to some VPN server, is decrypted once (the VPN’s layer is removed), and sent on to your bank. #@@#@!!

The advantage of VPN encryption is out of your device towards the VPN provider on the web. This protects almost all coffee shops, airports, and hotel lurkers who might attempt to snag your computer data in motion. #@@#@!!

#@@#@!! Thinking about security #@@#@!!

When it comes to thinking about mobile security, you have to bear in mind the endpoints and what’s being encrypted. Let’s go through the last three we discussed: #@@#@!!

  • https: #@@#@!! Encrypts web traffic between the web browser as well as the webserver.
  • Wi-Fi: #@@#@!! Encrypts all network traffic between the mobile device as well as the Wi-Fi router in your local coffee shop, hotel, airport, and so forth
  • VPN: #@@#@!! Encrypts all network traffic between your mobile device as well as the VPN provider on the internet.

Are you able to see how these different elements encrypt and decrypt at different points? Also, remember that anyone (or more) of these security services may be compromised. Plus, naturally , additional amounts of encryption, like #@@#@!! encrypted SSL and TLS tunnels #@@#@!! between websites and payment providers. #@@#@!!

By utilizing multiple layers of encryption, each not able to see to the other, you’re reducing the chance that any one compromised network will compromise you. #@@#@!!

#@@#@!! Other VPN services #@@#@!!

As we’ve discussed in our various VPN reviews and guides, different commercial VPN services provide different added value. Some mix in anti-virus. Some mix in some identity protection services. #@@#@!!

But all VPNs provide another essential security service: IP address obfuscation. #@@#@!!

If you use a VPN, you receive an IP address from the VPN provider. This is actually the IP address recorded by various services on the web. This enables you to definitely protect your identity when it comes to where you’re located, what ISP you’re using, or perhaps what country you’re in. #@@#@!!

For a few people, this can be a less critical service. For others, especially those dealing with stalking or other personal protection worries, VPN location protection services are crucial. #@@#@!!

#@@#@!! Main point here #@@#@!!

Therefore , in answering my reader’s question, do they need a VPN? It’s as much as them. But is https the be-all and end-all of internet security? Oh, hell number #@@#@!!

What tools would you value to protect your security? Let me know in the comments below. #@@#@!!

You are able to follow my day-to-day project updates on social media marketing. Make sure to follow me on Twitter at #@@#@!! @DavidGewirtz , on Facebook at #@@#@!! Facebook. com/DavidGewirtz , on Instagram at #@@#@!! Instagram. com/DavidGewirtz , and on YouTube at #@@#@!! YouTube. com/DavidGewirtzTV .

#@@#@!!

Next Post

Best Macintosh apps in 2021: Anti virus, security, plus productivity

Mon Mar 8 , 2021
If, with this problem, your primary function machine is a Mac pc, you require it to be looking forward to anything at all living and work can toss from this. This means that having the right efficiency, security, and productivity applications. Tests your own macintosh and get rid of rubbish […]