In the title of this post, keep in mind the keyword is may; as a forewarning, this is not a post that definitively says you must use a VPN regardless of the circumstances… because that is simply not true.

From a privacy lens, VPNs are niche tools – once some criteria are met, they can prove useful in some circumstances.

While a VPN can be a useful tool in improving your privacy – and security – it is important to realize that a VPN is far from a one-size fits all privacy tool. In most situations, a VPN should not be thought of as a security tool – except in the case where they are being used for their original purpose, which is to bridge two networks together.

You should determine whether a VPN is “for you” by carefully weighing whether your goals/wants/needs align with what a VPN can truly provide. Users should also keep in mind the limitations of a VPN may affect their privacy.

A VPN cannot make you anonymous, despite what many marketing gimmicks and claims insist. A VPN is not at all a viable substitute for using tools/services that respect user privacy (including using “basic” privacy practices) or basic personal cybersecurity hygiene.

VPNs effectively remove the ability of third parties – such as your internet service provider (ISP) to sniff (see) your internet traffic. In most simple cases, your ISP would only see that you are 1) online and 2) connected to a VPN service.

If a user’s main concern is keeping their internet traffic private from their ISP, then using a (trustworthy) VPN is a good choice. By connecting to the VPN provider’s servers, you are effectively routing your internet traffic through the VPN provider in place of your ISP. In essence, your internet traffic is kept between you and your VPN provider; assuming your VPN provider has an honored and verified “no logs” policy, this can prove a marked improvement for your privacy.

Additionally, assuming you are not connected to a “hostile” network, VPNs can be effective in preventing third parties from snooping on your traffic.

Though, it’s worth nothing that a VPN is not a silver bullet against some entities – such as well-funded and well-resourced public and private organizations. Some “adversaries” may be capable of employing advanced techniques both online and offline to expose your internet activities and possibly connect your activities to your real world identity. This can range from your “adversary” taking advantage of VPN tunnel leaks or exploiting other operational weaknesses surrounding your VPN.

Of course, using a VPN isn’t a replacement for basics such as forcing HTTPS within the browser; a VPN can’t encrypt the connection from your device to a website and without the encryption provided by HTTPS, data transmitted between your device and that web server is unencrypted. This unencrypted traffic can be easily captured by any third parties listening in on the connection – which is trivial since the data is transmitted in plaintext.

When configured and working properly – without leaks – a VPN effectively masks your IP address from the sites you visit and during peer-to-peer (P2P) activities. P2P activities frequently include torrenting and participating in video/audio calls in the browser (usually facilitated by WebRTC). In place of your IP address, the VPN provider’s server IP address is shared during P2P activities.

While this doesn’t provide anonymity, hiding your IP address can provide some privacy benefits, removing a piece of identifying information about your approximate location, ISP, and devices. This can be especially important during P2P activities, where these data points combined with other data about your activities can reveal more than you may have intended (or be aware of).

To ensure your IP isn’t accidentally revealed during P2P activities, you should make sure the VPN provider resists IPv6 leaks. You should also address the potential for WebRTC leaking your IP address, even while connected to the VPN server, from within your own browser.

Be aware that your VPN provider will have your IP address(es) since you are connecting to their servers.

This “benefit” comes with a huge caveat. In May 2024, researchers disclosed the TunnelVision vulnerability (which has existed since 2002), which can force VPN apps to send/receive some or all traffic outside of the encrypted tunnel.

Source: Leviathan Security

In summary, attackers can manipulate the DHCP server and enable option 121 to route VPN traffic through the DHCP server itself instead of the VPN tunnel, essentially exposing the sent/received traffic. In most cases, while this attack is carried out, the VPN app will report that the connection is “good.” This attack is most effective if performed by someone with administrative control over a network – such as a network administrator… which could be any network outside of your direct control.

Therefore, using a VPN on an unfamiliar network can be prove useless on a truly “hostile” network. Additionally, researchers believe this attack has been 1) known to attackers prior to disclosure and 2) used in the wild. This attack is not effective on Linux or Android devices.

With that said, assuming the network is not hostile or exploiting something like TunnelVision (there is little a user can do to confirm this) this is a benefit primarily for those who frequently find themselves using Wi-Fi networks outside of their home. While security hasn’t been a modern-day concern on public or otherwise unfamiliar Wi-Fi networks, privacy does remain a concern.

Depending on the ISP for the unfamiliar network, your browsing data could be collected, analyzed, and then sold/shared with third parties. Users may want to abstain from conducting sensitive activities when on an unfamiliar network, regardless of using a VPN or not.

A good and “trustworthy” VPN can effectively eliminate common privacy risks that can arise from using unfamiliar and/or public Wi-Fi networks. Again, a VPN creates an encrypted tunnel between your device and the VPN servers; third parties on a public Wi-Fi network such as the network administrator and the ISP for the network would only be able to see your active connection to the VPN provider, assuming other advanced methods of monitoring traffic/undermining VPN connections…

*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoid The Hack!. Read the original post at: https://avoidthehack.com/vpn-benefit-privacy