Good Tech Habits and Quality of life

VPN's and HTTPS - keeping your communications secure

VPN's and using the right tool for the job

It may help to understand VPN's by describing what they are not first followed by what they are second and finally touching on some of the differences that exist between VPN's and HTTPS.

VPN's don't verify that the web site you are connecting to really belongs to the bank, e-commerce site or institution you are trying to connect to. You still need to evaluate whether the site is what you think it is. Have you visited that web site before or did you click on a link in an e-mail to get to it? Is there proof that it really is the bank's web site? A VPN can NOT do that for you.

VPN's do NOT check if your computer has viruses (i.e. malware included).

VPN's DON'T warn you when you click on a link that is "bad" and that you shouldn't visit.

So if something looks or feels wrong or your gut is giving you that sinking feeling you need to follow up and use an alternative way to confirm whether the web site (or anything else) is what you think it is. More about that below.

"Wow, a VPN doesn't do a LOT of stuff!", you say. You are correct! It is only one tool in your toolset. That is why security is often compared to an onion. Why? Because onions have layers. The more layers of protective tools you have the harder it is for the "bad" people to access the low hanging fruit they usually look for.

Password managers, using "https", 2 factor-authentication, browser addons like "ublock origin", and url checkers like "ScanURL" and listening to your gut are some other layers of protection at your disposal.

In public places, a vpn is a good tool. People who like to bring their laptop with them when they go to a library, coffee-shop, hotel or airport when using the available free internet access provided should really use a VPN. Free internet access includes everyone - "good" and "bad".

Being aware of the tools and habits that can protect you doesn't take that much time or effort - learn one layer at a time depending on what your needs are! It is worth it.

"So, what does a vpn actually do?".

A vpn is a little bit like an invisibility cloak in that it hides your laptop's conversations with the web sites you are visiting from any onlookers.

It also encrypts the connection between your laptop and the bank's, for example, so that it is unintelligible if ever there was another device trying to snoop in on the conversation - like trying to get your username and password.

And, it can make you look like you are somewhere else. Huh? Journalists in repressive countries use VPN's because it hides their location and conversations with other's in countries where free speech is 'normal'. You don't really need to know how it does this. When you start your VPN software, just think of it as if you were the only one at home using the internet with the additional ability of transplanting you to almost anywhere else you wanted to be, including other countries. One day Spain, the next Australia. Cool, no?

VPN's are also used by companies for sales people who go on the road. Other uses for VPN's exist, but you can find out about these using some of the links provided below if you are interested. What about https?

HTTPS is another layer in our onion analogy. Think of HTTPS as a passport with a photo id of you that was issued by the country you live in. HTTPS should always be used, in public places and at home. Depending on the situation, VPN's aren't always necessary at home if you are not connecting to your workplace. But they can be.

The passport, however, is not for identifying you but rather to confirm the identity of the website you are visiting. Your browser, (like Firefox, Safari, Chrome/Chromium, etc) has a list of passport "issuers" that it "trusts". If the web site has been issued a "passport" (actually called a certificate) from one of these "trusted" issuers your browser knows about, then your browser can validate and identify that a website at https://www.yourbank.com is really your bank's website and not some rogue website. Just like other countries in the world recognise passports from Canada and use them to confirm that you are who you say you, browser's use their list of "issuers" as a way to confirm the identity of a web site.

In short, HTTPS can be used to confirm that a web site is really what it says it is. Just make sure to pay attention to what comes after the "https://" part.

https://www.yourbank.com

is not the same as

https://www.yorbank.com

Because of this need to confirm identities, very few websites use http anymore, so always try to use:

"https://www.goodcomputerhabits.ca"

and not

"http://www.goodcomputerhabits.ca"

How HTTPS does this and how to confirm it is working properly is for another time though.

Unlike HTTPS, VPN's don't confirm that a web site or a mail server (or anything else) is what it says it is but it does give you a secure tunnel between your laptop and its destination. If you clicked on a link in an e-mail that brought you to a web site that looked like your bank's web site, a VPN alone would not be able to determine if that was really the web site for your bank or a 'lookalike' waiting to download malware onto your computer in the hopes of getting your username and password or other information. That job is for https.

But VPN's are great for public areas with free wifi because of the other features it has mentioned above.

Links: