Markets around VPN services are booming like never before. Each one of them claims to bring up awesome levels of security with nearly no cost at all. Can this all be true? As the old saying goes, if something seems like being too good to be true, then it probably is.
VPN services used to be exclusively and mainly used by corporate customers, governments and other resourceful entities back in the early days of the cyberspace. Software for VPN services was expensive, “difficult to use” and mainly provided by large corporations outside of the reach of small businesses and user groups. There were some open source solutions, but not until recently, those were able to deliver “easiness of use” that was appropriate for popular markets. Still, many of the VPN service providers require customers to install their proprietary software, even recent operating system versions include VPN client software. Check out your operating system network settings, and it is highly likely that you will find a VPN client installed already and ready to use.
Exaggerated security implications are also common in the security markets. Who would not like to have their customers to think they are protected against everything, yet, it is essential to be aware of the fact that security is a speculative market. Trust can only rarely be measured and indeed, even the science confirms that people choose to employ security-enabled protective measures based on their assumed “efficacy”, not necessarily the actual mechanics, features or even level of security improvement. There are then, we must assume, a lot of assumptions involved in the security business, something that might resemble “myths” too. While VPN services can indeed increase the level of security for some, it could undermine that at the same time drastically, as many customers might not be aware of how a VPN service, in fact, does deliver. Understanding at least the basics of VPN networking can be useful in the process of picking up the most cost-efficient solution for an improved level of security in the cyberspace.
Myth #1: Good VPN can prevent hacking and ransomware
No, not really, but yes, in a way a VPN can be helpful. Many myths around VPN services are based on inappropriate use of concepts, like taking apples for trees and using high-level marketing terms together with specific technical vocabulary without actually understanding what they are on what level of conception those operate, like mixing “hacking”, “ransomware” and “VPN” in one sentence. For sure, a VPN service does little to nothing to prevent either of those, not only because popular marketing terms like “hacking” have only vague definitions which might be more useful in a political bombast or as an advertisement half-truth than as an actual “target of protection” for a VPN service.
It is good to recall, that a VPN is nothing more and nothing less than a “routing mechanism” to get network traffic securely from point A to point B over an insecure segment. In practice, this can be thought to be like a tunnel from e.g. from home network, over the insecure and public Internet all the way to a foreign country. That is all it does. Then, you could ask yourself, considering what all could “hacking” mean, what good does that do to protect one from those unspecific things from happening. Clearly, having a tunnel could be helpful in order to obfuscate origins of a network traffic, but without further due, one should already see that there is not much one should consider a VPN service “as it is” to do when it comes to being less likely become a target of hacking or ransomware.
The only thing a VPN could do in defenses is to increase in agility for the user. This way, a user could change their network location, even “identity” with a click of the mouse (and a few bucks paid), instead of jumping into a plane, and thus make it more difficult for such hostile actors of the cyberspace to target them.
Myth #2: VPN users are completely anonymous and untraceable
Perhaps some users might enjoy an elevated level of anonymity when using VPN services, but without proper understanding on how the tunnels of cyberspace work, one should not expect too much when it comes to anonymity in the cyberspace. Modern cyberspace and internet protocols consist of distinctive layers, and each layer may only provide security for and on their respective part of the whole. This meaning, that as a VPN function on the lower level of “networking”, there is not much in the terms of security implications regarding anonymity on the upper layers of applications. In short, even with military-grade network-level VPN service in place, upper layer applications, like Facebook or Google Sites, could still completely freely determine their users as before and track down their doings online.
However, a good VPN service can increase in agility for cyberspace users. With VPN service, cyber-citizens can relocate themselves in the cyberspace with a click of the mouse. Without too heavy costs, one can switch their network location From China to the US, even to Paris, Brussels or Tokyo. No wonder that some authorities do their best in trying to block the use of VPN services altogether!
Agility is a good capability in the cyberspace, and it is good to note for example what Tor guidelines recommend for their users in order to increase their level of anonymity and prevent tracking. This agility can bring about a remarkable advantage in the cyberspace, and simple measures like changing exit nodes, and ensuring the absence of application-level tracking mechanisms can indeed be useful in the process of staying anonymous in the cyberspace — but, in no means do they guarantee anything.