What is a secure VPN

VPN encryption: is it as secure as we are told?

Data protection scandals, but also security gaps, hacking and various scenarios of mass surveillance have led users to worry about their privacy on the Internet. That makes sense too. However, users often seek their salvation in the mostly aggressively advertised VPN encryption. “Surf anonymously”, “stream securely online”, “100 percent anonymity” or other promises are commonplace. However, it is important to check how secure this VPN encryption really is in the modern World Wide Web.

VPN connection? What is that?

Virtual private network or virtual private network: This is what the abbreviation “VPN” means. In this VPN, the data remains protected on the transport route. If you use VPN software, first connect encrypted to your VPN provider, who then forwards you to the Internet - so you are not using a direct connection to the Internet.

Your data will be anonymized during the process. The connection request goes through a server of your VPN provider (node). As a user, you will be assigned a new IP address. The reason for this is to protect your actual IP address. The IP address serves as the identification number of your device. So it can be summarized that a VPN aims to make your computer invisible on the web.

One often hears the term “VPN tunnel”. The comparison of a tunnel fits in well with the way VPNs work: only those who drive through the tunnel can see and influence the traffic - a driver outside the tunnel cannot see what is happening inside. It is similar with VPN connections: Since VPN encryption is used for data transmission, a possible attacker could recognize that a connection is being established via this tunnel. However, he does not see what is being transferred where.

Internet security or empty promises: what can a VPN do?

As you read in the previous paragraph, the VPN endpoints are protected - that means: VPN encryption only protects the traffic from the user to the provider's VPN servers. If a connection is established, the possible point of attack is simply shifted. If the sent data is not protected in any other way, it can still be read between the VPN server and the actual destination.

Another problem is that users may end up with dubious VPN providers. The providers may want to join the trend and offer insufficiently mature software. Or providers disguise their software as a VPN tool, but behind it are viruses or Trojans. You should be careful with free tools in particular. The magazine digitalwelt.org has done the work to compile a list of reputable VPN providers including their rating.

The article “Anonymity: The unfounded advertising promises of VPN providers” on kuketz-blog.de is also interesting to read on. In this article, the immense discrepancy between the advertising promises of various VPN providers and the actual status becomes clear.

And what about data protection?

VPNs are also often advertised with the topic of data protection - after all, in times of mass surveillance it is also important to protect metadata. Metadata is information about other information resources - for example when sending an e-mail: In addition to the content of the message, there is the metadata, which consists of the sender, the recipient, the time and date of sending and other information. Are VPNs a good solution for this?

You shouldn't lose sight of how the VPNs work. It leads to a centralization of all data connections at one point. If a secret service wants to efficiently monitor data traffic, it would make the most sense to be strategically close to the VPN access node.

VPN security risk: How to do it better

Instead of only encrypting the path between the VPN client (the user) and the VPN server (the provider), it makes sense to encrypt the entire path from the sender to the destination.

This is also standard nowadays: numerous websites are already end-to-end encrypted using SSL certificates. A large number of all websites are delivered with TLS encryption via HTTPS. This not only protects against curious third parties, but also against data manipulation. Technologies such as HSTS ensure that unencrypted HTTP connections are not possible.

When does VPN encryption even make sense?

We don't want to demonize VPNs under any circumstances - there are very sensible application scenarios! VPNs were not originally designed to surf the World Wide Web “100 percent anonymously” and without leaving any traces. It was intended for other uses in which VPNs are still useful:

If you are in a public WLAN and want to protect yourself from unwanted other readers, use VPN. VPN encryption can also be used sensibly when external employees are connected to the company network. In countries where the Internet is censored, these geo-blocking blocks can be bypassed using VPN. Of course, there is still the risk of incomplete VPN encryption.

In addition to SSL encryption on the Internet, the use of Tor Browser also ensures strong data protection. This combination makes sense and is safe for normal web users.