I recently signed up with a personal VPN service for several reasons. I’d like an unbiased opinion of their value in terms of real security, privacy, etc., and also the potential unintended consequences of using them. I like the idea of having my email completely secured. No tracking (by Google or Bing) of my searches and portability to public hotspots. But I’ve also read that because VPN tunnels through my router's NAT firewall, I might be giving up a valuable layer of security when I use it at home.
I use a robust anti-virus firewall of course, but I know you recommend a NAT firewall as a strong first line of defense against internet attacks. Are there other potential downsides to casual use? I’m not recommending one “pay for" service over another, but I happened to sign up with Witopia and I’m quite satisfied so far. Thanks for any thoughts on the subject.
I’m a little concerned that there may be some fundamental misunderstandings of exactly what a VPN does and what it does not get you.
To be clear, a VPN does nothing more than encrypt and route all of your internet traffic through the VPN provider’s server. That’s it. What happens after that server actually doesn’t change.
Is your email completely secured? That depends on what you mean.
Become a Patron of Ask Leo! and go ad-free!
What a VPN does
A VPN does not affect how your email is handled. It is still transmitted in the clear once it leaves the VPN provider and makes its way to the destination.
A normal connection might look like this:
Whereas if you use a VPN, a portion of that connection is encrypted by the VPN:
All of your internet connections are routed through the encrypted pipe to the VPN service. After that, however, they travel the internet exactly as before.
Services still know you
If you use Google or Bing, they can track your searches regardless of how you connect to them. While you might access them through your VPN, you’re still accessing them.
As I said, the only thing a VPN brings to the party is the encryption of your connection to the internet.
A VPN is a great tool that helps you avoid the risks of open Wi-Fi hotspots or hotel connections and (in some cases) gain access to sites that might otherwise be blocked.
Firewall?
By and large, I’m not terribly concerned about the firewall in a case like this. You want your NAT firewall up to prevent direct connections to your machine if you're at home. You want your software firewall up if you're out and about. (If you're at home it adds another layer of protection; in the case of a VPN, it won’t hurt.)
I can’t really say for sure, but I would honestly expect most VPN services to actually be properly firewalled at their end, so I don’t expect a reverse connection coming in through your VPN (the kind of a thing that a firewall would protect you from) to be a big vulnerability.
So if I use OpenVPN to connect from McDonalds to a VPN server which I control, it’s actually secure?