VPN. What is it? Is it legal?

There are a lot of ads online about VPN, but what is it really, and is it legal? Often on the question on privacy I hear: “If you done nothing wrong, then you have nothing to hide”. But is this really so?

What is VPN?

First let us establish what VPN is. VPN is an acronym for Virtual Private Network, and established an encryptet link between two computers. It achieves this by connecting to a server and exchanging certificates, the server responds by creating an encrypted tunnel between server and client. This tunnel allows the client to access the network resources shared by the server.

What does this mean? That depends on how the server is set up. A common use, probably the most common, is for companies to share on prem network between office buildings, or let employees access on prem network while working from home. But the advertised use, is to access internet from a different region, i.e. to circumvent content regional blocks.

Security

Security is the main factor in VPN. The certificate exchange allow for a fully encrypted communication between the server and the client machines. This is also something advertisers use. When accessing internet from a public wi-fi, i.e., in a hotel or on a train station, passwords or banking details can easilly be snooped by criminals. A VPN connection will prevent this, as your link is fully encrypted, also over the public wi-fi.

Why is this a point? Man-in-the-middle attacks are easiest to do closest to the client or the server, since traffic can be routed many ways from source to destination, even single packages might take different routes. The bank datacenter is usually well guarded, and have multiple links and entry points so traffic routes will change, even into the datacenter. Therefor a man-in-the-middle need to share network with the victim. Ideally a public Wi-Fi should be set up such that devices don’t see each other, but from experience this is rarely the situation. A VPN will ensure that even though your device is exposed, your traffic isn’t.

Usecases

I briefly mentioned corporate use for access of their on prem network between offices or to people working from home office. This is to my knowledge the most relevant usecase.

The other usecase I mentioned was to access internet from a different location. This is probably the best selling point for private consumers. Most streaming services have content available in certain regions, so a popular use is to VPN into US for access to certain series on Netflix, or VPN out of Middle East for access to adult content.

Another usecase, and the reason I started to look at it in the first place, is to access my home network while travelling. This is basically the same as the first usecase, but for private persons.

The last usecase is what I used in my Rocksmith+ Scraper, which is to have an application change its location, to gather data that changes with regions. By the way, scraped data from Belarus means somebody is breaking a law, see next paragraph.

Is VPN Legal?

Short answer, yes. The long answer is that there are a few exceptions. Currently four countries have banned VPN completely, and six countries have put in restrictions on the use of this technology. You can read about the reasons to outlaw or restrict the use of VPN here.

Conclusion

Often the ads say that the VPN connections are superfast. This is a claim I have problems with accepting. Why? As everything else on the internet, it suffers the same bottlenecks as all other internet traffic. If the connection speed out of your hotel is slow, a VPN will not fix that. There is actually probable that your VPN connection will introduce other bottlenecks as well, as a popular VPN site might have so much traffic routed over it that bandwidth restrictions starts to apply.

But the VPN connection doesn’t need to change how you access internet. The usecases I mentioned about accessing corporate or private networks with VPN will route only the “local traffic” over the VPN, while internet still will use your regular connection.

And using a VPN on unsecured exposed network is always a good way of protecting your sensitive data. You wouldn’t post a photo of both sides of your credit card together with the pin code, would you?

So before you sign up to these incredible VPN deals, think over why you need a VPN, what benefits you get from it, and is it really worth the advertised price? I can’t answer that for you, since the answer will depend on your online activities, travel patern, and how much you value what you get from it.