VPN's are neither necessary nor sufficient for secure use of public
networks. They can be part of the solution, but they are not a "one
size fits all" answer.
Nope. Wrong again. They pretty much are a one-size fits all
solution.
And download times are not necessarily slower - the VPN I use compresses
traffic, which may result in faster transfers.
Weasel word noted "may". If that was true, everybody would compress
traffic routinely--why not?
Actually, https /is/ secure if the site you are accessing implements it
properly (some get it wrong). The most common error is that the user
first goes to a non-https site, and then selects a link to move to the
https server. But while they are on the http side, cookies are still
transferred - as they are in plain text, these can be sniffed. The
trick is to go directly to the https site without going via the http site..
Thanks, that is interesting, so you finally got one right. Indeed if
a HTTP site uses cookies to forward information in the URL redirect to
an HTTPS site, I can see how this would be a security breach.
Of course, if you access other sites with http and there are data leaks
or cookie leaks between the sites, then you can still be sniffed. But
anything that is transferred over the SSL link can be considered
unbreakable.
Nope. But hard to break.
VPNs offer a good way for serious road warriors to avoid these
problems. VPNs use encryption to "tunnel" right through insecure
connections. You can rent VPNs by the month or by the year at Witopia
or HotSpotVPN. Hotspot Shield is a free (ad-supported) VPN service
recommended by Sunbelt Software (security software) and others. [more
solutions] [compare] [update]
Wireless hotspot service providers -- e.g., TMobile Hotspot, Boingo
Wireless, iPass -- provide a degree of enhanced security. But they
still recommend that you use a VPN [more].
VPNs connect one computer (or network) to another computer (or network),
so that traffic can pass between these computers without being
interceptible. But unless you know exactly where the other end of the
tunnel is, you are no better off. I certainly wouldn't consider some
random ad-supported "VPN service" to be much more reliable than a public
wifi in a caf�.
Off topic, and noted by the advert earlier. So?
While it is easier to sniff traffic at the public wifi,
it is low risk because it is not of interest to an attacker - who cares
what people are watching on youtube while having a cup of coffee? The
"VPN service", on the other hand, /is/ an appealing target - because
people think it is secure, there might be all sorts of interesting
traffic such as online banking. It may be harder to crack, but bribing
some low-paid employee is an easy strategy.
OK so your crack is to bribe an employee? Ha ha ha. OK. Noted. Move
along.
If you want to use a VPN, I recommend making sure you have an end-point
that you can trust, such as a service directly from your ISP (since you
trust them anyway).
Or, doing exactly what the advert recommended: trying a paid VPN
service like Hide My Ass.
Alternatively, if you have a computer on in your
home and connected by broadband, it is a simple matter to set up a VPN
server and use that. Use openvpn - it is free, cross-platform,
reliable, and simple to use regardless of routers and things because it
uses a single port that is easily forwarded.
So you are recommending that one use their PC at home as a VPN
server? Meaning it has to be turned on 24/7 (or whenever you are on
the road with your laptop, you would leave your PC at home turned on
for the entire road trip, which may last two or three weeks)? And you
think that's 'simple'? You are one complex guy if so.
The other big issue with VPNs is making sure that all the relevant
traffic actually uses the VPN, rather than the other network ports
(e.g., wifi). Don't consider your VPN secure or even useful until you
understand exactly where your traffic goes.
Not clear what you mean by "all relevant traffic", unless you are
referring to the one good point you made in this entire thread, with
the HTTP vs HTTPS redirect and cookies.
Goodbye, and Merry Christmas,
RL
