You disable the VPN, they show “unprotected”, come on, I’m not really unprotected, why such a dramatic word, I just disabled the thing a little, I’m “disconnected” but it doesn’t mean I’m actually unprotected, the same way it doesn’t mean I’m actually protected if I’m using a VPN.
It all depends on what you’re supposed to be protected from. Vpns protect your Communications from being intercepted and keeps your location anonymous.
So you are in fact unprotected from being located identified and tracked. You are also unprotected from having your Communications intercepted by a man in the middle.
If you’re on a public unsecured Wi-Fi network you are totally exposed. If you are on your own router connected through an isp, the ISP knows everything you’re doing, and attaches your billing information to that data and uses it.
So I really don’t think unprotected is a scare word. It is an accurate description of your situation.
VPNs don’t prevent a device from announcing its real location. And they protect you from a MITM at the ISP but not at the VPN provider, so you just switch who you trust. VPNs also don’t do anything to help with the browser fingerprinting that companies use to track you around the web. From the point of view of the services and sites you connect to, all a VPN does is change your IP address, and the IP address may not be a big part of how they track you in the first place. VPNs alone do not improve privacy much at all.
What VPNs do is shield your traffic metadata from inspection by the network hops between your client and the VPN provider (though the content is almost always enxrypted even without the VPN), and change your apparent location for any service that is exclusively using IP-based geolocation.
I know almost all that is true. The ISP cannot see your traffic know where it’s coming from or it’s going to nor act as a man in the middle.
On public, unsecured networks, vpns block man in the middle attacks.
Basically vpns are not silver bullets. They cover a category of privacy and security. And one can do research to find out if they trust that VPN, while usually here in America we don’t have much choice on our isp, and Verizon is one of the worst offenders along with Cox, Comcast, Charter… Well, basically everybody.
How do you think they block bittorrent or send you copyright notices?
I personally do a whole bunch of other things on my side to deal with the problems that VPN doesn’t: ad blockers, browser obfuscaters, Leak Detectors, Etc…
You don’t need a vpn to protect yourself over a public wifi network. All modern website have HTTPS with certificates so the website can’t get spoofed and no one knows what your doing on that website. Modern browsers will warn you before entering a website without https or a certificate. Using an encrypted DNS like nextdns further protects you so no one even knows what websites your visiting.
Ok I’m not 100% sure if using an encrypted DNS does fully protect you from outsiders finding out which website your visiting, hopefully someone can correct me if I’m wrong.
Hackers are quite skilled at finding ways to get around TLS, and it is only a site specific interaction that is protected. Everything else is transparent.
https://www.cyberly.org/en/how-do-vpns-work-over-public-networks/index.html
TLS is e2e encrypted, can you please show how a hacker could get around that?
The only problem I see with public wifi is the peer-to-peer nature of it. You no longer have the protection of a gateway if somebody is trying to be nefarious. They won’t sniff https traffic, but might attempt to connect to open services like an unsecured listener for the cat feeder.
In that instance, locking down the internet connection with a VPN would prevent an attack.
It is not peer to peer. You are connecting to somebody else’s Wi-Fi router to get to the internet and you go through their ISP.
So, a very simple man in the middle of attack would to be put up other Wi-Fi connections that look legitimate but are in fact somebody’s laptop hanging out in your location and now your communication is entirely visible, unless you’re using a vpn.
I’ve actually never really considered that. I guess all other apps also need to be secure or sandboxed or lack permissions to do anything although even then it seems like apps can just escalate permissions on there own without you doing anything.