VPN software

[BO Terry]

I helped a client set up a new HP laptop today. It came with a trial of Express VPN installed. Because of that, they are asking about its true vs perceived benefit. I have not looked much into so am really not sure where to start.

This user has one Windows 10 desktop, one Windows 11 laptop, and an ISP-provided/managed Gateway. As of now, the laptop is not leaving the house but likely will eventually. They don't do anything highly risky (that I'm aware of) like download from torrent sites etc, I don't think they even view Netflix from their computer.

My questions are:

Why/why not to add something like this?

If the answer is yes, what are recommended options?

What other questions should I be asking?

Thanks!

 

[Sky-Knight]

There is only 1 useful feature of any 3rd party VPN... the ability to bypass GeoIP blocking.

Everything else is a lie, or exaggeration at best. 3rd Party VPNs are a 2nd ISP you pay for when you want more possible problems to fix. Should be a great source of income for less than ethical shops.

 

[Porthos]

the ability to bypass GeoIP blocking.

Not all of them will do that.

 

[YeOldeStonecat]

You know those covers some people put on their license plates....so that you can't really see the digits of the plate unless you're directly behind it? Cuts down on the plate being read by a lot of cameras. Why do people do that? To cover up certain things they do when driving.

Anonymizer VPNs...yeah...same thing.

 

[Sky-Knight]

@YeOldeStonecat Except the covers can actually prevent your plate from being photographed when a flash is used... the 3rd party VPNs don't even hide your online behavior.

If you visit pornhub.com via a VPN, the Facebook cookies in your browser are still read, Zuck still knows what you're watching. Same for Amazon... Google... and everyone else.

So I'd argue that the plate covers actually provided MORE real value than the average VPN service.

 

[fincoder]

There is only 1 useful feature of any 3rd party VPN... the ability to bypass GeoIP blocking.

More important than that is the encryption of transmitted data when using a public hotspot. When customers ask me about VPN, I tell them that's the only reason for using one.

I always remove the Express VPN trialware though.

 

[Sky-Knight]

More important than that is the encryption of transmitted data when using a public hotspot. When customers ask me about VPN, I tell them that's the only reason for using one.

I always remove the Express VPN trialware though.

Every website worth a crap uses HTTPs now, the encryption and vastly more important the AUTHENTICATION of the server being communicated with is already being done.

Wrapping that up in another layer of encryption provides no benefit.

Well... aside from the worst kind of security... the false kind.

 

[MudRock]

Every website worth a crap uses HTTPs now, the encryption and vastly more important the AUTHENTICATION of the server being communicated with is already being done.

Wrapping that up in another layer of encryption provides no benefit.

Well... aside from the worst kind of security... the false kind.

And lets be real, how easy it is to get Let's Encrypt up and running (And most web hosting or web hosting engines have automated LE maintenance systems as part), I will bail on sites which don't have SSL and have any chance of gleaning anything about me.

Ah, I remember the day when Facebook didn't force SSL, so anyone on the network could skim your cookie and post on your behalf. Those were the days.

 

[Sky-Knight]

And lets be real, how easy it is to get Let's Encrypt up and running (And most web hosting or web hosting engines have automated LE maintenance systems as part), I will bail on sites which don't have SSL and have any chance of gleaning anything about me.

Ah, I remember the day when Facebook didn't force SSL, so anyone on the network could skim your cookie and post on your behalf. Those were the days.

Correct! And if the website doesn't enforce the use the BROWSER does! The only browser I know that doesn't is New Edge!

Try to access a website via http that's got an https option... set one up and try it! You'll have to FIGHT to get the browser to even attempt to render it over HTTP.

We're long past the days of Firesheep.

And if you don't have SSL on your website... all search engines are deranking you. So if you want your site to be seen, it needs https.

Again they are quite handy for GeoIP blocks, or if you're a world traveler... it's nice to be able to present from your home nation no matter what. It helps keep your online experience consistent. Not to mention hide the fact that you're abroad a bit.

 

[Mick]

I helped a client set up a new HP laptop today. It came with a trial of Express VPN installed. Because of that, they are asking about its true vs perceived benefit. I have not looked much into so am really not sure where to start.

This user has one Windows 10 desktop, one Windows 11 laptop, and an ISP-provided/managed Gateway. As of now, the laptop is not leaving the house but likely will eventually. They don't do anything highly risky (that I'm aware of) like download from torrent sites etc, I don't think they even view Netflix from their computer.

My questions are:

Why/why not to add something like this?

If the answer is yes, what are recommended options?

What other questions should I be asking?

Thanks!

If your client just wants to see what a VPN 'looks like' to play with, no need for stuff like Express VPN. The Opera browser has a built-in VPN which you can click on or off in one go. Would give them an idea of what a VPN actually is/does in real life without having to install a load of bloatware. Personally, much as others have said, I really don't see a need in the case of an average domestic user.

 

[MudRock]

If your client just wants to see what a VPN 'looks like' to play with, no need for stuff like Express VPN. The Opera browser has a built-in VPN which you can click on or off in one go. Would give them an idea of what a VPN actually is/does in real life without having to install a load of bloatware. Personally, much as others have said, I really don't see a need in the case of an average domestic user.

Rule of thumb: If something is free, then you're the product. As much as I love Opera GX, I am always wary. I guarantee you their VPN they're tracking all you do.

Many other paid VPNs that "claim" not to keep logs on you, are doing exactly that and selling your data.

And lets be real; Behind a VPN, unless you're using your own private spooled endpoint, you are going to deal with Captchas like mad, and many sites will straight out block you anyways.

I know the GeoIP idea, but also keep in mind many VPN endpoints end up being flagged anyways. I think the only time you should be using a VPN personally is if you're using any sort of public hotspot, but then you're still shifting your data to another exit point which too could be compromised.

 

[Markverhyden]

I helped a client set up a new HP laptop today. It came with a trial of Express VPN installed. Because of that, they are asking about its true vs perceived benefit. I have not looked much into so am really not sure where to start.

This user has one Windows 10 desktop, one Windows 11 laptop, and an ISP-provided/managed Gateway. As of now, the laptop is not leaving the house but likely will eventually. They don't do anything highly risky (that I'm aware of) like download from torrent sites etc, I don't think they even view Netflix from their computer.

My questions are:

Why/why not to add something like this?

If the answer is yes, what are recommended options?

What other questions should I be asking?

Thanks!

The purpose of a VPN is to establish an encrypted private network between two points so that the data is protected. The one I posted about recently is for a remote worker in the Philippines whose using Fonality's HUD software on her desktop to handle voice traffic, phone calls. In todays retail world it's not uncommon for retail stores of all types to route all their traffic through a vpn tunnel back to HQ. If someone uses a third party service, like Nord, they are at the mercy of the third party whose integrity can't be verified. That's why all business applications I've seen use self-hosted via edge devices. Look at it like this. Do you see any of the major companies, Apple, Meta, M$, Cisco, etc, etc etc pushing VPN to consumers? No, because they know it's worthless to the average consumer.

As mentioned by others all of the other stuff one keeps hearing and is a mix of FUD and FOMO targeting naive consumers who don't understand how things really work and where the real risks are. If the client really needs to get to the desktop while on the road from the laptop there are much simpler methods. Mainly the many free remote access packages out there. Personally I've been pushing Anydesk since they seem to still be committed to a free option for consumers. And if they want to protect themselves online they should be using a filtering DNS service and a secure browser like Tor, which includes controls on running things like java in the browser.

 

[Sky-Knight]

Critical technicality that I have to point out every time this comes up...

The value of a VPN lies not in its encryption, but in its authentication. It's trivial to have any TCP or UDP session obtain encryption between any two endpoints. The devices actually negotiate all of that on their own. What matters is they have decided to trust each other through whatever means.

Which is what we're really doing when we deploy a VPN for a client to then RDP over it. We're AUTHENTICATING our endpoints, before we give the user the permission to authenticate as themselves to get at the service.

To put this another way, if you're VPN'ing hard enough, you're just MFA'ing everything.