VPN when Traveling?

Discussion in 'Travel Technology' started by edekba, May 22, 2015.  |  Print Topic

  1. edekba

    edekba Gold Member

    Messages:
    3,462
    Likes Received:
    3,783
    Status Points:
    2,145
    Recently I've been reading and researching more about being "wide-open" while traveling especially when I connect to hotel hot spots etc.

    Does anyone use VPN or something else (I used to just use a SOCKS proxy through my home media server + firefox, but has since decided to get a real VPN.) and why?

    Also if you do use openVPN ... what type of encryption are you using ... why? The default version of my VPN uses the following: Blowfish/SHA1/RSA2048. Which from my research is a good mix of speed/encryption.
     
  2. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    Yes...VPN for me, OpenVPN with a config of AES-256-CBC. AES-128-CBC works too and its slightly faster.

    SHA1 is being phased out now by big companies due to its weakness.

    VPN > socks since you don't have to configure each application individually to get it working.
     
    Last edited: May 22, 2015
    edekba likes this.
  3. traveltoomuch

    traveltoomuch Silver Member

    Messages:
    774
    Likes Received:
    912
    Status Points:
    795
    I typically don't use one. I tend to believe that my home ISP or other VPN end host is no less vulnerable than a hotel network, etc. Either way, my computer is out there on the big wild Internet.

    If I use a VPN, it's usually to work around annoying filters on the local network - the main point is encapsulation, not confidentiality of the data.
     
    Wandering Aramean and edekba like this.
  4. edekba

    edekba Gold Member

    Messages:
    3,462
    Likes Received:
    3,783
    Status Points:
    2,145
    My concern with the Hotel Wifi/Starbucks is since there isn't a key to login/encrypt the data, you just need to be a guest to be let on. Thus theoretically a packet sniffer = all your data potentially being read.
     
  5. traveltoomuch

    traveltoomuch Silver Member

    Messages:
    774
    Likes Received:
    912
    Status Points:
    795
    Encrypted wifi only protects you from those within a few hundred feet (e.g. other guests/diners). It offers no help v. anyone collecting data anywhere else along the much longer remainder of the path between you and whatever you're looking at (e.g. the hotel/restaurant, their ISP, their upstream ISP, etc.). And I don't consider that local threat to be very interesting - I'm more likely to suffer ill effects from someone running a wholesale data collection operation on a larger swath of the net than from someone who has limited his scope of operations to a 100' circle. Encountering latter would require either very bad luck or someone specifically targeting me.

    A VPN might protect me from those within 100', but unless I'm doing end-to-end crypto to whatever I'm looking at, my unencrypted traffic is still popping out somewhere on the net, just as exposed to the wholesale collectors as at would be without the VPN. All the VPN does it shift the starting point - it doesn't really reduce the attack surface in any meaningful way.
     
    MX, edekba and anileze like this.
  6. edekba

    edekba Gold Member

    Messages:
    3,462
    Likes Received:
    3,783
    Status Points:
    2,145
    interesting ... but great to know!
     
  7. bigx0

    bigx0 Gold Member

    Messages:
    1,274
    Likes Received:
    2,287
    Status Points:
    1,270
    All depends what you are doing. Places like hotels and airports are notorious for hackers sniffing open hotspots. If you're using encrypted connections for everything such as email, Facebook, Open Table and such then it may not matter. But many people are very, very vulnerable. And many people use similar passwords across multiple services so, for example, someone's Yelp (or whatever) password might be similar or even identical to their banking password. All some crooks need is one password sent in the open and they often can gather a lot more. Even data you wouldn't think about often are sent unprotected: does a web site ever as your age or zip code? Visit a few sites, search around a bit and people can end up knowing LOT about you.

    I always use a VPN when I'm on an open network. Or I try, anyhow. Lots of the VPN providers are blocked, especially in other countries. I use a lesser known one but I still find them blocked sometimes. I was even blocked in Disney World for an "attempt to circumvent family friendly controls" or something like that. In other words, if I'm using a VPN, to them the only reason MUST be because I want to view porn or watch a movie I don't have rights to watch or something similar. Never mind that my employer (or just plain common sense) requires it. Apparently they have since reversed that policy.
     
    theBOAT and edekba like this.
  8. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,225
    Likes Received:
    61,774
    Status Points:
    20,020
    Anything important is in a SSL tunnel to the server anyways. Everything else I'm not too worried about.
     
    traveltoomuch and edekba like this.
  9. MX

    MX Gold Member

    Messages:
    2,215
    Likes Received:
    4,805
    Status Points:
    2,545
    I believe that a true VPN obscures both the starting point and destination. Without knowing them, your encrypted confidential data is just gibberish to all but the most skilled interceptors.
     
    edekba likes this.
  10. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,225
    Likes Received:
    61,774
    Status Points:
    20,020
    Obscures how and to whom?

    A VPN creates a tunnel between your computer and the endpoint through which the traffic is encrypted, generally using the same or very similar technology as what you would get through accessing a server via a SSL connection (i.e. https:// instead of http://). But once it gets to the VPN endpoint it still has to go from there to the server you're trying to access. And that part of the connection would be in plain text.

    If you have traffic you want protected (e.g. banking, email, etc.) then using https:// should be sufficient to keep that data private. Someone sniffing the traffic may see that you're connected to mail.google.com but they're not going to get much beyond that.
     
    traveltoomuch and MX like this.
  11. edekba

    edekba Gold Member

    Messages:
    3,462
    Likes Received:
    3,783
    Status Points:
    2,145
    Technically a VPN makes whoever is looking at your traffic seem to just goto your VPN server correct. So in theory if someone was looking into you they wouldn't know you were going to your email, bank etc. All traffic is going to and from your vpn which is encrypted.

    From the VPN the traffic is public to a degree... If not encrypted by SSL/TLS. But nobody will know who actually is accessing the sites because the original request appears to he coming from the VPN and not your true Ip.

    Correct me if I'm wrong please b
     
  12. traveltoomuch

    traveltoomuch Silver Member

    Messages:
    774
    Likes Received:
    912
    Status Points:
    795
    It depends on how many other users are also using that VPN end host. The more users, the more anonymity you have.

    It might help to be clear about the risk you're worrying about. I'm seeing references in this thread to credential (password) loss/theft/access. End-to-end crypto is the only great solution to that. In this post, though, you seems to be concerned about anonymity (from whom? the sites you're going to?). If so, you'll probably be more interested in Tor than a VPN.
     
    Last edited: May 23, 2015
    edekba likes this.
  13. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    Tor is still vulnerable unless you trust all the exit nodes. And if you're going to use that for facebook or whatever, they already know who you are... it's pseudo-anonimity by obfuscating the connection, but it depends on what you want to do in the end.

    If I travel I always use a VPN on the hotel network, and my own hardware, and SSL everywhere. If I have to do something more nefarious then I'll fire up Tails from a USB drive and do what I have to do from a disposable session.
     
    bigx0, MX and edekba like this.
  14. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,225
    Likes Received:
    61,774
    Status Points:
    20,020
    Is the NSA still running nodes? ;)
     
  15. edekba

    edekba Gold Member

    Messages:
    3,462
    Likes Received:
    3,783
    Status Points:
    2,145
    Mainly its online security. Partly is online anonymity. I guess the more I read and hear things about snowden I guess part of me just wants to not be part of the giant fishnet (aka NSA) however my first concern has been security. I already use HTTPS everywhere extension on my browser to try to get a SSL session as much as possible. But with sites that don't have SSL a VPN will at least encrypt that data going to and from. Also anonymity is partly related to security because like someone mentioned upstream, if your data is unencrypted and potentially sniffed ... They might be able to gather information regarding you and maybe eventually get something of use from the unencrypted traffic.
     
  16. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,225
    Likes Received:
    61,774
    Status Points:
    20,020
    But only to the VPN endpoint. :-:
     
    traveltoomuch likes this.
  17. edekba

    edekba Gold Member

    Messages:
    3,462
    Likes Received:
    3,783
    Status Points:
    2,145
    True but with a VPN the origin of the data is obscured at the very least.
     
  18. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    They're running exit nodes and they even tried hijacking the main distribution at some point.

    This is why you need to validate these types of downloads, otherwise you're basically shooting yourself in the foot.
     
    edekba likes this.
  19. sallycroft

    sallycroft New Member

    Messages:
    1
    Likes Received:
    0
    Status Points:
    10
    I believe a reliable VPN e.g. PureVPN secures both the starting to destination point. You confidential information encrypted through VPN
     
  20. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,225
    Likes Received:
    61,774
    Status Points:
    20,020
    But it doesn't. The data is only encrypted while in the VPN tunnel.
     
    viguera and traveltoomuch like this.
  21. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    That's one of the things about using a VPN... for personal, mundane stuff it's pretty much useless by itself, and your data is out in the open after it leaves the tunnel. If you're using it to check webmail or Facebook, chances are you have a lot more privacy concerns than the hotel WiFi snooping on your connection.

    Using some commercial VPN software to tunnel through to a South American server or something does not make the hotel WiFi any more secure, but a lot of people don't know this because they don't understand how the technology works.
     
  22. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    Exactly, you'd be trusting whoever is running the commercial VPN servers...which most likely you don't even know the operator personally.

    So in the end it comes to compromising.
     

Share This Page