>

Does a VPN Protect You From Hackers?

Marc DahanDoes a VPN Protect You From Hackers?

Security is definitely a priority for privacy-minded VPN users. And protection from hackers obviously falls into the “security” bucket.

But can a VPN protect you from hackers? If so, how? And can your computer still be hacked while using a VPN?

In this post, we answer these questions.

Can a VPN Protect You From Hackers?

As with many things in life, the answer is not so clear-cut. So the answer is yes and no.

Before I explain that ambivalent answer, I first want to make clear that 100% security is impossible. Any service provider claiming to be “unhackable” does not understand security and certainly doesn’t deserve your trust. 

VPNs are no exception.

How Does a VPN Protect You From Hackers?

Lock

Encryption

Aside from changing your IP address, VPNs encrypt all of the traffic flowing from your computer (or whatever device you’re using) out to the Internet. 

This protects your personal information, as it makes it much harder for third-parties (i.e. hackers) to intercept your traffic.

And even if they do intercept it, all they will see is gibberish, because the entire data stream is encrypted – put simply, it is not readable.

They won’t be able to see your usernames & passwords, the photos you’re sending to a friend or your credit card details.

And this is critical on “unsafe” networks, such as the free WiFi at your local Starbucks. 

There are so many unknowns on an open network that you couldn’t convince me to connect one of my devices without a VPN.

DNS Blackhole

Another way VPN providers can protect you is to block ads & trackers when you use their service. They usually do this by blacklisting DNS requests to ad servers and to known malware hosts. 

This accomplishes something similar to computer antivirus software.

Now, all this is good, but still no guarantee you won’t be hacked, because…

We Tend To Do It To Ourselves

Come In Sign

Most of the time, we hack ourselves.

Most hacks of personal devices occur because the end-user:

  • Installs malware disguised as a legitimate piece of software on their device. 
  • Responds to a phishing email, surrendering their credentials.
  • Is tricked into clicking on a malicious link or advert.

A VPN won’t protect you against these types of attacks.

And There’s More…

Remember my comment about how ridiculous the claim of being “unhackable” is? Well, here’s why – at least in regards to VPNs.

Encryption & Protocols

Connecting to a VPN server is one thing. But do they use weak encryption? Do they support vulnerable or obsolete protocols? If they do, your security is an illusion. 

And it can be argued that the illusion of security is worse than no security.

There are only three VPN protocols that we can recommend:

Note that WireGuard, though well-poised to become the new gold standard of VPN protocols, is still considered experimental at this stage. But the protocol will soon be built-into the Linux and FreeBSD kernels. So it's days as “beta” software are counted.

As for encryption, use modern, trusted ciphers. My recommended ciphers are:

  • AES-256-GCM
  • AES-265-CBC

Try and steer clear from 128-bit encryption. It may have been fine 10 years ago, but times have changed…

Why Am I Not Recommending 128-bit Encryption?

I am recommending you use 256-bit keys for encryption, not because 128-bit encryption is broken or known to be vulnerable.

There is no hard evidence that 128-bit encryption is vulnerable, today.

However, while being widely considered impractical, AES 128-bit keys we recovered by a cryptanalysis attack, devised by security researchers, in 2016.

Also, the overwhelming majority of websites have now upgraded to 265-bit encryption.

The amount of extra overhead is not significant compared to the amount of complexity (data security) 256-bit encryption has over 128-bit encryption.

VPN Infrastructure

Does your VPN provider own or rent its infrastructure

It’s an important question because if they rent their servers from data centers, this opens the door to third-party tampering

These third-parties – depending on how the servers are set up – could compromise user credentials or associate IP addresses used to login with VPN server IP addresses and deduce user identities, etc.

If a provider owns its infrastructure, then it remains fully under their control. Their security claims, relative to their infrastructure, become much more convincing.

Try and use a VPN service that owns and operates its own servers to minimize the risk.

Rogue Apps

Most commercial VPN providers today offer a client application to connect to their service. 

Apps are made up of code. And code can be good, bad, and sometimes malicious

There have been plenty of VPN client apps that have been flagged and subsequently removed from Apple and Google’s app stores. 

And there are probably dozens still available.

Do your research carefully and try and go for a VPN provider that takes security seriously. If they do, there’s a good chance that they can build a client app properly.

And, by all means, stay away from free VPN services.

Which brings me to my next point

Free / Junk VPNs

Some VPN providers are no better than hackers. Or, to put it another way, some VPN providers are hackers. 

And much like phishing emails, the VPN provider disguises itself as a security service in order to access all of your data.

A VPN provider can see all of your traffic. I repeat: A VPN provider can see all of your traffic.

There are a lot of free VPNs, that won’t be equated to hackers or considered outright malicious, but that nonetheless sell your Internet history and/or sells your unused bandwidth, such as Hola VPN

To be clear, though, in my book, this is outright malicious.

Another example that comes to mind is Facebook’s now-defunct Onavo Protect VPN, which would lure you into connecting with misleading claims about privacy and security

In effect, Onavo was nothing more than a direct line to send all of your data to Facebook – more data than if you were using nothing at all to “protect” your traffic. 

Onavo was nothing more than corporate spyware.

Wrap-Up

So, while VPNs do offer protection from hackers, by using strong encryption and modern, trusted protocols, you still need to do your homework.

There will never be a security magic bullet. And most hacking is enabled by human error. A  VPN service and app will only get you so far. It’s how you choose and use them that will really protect you.

We’ve reviewed three VPN providers here on privecstasy.com. Check them out – they may help you if you’re looking to subscribe to a VPN service.

Can You Be Hacked While Using a VPN?

As we wrote above, a VPN’s encryption will offer protection from traffic interception – which is critical when on public WIFi, for example. 

But you still need to be careful which email attachments you open, which applications you download, which links you click, etc. 

Security has more to do with human behavior than technology.

What Does a VPN Protect You From?

A properly set up VPN will protect your data as it transits through the Internet, using encryption. This makes your data much harder to intercept. And renders it unreadable, even if it were intercepted. 

So your password and username, your credit card numbers, and your private messages are secured.

But again, a VPN will not help you if you do it to yourself and are tricked into responding to that phishing scam in your inbox

>

Does a VPN Protect You From Hackers?

By Marc Dahan

Last updated: May 21, 2020

Further Reading

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram