smart computer guys, question

[seeahill]

I'll be doing a lot of traveling out of country in the next year. Do I need a VPN? My central concern is that I have my bank and brokerage on the phone. Will a good VPN provide a level of safety?

If so, what's a good one. I'm looking at NordVPN and ExpressVPN.

[Grandpa's Spells]

A VPN is a good idea if you will be banking over shared/public internet. I would go with Tunnelbear, as NordVPN had a recent breach.

https://thewirecutter.com/reviews/best-vpn-service/

[seeahill]

Spells, Thnx. Looks like exactly what I need.

[SubClaw]

I don't really see the need for a VPN. All banks have end-to-end encryption sites.

The only use I see for a VPN is accessing location-based services (your Netflix account, for instance) or bypassing your ISP restrictions (banned torrent sites).

[Ripe Turd]

I'll be doing a lot of traveling out of country in the next year. Do I need a VPN? My central concern is that I have my bank and brokerage on the phone. Will a good VPN provide a level of safety?

If so, what's a good one. I'm looking at NordVPN and ExpressVPN.

If you want to be REALLLLY safe, make sure you don't connect automatically to wi-fi without the VPN. Probably in your phone wi-fi settings.

I don't really see the need for a VPN. All banks have end-to-end encryption sites.

The only use I see for a VPN is accessing location-based services (your Netflix account, for instance) or bypassing your ISP restrictions (banned torrent sites).

VPN is to protect you from someone intercepting the data between your phone and the wi-fi network (or something like that). How good is end-to-end encryption if someone has intercepted your password when your were logging in?

[SubClaw]

VPN is to protect you from someone intercepting the data between your phone and the wi-fi network (or something like that). How good is end-to-end encryption if someone has intercepted your password when your were logging in?

HTTPS is secure over public hotspots. Only a public key and encrypted messages are transmitted (and these too are signed by root certificates) during the setup of TLS, the security layer used by HTTPS. The client uses the public key to encrypt a master secret, which the server then decrypts with its private key. All data is encrypted with a function that uses the master secret and pseudo-random numbers generated by each side.

Thus:

+ the data is secure because it is signed by the master secret and pseudo-random numbers
+ the master secret and pseudo-random numbers are secure because it uses public-private key encryption when the TLS handshake occurs
+the public-private key encryption is secure because:
- the private keys are kept secret
- public-private key encryption is designed to be useless without the private key
- the public keys are known to be legitimate because they are signed by root certificates, which either came with your computer or were specifically authorized by you (pay attention to browser warnings!)

Thus, your HTTPS connections and data are safe as long as:
+ you trust the certificates that come with your computer,
+ you take care to only authorize certificates that you trust.

Using a VPN only adds a new layer of potential snooping (you have to trust them not to spy your traffic).

[Ripe Turd]

VPN is to protect you from someone intercepting the data between your phone and the wi-fi network (or something like that). How good is end-to-end encryption if someone has intercepted your password when your were logging in?

HTTPS is secure over public hotspots. Only a public key and encrypted messages are transmitted (and these too are signed by root certificates) during the setup of TLS, the security layer used by HTTPS. The client uses the public key to encrypt a master secret, which the server then decrypts with its private key. All data is encrypted with a function that uses the master secret and pseudo-random numbers generated by each side.

Thus:

+ the data is secure because it is signed by the master secret and pseudo-random numbers
+ the master secret and pseudo-random numbers are secure because it uses public-private key encryption when the TLS handshake occurs
+the public-private key encryption is secure because:
- the private keys are kept secret
- public-private key encryption is designed to be useless without the private key
- the public keys are known to be legitimate because they are signed by root certificates, which either came with your computer or were specifically authorized by you (pay attention to browser warnings!)

Thus, your HTTPS connections and data are safe as long as:
+ you trust the certificates that come with your computer,
+ you take care to only authorize certificates that you trust.

Using a VPN only adds a new layer of potential snooping (you have to trust them not to spy your traffic).

Thanks! So, if I log in to websites I already know, even while travelling, I don't need a VPN at all? I thought it was a necessary expense..

[SubClaw]

The only real advantage of using a VPN is that all your traffic will be obscured, so the WiFi provider won't possibly know how many times you Googled "transgender amputee midget porn".

But if all you care about is keeping your bank transactions secure, as long as you can see a padlock icon displayed on your browser, it will be fine. For instance, iGx is NOT a secure site, so anyone could potentially be able to snoop around and steal your credentials.

But you can always post on the StrongFirst forum (which is a secure site) in the meantime.