>>>>>>Hi,
>>>>>>
>>>>>>I understand that there are entities (e.g. cell data provider) who sell VPN account(s) to consumers. I am trying to understand how a consumer would use a VPN. For example, can a consumer use a VPN to connect to his/her online bank account? in order to make the connection more secure? Or the VPN has other purposes for a consumer (I am talking about a person, not a company).
>>>>>
>>>>>Can you provide a link to an example of what you're talking about?
>>>>>
>>>>>I imagine the providers would have materials explaining the benefits of using their services.
>>>>
>>>>Last night, I was watching a webinar on Security produced by Vanguard where they outlined many approaches that would protect an individual from computer hackers. Things like changing user name, password, not connecting to a financial institution (FI) from public networks, etc. And one of the things the guy (I think he is a chief security officer at Vanguard) said was purchasing a VPN account (and he mentioned that cell provides is one of the entities that sell them). He said that with a VPN account, the connection to a FI is very secure. I have never heard of such thing, hence I asked the question. I don't have a link but I will go on Verizon Wireless (my cell provider) site and see if I can find something.
>>>
>>>When you use the Internet there are 3 main things you want:
>>>
>>>1. that you get to the site you want to go to
>>>2. that no-one can snoop on your traffic to and from the site
>>>3. that no-one can attack your computer
>>>
>>>A rogue or compromised public access point can get you all 3 ways:
>>>
>>>1. DNS poisoning. The AP tells your machine to use a DNS server which is malicious or compromised. So, when you try to go to mybank.com you end up going to a hacker's site which looks just like mybank.com (i.e. phishing) but isn't, and when you type in your user name and password...
>>>
>>>2. Any hardware router or switch between you and the site you want to go to can snoop/"sniff" the traffic. If it's not encrypted, anything sensitive can be recorded.
>>>
>>>3. Misconfigured public APs can also allow connected machines to see each other (not just the internet). Other machines on your AP may be able to sniff your traffic or probe your machine for vulnerabilities.
>>>
>>>The main line of defense against 1 and 2 is HTTPS/SSL:
>>>
>>>1. With SSL, if you land on a phishing site, your browser will warn you that the SSL cert doesn't match the domain name. At that point you stop and get the hell out of Dodge. Or, you ignore the SSL warning, proceed anyways, and get phished
>>>
>>>2. SSL encrypts traffic between you and your site. Your traffic can still be sniffed, but it's pretty hard to decrypt what they get
>>>
>>>SSL doesn't address point 3, for that you need a firewall against incoming traffic. Windows has had a decent one since Windows XP SP2. Using a VPN service will not protect you against this threat.
>>>
>>>I would say the use cases for public VPN providers are fairly narrow:
>>>
>>>- TOR is a fairly well known example. It's a two edged sword, used by bad guys to hide their activities but also by good guys hiding from oppressive regimes. Other VPNs are used to try to circumvent the Great Firewall of China
>>>
>>>- For a while certain VPN services were popular as proxies. For example, NetFlix Canada was crappy compared to NetFlix US. Canadian users would sign up for US accounts, then use a VPN service so it appeared that their traffic originated from the US instead of Canada. Without doing that, Canadian visitors can't access US NetFlix.
>>>
>>>- If you can't use HTTPS/SSL and must access from public internet APs, then first connecting to a VPN will encrypt your traffic so it can't be sniffed. It may also offer some protection against DNS poisoning. It will not protect your machine from attacks from the local subnet
>>>
>>>So, if you use HTTPS/SSL for all your web site access, and you have a decent firewall then there's not much cause to use a public VPN provider.
>>>
>>>Note that all the above discusses public VPN providers. Private VPN, whether client (remote access), or site-to-site, is increasingly important.
>>
>>Thank you very much for the detailed and very informative message. So, if I understand correctly, if the URL I use to connect to a financial institution (bank, brokerage, etc.) has "s" at the end of the http (e.g https), and provided I didn't landed on the phishing site, I am ok even if I am on the public network (e.g. library) Right?
>
>Yes. That's the current standard. With the Canadian banks I access, they all use HTTPS and have no limitations on where you access from, and they don't require you to first log on to any VPN.
>
>One caveat - use your own (or at least a trusted) computer on public networks. Renting time on a computer in a so-called Internet Cafe is a serious security risk. Those machines may have keyloggers installed, so that even if you access sites via HTTPS, the local keylogger is logging the keys you use to type in your account numbers and passwords.

I checked a couple of sites I access (Bank of America, Vanguard) and they use HTTPS. Most likely others do too.

And I carry my computer everywhere, simply because I have to work even when I am on vacation.
So, public computers is not something I would use. Unless I want to send someone a nasty message :)

Thank you.