Free VPNs and are they worth it?

[ChrisIB 11]

Any recommendations for VPNs? I have tried the one built into Opera and also ProtonVPN (which uses a Netherlands based server, so of limited use).

Also what about the pros and cons?  I get that encryption aids security but does it also introduce vulnerabilities? (as say you are reliant on the integrity of the servers).

[andysm 17]

Depends on what you are trying to do. Are you trying to watch US Netflix shows from the UK? Then you need a VPN with US servers that are not on the Netflix blocklist. If you are worried that your ISP or someone in the coffe shop is monitoring what you are doing then you need a VPN that uses good encryption and with servers in a country that can resist court orders. etc. I sometimes use PIA (Private Internet Access) when I am out and about, it is not free but it works well, but I have never tried using them to watch US Netflix.

[alchresearch 214]

Maybe its for adult web browsing:

 

UK pr0n viewers plan to circumvent smut-block measures – survey

https://www.theregister.co.uk/2019/03/26/xhamster_age_verification/

[andysm 17]

Also, be very wary of free VPNs on Android, a recent study found around 85% did not provide adequate security, some of them contained adware or spyware and some were fake VPNs insofar as they didn't actually do anything.

[ChrisIB 11]

Interesting. My main use is just for security if I'm out and about doing email on free wifi.

It seems difficult to evaluate what if any protection it gives from malware. I guess at home there is perhaps little point unless I don't trust my ISP?

 

[andysm 17]

A VPN won't really protect you from malware. If most of your internet traffic is via a web browser, then most websites these days use https so the traffic will already be encrypted. Someone could still see which websites you are visiting from the DNS lookups. Most email services these days use TLS so the traffic to/from email clients will also usually be encrypted, though some ISP's free email accounts do not use TLS (e.g. Plusnet).

[RiffRaff 10]

Not a free product, but TrackOff has a "free" VPN included, utilising the Open VPN service. Can be used on up to 3 machines for about the £30 mark for 12 months.

Seems to work OK... various servers across the globe, and the last time I checked, all connected.

Down side? I can't get emails to work, in or out, without turning the VPN off. I've tried using various different port settings to no avail. Their "support" has no clue as to how to solve, other than making sure your Windows is up-to-date and reinstalling.

 

[ChrisIB 11]

So if only using an https mail portal rather than a client, it will already be secure even over open wifi, so whether or not to use a VPN will be down to whether it would be of benefit to have a second layer of encryption?

Difficult to evaluate I guess, not sure of the hacker skills required to attack either.

Quote

Not a free product, but TrackOff has a "free" VPN included, utilising the Open VPN service. Can be used on up to 3 machines for about the £30 mark for 12 months.

Thanks, will check it out

[the_bloke 17]

Using a VPN to make email safer is a bit of an odd idea to be honest; all a VPN will do will hide the email content until you click Send. From that point on, it's out in the wild being transmitted with little or no encryption and there is nothing you can do about it.

 

Example; I use Gmail. If I use a VPN, all I am actually doing is hiding the communication between Gmail's server and my device from my ISP. Who really really really doesn't care.  When I click Send, that email is then out traversing X number of different gateways and servers until it reaches the recipient's mailbox and could be intercepted at any time without your knowledge.

4 minutes ago, ChrisIB said:

So if only using an https mail portal rather than a client, it will already be secure even over open wifi, so whether or not to use a VPN will be down to whether it would be of benefit to have a second layer of encryption?

HTTPS means that anyone trying to sniff your data over Wifi, or even your ISP, can only tell that you have gone to the domain itself, i.e. https://email.server.com. From that point on, everything is encrypted and they can't read anything.

 

As mentioned though, there is no certainty that your email is secure after you have sent it.

[Guest]

Indeed, email is not what you want to be using as a secure method of communication or sending anything. Unless you use PGP or something similar. You may login securely to your mail servers but the protocol is not secure afaik.

[Temuchin 13]

Might be worth having a look at this site. I've found it very informative.