Working with VPN

Niku wrote:

I didn't understand this with my first reading, but I've printed it for further study. I'll also try Google to see what else I can find.

Too many add-on cleaner apps, add-on anti-malware apps, and too many other add-on “protect” or ”secure” add-ons are overhyped or unnecessary or just noisy for no reason, and too many are privacy-sucking garbage that’s increasingly difficult to distinguish from malware.

The built-in anti-malware and privacy features do quite well for most folks. Organizations with IT management and particular requirements can need to add end-point security. Most of the rest of us, not so much.

While you’re collecting some related reading material:

… If you see an iPhone or iPad unavailable message or Security Lockout screen - Apple Support

… Apple Platform Security - Apple Support (PDF of the whole document at the bottom of that webpage)

… Personal Safety User Guide - Apple Support (again, PDF at bottom)

A Virtual Private Network service is commonly used in two ways.

One as a means to connect into the internal network and servers of an associated organization. These VPNs are common and have value, but caution is warranted, should the VPN clients be or become compromised. A VPN is useful, but potentially not sufficient.

The other and over-hyped VPN service adds a second and weak tunnel around the existing and end-to-end and secure tunnel, and seemingly largely as a means to collect money while badly solving a problem that hasn’t existed for a decade or so, but while badly solving it in a way ideal for collecting personally-identifiable network metadata. This second service creates a weak tunnel for the connection from your computer or iPhone to the VPN servers in the middle of the network—these servers are perfectly positioned to collect your activity, too—adding a second wrapper for the first few network hops of the connection.

There are cases where a first-few-hops tunnel can be useful, such as testing a CDN network, or a geo-distributed network or web service.

If you really want a first-few-hops tunnel for other reasons, consider running your own tunnel server using Algo or such. Or be cautious about what traffic you route over a commercial first-few-hops service.

The former? Sure. The latter? Use the existing tunnels, and consider using iCloud+ Private Relay for privacy.

Most of the garbage around gets advertised. Sometimes heavily. Be skeptical.

Niku wrote:

I just heard about VPN, so I thought I'd try it. It was a bad experience. Part of the problem was my lack of experience, but I think the company/organization was responsible for the bulk of the problems.

I learned that VPN is not the name of a company but a process or description. Anyway, I like to hear from others about their knowledge and experiences with VPN.

Would you recommend VPN to others? If so, are there any VPN companies that are much easier to work with and produce better results than others?

Are there VPN companies/organizations that you would recommend?

I agree with Mr Hoffman. VPN frequently creates more problems than it solves. But one important fact is that when you install VPN it configures itself to the specific hardware, iOS version and network that the phone uses. If any of those change it can break the VPN. So any time you change any of these you may need to delete the VPN app and profile, restart your phone then add them back (if you still want to use VPN) so it can configure itself to the new environment.

Here's Apple's advice on VPN→

Check VPN (Virtual Private Network) and third-party software to help resolve network connectivity issues - Apple Support

Something to think about→Don't use VPN - GITHUB

There are two legitimate purposes for using VPN:

• To allow access to a private network such as a school or business when you are not on site. 
• To allow access outside of a country with a repressive government that has restricted Internet access. (This has suddenly become more important)

Any other use is risky, and can lead to problems like the one discussed in this thread. VPN disguises your location by making you appear to be somewhere else in the world. But you usually can’t control that “somewhere else”, and if it is in a location that an app isn’t approved for the app won’t work. Plus the fact that the provider of the VPN knows everything about you and your location, as well as what sites you access through the VPN. So you are totally dependent on the VPN provider’s honesty. As a start, if the VPN is free, DON’T USE IT. The provider has to make money somehow, and if you aren’t paying them then they are selling your private data to make money. But even those that charge can’t necessarily be trusted. For example, a few years ago Avast was caught selling user browsing data. They claim they have stopped doing so. 

You don’t really need VPN when using public Wi-Fi, because all communications between your device and the servers it accesses are end-to-end encrypted.

If you want VPN for privacy about the sites you visit, that’s not a good choice as discussed; instead you should download and use the TOR browser.

The other use for VPN is to “steal” content that is not available in your area. I leave this question to your personal ethics.

With iOS 15.2 and later for iOS/iPadOS and MacOS Monterey 12.2 and later Apple now has iCloud+ Private Relay, which is not VPN, but provides a safer browsing environment than VPN, and it doesn't spy on you→About iCloud Private Relay - Apple Support

Lawrence Finch wrote:

You don’t really need VPN when using public Wi-Fi, because all communications between your device and the servers it accesses are end-to-end encrypted.

Correct. The first-few-hops VPN adds a second (and weak! known credentials!) tunnel for those first few hops.

If you want VPN for privacy about the sites you visit, that’s not a good choice as discussed; instead you should download and use the TOR browser.

Tor isn’t necessary for privacy—when your adversary lacks ubiquitous access—as iCloud+ Private Relay will work just fine. Tor has issues with privacy too, and I’d discourage running any unencrypted connections over Tor.

Related:

With iOS 15.2 and later for iOS/iPadOS and MacOS Monterey 12.2 and later Apple now has iCloud+ Private Relay, which is not VPN…

Private Relay is effectively a two-hop Tor connection, with one hop run by Apple and one by another provider. Private Relay also adds ODoH, which can be useful for other concerns.

I’d be cautious about using VPNs, or Tor or I2P or alternatives in areas with repressive governments, though. Both stick out in traffic. Get help with this, as any mistakes here can be expensive.

Security is not some magic pixie dust that can be sprinkled over an existing configuration. There are always costs and trade-offs, there is always work involved, and too many add-on security apps in the last decade or so are much too close to being hype, or snake oil, or a privacy-leaking morass, or malware, or variously badly solving problems that really don’t exist anymore.

Niku wrote:

I need VPN to watch a particular British TV series.

I have no experience using a VPN to evade copyright/distribution rules, so I can't offer much else.

Niku wrote:

I just heard about VPN, so I thought I'd try it. It was a bad experience. Part of the problem was my lack of experience, but I think the company/organization was responsible for the bulk of the problems.

I learned that VPN is not the name of a company but a process or description. Anyway, I like to hear from others about their knowledge and experiences with VPN.

Would you recommend VPN to others? If so, are there any VPN companies that are much easier to work with and produce better results than others?

Are there VPN companies/organizations that you would recommend?

Why do you think you need a VPN? Are you ever using your computer on a network you don't control? Does your employer require one to access a secure company server? If the answer to those questions is "no", I'd say you don't need one.