If I’m logging into an unsecured network, say- at the doctor’s office, and I want to do some banking while I wait in my room, does it matter which kind of VPN I use, or is it relatively safe enough regardless of the VPN chosen? Like if I connect to the Cisco VPN client issued by my university for offsite work, would that be functionally the same as something like FastVPN from namecheap? Or does it just expose my content on the university network instead of the doctors office?
Thanks in advance!
If your bank doesn’t use HTTPS, you need a different bank.
VPN isn’t really relevant to this.
Like if I connect to the Cisco VPN client issued by my university for offsite work, would that be functionally the same as something like FastVPN from namecheap?
Not at all.
Your VPN access to your University is for connecting to THEIR resources, not for “hiding your traffic” (which is a damn lie told to you by VPN services).
Depends what you are using the vpn for and what you mean by safe.
If you are worried that your banking password will get stolen by people on that public wifi network, that is not very likely to happen even without using the vpn. If the bank uses TLS (most banks are now and if they don’t you should switch banks asap) the traffic between you and the bank is already encrypted. Connecting to the vpn just adds another layer of encryption on top of that but that only remains until it exits the vpn tunnel at the vpn server side.
If you mean safety by the strength of encryption that the vpn uses, that really depends on what software you use to connect your machine to the vpn server and which kinds of ciphers both support.
Remember the vpn server can see the traffic that you send through it, so you will have to trust them somewhat before using it. But as i said before the traffic that you send to the bank is already encrypted with TLS. So the important things that will happen when you use the vpn are:
The bank will see the traffic coming from a different ip address than the public wifi has, but the bank will still know it’s you since you authenticate yourself with your credentials.
The vpn server will see the traffic that the public wifi would otherwise be able to see.
And lastly, what will the shady guys from the public wifi be able to see? Instead of seeing encrypted garbage going from you to a bank they will see encrypted garbage going to some vpn server address.
Security wise, the vpn will not add much.
I’m not an expert on this but i hobby a lot with vpns and tech. If there is anyone that can correct me i am open to learn.
For banking, the only “exposed” content are what bank you’re using. Your account number, password, balance, transaction log, etc are already protected by TLS, no need to use a VPN. Actually, bank might even limit your account ability while using a VPN since they can’t tell if you’re you instead of a random carder from halfway around the world using a VPN.
I would not use a VPN for banking, 99% of banks are going to block your account if they detect you are using a VPN.
Be aware that to minimize electronic fraud many financial institutions block access to user logins on VPNs. I use two major banks and one trading company, and I have to turn off my VPN when connecting. (Same when making payments for my home internet/TV.)
The only thing you need to be careful of in this particular instance is that the website for your bank uses https and not http and that the certificate that they use (click on https) is actually their certificate and not some random cert (the reason to check the cert is because if you’re connecting to a public wifi you could be redirected to a phishing website or DNS spoofed into one).
This. Public WiFi doesn’t automatically expose your banking details. That’s a bunch of fear mongering nonsense, usually promulgated by those marketing VPN services.
100% agree but be completely fair: Some banks still use some awful password requirements or insecure MFA methods. My old credit union just has a basic password requirement plus a secondary pin code as 2nd form of auth if the device is “untrusted”. This is still a targeted attack that’s highly unlikely for the average person.
Things can still be ascertained through DNS and the server being spoken to for HTTPS; possible to even rewrite DNS responses and attempt to phish a user, despite warnings on their browser/app.
A VPN would just show a single UDP stream of random payloads. Wouldn’t know what’s going on underneath.
Are you sure VPNs are not just a magical toggle switch to hide your traffic, stop trackers, hackers and government spying for $9.99 a month?
In all seriousness, I blame every YouTuber that takes sponsorships from commercial VPNs (especially tech YouTubers that should know better) as well as the companies themselves. That’s exactly what tainted the fundamentals of what a VPN is actually used for.
Forgive me, but why do you say a VPN doesn’t hide your traffic?
If I want to connect to https://www.futacocks.kek but I don’t want my fundamentalist Christian family or institution to see my non-https DNS queries or the server I am connecting to, a VPN would prevent those groups from seeing my actual traffic.
Of course, the VPN provider will be able to see my DNS queries and know the server I am connecting to, but those are not the people I’m hiding from. The VPN will hide my exact traffic from my family/institution though.
Your VPN access to your University is for connecting to THEIR resources, not for “hiding your traffic” (which is a damn lie told to you by VPN services).
Unless the VPN of the university does split-tunnel, it can be used to “hide your traffic” even though that’s not what it is intended to do. It won’t hide it from the IT department of the university, but any VPN won’t hide the traffic from its operator.
None of the big Canadian banks I’ve used block VPNs.
How would it work for a mobile bank app then where I don’t see http vs https?
and that the certificate that they use (click on https) is actually their certificate and not some random cert
if you’re connecting to a public wifi you could be redirected to a phishing website or DNS spoofed into one).
Correction. This is actually no longer true. You can’t fake a certificate and establish a connection for a website you don’t own. If an attacker replaces the DNS request and answers with a fake Certificate, the browser will immediately notice or the session will close. It is basically impossible for an attacker to bypass this because of how Certificate validation works.
So you’re only moving the trust to the VPN provider…and they can see your traffic. So what happens when Mommy and Daddy find out the VPN you use and get the records and logs from the VPN provider because you’re a minor?
Or if you’re caught up in some legal shit and law enforcement gets those records?
It’s a farce. Commercial VPN providers are just proxy services that you have to wholly trust…
Good for you, but don´t try this on Paypal, they will not block your VPN, they will block your account.
Apps have their own integrated UI and contact the bank’s API directly over HTTPS in the backend. You don’t need to worry about a legit app downloaded from the official provider, since it’s not possible for a MITM attack to trick the app into hitting a custom backend.