Explained: Do I need a VPN on a Public Network?

Dennis Faas's picture

Infopackets Reader Neil W. writes:

" Dear Dennis,

Thanks for your interesting article on whether a VPN is safe for online banking. However, one question I can't seem to find the answer to is: do I need VPN on a public network? Do I need a VPN on a private network? What about a VPN on a shared network? An example might include a student doing banking at a university shared network. What do you think? "

My response:

Short answer: A VPN, or virtual private network is useful in a few cases - for example: hiding your tracks online (to some extent, but with major limitations) or accessing geo-restricted content. Despite what you may have read online, a VPN is not a magic bullet that will "help protect you online 100% of the time" or "completely anonymize your traffic".

Also, a VPN isn't going to protect you from being hacked while using a public network (or a private network, for that matter).

I will explain more of this further down - but first, let's discuss some basics.

Related: How to Fix: VPN Disconnect While Torrenting (Exposes IP)

What is a Public, Private, and Shared Network?

A private network is one which you use at home or in the office. The network is private because - in general - the public does not have access to the network. Even if you are on a private or work network, your activity can be logged by administrators or external websites.

A public network is one which you would use in a coffee shop, or even a university. It is considered a public network because access to the network is not restricted (because no password is being used to connect to the WiFi, or the password is known). Since the public can access this network, it is considered high-risk because hackers or bots can connect to this network as well as the public.

A shared network is one which is used with more than one device. Therefore a shared network can be a public or private network.

What is an Internal Network and External Network?

In almost 99.99% of all cases, when you connect to a network - whether it's public or private - you are assigned an internal-facing IP address. 192.168.0.100 is an example of an internal network IP address because it is a private subnet used by routers. The IP address 192.168.0.100 is then translated to the external IP address that is assigned from your Internet provider (example: 216.8.185.71).

Let's look at an example.

If my internal IP address is 192.168.0.100 and my external facing IP is 216.8.185.71 (provided by my Internet provider) and I'm trying to access Google.com (which resolves to 172.217.4.46), the connection from my machine to Google would look like this:

192.168.0.100 (my internal IP) -> 192.168.0.1 (router gateway, NAT) <-> 216.8.185.71 (my external IP via the router) -> 172.217.4.46 (Google.com).

Click here to see a graphic example of NAT.

In this case, the NAT translates 192.168.0.1 to 216.8.186.71 through the router. Technically there are two separate networks: an internal network (192.168.0.x) - otherwise known as the LAN or local area network, and the external network (the external IP address / Internet), otherwise known as the WAN, or wide area network.

Related: Explained: Difference Between VPN Server and VPN (Service)

Explained: Do I need a VPN on a Public Network?

Now that you know what a public and private network is, and also how internal and external networks work, we can now answer the question "Do I need a VPN on a public network?"

The short answer is: it's most likely not going to make any difference.

To best illustrate this, let's look at some cases where a VPN is useful:

  1. A VPN is useful if you need to access geo-restricted content online. For example, if you live in Canada and wish to view Netflix USA content. In this case, the VPN will make it appear as if you're located in the USA attempting to access USA-restricted content.
     
  2. A VPN is useful if you want to disguise your IP address when visiting websites or web services, but this has some major limitations.

    Let's look at an example.

    If you lived in Canada and used a VPN server in the USA to access this website, then the connection to this website would look like this: You (in Canada) -> USA VPN Server -> this website. Information sent from this website to your machine would flow in reverse. You can think of the USA VPN server as a "middle-man server" since it is responsible for relaying data from your machine and to your machine.

    If your activity was being logged while using a VPN, then it would appear as if the "middle-man server" is actually your IP address because data is flowing to and from that server from your machine to the destination server.

    This method is not the magic bullet to completely anonymize your Internet traffic, however. If the USA VPN server you're connected to isn't using a secure connection (https) to access the destination website, then any data sent to the destination site isn't secure. Therefore your connection is not secure. The only way for it to be secure is if all connections used https and are therefore fully encrypted 100% of the time. Even so, it won't stop the server from potentially recording your activity, even if your IP is anonymized.
     
  3. A VPN is also useful if you want to connect to a public or "shared network" in order to hide your activity from being logged. However, it won't protect you from being hacked online the public network.

    Let's look at some examples.

    The moment your device is connected to a public network, it is assigned an internal-facing IP address for that network (ex: 192.168.0.100), as previously discussed. If the network was compromised, a hacker (or bot) on the same internal network could attempt to access your device through the internal network. Whether or not you use a VPN to "hide" your activity online the external network does not matter, because the hacker (or bot) is accessing your device on the internal network. Therefore the VPN is only applicable to your external network.

    If you are visiting a coffee shop and wish to connect to your online bank, the bank's website will be using https (secure http) to encrypt your data sent to and from the bank's website to your device. This automatically means everything between you and the bank is secure (on the external network), even if you're on a public network with an internal IP address. Therefore a VPN isn't needed on a public network to access your bank because the bank uses https.

Conclusion

The only thing a VPN will do while you're connected to a public / shared / private network is hide your IP address and some of your activity - but the latter depends on whether or not you're using a secure server 100% of the time. Don't be swayed by websites that claim "you need a VPN to protect yourself online" - these claims are often incredibly misleading.

I hope that helps!

Got a Computer Question or Problem? Ask Dennis!

I need more questions. If you have a computer question - or even a computer problem that needs fixing - please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 5 (10 votes)

Comments

matt_2058's picture

Thanks for the explanation.

I was looking into getting a VPN for when I remotely connect to my NAS. It looks like I don't need it.

Or am I wrong?

Dennis Faas's picture

Any time you want to connect from remote to home (for example) you should go through a local VPN Server, not a VPN Service. Look at this article that explains the difference in detail:

Explained: Difference Between VPN Server and VPN (Service)

If you need help setting up the VPN Server I can do this for you using remote desktop support. Just send me an email.