In VPN Should We Trust?

By Robert McGarvey

Mea culpa.  I probably have misled you about road warrior Internet security in the past. But today I am here to make amends.

The problem is the public WiFi so many of us use daily. In coffee shops, hotel rooms, meetings venues, airplanes – we hear the Siren call of public WiFi and often succumb to the temptation. We tell ourselves we will be safe because we use VPN.

For some time I have said that probably is good enough protection.

Now I am rethinking that position. A small project I’ve done with Authentic 8, a security company that has developed Silo, a secure remote browser, is what’s persuaded me that oftentimes VPN just isn’t good enough.

The problem with computing on the road starts with public WiFi which is – well documented – a hacker’s paradise.  Noted Kaspersky: “The biggest threat to free Wi-Fi security is the ability for the hacker to position himself between you and the connection point. So instead of talking directly with the hotspot, you’re sending your information to the hacker, who then relays it on.

“While working in this setup, the hacker has access to every piece of information you’re sending out on the Internet: important emails, credit card information and even security credentials to your business network. Once the hacker has that information, he can — at his leisure — access your systems as if he were you.”

If that didn’t scare you, read it again.  It’s saying that when using public WiFi you are a sitting duck.

Enter VPN, the putative magic bullet.  Many believe it makes public WiFi safe. I wrote as much myself. What VPN does is create a so-called secure tunnel and, they say, that’s ample protection against hackers.

Is it really?  That’s not what I discovered. In fact VPN often is hacked.  Here’s one write up that documents five ways VPNs can fail to deliver protection.

Here’s a headline from ComputerWeekly:  “VPN hacks can be lethal, warns security expert.”  

Here’s another headline: “DEF CON Update: Researcher Shows How To Hack VPN Services Via VORACLE Attacks.”

VPN can be hacked, it can be used to distribute malware, and, even worse, there are ever more bogus VPN apps that exist to herd the unwary sheep to hacker wolves.

Understand, I use VPN probably daily. It’s set up to self deploy on my Pixel phone when I’m in range of a public WiFi network.  I agreed to that offer from Google Fi, my cellular provider. But I am very cautious about what info I access under that arrangement. And it’s a Google VPN in the bargain.

If you are accessing public WiFi and all you have is VPN, use it.  Most of the time VPN will probably be good enough. And it’s definitely better than nothing.

But be very careful about what you access. Stay aware of VPN’s limits.

What if I want more access, and to access more sensitive data? For looking at brokerage accounts, company financial data, maybe even loyalty program balances, personal bank and credit accounts, VPN alone may not be good enough. That’s where I now say a user ought to deploy the secure, remote Silo browser or similar.  Advantages are plentiful. With it, the user location is opaque. No Web data ever touches the endpoint – what’s distributed are pixels, no more.

This document tells you what you want to know about Silo.  

What Silo does is process all web data remotely, inside a cloud container. It then transmits an encrypted display of the data back to the user. And when it’s done, Silo destroys the browser session, leaving no traces on the user’s device.

That’s the beauty of it. The web data is handled inside a secure, web based container.  There can be all manner of bad stuff in it and it won’t matter to your user session because it will live only in the cloud.  

Oh, and in my tests, I don’t see speed losses when using Silo. There of course are usually significant speed losses with VPN. If there’s a reason users don’t deploy VPN when they have it available, it’s the speed bump.  That isn’t a problem with Silo.

Note: Silo does not run on phones. For them, you will still want to use VPN. It does run on iPad. Also laptops of course.

The key point is if you want something better – more secure – than VPN, know it exists.

Full disclosure: I have done contract writing for Authentic 8, which is how I grew aware of Silo. I was not paid by Authentic 8 for this column, which I wrote on my own initiative, in large part because I remember the many cases where I scolded friends and colleagues about public WiFi and told them they needed VPN.  So I was half right. But also half wrong. Mea culpa.