The Practical Guide To Mac Security: Part 7, VPN

Using a VPN will protect your data from malicious Wi0Fi networks and ISPs. But thanks to HTTPS, it is mostly unnecessary for typical Mac users.



Check out The Practical Guide To Mac Security: Part 7, VPN at YouTube for closed captioning and more options.
Video Transcript: Hi, this is Gary with MacMost.com. This is Part 7 of my course The Practical Guide to Mac Security. This course is brought to you free thanks to my great Patreon supporters. Go to MacMost.com/patreon. There you could read more about the Patreon Campaign. Join us and get exclusive content and course discounts.
So let's look at Virtual Private Networks. Virtual Private Networks are also known as VPNs. So what is a VPN? Well, when you use a device, like a Mac, to access a service from the internet like a website a lot of things happen in-between your Mac and the website. A simplified look at that would be something like this. You would connect to your Wi-Fi and your data would travel between your Mac and the Wi-Fi. Then it would travel to your ISP usually through a modem of some sort, a cable modem or a DSL modem. So sort of equipment you've got and would go to your ISP or internet service provider. From your internet service provider it will go out to the internet where it would go from on router to another perhaps bouncing around the country or world until it finally reaches the web server that has the data. Then this works in both ways. So your request would get all the way to the website and the website would send back the data all the way through that same chain back to your Mac. There are three parts of that that are really out of your control.
Let's assume that you trust the website. That's why you're going there. Maybe it's your bank, maybe it's a shopping site and that you trust your Mac. But those three spots in-between could be places where you could be spied on. Where your data could be intercepted. Now if it's your Wi-Fi network then you're probably not concerned about that. But it could be the Wi-Fi network say at a coffeeshop, a conference center, a hotel, a school, or some other place. Then also after it leaves the Wi-Fi equipment it has to go to the internet service provider. If you're sitting in a coffeeshop, the coffeeshop is probably not an internet service provider. They probably have contracted out to a cable company or telephone company or some other internet service for their internet connection. That's the ISP that they've got. You don't know who that is. You don't know whether or not you should trust that. Then from there it goes over the network and there are lots of points there where you may or may not want to trust. That your data is going through there and somebody could see it. Let me point out that it may not be that the organization, for instance the coffeeshop, maybe the one not to trust. For instance a coffeeshop could be completely harmless. But somebody could have somehow gotten into their Wi-Fi equipment and installed malware in there. So the coffeeshop is innocent but because they are not internet savvy they haven't secured their Wi-Fi hot spot they have sitting over the counter that everybody is connected to and that's been compromised. Now you can't trust the Wi-Fi not because the coffeeshop isn't trustworthy but because their equipment has been compromised.
So VPN will help you solve this problem. If you install a VPM on your Mac and then you turn it On then this entire diagram changes to look like this. From your Mac you've got installed on it a VPM client. It's software running on your Mac. That's going to encrypt all the data as it leaves your Mac before it goes to the Wi-Fi network. So everything here in red shows where data has been encrypted. So if the Wi-Fi network has been compromised they are only going to see encrypted data. So it's just going to look like a bunch of scrambled data to them. They can't tell what it is you're doing. Where you're going. They can't see any passwords or information at all. It's basically all encrypted through the Wi-Fi network, through the ISP, and most of the way through the internet until it finally reaches the VPN server.
So when you buy a client and server for VPN, the client part is the software that gets installed on your Mac. The server part sits out there. It's the company that you're going through. So if you went through, say, ABC VPN you would get the ABC VPN client on your Mac and somewhere out on the internet would be the ABC VPN server. You're connecting directly to that through the Wi-Fi ISP and the internet. At that point the data would be decrypted and then it would go back out to the internet and to the website. So you would bypass any problem with the Wi-FI equipment, any problem with the ISP's equipment, and most of the problems that you might experience out there on the internet. Your data would be traveling, for the most part, as encrypted data that nobody could get to. So what does this protect you from?
Well, first it protects you from bad Wi-Fi networks. But also against bad local network equipment. So the Wi-Fi router could be fine but the modem, the cable modem or DSL modem sitting behind that, that might be compromised in some way. Using a VPN will protect you from that and the internet service provider itself if it's tracking data, for instance, that would just encrypt things as it goes through that internet service provider. So you're coffeeshop's internet service provider or hotel's internet service provider wouldn't really know what it is you're up to at all and wouldn't be able to intercept or see your data.
So what does it not protect you from? Well, there's a big misconception of course. Install a VPN and now you've secured everything. That's not true at all. Because most things that you worry about aren't really going to be affected at all. For instance, if the site at the other end is bad, like if you're connecting to a fake site or a site that's trying to steal your data, VPN is not going to help you. You're still giving your password or information to that site. Malware, it has nothing to do with malware. You could still download malware from a site you shouldn't trust just as easily over VPN as from anywhere else. VPN is not going to help you. You online accounts are not protected by VPN's in anyway. So if you have a weak password on your Facebook account using VPN on your Mac won't in anyway affect that. Any social engineering attacks you get, any phishing attack, any link you click on that you shouldn't, anyway you're tricked into giving up your password, the VPN doesn't help you with that at all. The other thing the VPN doesn't protect you against is the VPN company itself. So it's important if you're going to signup for a VPN that you trust that company. That company is keeping everything safe.
Now there's an alternative to VPNs called SSL. You probably know SSL more as HTTPS. If you look at a URL if you go into a website you may see HTTP colon slash slash Apple.com. But if you look closely most websites today say HTTPS not HTTP. This means it's secured. It's SSL. What SSL does is it encrypts the data from your Mac all the way to the website. So basically there's an encryption that's agreed upon between your computer and the website and the data traveling from your computer all the way through the WI-FI, ISP, and all the way through the internet to the web server is all encrypted. If sounds a lot like VPN. It is. It really does do a lot of the same things. It's actually even more comprehensive than using a VPN.
So, how does it compare? Well, one of the best things about using SSL is it's automatic. Probably every site you're going to today is using HTTPS. If you try to go to a site, like a gmail or Amazon, or Facebook, or a bank with HTTP:// it's just going to change that to add an S. It's going to automatically connect you securely. The only sites still left around that don't use secure stuff are maybe some old data sites where you're not really logging into them. Maybe you're just going to and they're just somebody's blog or something like that. Almost every site you go to today where you have to login you're doing it over HTTPS. So it's automatic. It's easy. There's nothing you need to do. You're already using it. It's Free. It's not costing you anything whereas a VPN you usually pay an annual fee to use a VPN. The only downside to it really is it's not hiding where you're going. If you're going to go to a site like Amazon then the Wi-Fi network, the ISP they all know you're going to Amazon.com. They don't know what data you're sending back and forth between Amazon.com. They just know you're going there. So there's that one little piece of privacy that probably isn't important in most cases.
So the question is do you need a VPN? Ten years ago that answer may have been, yeah it's probably a good idea. But today it's a little different. You probably don't need it in 2021. Most users will not need a VPN. It's good for that extra layer of privacy but it's not necessary for most people. Most of the time you'd be using a VPN you'd want to do it while traveling. So you'd only be using it a small portion of the time and probably while traveling you're just doing some basic things like checking your email and a few bits of shopping. Things like that and there's really no need for the privacy there. It's a good extra layer for corporate and government data. I mean if you work for a company that has a policy that says you must use a VPN, then of course obviously you've got to use it. If you're dealing with data that has value, like government data may, then they may insist on you having that installed on your Mac or devices.
One down side to a VPN that isn't present for SSL is it can make things more difficult. Trying to connect using a hotel's Wi-Fi, for instance, is already problematic in a lot of cases when Wi-Fi is pretty weak or the network is not very good. Adding a VPN to that can make things more difficult. Sometimes you get caught in a loop where, you know, the VPN wants to protect you right away but in order to connect to the internet the hotel's Wi-Fi is going to ask you some questions like your room number, name, a password or something and you're fighting between the VPN wanting to protect you and the hotel saying, wait a minute we're not going to let you access anything on the internet until you give us some information, and you can't do that when you have the VPN turned On. It can be a real pain and I've run into situations where I've been at, say a hotel and their Wi-Fi is so bad that every five minutes it seemed to disconnect and then reconnect and then the VPN has to then reconnect so I end up getting maybe, you know, four minutes of good internet connection followed by a minute of down time while it reconnects to Wi-Fi and then to the VPN.
So, where do you get a VPN if you still want one. Well, there are tons and tons of companies and here are some that I've used in the past and tried in the past. There are so many more. If you search online for best VPNs or, you know, VPN deals or whatever you'll come up with tons of websites. Some websites that you've never heard of and some that you have. But in both cases most of the sites, and you'll see that say here's some good VPNs. Try these. They're getting paid. Keep that in mind. Even if it's a website that you know and trust they're probably getting paid to actually have that link there. So if they say that one VPN is a good one or here's the top three to use and here are three links. Click one of those three links and go to get that VPN service you've probably given a payday to that site. Now that's not to say that the VPN is bad. It could be a perfectly fine VPN. As a matter of fact all of the ones here at the top that I show probably had those deals out there. It doesn't make them bad VPNs but it does mean that the review sites necessarily can't be trusted.
So keep that in mind. One other thing to keep in mind is most are basically the same. Most VPNs do not have their own network out there. When you saw that diagram earlier that showed the VPN server, VPN servers that's a whole other level. They're companies that offer VPN servers out there. When you go with a company like ABC VPN chances are they purchased time on these VPN servers. So it's not like using one VPN over another is going to give you fantastic service based, you know, on their service versus another company's service. You probably are going to get the same level of service. So it all comes down to those little apps for Mac and there are apps for the iPhone and how well they work and how cool their little features are where you can choose a VPN in your local area or one based on a country or something like that. It's really pretty much the same type of service you're going to get no matter which VPN you choose. Chances are it really doesn't matter that much which one you choose and you could usually buy a year's worth of VPN service, install it, and then, you know, the next year maybe there's a better deal from one of the other companies.
So now let me show you what it's like to use a VPN service in case you have never used one before. Typically you would pay for a service on a website, just like you would pay for any other service. Then you would download their app and run through their installer which just prompts you to install, is it okay install, enter password and all of that. Then you end up with something in the Menu Bar here that gives you access to the VPN service. So in this case I have installed something called Private Internet Access and I have an account setup with an annual subscription fee. Now you're going to get controls here and they are all going to basically be about the same in terms of what you get in the controls except that they're going to look different. They are all going to have their own little interface and icons and things like that. So, you get the little logo here. You get a big On/Off switch which is all that really matters. But typically you also get the ability to choose a location. So I can click here and choose a location and it's nice to choose one that's nearby. So in this case they've got servers here in Denver, and I'm in Denver, so it's nice for speed that I can connect to a VPN server that is really close and I also can connect to ones that are further away. I may look to different websites and services as if I'm in those locations because that's what a VPN does according to those websites. If I switch here to Texas it would appear that I'm using a computer that's in Texas. Websites also can get your GPS location and you might see every once in awhile a website request your location and that overrides that. That's your computer saying, yes I am located in Denver. But, you know, sometimes services will use these so it's handy to pick a location that's near you for speed and to make sure things that you use will continue to work normally. But if you wanted to you could pick say, you know, United States or US West or something like that and it would just pick whatever the fastest server is in that country. You can pick other countries as well if you want it to appear, you know further mask your location, and make it appear you're somewhere else. Although this may then make things not work very well if you say, oh yes I'm in London but in fact you're in the United States and then your GPS data for visiting a site and the server data may not be the same and now maybe a website has trouble helping you in some way.
So you can play with your location if you want but you don't necessarily have to to get the benefits of using VPN. Then to turn it on I just hit this big button here. That's basically what all the controls are. You know you subscribe to the service you just want to turn it on or keep it on. Sometimes there are settings. In this case under the settings here and again this is going to look different for different services, you can have Launch on System Startup, Connect on Launch so it's all automatic. If you're traveling you can just have it turned on and it's automatically going to be on. Here I'll turn it on Manually and you could see here, here's my IP Address, the real IP address of where I'm really located. This is the VPN's servers IP Address. So going back to that diagram this is my computer. This is that VPN server way out there. So everything thinks I'm here but in fact then all the data is going through the VPN service to me. So that's part of the protection there. Then while I've got this on I look like I'm here and that's about it. Everything that is encrypted between me and the VPN service and, you know, as long as I have it on it's going to work like that for any network traffic I've got. But I can then just turn it Off here to disconnect and go back to just using the internet regularly.
Related Subjects: Security (105 videos)
Related Video Tutorials:
The Practical Guide To Mac Security: Part 5, Security Questions ― The Practical Guide To Mac Security: Part 1, Introduction ― The Practical Guide To Mac Security: Part 2, Passwords ― The Practical Guide To Mac Security: Part 4, Two-Factor Authentication