The internet is a much more encrypted place than it was 10 years ago—that means much improved privacy and security for all.
HTTPS, once a rarity, has become so widespread that the Electronic Frontier Foundation will soon discontinue HTTPS Everywhere, a browser plugin that has helped keep users’ traffic from straying onto unencrypted connections for more than a decade. In their words, “HTTPS is actually everywhere.” So, mission accomplished?
Perhaps, for very specific privacy tools like HTTPS Everywhere. For VPNs and other tools whose benefits go beyond encryption, it’s onwards and upwards.
Here’s why security experts still recommend VPNs for the average internet user.
Read more: What does a VPN hide?
Risks still abound in browsers and apps
While standards have improved, HTTPS adoption still isn’t at 100%, and it might take a while yet for the long tail of the internet to get there. This means many sites and pages still lack basic encryption. A VPN ensures that your data is transmitted through a tunnel secured with strong encryption.
“Because you can’t trust that every online service or mobile app implements HTTPS correctly, a VPN is a good extra security measure,” information security expert John Opdenakker wrote on his website.
And even with HTTPS, there’s still a risk of manipulator-in-the-middle and downgrade attacks, such as in cases where attackers trick your browser into connecting to the wrong endpoint or into reverting back to HTTP. HSTS helps prevent this, but this is still only used by a small minority of sites.
Plus, much of today’s internet traffic actually comes from mobile apps, where users don’t have reassuring padlock icons or security alerts like those offered by Firefox or Chrome.
There are many prominent examples in recent years of apps that put sensitive data at risk—Bank of America and HSBC’s apps failing to verify hostnames properly, Tinder sending photos over HTTP, Clubhouse sending user and room IDs over plaintext—and it’s very hard for users to independently assess each one.
Rather than trusting every individual app to handle traffic responsibly, it’s reassuring to have one extra layer of encryption encompassing all app traffic, browser or not. Personal VPNs provide that layer, and with it greater peace of mind for any user.
Keeping your internet activity private
Furthermore, even in a world where HTTPS and other encryption standards are fully adopted, third parties like ISPs (internet service providers) and Wi-Fi network operators will still know what websites and apps you use. That’s because your connections to sites and services are established using DNS and SNI (TLS Server Name Indication), which are unencrypted by default, and thus fully visible to your ISP.
When you use a VPN, you are entrusting the VPN company to protect this data rather than exposing it to your ISP. Most subscription-based VPN providers are solely in the business of protecting user privacy and security. As prominent web security expert Troy Hunt has said, “I’d much rather trust a reputable VPN to keep my traffic secure, private and not logged, especially one that’s been independently audited to that effect.”
With the private, encrypted DNS provided by some VPNs (ExpressVPN included), your internet activity is your business. ExpressVPN also goes the extra mile to protect your privacy and security through not storing any connection or activity logs, running our VPN servers in RAM only, and having PwC independently audit both of these facts.
Security simplified for the everyday user
Despite the advances in online security, many internet users are not equipped to assess the security of apps and browsers. Any tool that makes it simple for anyone to increase their protection is essential considering the centrality of digital privacy and security today—and a personal VPN is one such tool.
We have long emphasized the importance of VPN protection when connecting to unsecured, public Wi-Fi networks, like those in hotels and airports. But the need for secure connections has increased during the global pandemic, in the absence of travel: Research shows that the shift to online working and schooling has unfortunately made many people even more reliant on untrusted Wi-Fi networks. As the Center for Democracy & Technology notes, “anywhere a network can be monitored by a curious customer, bad actor, or interested employer can warrant a VPN.” For users who need to connect to such networks, the one-button simplicity of turning on a VPN is more useful than ever.
1 of several layers of protection
Like any security tool, VPNs themselves can have leaks or vulnerabilities, which is why other layers of protection are still important—and why we’ve worked to improve the VPN industry overall, including publishing a suite of leak testing tools.
And no VPN can protect you from all threats, like someone stealing your password, or physically gaining access to your device. Personal VPNs work best as a complement to HTTPS and other protections, just as seatbelts complement airbags and safe driving. No single safeguard is sufficient when it comes to something as important as your privacy and security. That’s why we’ve created extensive guides on the various ways of improving one’s mobile security, staying safe while using a browser, how to use Tor, and much more.
We also frequently point our blog readers to different software and services that can improve their online privacy and security, while providing tips for safeguarding their devices, accounts, identities, activity, and communications.
They’re all part of an array of protections users can adopt. But in terms of comprehensiveness and ease of use, a VPN is a top component.