Does A VPN Protect You From Hackers

What Is A VPN And How Does It Work?

A Virtual Private Network (VPN) is a hardware or (more commonly these days) software-based solution that creates an IP security tunnel between point A and point B. Point A is normally your computer. And point B is usually the ‘entry node’ for a VPN service provider.

This point-to-point IP security tunnel is usually encrypted. And the resources on the other side can be made available as if they were ‘local’. In other words, rather than your Internet traffic starting from your home or office, it appears as though your traffic’s origin is elsewhere… usually one of the VPN provider’s exit nodes.

This is why VPNs are used to access secure work networks. Given the right authentication, the VPN virtually ‘punches a hole’ through the outer layer of a company’s security and allows employees to access the inner workings over the public Internet. It’s like they’re sitting in the office, as far as access control is concerned. This is fine because they usually employ heavy encryption to prevent any kind of snooping on the wire.

For a public VPN that you can get commercially for home use, this feature instead allows you to be a location chameleon. You can appear to be a user from another region, even another country. Your IP address will seem to be whatever IP the VPN’s exit node is using. And (if they’re any good) you’re still protected from your ISP snooping on you, because of the encryption.

Can A VPN Protect Against Hacking?

Now that you understand the technology, you can see that there are a couple of hacks that probably won’t work over a VPN.

For example, ‘Man in The Middle’ or any kind of wire-tapping that would take place between your device and the VPN’s exit node is useless if the IP tunnel is significantly encrypted. And snooping on the far end of the tunnel only matters if personal information is being shared ‘in the open’, or if the snooper can hack the VPN service itself to try to figure out the point of origin. Even then, unless the VPN service foolishly keeps logs, you’re relatively safe.

VPNs can also prevent ‘active’ hacks, like port and service attacks against your computer. The attacker will actually be going after the exit node on the far end, in most scenarios. They won’t know your real IP address, and they’ll have no way of port scanning you. Direct attacks that are effective through an encrypted tunnel are exceedingly rare.

But here’s the problem: The vast majority of hacks these days are either passive, or they’re social engineering.

In other words, hackers get their target to hack themselves most of the time. They do this by providing links to dodgy websites in E-mail that some people foolishly click on. They also do this by using social networks and messaging apps to contact and speak with their targets, either pretending to be someone trustworthy or inviting the victim to use a certain product or service.

Another method of hacking that is invisible to a VPN is buying password lists. There are millions of websites hacked every year. A lot of people reuse the same passwords over and over again on several different sites. Some hackers simply buy (or just download publicly available) username/password lists that were taken from hacked sites. They then try those combinations on other popular websites to see if the user was foolish enough to use the same credentials on something more important.

Finally, malware is a major gateway for hackers. Infected files that the target willingly downloads and installs, ranging from device drivers to pirated apps and everything in between, can carry a payload that will completely open up their system to an attacker.

A VPN will not protect you from social engineering, malware, dodgy websites, reused passwords, or anything you willingly install on your system.

These days, the vast majority of hacks are one of the above methods. So does a VPN protect you from hackers? Not really, no.

What’s More Secure Than A VPN?

Can a VPN protect against hacking? Usually not. But can a VPN plus proper privacy and security software protect against hacking? Yes, if the user is careful about what personal information they share online.

The standard advice always applies here, of course: Keep your antivirus, anti-malware, and firewall active and up to date. But you can go a step further.

A privacy and security product like Hoody can help to mask your identity online. Attackers who are using methods like web browser fingerprinting to identify and track you will be out of luck. Hoody scrambles the information that would be used to uniquely identify your particular combination of hardware and software.

Hoody provides all of the benefits and protections of a normal VPN, but with significant enhancements. For example, it can automatically help get around censorship by searching for ‘intact’ versions of redacted websites that you’re trying to reach. Best of all, they do not ask for an E-mail address and they keep no logs. So anyone trying to dig up dirt, either through a subpoena or by trying to hack a Hoody exit node, is going to be in for a lot of disappointment.

Of course, social engineering is ten times harder if the hacker has no E-mail address to work with. And password lists are useless to them if you never use the same password twice. So consider using a throwaway E-mail address when signing up to a new site, and a central password manager to generate strong, randomized passwords for every site you visit.

Remember - Nothing Can Protect You From Yourself

There are also edge cases to consider: A Hoody or a VPN only protects a certain leg of your communication. Hacks on the ‘near end’, including spyware and malware, can intercept both the source of any given query and the results by recording your screen, keystrokes, and even your mic and camera. Because these hacks share your user experience and aren’t looking at the encrypted traffic, they don’t care about your privacy software.

There are also rarer ‘far end’ hacks that take place on the far side of a VPN’s exit node. This is similar to monitoring as above, but from the perspective of (for example) a government-controlled backdoor. Some countries like Russia and China have mandatory backdoors in their networking hardware. Be aware that anything you share with sites in those countries is not private, even though supposed ‘private messages’ or ‘encrypted chat rooms’. If it isn’t true end-to-end encryption, don’t trust it.

On that note, here’s a final word of caution: No software can save you from yourself if you leave personal information in live chats, messaging services, or Internet forums. Keep your personal information personal!