What are the drawbacks of using a VPN ? What problems can it cause and how to use it optimally ?

[TrinitronMSDOS]

So i have just recently started using a VPN and have taken the habit of using it most of the time.

There are many post about the advantages of using a VPN, which ones are the best, what are the different uses for it, how to to set it up, etc...

But i have seen very few posts or articles about the drawbacks of using a VPN, and i think it's time to make one, as that could be useful for those wondering the same questions.

After reading different posts on forums, I've noticed that VPNs can indeed cause some problems and that many users are often left with questions unanswered. Some of which are:

1: using a VPN when connecting to your bank could cause them to ask your for security prompts or even temporarly lock your online access as it might be interpreted as a hack attempt. Same goes for PayPal that advise to turn it off when making purchases.

2: VPNs are securing your connection, but is that a good idea using one while making an online purchase ? I'm not too sure how the bank or website would react to a UK citizen purchasing from Russia and the next day from yet another country.

3: when making a purchase on Steam while using a VPN, it appears that you could have your account suspended, as some have abused this to buy cheaper game on different country stores.

4: some softwares seem to remember your IP (Adguard does in it's online license manager for desktop version). I have no idea how some products licensing would react when seeing the IP change for another activation or even after activation.

5: while some users are using a VPN in order to access the US Netflix, others are using it for privacy only. I wonder what problems could happen when accessing such movies streaming services while on a VPN. A warning from Netflix ? A temporary ban ? A deleted account ?

6: it appears that most popular services such as Google, Microsoft, Facebook, etc... are usually not causing too much troubles even on a VPN. But I've read complaints about, for example, Microsoft asking security versifications or sending systematically "suspicous login attemp" emails to their users when connecting to a VPN.

7: is using a VPN most of the time, even while at home, causes more problems than it solves ? Or is it still worth it for the extra layer of security and anonymity ?

8: what's trend with VPN use ? Does it tend to be more and more popular with an increasing number of users or the other way around ? Opinions vary vastly, some considering essential for privacy in today's world, while others associating it to hacking and other illegal activities. What's the current trend on that as well ?

Ultimately, i think it would be a good idea if those of you that are the most familiar with VPN uses could answer these most frequently asked questions as well as set some basic rules for both newcomers and anyone using a VPN. Such as, in which scenario to deactivate it and with which services ? What should VPN users do while banking or making online purchases ? Which popular online services such as Facebook, Google, etc... are the most VPN friendly and which ones tend to cause the most disturbances.

Anyway that is if any of you have the time and patience to do so

As for me, i'm not yet familiar enough with VPNs to answer most of these questions, some of which i am still wondering myself.

 

[Prorootect]

"What are the drawbacks of using a VPN ?"
- browser, web browsing slow down?

Does being on a VPN slow down your web browsing?: on quora.com: https://www.quora.com/Does-being-on-a-VPN-slow-down-your-web-browsing

How much does VPN slow down Internet connection?: Does VPN slow down Internet connection? Is VPN speed affected?

 

[Deleted member 65228]

1: using a VPN when connecting to your bank could cause them to ask your for security prompts or even temporarly lock your online access as it might be interpreted as a hack attempt. Same goes for PayPal that advise to turn it off when making purchases.

Yes, this is true. An idea for you would be to call them in advance and let them know you plan on making a purchase and see if this can change anything for the purchases you need to make - even if it doesn't, you can disable your VPN before a purchase and use your protected home network and then switch back to enabling VPN again.

2: VPNs are securing your connection, but is that a good idea using one while making an online purchase ? I'm not too sure how the bank or website would react to a UK citizen purchasing from Russia and the next day from yet another country.

It likely won't react very well but that depends on the security of your bank. You can disable the VPN before making the purchase or if you do get locked out, it's nothing a phone call won't solve (and there should be a telephone-free number you can call).

3: when making a purchase on Steam while using a VPN, it appears that you could have your account suspended, as some have abused this to buy cheaper game on different country stores.

This is true as well. However, if you knowingly use VPN to purchase games on Steam whilst it believes you're in another country and you know of the guidelines then you'd be violating them intentionally. If a misunderstanding happens then you can communicate with them and try and solve it by paying the difference, but the best option would be to just disable the VPN before purchasing.

4: some softwares seem to remember your IP (Adguard does in it's online license manager for desktop version). I have no idea how some products licensing would react when seeing the IP change for another activation or even after activation.

Most people have a dynamic IP address so I do not know how this is supposed to work but I doubt they rely on this entirely, there must be some sort of license key which can be registered on up to X devices at once - I doubt VPN will interfere with this as long as it isn't security-related.

5: while some users are using a VPN in order to access the US Netflix, others are using it for privacy only. I wonder what problems could happen when accessing such movies streaming services while on a VPN. A warning from Netflix ? A temporary ban ? A deleted account ?

Netflix won't ban your account, and they may not even detect the VPN - it really depends on what VPN provider you're using and how new the server being used is. If Netflix detects the VPN then it'll tell you that it cannot connect because a VPN/proxy was detected and you'll have to disable it and then refresh. They don't do this because they dislike privacy, they do it because under the law of various countries they provide their services to, they are enforced to do it... They aren't allowed to let some films/programmes watched depending on the location, the selection available differs between country/location.

6: it appears that most popular services such as Google, Microsoft, Facebook, etc... are usually not causing too much troubles even on a VPN. But I've read complaints about, for example, Microsoft asking security versifications or sending systematically "suspicous login attemp" emails to their users when connecting to a VPN.

Unlock the account if it gets locked. Usually the texts will be free to receive or an e-mail verification for a secondary account/security question answer will be required. It happens to me all the time and it takes hardly any time to get by it.

8: what's trend with VPN use ? Does it tend to be more and more popular with an increasing number of users or the other way around ? Opinions vary vastly, some considering essential for privacy in today's world, while others associating it to hacking and other illegal activities. What's the current trend on that as well ?

I'd say that usage is increasing more and more for security and privacy reasons.

It seems most of these questions pretty much evolve around: "What should I do when using a VPN and handling purchases?". The answer is to simply disable the VPN when making an online purchase, and don't make a purchase unless the source you're purchasing from is reputable and trusted, but also HTTPS secured.

On that note, you can set your VPN location to the same country you're residing in usually. This would help prevent unexpected lock-outs because services with such security are likely to be a lot more irritated by IPs from another entire country more than small difference. You may even be able to pick a server closer to yourself. It may ruin the point of VPN a bit for some but at the end of the day at-least the IP isn't really going to be yours and won't be tracked to a more precise location of where you are.

 

[TrinitronMSDOS]

@Opcode That is probably the most informative and detailed answer i have ever seen about a VPN, and I've read a lot. Thanks a lot for taking the time to answer. Some of these details where very useful for me and i'm pretty sure it will be for many users out there wondering the same things.

You're the VPN master

 

[HarborFront]

You want drawbacks? OK, I give you some

VPN Security Vulnerabilities

Using pre-shared keys – A number of mainstream commercial VPNs have their preshared keys (PSKs) posted online; these include PureVPN and IPVPN . If an attacker knows the PSKs for a VPN service and has access to the network a user is using, the attacker can stage a man in the middle attack and decrypt all of the user’s traffic.

Insecure protocols and encryption – Many VPN services use PPTP protocol as a basic way to tunnel and encapsulate data packets. However, PPTP is fundamentally insecure due to using short length encryption keys and password hashes that can be easily cracked by a well resourced state actor. L2TP/IPSec is another popular VPN protocol. However, the NSA has already succeeded in tampering with it. Furthermore, many VPN services which use more secure protocols such as OpenVPN remain vulnerable because of the use of insecure ciphers.

No Forward Secrecy – Most VPN services do not require use of Perfect Forward Secrecy ciphers, so VPN network traffic can be saved, and decrypted later if the encryption keys or algorithms are compromised.

DNS Leakage – Whenever a web connection is made, a computer will first translate a domain name into an IP address. This lookup is done via DNS servers. Thus, DNS lookup records also contain a log of all websites visited. While VPN services usually will protect web traffic, many do not protect DNS lookups, meaning that user’s browsing history can still be reconstructed from DNS lookups.

Methods of VPN Compromise

Even if a VPN service is not vulnerable to the internal problems listed above, they can still be compromised externally. Common problems that can lead to a VPN service being compromised include the following:

Jurisdiction – VPN providers are subject to the laws of the country that they operate in, and these laws (like the Investigatory Powers Act in the UK and the Foreign Intelligence Surveillance Act in the US) can force VPN providers to compromise their users. This means VPN providers with significant US and UK presence are compromised by default. These include HideMyAss (UK), VyperVPN (operated from the US), Strong VPN (US), HotSpot Shield (US), IP Vanish (US) and many others.

Compromised servers – VPN providers cannot maintain physical control and supervision over all servers, especially servers in countries that are not privacy friendly. This creates opportunities for state actors to compromise VPN exit servers, sometimes with the collusion (forced or not) of the companies providing servers to VPN operators. In a typical VPN setup, compromise of the exit server completely compromises the browsing activity of VPN users.

Correlation Attacks – Even if the exit server itself is not compromised, network based correlation attacks can still compromise a user. By seeing who is connecting to an VPN exit server at a given instant, and what sites the VPN exit server is connecting to, a user’s browsing can be reconstructed. Such an attack is easily within reach of most state actors as they can request assistance from ISPs.

How to pick the best VPN service - ProtonMail Blog

 

[Stopspying]

A couple of initial thoughts in response to the OP.

For sites where location is important ensuring that my VPN says I'm in the country that those sites expect me to be is enough to avoid problems. When I've forgotten to do this I invariably end up with further hoops to jump through before I can access the site of the webmail, financial service, online vendor, often the easiest way to deal with it is wipe that site's cookies, set the VPN to the expected country and sign in again. It happens mostly to me when I use a password manager to sign in, if I use a bookmark/type the URL I always seem to remember to make sure I've got my location showing as expected by the site, a strange personal foible maybe. Having said this I realise that a lot of the smaller VPN's don't always have a wide range of countries where their servers are based, so switching your VPN off when using those services might be the easiest way to access them.

I've used a number of VPNs and tend to keep them 'on' most of the time, it can slow down my experience but I'd rather hide my presence online from as many snoopers as I can. Much like I'd rather have a slower and more secure bootup experience than a amazingly fast one that computer reviewers so often seem to prioritise as a must in their reviews of new machines. Double-hopping seems to slow my connection speed by more than double what a single hop would, not sure why it seems so much slower and from what I've read I'm not convinced that double hopping is worth it.

 

[zzz00m]

1: using a VPN when connecting to your bank could cause them to ask your for security prompts or even temporarly lock your online access as it might be interpreted as a hack attempt. Same goes for PayPal that advise to turn it off when making purchases.

6: it appears that most popular services such as Google, Microsoft, Facebook, etc... are usually not causing too much troubles even on a VPN. But I've read complaints about, for example, Microsoft asking security versifications or sending systematically "suspicous login attemp" emails to their users when connecting to a VPN.

I chose to start using a VPN full time for privacy when the US Congress voted to allow US ISPs the ability to collect and sell our browsing history. No brainer!!!

So I have noticed a few things in regards to your VPN usage questions, but any issues have been fairly minor so far, with the trade off for privacy worth it, IMHO.

The physical speed of my broadband connection has slowed slightly, but is only noticeable if I am downloading GB's of data. Easy to just temporarily disconnect the VPN during large downloads.

I typically connect to a VPN server that is one or two states away, so maintaining the best connection speed possible. I do not hop around to different countries, but that still sets off some banks and online merchants, due to my VPN location not matching up with the region of my mailing address.

1: using a VPN while banking - many times I will get a prompt for a 2-factor authentication code, typically sent via either text or email, with a code to enter. This is probably something we should have set up as default with any banks or financial institutions anyway. It's good to know that a hacker halfway around the world cannot sign on to my bank account without also having access to my cellphone and/or my email address.

6: Occasionally I will get prompted to enter a 2-factor code from Facebook or online merchants, such as Amazon, or gaming sites such as Steam or GOG.. But it's not that much of an inconvenience, and is reassuring that these accounts are also being protected.

Bottom line, if you wish to avoid the extra steps sometimes needed while using a VPN, it is usually only click to disconnect, then do your business as normal.

 

[TrinitronMSDOS]

Thanks a lot @HarborFront @Stopspying and @zzz00m for the very valuable informations and taking the time to go into details

With all of you guys expertise, this post has enriched my knowledge on VPNs and i'm sure i will help others wondering the same questions.

 

[Deleted member 65228]

I chose to start using a VPN full time for privacy when the US Congress voted to allow US ISPs the ability to collect and sell our browsing history. No brainer!!!

Just to ensure you're aware, many browsers themselves will record URLs being typed in and many search engine provider's will record search queries. This data could then in theory be sold by a provider at their own will depending on their privacy policy. You'll likely want to be using a browser like Firefox or Brave if you're privacy-caring over a browser like Google Chrome.

Therefore, using a VPN doesn't mitigate data collection at all. It will simply help mask it away from being used in a way which could identify you - although this is neither the case all of the time because there are many ways aside from an IP to digitally finger-print someone.

 

[TrinitronMSDOS]

Using a dedicated IP on VPN would solve all of your problems you listed above.

Indeed you're right, haven't thought of that

 

[zzz00m]

Just to ensure you're aware, many browsers themselves will record URLs being typed in and many search engine provider's will record search queries. This data could then in theory be sold by a provider at their own will depending on their privacy policy. You'll likely want to be using a browser like Firefox or Brave if you're privacy-caring over a browser like Google Chrome.

Therefore, using a VPN doesn't mitigate data collection at all. It will simply help mask it away from being used in a way which could identify you - although this is neither the case all of the time because there are many ways aside from an IP to digitally finger-print someone.

I have considered all of those issues and more. Agree that you definitely need more than just a VPN for privacy. My last post was strictly addressing data collection by my primary ISP. Using a VPN is just one link in a large chain of privacy protection.

I use Firefox as my primary browser, without using the sync feature, Duck Duck Go for search (no logging) and with several extensions including uBlock Origin, Disconnect, and Privacy Badger. uBO disables pre-fetching and hyper link auditing. I use uMatrix to limit 3rd party scripts, also clears my browser cache hourly and spoofs http referrer string of 3rd party scripts. I clean my cookies daily with another program.

I also avoid staying logged into social websites or cloud services except when actually using them.

I am certain that my Android phone is probably the biggest leaker of personal info, but I even use a VPN on that over any wi-fi connections. I limit what I do on the phone to what is absolutely necessary for convenience when I am out and about. It is rather creepy when I turn on location service, and reminders keep popping up to share about a store I visit, or asks me if I want to share a photo I just took. Yikes!!!

I still feel like I am probably missing something!

Oh yeah, one more thing. On Windows 10 use a local account only, no Miscrosoft account!