VPN network for extra security?

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
BLADEMDA

BLADEMDA

Full Member
Lifetime Donor
Verified Member
15+ Year Member
Platinum Member
Joined
Apr 22, 2007
Messages
22,638
Reaction score
9,716
So I like to log into my financial accounts sometimes when I am at work. Should I be using a VPN? What about mobile hot spot instead of a VPN? If you recommend a VPN which one And how much should I pay? I read VPN's can slow down your internet so I have stayed away so far.
Members don't see this ad.
 
Well VPN only works to a certain extent. They know where ur ip is being logged

Pain to watch YouTube tv with vpn and watch out of market football or mlb app in various apps with my vpn (nord vpn) and some apps won’t even load if u forget its running like duke energy app won’t load at all with any vpn running.
 
Depends on your level of paranoia but generally speaking you should have a 2FA (ideally an authenticator app or dongle since phone numbers can be spoofed/stolen and aren't as secure) that is required before executing any trades or adding any new accounts. This will protect the actual assets and should be enough without the enormous hassle of a VPN IMO. If you are paranoid someone could look in and see how much money you have then you should never access it outside of your home secured network.
 
Members don't see this ad :)
BLADEMDA said:
So I like to log into my financial accounts sometimes when I am at work. Should I be using a VPN? What about mobile hot spot instead of a VPN? If you recommend a VPN which one And how much should I pay? I read VPN's can slow down your internet so I have stayed away so far.
Click to expand...
I do. Nord vpn. On phone and home and work. And I use bit defender antivirus and firewall. Ever since I started doing this have had zero security issues.
 
The only thing a VPN does is hide your IP address from the website that you are trying to access. It doesn't necessarily offer additional security when browsing the internet at work, the websites are already encrypted and verified with SSL/TLS certificates. There is a lot of confusion out there about VPNs offering more security when accessing a website. Your best security asset is between your ears.

Without VPN:
Phone ---> Hospital Wifi Router ---> Website (Hospital Wifi router sees what website your requested, website sees your IP address, only website sees what you typed and your passwords, login, etc)

With VPN:
Phone ---> VPN encrypts data ---> Hospital Wifi Router ---> VPN server (decrypts only VPN level encryption) ---> Website (Hospital Wifi router sees you using a VPN, website sees VPN server IP address, only website sees what you typed and your passwords, login, etc)

A VPN would allow you to have less concern with a "man-in-the-middle" attack at your site of work as all your web traffic is sent encrypted to the VPN server before being un-encrypted (by the VPN) and sent to the website. But now, you are just trading one risk for another. Am I safer with my work place's internet knowing which websites I visit or the VPN service knowing which websites I visit? Again, neither your work place's IT department nor the VPN service can actually see what you are specifically doing on the websites just that you are accessing them since the vast, vast majority of website utilize "https" and not "http" meaning the page is encrypted and verified. If they can, there is a problem with the encryption algorithm which means that there is a much more systemic problem at bay.

So what should you do? Just turn off the wifi on your phone when you want to do financial stuff at work from your phone. It's basically saying that you are trusting your own phone service provider with knowing that you are accessing financial websites and you don't have to worry about a random VPN service or your work's IT department knowing about it. You also don't raise suspicions with the hospital asking "why are they using a VPN?" or "why are they trading stocks at work?".

So when should you use a VPN? When you want to use fast wifi at the airport, on a plane, in another country, or public wifi hotspot when you don't have phone service or very limited phone service forcing you to use sketchy wifi to accomplish tasks. This shifts the risk from a highly targeted and dangerous access location to a (likely) more secure and reliable VPN service.

What VPN to use? I recommend ProtonVPN. It's free, reliable, decently fast speeds and it comes from a trusted company. Yes, VPN inherently burns more battery, uses more CPU, and will likely slow down internet speeds since there is a lot of work being down on the back-end.
 
Oh, and if you're doing this on a work desktop or laptop, it doesn't matter. They will see it anyway. In fact, a lot of hospital have the ability to screen share and screen record without any indication on your end. Arguably, this is even less safe since they can see what your actual username is and estimate how many characters your password is if just screen sharing or even see what you are typing with keylogger software. A mobile hotspot running a VPN won't help you if you are trying to hide it from work.
 
Just don’t give a reporter access to your phone 😉

Most financial service websites use https protocol, so a VPN is just a second layer of encryption between you and your financial services provider. The downside is you are adding another middleman that you have to trust. 2FA should be mandatory even on a secure home network. If your phone or device is not secure (malware, phishing, shared device, etc.) then you can have all the encryption in the world and it won’t matter.

Sometimes I think VPNs give people a false sense of security and people forget about other ways to protect themselves online. Before I paid for VPN service, I would make sure all my passwords are changed regularly and ensure that my devices themselves were secure. I like using a dongle for 2FA.

Also, slightly unrelated, but still pertinent…don’t forget to run a credit check every 6-12 months. I’ve uncovered shenanigans that way.
 
vpns are useful for shielding your activity online from hostile/untrustworthy WiFi providers.

for most financial transactions, you most likely trust your US mobile data carrier (Verizon/att/tmo) and your concern would be not exposing yourself to snooping in the hospital WiFi side. Hence, I’d just go on mobile data if I wanted to check financial stuff. If you have data access in your parts of the hospital, that’s the easiest thing to do.

If you don’t have good mobile data signal and have to use hospital WiFi, then a vpn makes sense. Proton is fine. I happen to like mullvad. It’s €5 a month. They don’t keep logs and in fact don’t allow subscription. You have to renew every month. They literally don’t want your info.
 
maxxor said:
vpns are useful for shielding your activity online from hostile/untrustworthy WiFi providers.

for most financial transactions, you most likely trust your US mobile data carrier (Verizon/att/tmo) and your concern would be not exposing yourself to snooping in the hospital WiFi side. Hence, I’d just go on mobile data if I wanted to check financial stuff. If you have data access in your parts of the hospital, that’s the easiest thing to do.

If you don’t have good mobile data signal and have to use hospital WiFi, then a vpn makes sense. Proton is fine. I happen to like mullvad. It’s €5 a month. They don’t keep logs and in fact don’t allow subscription. You have to renew every month. They literally don’t want your info.
Click to expand...
I use Mullvad as well. I don’t trust any VPN that’s free, and Mullvad is very anonymized with how you pay. It integrates seamlessly into all of my devices too. I do have to turn it off sometimes, as some websites or services will reject traffic coming through a VPN (my Toyota app for example).

Personally I never use the hospital WiFi and just use my own personal data unless I’m on my home WiFi.
 
ProPropofol said:
Oh, and if you're doing this on a work desktop or laptop, it doesn't matter. They will see it anyway. In fact, a lot of hospital have the ability to screen share and screen record without any indication on your end. Arguably, this is even less safe since they can see what your actual username is and estimate how many characters your password is if just screen sharing or even see what you are typing with keylogger software. A mobile hotspot running a VPN won't help you if you are trying to hide it from work.
Click to expand...
OK. I will turn off my wi fi and use 5G cell service. If I use my laptop I will use my phone 5G for the internet.
 
BLADEMDA said:
OK. I will turn off my wi fi and use 5G cell service. If I use my laptop I will use my phone 5G for the internet.
Click to expand...

ProPropofol said:
The only thing a VPN does is hide your IP address from the website that you are trying to access. It doesn't necessarily offer additional security when browsing the internet at work, the websites are already encrypted and verified with SSL/TLS certificates. There is a lot of confusion out there about VPNs offering more security when accessing a website. Your best security asset is between your ears.

Without VPN:
Phone ---> Hospital Wifi Router ---> Website (Hospital Wifi router sees what website your requested, website sees your IP address, only website sees what you typed and your passwords, login, etc)

With VPN:
Phone ---> VPN encrypts data ---> Hospital Wifi Router ---> VPN server (decrypts only VPN level encryption) ---> Website (Hospital Wifi router sees you using a VPN, website sees VPN server IP address, only website sees what you typed and your passwords, login, etc)

A VPN would allow you to have less concern with a "man-in-the-middle" attack at your site of work as all your web traffic is sent encrypted to the VPN server before being un-encrypted (by the VPN) and sent to the website. But now, you are just trading one risk for another. Am I safer with my work place's internet knowing which websites I visit or the VPN service knowing which websites I visit? Again, neither your work place's IT department nor the VPN service can actually see what you are specifically doing on the websites just that you are accessing them since the vast, vast majority of website utilize "https" and not "http" meaning the page is encrypted and verified. If they can, there is a problem with the encryption algorithm which means that there is a much more systemic problem at bay.

So what should you do? Just turn off the wifi on your phone when you want to do financial stuff at work from your phone. It's basically saying that you are trusting your own phone service provider with knowing that you are accessing financial websites and you don't have to worry about a random VPN service or your work's IT department knowing about it. You also don't raise suspicions with the hospital asking "why are they using a VPN?" or "why are they trading stocks at work?".

So when should you use a VPN? When you want to use fast wifi at the airport, on a plane, in another country, or public wifi hotspot when you don't have phone service or very limited phone service forcing you to use sketchy wifi to accomplish tasks. This shifts the risk from a highly targeted and dangerous access location to a (likely) more secure and reliable VPN service.

What VPN to use? I recommend ProtonVPN. It's free, reliable, decently fast speeds and it comes from a trusted company. Yes, VPN inherently burns more battery, uses more CPU, and will likely slow down internet speeds since there is a lot of work being down on the back-end.
Click to expand...
I put proton VPN on my Chrome Extension desktop. When do I need to use it? I really don't care google is tracking my data or Amazon sees all the Chinese made crap I buy.
 
I’ve heard partners say that in addition to security relating to financial accounts, VPN may give some level of protection if a plaintiffs attorney seeks to subpoena your activity on a device.
 
[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]]]]]][emoji[emoji[emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6]]]][emoji[emoji6][emoji6]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]]][emoji[emoji[emoji6]][emoji[emoji6][emoji6]]][emoji[emoji[emoji6]][emoji[emoji6]]]" data-quote="caligas" data-source="post: 0" class="bbCodeBlock bbCodeBlock--expandable bbCodeBlock--quote js-expandWatch">
caligas said:
I’ve heard partners say that in addition to security relating to financial accounts, VPN may give some level of protection if a plaintiffs attorney seeks to subpoena your activity on a device.
Click to expand...

Get another prepaid eSIM card. Buy it with your wife ‘s credit card.
 
Last edited:
Members don't see this ad :)
caligas said:
I’ve heard partners say that in addition to security relating to financial accounts, VPN may give some level of protection if a plaintiffs attorney seeks to subpoena your activity on a device.
Click to expand...
This is true at least to an extent. Your browsing data (eg were you on instagram when things went south?) could be discoverable via the hospital WiFi logs or your cell phone company logs, and a VPN would obfuscate this. Practically speaking I’m not sure how much of a risk this is because most logs are purged after a modest interval anyway.

These days I’d be more concerned by a vengeful government who demands hospital WiFi logs or cell company logs to see if I made negative comments about our dear leader, and using this as a means to cut off CMS funding or attempt to delicense someone.
 
kidthor said:
This is true at least to an extent. Your browsing data (eg were you on instagram when things went south?) could be discoverable via the hospital WiFi logs or your cell phone company logs, and a VPN would obfuscate this. Practically speaking I’m not sure how much of a risk this is because most logs are purged after a modest interval anyway.

These days I’d be more concerned by a vengeful government who demands hospital WiFi logs or cell company logs to see if I made negative comments about our dear leader, and using this as a means to cut off CMS funding or attempt to delicense someone.
Click to expand...
That’s easily solved by just not saying anything bad about the government. 😉
 
GravelRider said:
Most financial service websites use https protocol, so a VPN is just a second layer of encryption between you and your financial services provider.
Click to expand...
That's not quite correct.

A VPN is a second layer of encryption between you and the VPN service's exit node. From there it's just plain HTTPS to the financial services provider. Which, of course, is fine. But it's not double encryption end-to-end.

There's no need to use a VPN if your use case is secure communications with a bank or brokerage. HTTPS is good.


We use Tailscale for a VPN to connect our phones to our home network, so we can securely access our security cameras without opening any ports or doing any port forwarding on our firewall. It's an amazing app, based on Wireguard, and free for personal use.

Other than that the only use I've ever had for a VPN was to pretend to be someplace I wasn't for Netflix.
 
BLADEMDA said:
I put proton VPN on my Chrome Extension desktop. When do I need to use it? I really don't care google is tracking my data or Amazon sees all the Chinese made crap I buy.
Click to expand...
My recommendation would be whenever you are connecting to public wifi in a place where you don't necessarily trust that people are going to play nice:
-Coffee shops
-Libraries
-Airports
-Planes
-Foreign Countries
-Random store wifi
-Hotel wifi
-Etc

Not an exhaustive list. What you are protecting against by using a VPN on public wifi is:
1. The runner of the router seeing what websites you are accessing and the local IP address of your device which in combination can be used for targeting you for extracting sensitive information (bank details in this case). It looks like you are just accessing whatever the IP address of the VPN server is from the owner of the router.
2. Avoiding a man-in-the-middle attack with a someone posing as the network that you want to connect to. The in-between device intercepts the packets being sent to the actual wifi router but sends them to the actual router so you don't suspect anything (everything works normally on your end). Given enough time, you can decrypt the packets sent to the actual router and get access to passwords and login details or whatever you are doing on your computer. The VPN encrypts the data being sent to the router with a more complex algorithm than WPA3 so it is harder to crack.
 
pgg said:
That's not quite correct.

A VPN is a second layer of encryption between you and the VPN service's exit node. From there it's just plain HTTPS to the financial services provider. Which, of course, is fine. But it's not double encryption end-to-end.

There's no need to use a VPN if your use case is secure communications with a bank or brokerage. HTTPS is good.


We use Tailscale for a VPN to connect our phones to our home network, so we can securely access our security cameras without opening any ports or doing any port forwarding on our firewall. It's an amazing app, based on Wireguard, and free for personal use.

Other than that the only use I've ever had for a VPN was to pretend to be someplace I wasn't for Netflix.
Click to expand...
Love Tailscale. It's super easier to set up and run it through my AppleTV to access my NAS.
 
  • Like
Reactions: pgg
Best advice I can give is use a SEPARATE computer but ideally a MAC even though im not a fan its safer overall. Use a VPN with cellular internet. Have a separate phone for 2FA. Never use the mac or extra cell phone for anything else and that phone number is never given out.

you can use a yubikey which is like a usb stick that must be plugged into given mac to even work. Also, you can enable major brokerage to be on lockdown if your not planning to trade or move anything around anytime soon so everything needs to be done in the branch office.

Never understood why people who had 7 figs plus were on the cheaper side to do the above. Good luck.
 
finalpsychyear said:
Best advice I can give is use a SEPARATE computer but ideally a MAC even though im not a fan its safer overall. Use a VPN with cellular internet. Have a separate phone for 2FA. Never use the mac or extra cell phone for anything else and that phone number is never given out.

you can use a yubikey which is like a usb stick that must be plugged into given mac to even work. Also, you can enable major brokerage to be on lockdown if your not planning to trade or move anything around anytime soon so everything needs to be done in the branch office.

Never understood why people who had 7 figs plus were on the cheaper side to do the above. Good luck.
Click to expand...
A bit extreme and expensive for my taste to be honest... A separate computer is really not necessary. Running a virtual machine with Whonix or even going the route of QubesOS on an extra hard-drive of your main machine offers superior isolation from your main system without the expense of purchasing another computer, especially a MacOS device. True though, typically the garden of MacOS offers more protection bubbles to stop users from harming themselves and generally has less malware prevalence. On the other hand, look up PRISM. These big companies like Google, Apple, and Microsoft unite with the US government to collect data and give access to their devices and software. If they have a back door, what stops someone else from having a back door?

VPN with cellular internet? Not so sure that gives you enhanced security unless you are worried about somewhat hacking the cellular company satellites. You also have to consider the location of the VPN servers that your're tapping into. Are they in Russia? China? Philippines? A NSA hideout? Very likely that Chinese VPN servers give full access to the Chinese government. They are infamous for requiring tech companies to give back-doors to their devices. You can usually pick which countries you want to use a VPN server from but nothing really stops someone from physically infiltrating the location of the VPN server and monitoring all the output from it.

Agree with measures like YubiKey and 2FA to enhance security from a personal attack on your devices but a separate phone just increases your attack surface. I always recommend using 2FA especially one that generates random codes every minute. If I Sim-swapped your "extra" phone, I doubt you would notice as quickly (maybe a day or more) compared to your usual phone which you might notice instantly or within hours. More precious time to unload all that sweet, sweet data to get access to emails, bank accounts, and forum account...

Honestly, no matter what you do, someone will get you if they really want it. But you can take some simple measures to make it more difficult for someone else which discourages them from pursuing it. It doesn't have to be expensive options.
 
ProPropofol said:
Love Tailscale. It's super easier to set up and run it through my AppleTV to access my NAS.
Click to expand...
What NAS would you recommend? I’m thinking of getting one for generalized data storage at home so I can get rid of iCloud (photos/videos) and consolidate random ssd drives (mostly with a growing Lightroom catalog).
 
finalpsychyear said:
Best advice I can give is use a SEPARATE computer but ideally a MAC even though im not a fan its safer overall. Use a VPN with cellular internet. Have a separate phone for 2FA. Never use the mac or extra cell phone for anything else and that phone number is never given out.

you can use a yubikey which is like a usb stick that must be plugged into given mac to even work. Also, you can enable major brokerage to be on lockdown if your not planning to trade or move anything around anytime soon so everything needs to be done in the branch office.

Never understood why people who had 7 figs plus were on the cheaper side to do the above. Good luck.
Click to expand...
I use Lockdown mode and I wish all the brokerages had that feature.
 
kidthor said:
What NAS would you recommend? I’m thinking of getting one for generalized data storage at home so I can get rid of iCloud (photos/videos) and consolidate random ssd drives (mostly with a growing Lightroom catalog).
Click to expand...
I'm a big fan of recycling old computers and turning them into NAS and mini-servers. I use old desktop computers then upgrade the CPU, RAM, and replace the hard-drives. It's fun to do, learn something about computers, and helps breathe new life into something old.

If I wanted to buy something new and keep it low-cost, I would buy an Intel NUC then put Linux on it. You can string them together with Kubernetes as your needs grow or your desire for RAID. There are a number of great open source projects that can replace iCloud - NextCloud (standard all around replacement) syncs with iPhones pretty well, Immich (backs up iPhone photos and videos no problem) - basically a Google photos replacement, JellyFin is also an option for videos but I don't have any experience with it. Lots of options if you look.

If you want to keep it simple and not be nerdy like myself, Synology has the best NAS equipment on the market right now imo but they can be pricey. You can put whatever you want on it or keep it simple and use their software. You can run NextCloud or Immich on it with a little know how.
 
You must log in or register to reply here.

Similar threads

nimbus
Organ network
Replies
26
Views
3K
jthedestroyr
jthedestroyr
A
Anesthesia out of network, facility and surgeon in network
Replies
24
Views
3K
JStarMD
J
Dr. Anonymouss
Attention financial enthusiasts: The Secure 2.0 Act
Replies
24
Views
2K
Dr. Anonymouss
Dr. Anonymouss
ak_ps
Recommended Resources for PTEeXAM
Replies
11
Views
572
sevoflurane
sevoflurane
P
Anesthesia Machine for ASC
Replies
4
Views
781
Ezekiel2517
Ezekiel2517
Top