VPN newbie question

eqtrend wrote: ↑ I am thinking of getting VPN for security reasons.. I was told by coworker that you can not do web banking if you are using vpn as he can not access TD web banking

I thought vpn will add security and dont understand why bank such as TD wont allow it?

thx
eqtrend

Why dont you ask your coworker exactly what he/she meant by not allowed with VPN. Being precise when speaking is important, and Im talking about your coworker here.

It is allowed. But it will likely require a text message or phone call code before you can log on.

Well, what kind of security reasons are you thinking of when considering to get a VPN? There are some valid reasons to use one but I personally think it's generally overrated. Chances are, you probably don't actually need one. And I'm obviously talking about one of the many random VPN services out there and not the VPN protocols themselves.

Some services like banking don't like you using VPNs because depending on the server location, it might make it look like you're connecting from some random location. For instance, if the banking site expects you to be logging in from Moncton but your VPN server is located in Switzerland, it might throw red flags.

Dave98 wrote: ↑ Well, what kind of security reasons are you thinking of when considering to get a VPN? There are some valid reasons to use one but I personally think it's generally overrated. Chances are, you probably don't actually need one. And I'm obviously talking about one of the many random VPN services out there and not the VPN protocols themselves.

Some services like banking don't like you using VPNs because depending on the server location, it might make it look like you're connecting from some random location. For instance, if the banking site expects you to be logging in from Moncton but your VPN server is located in Switzerland, it might throw red flags.

This is exactly right. Some financial institutions at the moment, like many credit unions, insist on knowing your actual location. If it's not your "usual" location based on IP address versus city, this can raise flags internally. I know several people who have experienced this while using a VPN. I strongly advise against doing any banking outside your residence access point or mobile app on your phone.

I just tested it. I connected my phone to my VPN provider, NordVPN to a US server, and opened the TD Canada banking app, and I was able to log in. I wasn't even asked to do the two-step verification for SMS code verification.

While having the VPN connected, I then tried it on the phone again with opening the TD EasyWeb web site with a web browser, and I was able to log in. This time, I did get the verification prompt for the one time passcode, as I haven't used the web browser to access the TD web site for quite a while.

I remember the last time I was in the US, back in September 2019, I was able to do it, as I was using a public Wi-Fi, and needed to do some banking and there were no issues with VPN.

I guess it may also depend on the VPN provider used. Some may work, some may not.

Some websites block VPNs. I've been seeing it a lot lately that I cannot access the same websites when VPN is on. It may have been because previously the same IPs were used for bot,spam attacks,etc. If you are using your own WIRED connection or your phone's own network(eg LTE) then there's no real need to use VPN. However, if you are on wifi(even own house), using public wifi,etc then for me it's a must and at this point a habbit that any type of semi secure work has to be done via wifi. If your wifi allows different IPs, you can try it. One of websites I frequent doesn't allow any VPN IPs from north america or Europe, but I am able to access via IP from Australia and Brazil. Previously a few African IPs worked but no any longer.

Thanks evilYoda,

I think it fair question, will confirm with my coworker as what really mean "not working". Given I am not tech savvy. just took his work not working as not able to connect.

cheers

dazz wrote: ↑ Some websites block VPNs. I've been seeing it a lot lately that I cannot access the same websites when VPN is on. It may have been because previously the same IPs were used for bot,spam attacks,etc. If you are using your own WIRED connection or your phone's own network(eg LTE) then there's no real need to use VPN. However, if you are on wifi(even own house), using public wifi,etc then for me it's a must and at this point a habbit that any type of semi secure work has to be done via wifi. If your wifi allows different IPs, you can try it. One of websites I frequent doesn't allow any VPN IPs from north america or Europe, but I am able to access via IP from Australia and Brazil. Previously a few African IPs worked but no any longer.

Thanks Dazz,

It good to know that wired connection much safe. When I was doing house renovation few years ago, I asked my electrician to wire entire house with Cat6. My wife though it was waste of money as she did not have complain about speed. I am old school and always preferred wired connection. Thus it looks like their is added benefit of security

chrishch wrote: ↑ I just tested it. I connected my phone to my VPN provider, NordVPN to a US server, and opened the TD Canada banking app, and I was able to log in. I wasn't even asked to do the two-step verification for SMS code verification.

While having the VPN connected, I then tried it on the phone again with opening the TD EasyWeb web site with a web browser, and I was able to log in. This time, I did get the verification prompt for the one time passcode, as I haven't used the web browser to access the TD web site for quite a while.

I remember the last time I was in the US, back in September 2019, I was able to do it, as I was using a public Wi-Fi, and needed to do some banking and there were no issues with VPN.

I guess it may also depend on the VPN provider used. Some may work, some may not.

Thanks Chrishch good to know appreciate your help

Dave98 wrote: ↑ Well, what kind of security reasons are you thinking of when considering to get a VPN? There are some valid reasons to use one but I personally think it's generally overrated. Chances are, you probably don't actually need one. And I'm obviously talking about one of the many random VPN services out there and not the VPN protocols themselves.

Some services like banking don't like you using VPNs because depending on the server location, it might make it look like you're connecting from some random location. For instance, if the banking site expects you to be logging in from Moncton but your VPN server is located in Switzerland, it might throw red flags.

Hey Dave98

thx vm for your timely reply, much appreciate.

My main reason for getting vpn service was possible security issue with financial transactions using web page. But it looks like it not necessary if you are using wired connection. Also wanted Vpn to watch Netflix using different country.. (US and Korean contents)

Keep in mind too that the VPN provider can see ALL your traffic. Everything nowadays is encrypted so it's not nearly as big of a deal, but unless you're using DNS over HTTPS they can see where you're going too.

As for banking, as others have said, they expect you to be in generally the same location as your bank.
So if you sign up for a giant national VPN provider that has servers in the US, it looks like you're in the US rather than Canada.
Even if you do get a Canadian IP, you could be located in Toronto while you're in Vancouver.

it's also quite a bit more suspicious since there's dozens/hundreds of users using the same IP address to access different accounts.
While "normal" for VPN, the bank would see this as suspicious because it's typically only a couple of people accessing different accounts per IP.

In my opinion a VPN is useful for 2 reasons.

#1
The VPN can make it appear that you are in a different location in the world. This can be useful to block your real identity. This is useful if you are doing something that you maybe shouldn't be doing (eg. downloading torrents). Appearing to be somewhere else in the world can also be useful to access web sites that may only be accessible to citizens of specific country. Accessing Netflix servers in distant countries is a good example of that type of activity.

#2
When using public Wi-Fi, it is very simple for someone to monitor the Wi-Fi traffic and see what you are doing. When your device is connected to a VPN, all the data leaving your device is encrypted with SSL and it cannot be read by anyone on the same Wi-Fi network.

When connecting to banking sites, you should see that the web address changes to https:\\td.com. Many web browsers also display an icon of a padlock to indicate that you have made a HTTPS connection. The HTTPS means hyper-text-transfer-protocol-secured, which is another way of saying the cdata leaving your device is encrypted all the way to the destination.

So when it comes to banking, your data is already encrypted, and passing through a VPN does not add much additional security. Many non banking sites are also switching to HTTPS, and Google Chrome assumes all sites should be running HTTPS, Chrome now pops up a warning message if the site is not using HTTPS.

So unless you want a VPN for the reasons in #1 above, a VPN would only be useful when visiting sites that do not use HTTPS.

If you still want a VPN for protection when visiting those sites, you don't have to pay a fee to get one. Many home routers have the ability to run a VPN server. The Synology NAS also has a VPN server app. If you are away from home, and connected to your private VPN, your data will still be encrypted over the Wi-Fi. Any sites that you connect to will see that your IP address is your homes IP address.

This would actually make it easier to access your bank when you are out of country.

Keep in mind that using a VPN will slow down your Internet speed because of the extra data that needs to be transmitted.

edit: removed item about Https not being secure

Dont do any security senstive stuff like banking over someone else's wifi without a VPN.

evilYoda wrote: ↑ https security protocol was cracked over 3 years ago, they can almost see what you're typing in or seeing in real time.

I really hope this isn't anywhere near true because practically the entire internet as we know it would be screwed.
*SOME* protocols are insecure, but anyone worth their salt is not going to be using the broken protocols.

Dont do any security senstive stuff like banking over someone else's wifi without a VPN.

The ironic part of this argument is that someone else's VPN can see 100% of your traffic too.
The absolute last thing I'd ever do is trust a 3rd party VPN provider with anything sensitive, especially if it's one of those too good to be true ones you find on a deal site.
If I was going to use a VPN for security purposes you bet your ass I'm running my own on an upstream provider that's big enough that I can trust it because they can also see all my traffic.
Actually the easy/cheap way of doing this is just to VPN back to your house. You're already most likely exposing your web habits to your ISP. Why not add to it.

I might be wrong about the https being hacked years ago. I distinctively remember seeing a cbc video on a researcher showing in real time what was seen on a https web page along with data entered into it on a hacked wifi. But I cant find a source on that, so maybe he was saying http can be seen in real time which isnt a surprise.

The term VPN gets thrown around a lot

Third party VPN is only good for two things.

1. Netflix
2. Torrents

If you are going to use Torrents, you are better off with a seed box.

If you want to secure your banking, a wired connection is not any safer than WiFi. They are just more reliable.

If you use online banking outside your home network on public WiFi, it is still encrypted but there could be a other things that could make it risky. In this case, a VPN back to your home network is probably best.

The reason why third party VPN doesn’t work is already stated. If your IP address is from Russia, it raises a red flag and is blocked. You will find sites like HomeDepot doing the same thing.

No matter what you use, someone will see your traffic. At home, your ISP can see everything. If you use a third party VPN, the provider can see everything. If you use cell data, RoBellUs can see everything.

They can’t see the transactions or activity themselves, but they know you went to TD, BMO, BNS, RBC, CIBC etc.

Gee wrote: ↑ The term VPN gets thrown around a lot

Third party VPN is only good for two things.

1. Netflix
2. Torrents

If you are going to use Torrents, you are better off with a seed box.

If you want to secure your banking, a wired connection is not any safer than WiFi. They are just more reliable.

If you use online banking outside your home network on public WiFi, it is still encrypted but there could be a other things that could make it risky. In this case, a VPN back to your home network is probably best.

The reason why third party VPN doesn’t work is already stated. If your IP address is from Russia, it raises a red flag and is blocked. You will find sites like HomeDepot doing the same thing.

No matter what you use, someone will see your traffic. At home, your ISP can see everything. If you use a third party VPN, the provider can see everything. If you use cell data, RoBellUs can see everything.

They can’t see the transactions or activity themselves, but they know you went to TD, BMO, BNS, RBC, CIBC etc.

Thx Gee,

Your comment really cleared up some of my VPN questions... It appears I wanted VPN for wrong ( should i say uninformed) reason. For now, I will do all financial or sensitive info via home from wired connection or LTE connected mobile. Your last comment us especially helpful NOT GETTING third party VPN

cheers
eqtrend

The only thing that your bank is detecting to know that you are not a malicious agent using a VPN is your browser's UUID.

If you go incognito + vpn, you will get ding by the bank's IDS.

evilYoda wrote: ↑I might be wrong about the https being hacked years ago.

There are quite a few insecure "secure" protocols that have been compromised, but I'm pretty sure that browsers won't even consider these secure any more, even if the cert is for some reason still valid.
Everyone is working on depreciating things when stuff gets broken.
AFAIK modern cryptography standards have not been broken to any significant degree.

I distinctively remember seeing a cbc video on a researcher showing in real time what was seen on a https web page along with data entered into it on a hacked wifi. But I cant find a source on that, so maybe he was saying http can be seen in real time which isnt a surprise.

Even on HTTP it has to be a special web page.
Most websites don't take any input from the user until you submit it. Obviously if you set up the page to capture all input, then yeah, but most sites don't do that.

Also "wifi" is probably being used wrong here. Any compromised network can see your traffic, not just wireless. But most people use "wifi" as a reference to publicly available open access points. The main issue is the network you're connected to, not the connection method.

Without seeing the video and exactly what they're doing, I can only really guess at what's going on.
What I do know is that typically speaking, any inputs aren't sent to the website until you hit a button.

Gee wrote: ↑ No matter what you use, someone will see your traffic. At home, your ISP can see everything. If you use a third party VPN, the provider can see everything. If you use cell data, RoBellUs can see everything.

It's important to make a distinction here: HTTPS will encrypt your traffic, so all your provider can see is encrypted data. This is why everyone is making a push to encrypt the web.
Obviously if you're still using an insecure transport protocol, your provider can see everything.
Also one other security risk is that if the network you're on has been compromised and the intended website doesn't have HTTPS, someone can easily redirect your connection to that site somewhere else.

By controlling the DNS server, I can (for example) say that bank.com resides on my server rather than where it is legitimately. By submitting your bank card number and password, I get it instead of them.
This is why there's a bunch of scams using domains like "bank.com.someotherdomainyoudontlooktoocloselyat.com" Seeing bank.com in the front can fool an unsuspecting user to think that this site is legit.

They can’t see the transactions or activity themselves, but they know you went to TD, BMO, BNS, RBC, CIBC etc.

Another important point is that your provider can see EVERY site you visit due to how DNS works.
So whoever controls your network (be it your local ISP, your phone company, your VPN provider, your datacenter, etc) can see where you're going but not what's on the site.
But they can make an educated guess as to why you were on Pornhub for example.

DNS over HTTPS is trying to fix this by masking what your network provider sees when you query a DNS provider.