We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Using a VPN abroad when paying online?
Options
The_stingemeister
Posts: 405 Forumite
in Techie Stuff
Thinking of a bit of travelling next year, would be convenient to use WiFi out there to book online the next accommodation. Wouldn't contemplate public WiFi for entering credit card details. But would a VPN (or something similar) make it secure? I have Avast free a/virus, and see for $19.99 pa you can add a VPN. I imagine a decent and safe one will need to be paid for, which I'd be prepared to do. Maybe I'm paranoid but I wouldn't totally feel safe on a hotel's WiFi entering card details, either. I'm not interested in being able to view blocked foreign TV channels through it or anything like that (which it seems is a selling point). Also I'd be taking a smartphone and a tablet, whether that makes a difference?
Thanks.
Thanks.
0
Comments
-
If you are in just one or two countries, buy local data SIMs.I never depend on WiFi and happily so. Most of the time, it's a let-down. The mention of the countries in question would bring more relevant advice.0
-
I am no expert, but I don't see how connecting to a VPN via a public WiFi can make it more secure.The_stingemeister wrote: »...Wouldn't contemplate public WiFi for entering credit card details. But would a VPN (or something similar) make it secure?
The same if it's a local VPN connected to the internet via a public WiFi.0 -
I use a VPN on all our devices for exactly the same reason.Andyfr0
-
You could try Zenmate, it's a free VPN browser plugin, that's for your PC.
On a smartphone or tablet, you can also try Zenmate on them, there's a data limit in the free version (500Mb if I recall). Another is Tunnelbear, also 500Mb in the free version. A third one is Ghostery, yet again 500Mb in the free version.
Those are Android, if you're an Iphone/Ipad user... I dunno.
The above may have versions for them. 0 -
Tunnelbear is very simple to use, and has enough free data allowance to use for online banking etcpoppy100
-
A VPN connection encrypts the data between your device and the server
Well, no, not really. A VPN may add an encryption layer, but most (free ones) don't as this costs CPU cycles and therefore money. As long as the end-to-end connection is encrypted, i.e. it is using https, then adding a VPN (even if encryted) does nothing for security.My postings reflect my lifetime's experience and my opinion. You are quite welcome to respond with your experiences and option, whether similar or different.0 -
alderpoint wrote: »Well, no, not really. A VPN may add an encryption layer, but most (free ones) don't as this costs CPU cycles and therefore money. As long as the end-to-end connection is encrypted, i.e. it is using https, then adding a VPN (even if encryted) does nothing for security.
I'm guessing you have never heard of 'Man in the middle' attacks. Quite simple really, there is even an android one click app that lets you do it from your phone...it's as simple as connect to free wifi, click MITM - specifiy a client or all clients, and watch the HTTPS usernames and passwords roll in. (From your private test network of course!)
Then there is browser session hijacking in the same app not to mention script injection and browser pwning.
Anyhow, yes an end to end VPN would be my recommendation. Not sure how much I would trust a free VPN. Again if I wanted to streal creds and I was a blackhat, I could just offer a free VPN and then sniff, inject, MITM all the traffic running though my free VPN.0 -
I thought that even with a MITM attack, the username and password would still be encrypted. The only way the https traffic can be decrypted is if the victims browser can be tricked into accepting a fake SSL certificate. With modern browsers and up to date software, doesn't the user have to manually accept such a certificate so has a chance to detect something's wrong?0
-
All correct.I thought that even with a MITM attack, the username and password would still be encrypted. The only way the https traffic can be decrypted is if the victims browser can be tricked into accepting a fake SSL certificate. With modern browsers and up to date software, doesn't the user have to manually accept such a certificate so has a chance to detect something's wrong?poppy100
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards