You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

I would like to find out more about using a VPN

Hello:) I would like to find out more about using a VPN. Curious and would like to know why you even would on Apple devices?


~Katana-S


[Edited by Moderator]




Posted on Jul 20, 2021 7:26 AM

Reply
Question marked as Top-ranking reply

Posted on Jul 20, 2021 7:38 PM

Something to think about→Don't use VPN services. · GitHub


There are two legitimate purposes for using VPN:


  • To allow access to a private network such as a school or business when you are not on site. 
  • To allow access outside of a country with a repressive government that has restricted Internet access.


Any other use is risky, and can lead to problems like the one discussed in this thread. VPN disguises your location by making you appear to be somewhere else in the world. But you can’t control that “somewhere else”, and if it is in a location that an app isn’t approved for the app won’t work. Plus the fact that the provider of the VPN knows everything about you and your location, as well as what sites you access through the VPN. So you are totally dependent on the VPN provider’s honesty. As a start, if the VPN is free, DON’T USE IT. The provider has to make money somehow, and if you aren’t paying them then they are selling your private data to make money. But even those that charge can’t necessarily be trusted.


You don’t really need VPN when using public Wi-Fi, because all communications between your iPhone and the servers it accesses are end-to-end encrypted.

7 replies
Question marked as Top-ranking reply

Jul 20, 2021 7:38 PM in response to Katana-San

Something to think about→Don't use VPN services. · GitHub


There are two legitimate purposes for using VPN:


  • To allow access to a private network such as a school or business when you are not on site. 
  • To allow access outside of a country with a repressive government that has restricted Internet access.


Any other use is risky, and can lead to problems like the one discussed in this thread. VPN disguises your location by making you appear to be somewhere else in the world. But you can’t control that “somewhere else”, and if it is in a location that an app isn’t approved for the app won’t work. Plus the fact that the provider of the VPN knows everything about you and your location, as well as what sites you access through the VPN. So you are totally dependent on the VPN provider’s honesty. As a start, if the VPN is free, DON’T USE IT. The provider has to make money somehow, and if you aren’t paying them then they are selling your private data to make money. But even those that charge can’t necessarily be trusted.


You don’t really need VPN when using public Wi-Fi, because all communications between your iPhone and the servers it accesses are end-to-end encrypted.

Jul 20, 2021 7:35 AM in response to Katana-San

VPN connections are legitimately used for many reasons. Perhaps one of the more common being to provide an additional layer of network security when using a public open/insecure WiFi network - where your network traffic may be intercepted, monitored or hijacked by other users of the network.


VPNs are also widely used when connecting with Corporate/Business networks - often with the principal intention of routing all network traffic via additional nerwork security and monotoring systems.


VPNs are also used by some in an attempt to circumvent regional restrictions - such as accessing video streaming services that may be restricted in geographic availability.


It follows that VPN connections can also be used (and abused) for many other purposes.

Jul 20, 2021 7:51 PM in response to Lawrence Finch

Now see that is more in line with how I really feel about the whole situation there seem to be more problems you get yourself into … more serious ones it seems. I loved your earlier posts and hoped you would jump in! Like your way of thinking for sure. I enjoy you posts and learn a lot from you. So I will continue to pick your brain if you don’t mind. Thx!


~Katana-San~

Jul 21, 2021 1:31 AM in response to Lawrence Finch

Lawrence Finch wrote:

Something to think about→Don't use VPN services. · GitHub

There are two legitimate purposes for using VPN:

To allow access to a private network such as a school or business when you are not on site. 
• To allow access outside of a country with a repressive government that has restricted Internet access.

Any other use is risky, and can lead to problems like the one discussed in this thread. VPN disguises your location by making you appear to be somewhere else in the world. But you can’t control that “somewhere else”, and if it is in a location that an app isn’t approved for the app won’t work. Plus the fact that the provider of the VPN knows everything about you and your location, as well as what sites you access through the VPN. So you are totally dependent on the VPN provider’s honesty. As a start, if the VPN is free, DON’T USE IT. The provider has to make money somehow, and if you aren’t paying them then they are selling your private data to make money. But even those that charge can’t necessarily be trusted.

You don’t really need VPN when using public Wi-Fi, because all communications between your iPhone and the servers it accesses are end-to-end encrypted.


Whilst some of your points have some credence, I have to challenge others which are grossly incorrect or offer over-simplification.


While some network traffic uses fully encrypted protocols, it is common misconception that all modern network traffic is fully encrypted. Alas, it is not. Many protocols have unencrypted header information; others upon which communication rely are totally in-clear.


As an example, your DNS traffic is (by default) an un-encrypted protocol - and conveys (leaks) considerable information about you and your traffic. This DNS traffic, in addition to being commonly monitored by the network operators(s), is often used for malicious purposes and/or as an attack vector/exploit. Where available and correctly configured, there are available mitigations for risks associated with DNS (such as DoH, DoT and DNSSEC), however, these are beyond reach of most users.


As a further example, without delving into the technicalities, when using public/open networks your network traffic can be easily intercepted by other users of the same WiFi network. One immediate source of risk is session hijack/replay.


There are many legitimate reasons to use VPN - these not being limited to the two that you cite. Contrary to your assertion, using VPN over public networks does provide useful and significant protection against local attacks and traffic monitoring which are endemic on public networks. For this reason alone, it may argued that using a VPN reduces (but does not fully eliminate) avoidable risk.


You are correct in your assertion that, where used, a commercial VPN operator has visibility of your network traffic - as your network traffic is obviously being routed via their VPN endpoint. Whilst your VPN-tunnelled traffic is protected from locally prying eyes, your traffic is delivered to the internet from VPN endpoint in its original (partially encrypted) form.


To reiterate, traffic visible at the VPN Gateway/endpoint is partially encrypted at protocol level. As such, for practical purposes, the traffic exposed to the VPN Operator is no more at risk than would otherwise be exposed on the open/insecure WiFi network. If the VPN Provider is chosen with care, risk of traffic interception over high-risk networks can be significantly mitigated.


For this purpose, use of a VPN is a “trust” exercise. In whom do you place greater (dis)trust? The open/insecure WiFi network to which you make your network connection (with all of its consequential risk), or the VPN Operator? Which carries greatest risk to you, the security of your network traffic, or your privacy?


A reputable VPN Operator (noting that “free” services are generally outside of this category) has no commercial interest in your network traffic - but may be bound by legislation of the country in which it is based to collect metadata concerning your connection. The latter you can nothing about - and unless you yourself engage in nefarious activity, should offer no concern. The former simply requires wise selection of your network operator - often requiring parting with money on subscription terms.


If the user has the technical capability (and competence) to correctly configure a VPN endpoint/gateway, trust in the VPN moves from that of a commercial VPN Operator to the end-user entirely - removing any perceived issues with the VPN Operators interest.


To conclude, in part for the benefit of the OP, I hope to have provided additional qualified information as to some of the benefit and limitations of using a VPN.


I would like to find out more about using a VPN

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.