A mobile phone can connect to the Internet from almost anywhere. That’s tremendously convenient, but it opens up risks. Not every channel is secure, and some are outright malicious. Even a legitimate connection, especially one that’s free, might come with a cost in privacy. If security and privacy are important, there’s no better choice than a virtual private network.
Contents
The need for Internet privacy
Everyone who uses the Internet needs privacy protections. Even if you don’t “have anything to hide,” you don’t want strangers to learn your passwords and credit card numbers. Unfortunately, the Internet wasn’t designed for privacy. Its creators were academics putting information up for public view. Privacy and security have to be conscious choices.
To be fair, the situation is much better than it was ten or twenty years ago. Most major websites now use secure HTTPS connections, and even email is often secure. However, not everyone gets it right, and even a brief lapse can have serious consequences. It doesn’t take long to steal a password or plant malware.
Even when the connection is secure, mobile access points and Internet service providers can see what sites you connect to. In some cases, especially if you travel to countries with repressive governments, that’s too much to risk.
The risks of public Wi-Fi
When your cell connection is poor or you want to avoid exceeding your data cap, public Wi-Fi is attractive. The problem is that it provides no security. It’s easy to snoop on a connection. Worse, it’s easy to spoof a trusted hotspot. It can give itself a name like “Library Wi-Fi” or “Free Internet for Shoppers,” and no one will stop it. A criminal could set up a hotspot called “Starbucks Wi-Fi” in a Starbucks parking lot.
The legitimate hotspots often demand your email address or some other personal information before you can connect. Your privacy is gone. Even if you use secure connections, they can see what sites you visit. You might start getting spam — or in some countries, a visit from the police.
Some services alter the content of what you see. Some that consider themselves legitimate inject ads if they can. The malicious ones change links and add dangerous JavaScript. HTTPS connections stop most of these attempts, but not all pages use them. Secure pages may contain images and other elements that aren’t secure.
Without a VPN, using public Wi-Fi is living dangerously. Even people who are careful sometimes make mistakes, letting their cybersecurity slip.
Cell data connections
A cell network’s data connection is much safer than public Wi-Fi. Spoofing a cellular service is hard, and connections are encrypted. Even so, there are concerns. All traffic is visible to the cell provider, and that can be problematic in some countries. The usual set of protocols today is 4G LTE. There are some concerns about its security, and people who are high-value targets, such as investigative journalists, will want to improve on it.
A VPN over a trustworthy cell network offers the highest security available. It not only provides an extra level of encryption, it hides the visited sites from the cell provider. It ensures continued secure access if the phone unexpectedly switches to Wi-Fi.
Mobile applications
People love to download apps to their phones. Whether for information, entertainment, business, communication, or anything else, apps make people’s daily lives easier or more interesting. The downside is that each application follows its creator’s standards, which aren’t always high. Short of monitoring the data stream, you don’t know if they’re using a secure connection or not. If they use HTTPS, they may not validate the identity of the site they connect to.
This isn’t an issue of hostile applications; that’s a separate matter. Developers created these applications with the best of intentions, but they cut corners on data communication security. The best of them are more secure than websites since it’s harder to infect a single-purpose app than a browser, but it’s hard to ascertain any given app’s quality.
A VPN encrypts all an application’s communications, regardless of what protocols it uses. It can’t encrypt them all the way to the server, but it bypasses local interception and can carry the data to a safer place before releasing it to the Internet.
Electronic mail has always been a sore spot for Internet security. There is no way to encrypt messages end-to-end unless the sender and recipient use compatible software. In most cases, a message passes through several relay servers before reaching its destination. If one of them is compromised, unauthorized people can read the mail passing through it.
A VPN can’t completely eliminate the problem, but if the sender and the recipient both use one, the risk of interception is greatly reduced. They don’t have to use the same vendor. Communication along the Internet backbone is better protected than local access points.
Staying safe with a mobile VPN
Travel always has its risks, and smart travelers know how to keep them low. When they use a mobile phone, they choose their apps and websites carefully, apply security patches, and use a VPN to guard their communications. Wherever they go, they can connect to the Internet without anyone looking over their shoulders.