You may have heard that both VPN and HTTPS use encryption to keep your network data safe from hackers. That’s partly true, so nobody would blame you for asking “why do I need VPN?”
However, there are several key reasons you’d want to use a VPN, which you can find below. You may also read more about the differences between VPN and HTTPS, but for now, we’ll focus on the most relevant aspects.
- Your ISP Can See the Domains You Access
- HTTPS Does Not Encrypt Everything
- Vulnerabilities in HTTPS Encryption
- So Why Do I Need VPN if I Use HTTPS?
Your ISP Can See the Domains You Access
HTTPS uses the TLS/SSL protocol to encrypt communications between you and websites. That means outsiders (like hackers or your ISP) shouldn’t see what you’re up to – right? Well, not exactly.
True, your ISP may not see the full URLs you access (say, https://en.wikipedia.org/wiki/Trailer_Park_Boys). However, they can still see the domain name (wikipedia.org) you visit, thanks to unencrypted DNS requests.
Since ISPs sell your data to third parties, that’s a huge problem. The domains you access tell them a lot about you, so you may see a lot of eerily specific advertising tailored to your real-life preferences.
Thankfully, most high-quality VPNs nowadays maintain their own DNS servers, keeping your browsing history under wraps.
HTTPS Does Not Encrypt Everything
Pretty straightforward. There’s a lot of network data passing through your PC, tablet, or smartphone at any given moment. Only a part of that comes from your browser or apps that use HTTPS-like encryption (such as App Transport Security in iOS apps).
Take Jimmy. Thanks to the pandemic he has nothing better to do than binge Netflix shows, play video games and chat with his friends over Discord. Oh, and participate in his “school from home” program.
His father, Michael, was also lucky enough to switch to remote work from home. This means he deals with sensitive work data without the same level of security found at his office job.
Not every app they use has HTTPS or other types of encryption. As such, using a VPN helps keep their daily activities secure from the avalanche of cyber attacks happening nowadays.
Vulnerabilities in HTTPS Encryption
Thanks to a joint effort by Google, Mozilla, and other organizations a few years back, a majority of the Internet is now encrypted. However, most HTTPS websites don’t always use the latest version of TLS/SSL, leaving you exposed to old vulnerabilities in the protocol.
Take the amusingly-named POODLE attack, for example. While the attack was more of a problem in SSL 3.0 (so before TLS 1.0 came out), cybersecurity experts have shown that even incorrectly configured TLS 1.2 servers can be vulnerable.
Despite these security flaws, you should continue using HTTPS websites. Some protection is still better than none at all (as is the case with HTTP) – just remember to use a VPN as well.
So Why Do I Need VPN if I Use HTTPS?
If properly configured, HTTPS is decent for security. Nevertheless, the two technologies should always be used together for the best protection. More so when you consider that:
- Many top websites still don’t use HTTPS. Microsoft Regional Director Troy Hunt co-authored “Why no HTTPS?” as a “list of shame” for websites not taking web security seriously. To be fair, most browsers either block HTTP sites or plaster a huge warning on your screen before you can access them.
- Your ISP can see the domain names you visit, even if the website uses TLS/SSL.
- Some apps don’t use encryption at all (e.g. chat programs without end-to-end encryption, torrenting clients, multiplayer games, etc.)
Otherwise, there’s also the fact that HTTPS has pretty limited use, whereas VPNs are much more flexible:
- They encrypt all network traffic unless you selectively “whitelist” apps by using split tunneling.
- A VPN masks your IP address and therefore your real-life location, making it a great tool for privacy.
- Thanks to their IP-hiding capability, VPNs let you bypass irritating geo-blocks and access region-specific websites and services. Moreover, you can unlock more of your library on streaming platforms like Netflix.
- Finally, you can avoid Internet censorship in restrictive countries like China.
All in all, there is no real reason not to use a VPN.