True, 95% of internet traffic passing through Google is now encrypted, according to Google Transparency report. But this encryption does not mean protection or privacy, at least not in the sense that VPNs provide.
Encryption is a method of using mathematical algorithms to render a communication unintelligible to outsiders and only readable to the intended recipient who has the encryption key.
The encryption has to be strong enough to be effective. Strong encryption is encryption that uses a complex enough algorithm to make it near-impossible to decipher the content of the communication without the correct key.
Looking at today's encryption-everywhere world, you may ask yourself, “Why do I need a VPN?” “Is a VPN necessary?” Well, it depends. Both HTTPS and VPNs have encryption at their core, but otherwise they are vastly different things built for very different purposes.
HTTPS (hyper-text transfer protocol secure) is an internet protocol for communication between your browser and internet servers that includes end-to-end encryption. When people say 95% of internet traffic is encrypted, they speak about HTTPS.
The cryptographic protocol that HTTPS uses is called TLS (a replacement of SSL), which stands for transport layer security. Despite the name, it does not necessarily mean that the encryption occurs on the transport layer; in practice, it is in the layers “above” it.
Also classified as an in-transit type of encryption, the purpose of HTTPS is to protect the content of communication between the sender and recipient. This ensures that anyone “listening in” on the communication will not be able pick out usernames, passwords, banking information, or other sensitive data.
However, because this encryption occurs only between your internet browser and the server, it does not encrypt other data that can be used to trace your behavior on the internet and identify you as a target. This data includes:
All this information can be seen and monitored by your ISP, government, or another entity, and misused by corporations or attackers.
A typical example are man-in-the-middle attacks, during which attackers lurking, for instance, on an unsecured Wi-Fi impersonate a server you are trying to reach. They then resend your communication to and from the server, encrypting and decrypting it each time, which, because they have the decryption key, gives them access to every piece of information you send.
This is a common way of stealing access credentials or credit card information, and is enabled by the fact that the victim is visible to the attacker.
A VPN, or virtual private network, encapsulates packets in a private channel set up between devices or entire network segments. Common protocols used by VPNs include OpenVPN, IKEv2, or IPsec.
The primary purpose of a VPN has always been to ensure data privacy and security through the use of encryption; however, unlike HTTPS, VPNs create a private encrypted tunnel before they send data through the internet, which encrypts not only the content of the communication but also the identity of the sender and receiver as well as other information that gives away your your behavior or details of the device you are using.
When extended to the IP address, this is called IP address obfuscation, a mechanism that conceals your online identity even on unsecured public networks, such as airport or hotel Wi-Fi.
It’s worth emphasizing that, unlike HTTPS, if you are using a professional VPN service such as GoodAccess, it encrypts all data exchanges your device participates in as long as the VPN is on. This includes all communications that all your applications (not just your internet browser) make with all their corresponding servers. If you want to dig deeper, check out our blog on business cloud VPN to learn more.
A business VPN and a personal VPN are fundamentally the same technology that fulfill the same core purpose of ensuring online privacy and security. However, they are both intended for different use cases and outfitted with different feature sets.
The main function of a personal VPN is to conceal the user’s activity to:
On the other hand, business VPNs cater to the needs of companies, which may share the same need for data privacy, but on top of that require secure remote access to business systems for remote branches or employees working from home, complete with access controls and other security and quality-of-life features. In addition, they need to enforce company security policies and comply with legal requirements (GDPR, SOC2, HIPAA).
This is why business VPNs will feature functionalities like:
Tab. 1 - Difference between VPN vs HTTPS explained
First and foremost, no data exchange on the internet is implicitly safe, and best practice is always using every security measure you can get. However, depending on who you are and your needs and responsibilities, some measures may be overkill.
HTTPS is enough when:
VPN is better than HTTPS when:
So, do you need a VPN when using HTTPS? In short, a VPN is a more robust solution that secures all connections, not just browser-server exchanges. While a fully-fledged business VPN is arguably unnecessary for an individual home user, companies will find that their data protection needs align very closely with what VPNs provide.
If you are wondering where to get a VPN, give GoodAccess a try. Just create a free account and take your personal test drive.