Tethering and VPN
yg_be Posted messages 23437 Registration date Status Contributeur Last intervention -
Hello,
I have a doubt, so I’m allowed to ask the question here:
I don’t have a box at home. To access the internet with my computer, I exclusively use the data from my mobile plan via a hotspot between my mobile phone and my computer.
I was wondering, if I use a VPN on my computer, is the network well secured since it’s a hotspot? Or on the contrary, should I have a VPN on my mobile phone?
Thank you in advance!
2 réponses
Hello,
The WiFi network created by the smartphone as a hotspot is already secured (encrypted) by a password (PSK). Nearby people cannot read the traffic between your smartphone and the computer, as long as this password is strong enough.
The 4G/5G connection between your phone and the operator is also encrypted.
In any case, the encryption of your local network (the WiFi hotspot), the encryption on the operator's network (4G/5G), or the encryption of a VPN are network encryptions that only cover their respective boundaries. None of these encryptions extend to the Internet, and their role is to protect the network, not the data.
If you want your data to be securely transmitted over the Internet, you need to use application encryption between the client application (e.g., the browser on your computer) and the server. This is the role of TLS or HTTPS.
A bit of reading: https://overengineer.dev/blog/2019/04/08/very-precarious-narrative.html
Furthermore, when a VPN is activated on the smartphone, it does not cover network sharing.
In summary, it is indeed on the computer that the VPN should be activated, but you probably don't need a VPN (unlike what YouTubers/sponsored articles want you to believe) and it can even be counterproductive.
Hello,
As you use it, the VPN mainly serves to hide the communications between your computer and the websites:
- those who spy on Internet traffic cannot determine with which site you are communicating, they only see your communication with the VPN
- the websites cannot determine where your computer is connected to the Internet
It's up to you to decide whether it's useful to be discreet in this way.
Hello,
Google (via Android and Play Services) performs geolocation by scanning nearby WiFi and Bluetooth devices. The geolocation thus determined is accessible to applications for which permission is granted. Thus, if the browser can obtain the location via the Android API (subject to permission), and if the browser allows the site to obtain the location via the HTML5 API, then the site can get the actual geolocation that does not depend on the IP.
If deceiving geolocation on a computer is indeed easy with a VPN, the case of smartphones requires a bit more caution.
And furthermore, even on PC, with Chrome linked to a Google account, the geolocation given by Chrome to websites (via the HTML5 API) can be obtained through the Google account and therefore through the smartphone.
Well,
Google knows the location of a smartphone very precisely with GPS, it doesn't need to scan.
On the other hand, the sites you connect to don't normally have that information and rely on the IP address; that's how I get tons of ads in German, which I don't understand, when I use my server based in Germany.
However, some French sites don't want me in that case, even though I am indeed in France, and that's a scandal.
Indeed, but between the distant NAT and the site, it's as if there is nothing, except that we see the address of the distant NAT in the source.
https://forums.commentcamarche.net/forum/affich-37585051-vpn-ou-nat-distant
Hello,
??
Are you saying that the connection between the mobile and the PC or another mobile is not encrypted?
Because the WAN side is normally encrypted.
But it's true that the security benefits of a VPN are rather negative, as you are entrusting your data to an unknown third party that may not be trustworthy.
The only benefit is the remote NAT to deceive the damn geolocation of IP addresses.
Edit:
Oh yes, indeed, you're right, I activated my personal VPN (the wireguard server is mine) on my mobile and on the PC connected to the sharing, the address seen is that of the mobile operator, not that of my server, that's tricky ....
Whereas what leaves the mobile does indeed pass through my server.
I had never checked that :-(
Hello,
Indeed, I meant to say: when a VPN is activated in "full routing" mode on the smartphone, the smartphone routes its own traffic (that of its applications) through the VPN as expected, but the traffic coming from the "hotspot" passes through the mobile network of the operator. This is specified in the documentation of some consumer VPNs. This can be remedied by modifying the routing table on a "rooted" phone.