So this is something that a lot of us were contemplating. Are VPNs like 'ZenMate' or 'Psiphon' safe to use? We are sending data to their servers first, which is then routed to destination server. So can this intermediate VPN server see credentials like my username and password?
The answer is:
- They cannot see your password if the website you are accessing is 'secure'.
- They may be able to see your credentials if it is an 'unsecure' website.
Secure Websites
These are websites like Google and Facebook that have a secure protocol for exchanging data between our web browser and their main servers.
So if you are using a VPN, the data to be sent to Google servers will be encrypted by Google, your VPN encrypts that encrypted data again(thus, adding a second layer of encryption) and sends it to the VPN server which de-crypts it.
Now, even if your VPN server tries to read the information in the packet, it cannot, because it still has that first layer of encryption that only the Google server can de-crypt. So your username and password are safe and encrypted.
To know if a website is secure or not you can check the lock icon on the extreme left of the address bar of your web browser. Click on it for more information about the certification as shown.
Also the website will have 'https(Hyper Text Transfer Protocol - Secure)' as a prefix in green.
Unsecure Websites
These websites do not encrypt their data while sending it to their servers. So if you are using a VPN, the VPN will encrypt the data to add one layer of protection, the VPN server will decrypt it and if the VPN server tries to sniff what data is contained in the packets, it may be able to see your credentials like username and password!
This is what an unsecure website looks like:
The is no 'https' prefix and it says that the connection is not encrypted. So it is not safe to sign in using a username and password to gocomics.com via a VPN.
So always make sure the websites that require login are secure for accessing via a VPN!
The answer is:
- They cannot see your password if the website you are accessing is 'secure'.
- They may be able to see your credentials if it is an 'unsecure' website.
Secure Websites
These are websites like Google and Facebook that have a secure protocol for exchanging data between our web browser and their main servers.
So if you are using a VPN, the data to be sent to Google servers will be encrypted by Google, your VPN encrypts that encrypted data again(thus, adding a second layer of encryption) and sends it to the VPN server which de-crypts it.
Now, even if your VPN server tries to read the information in the packet, it cannot, because it still has that first layer of encryption that only the Google server can de-crypt. So your username and password are safe and encrypted.
To know if a website is secure or not you can check the lock icon on the extreme left of the address bar of your web browser. Click on it for more information about the certification as shown.
Also the website will have 'https(Hyper Text Transfer Protocol - Secure)' as a prefix in green.
Thus it is safe to sign in to gmail.com using my username and password via any VPN.
Unsecure Websites
These websites do not encrypt their data while sending it to their servers. So if you are using a VPN, the VPN will encrypt the data to add one layer of protection, the VPN server will decrypt it and if the VPN server tries to sniff what data is contained in the packets, it may be able to see your credentials like username and password!
This is what an unsecure website looks like:
The is no 'https' prefix and it says that the connection is not encrypted. So it is not safe to sign in using a username and password to gocomics.com via a VPN.
So always make sure the websites that require login are secure for accessing via a VPN!