Browsing the web through a VPN: What's safe and what's not?

[bobrottenchild 0]

Hi!

 

I've been using VPNs for work for a while but just got to use one at home for privacy purposes.

 

Last time I had one was IPVanish I think and I dumbly renewed my CrashPlan backup plan, inputing my brand new credit card and boom got charges on my card as if some body was sniffing between me and the VPN or something.

 

Lesson learnt, I never purchased again over a VPN. So now I'm asking this simple question:

 

What is safe to do over a VPN and what isn't? Somebody would mind to give me a short list of examples?

 

Like

GOOD:

- Browse internet

- Check email

- Online gaming, IRC, etc

 

BAD:

- Online purchases

- etc..

 

I heard that puchasing games on Steam through a VPN wasn't bad but I cannot figure out why renewing my backup subscription will be more bad than purchasing a game on steam?

 

Please enlighten me so I don't do dumb errors again.

 

Thanks and have a nice day!

 

[Staff 9761]

Last time I had one was IPVanish I think and I dumbly renewed my CrashPlan backup plan, inputing my brand new credit card and boom got charges on my card as if some body was sniffing between me and the VPN or something.

 

 

Hello!

 

This is possible only if you made an insecure transaction, for example over http instead of https. In this case all of your data travel unencrypted between the final destination and the VPN server. A VPN (or any proxy, or Tor, or whatever you can imagine) can never replace end-to-end encryption! Just use end-to-end encryption and not even the VPN operators can sniff your credit card transactions.

 

We are quite convinced that any non-criminal service NEVER allows credit cards transactions in clear text. Either you were hijacked from inside your system or you have a spyware inside your system or the service from which you bought has a security leak of your credit cards credentials. All of these cases are obviously out of any VPN scope or purpose, it's your own responsibility only.

 

Kind regards

[bobrottenchild 0]

You are absolutely right and this is what's making me uncomfortable.

 

Here's the exact same page where this happened:

http://d.pr/i/1gqvA

 

The thing is, I entered my CC many times when OFF the VPN and never got into trouble. The exact only time I used my CC while on VPN, I got it hacked. That's what's making me wondering. I even checked the source of the page to see if it wasn't some non https javascript request but no it's all HTTPS.

 

I'm running Windows 8.1 with the latest updates, I tried to check for malwares with Malware bytes and it found nothing but eh nowadays it's hard to be sure that we're clean.

 

 

So basically you're saying that if I'm on a secured HTTPS website and through AirVPN, I should be safe to purchase online?

 

Still, I'll keep my eyes wide opened just in case.

 

Thanks for the quick response, amazing service!

[rainmakerraw 93]

My thoughts:

 

You say you used your card 'many times' off the VPN without issue, but somehow blame the HTTPS transaction for the problems you experienced. Cards can be cloned easily in a second by rogue operators (fuel stations, corner stores etc), or MITM attacks online. What makes you so sure it was the specific transaction via the VPN which got you stung? Of course the vendor could have been compromised (database hijack or similar) but in reality probably your card was compromised another way - likely in 'real life' transactions. Either way your bank will cover your losses provided they're reported as fraudulent activity. You're one heck of a lot safer with the VPN than without and I've made thousands of transactions through AirVPN (and other companies) without a single issue. Basically the VPN isn't a factor.

[bobrottenchild 0]

What makes you so sure it was the specific transaction via the VPN which got you stung?

 

I'm with Capital One and when they see something weird they immediately lock the account, call you and send you an email with the transaction details. The transaction was from somewhere in the Arab Emirates and I live in Canada and know nobody from there at all.

 

So maybe Crashplan got hacked, or IPVanish but I very highly doubt I got in trouble via real life transactions. I use my CC only for web purchases and business purchases (servers (aws, digitalocean), it stuff for my job).

 

I'm usually a pretty tech savvy guy and I try to understand as much possible the inner works of what I'm using and when this happened I was kind of surprised and somebody told me "uh vpn noob error, never buy only on vpn" I wondered why since I thought it would be even safer..

 

Anyway, I'm happy to see that I might have been wrong all this time and also to know I'm safe to to all I want through the VPN.

 

Thanks for all the answers, it really helped!

[bobrottenchild 0]

I even still have the email and it was saying this: (the fraudulent charge was ASDA 4387) it was Dec 18 2014. I don't even know why I'm saying that but just in case it looks like something somebody knows something about hehe

 

December 18, 2014 ASDA 4387 $473.60 December 18, 2014 CODE 42 SOFTWARE INC $1.17 December 18, 2014 CODE 42 SOFTWARE INC

$6.99