Explaining Cybersecurity to My Dad: VPNs and the Perils of Public Wi-Fi
WarCollar CEO and DopeScope Inventor, Gene Bransfield, attempts to explain cybersecurity in a relatable way.
Dad: Hey! Let me show you this thing I found on the Internet. I think you’d like it.
Me: Can you show me on your phone?
Dad: It’s better if I use my laptop.
Me: Here? We’re in a public place.
Dad: Yeah. They have free Wi-Fi here. What’s wrong with that?
Me: Free Wi-Fi.
Dad: What? You’d rather pay for it?
Me: Somewhat, yeah.
Dad: Why’s that?
Me: Because free Wi-Fi is generally less secure than places where it’s not free.
Dad: It is secure! They had this pop-up page where I put my name and made me check a box that says I won’t do bad things! That means they’re logging me in and encrypting everything and I’m good. It is secure!
Me: You logged into an interface that makes sure you paid to be here before they grant you Wi-Fi access. They haven’t done anything except cover themselves legally. They offer no encryption or any other protection mechanism. It’s basically open access, unencrypted Wi-Fi. It is most certainly NOT secure.
Dad: What? They put me through all that and they don’t even encrypt things?
Me: Not a bit.
Dad: That’s nonsense!
Me: Right!?
Dad: Well, I’m using Wi-Fi without it being encrypted. It’s fine – I’ll only be here for a bit.
Me: Actually, 43% of people have had their online security compromised while using public Wi-Fi.
Dad: Ha! So, math says that most people haven’t.
Me: I don’t know – 43% sounds like a high number to me.
Dad: It’s not as high as the 57% who haven’t been affected by using public Wi-Fi. So, I feel like I’m OK to go download the thing I was going to show you.
Me: I’m pretty sure that’s the wrong attitude here.
Dad: Why? I don’t think someone is trying to get me, specifically. I’m looking around the room and I don’t see any of those unemployed fry cooks who can do things like that.
Me: Really? I’m standing right here, and I can do things like that.
Dad: You wouldn’t!
Me: Not for free, and not without signed legal documentation. I may make an exception for you, specifically.
Dad: Oh yeah? And why would you do that?
Me: To redirect your internet traffic from the news site you like to the news site you hate.
Dad: Why would you do that?
Me: To watch you get so angry that your head explodes.
Dad: You’d do it just to be a jerk, but there’s no one else here. I’m sure it’s OK.
Me: They don’t have to be within eyesight. They can be in the lobby or in the parking lot or across the street.
Dad: But why would they go after me?
Me: They probably won’t try to get you specifically. They’ll just set up a trap where they’re collecting all the low-hanging fruit, and then you browse to a vulnerable website OR use your password somewhere OR login to a bank or a credit card spot and they collect your data that way. They can send you malicious ads or click bait to trick you into loading malware. If they get you, they own your whole Internet experience. They could even scan your computer for vulnerabilities and then hack into your machine itself.
Dad: How would that even work?
Me: The hacker has some software on their machine that tells all the other machines that they need to use the hacker’s evil machine to get to the Internet.
Dad: That’s stupid! I thought computers were smart enough to not fall for that…
Me: Computers want to find the Internet, and things change on networks all the time. So if something on the network tells everyone else on the network that “hey, the new way to the Internet is through me” then they don’t argue about it too much. That’s how most of the Internet works, actually.
Dad: So, my computer is dumb enough to fall for that and somehow it’s MY fault?
Me: Well, you can do things about it, and you’re not – so that part is YOUR fault.
Dad: What the hell can I do about it?
Me: Keep your computer up to date, and when you’re using a strange network, you can use a VPN.
Dad: A what now?
Me: A Virtual Private Network.
Dad: So, I have to use a whole different network now?
Me: No – you install VPN software on your computer and then use that VPN software when you’re trying to use public Wi-Fi networks to get your Internet.
Dad: How does that even work?
Me: VPNs are used to extend a network using encryption. It’s like creating a tunnel through your current network into another network. People who work from home use this technology to get into their corporate networks.
Dad: What? That hurts my head. How would I get to another network without going through this network?
Me: Imagine you’re walking around one building and you want to get to the building across the street, but it’s raining. Normally, you’d have to walk outside and get wet. However, if that building has a tunnel or a skybridge to the building across the street you could use that tunnel or skybridge to avoid the rain. Well, in this case, the hackers are trying to get you wet, and that VPN is the tunnel or skybridge to keep you out of the rain.
Dad: But he controls access to the Internet – he owns all the things I do – how does a VPN fix that.
Me: Because the bad guy hacks you by controlling and interfering with your access to the Internet itself. A VPN makes a tunnel between your computer and somewhere else on the Internet. You’re bypassing the hacker and entering the Internet at a different location.
Dad: What? How does that even work?
Me: When you create a VPN, you make an encrypted connection or ‘tunnel’ between your computer and another server – called an endpoint or concentrator – elsewhere on the Internet. It’s like you’re popping out on the Internet at a completely different location.
Dad: That doesn’t make sense.
Me: You’re a Star Trek fan, right?
Dad: Yup. Spock is my man.
Me: So, imagine that the Internet is the galaxy. A VPN essentially opens a wormhole in the Internet so that your traffic goes from your computer to the VPN server without being touched by the surrounding Internet. If you use a wormhole you can get from Earth to Saturn without passing Mars or Jupiter. It’s magic.
Dad: That’s Deep Space Nine. Spock wasn’t in Deep Space Nine.
Me: Not the point.
Dad: So, I can travel through the galaxy without touching the galaxy?
Me: Exactly. You can sit here in the States and use your VPN to wormhole into Europe like you’ve been there the whole time.
Dad: Really!? I can show up in England?
Me: Like you’re a proper Brit.
Dad: Wow! That’s cool. Is the Internet different in Europe?
Me: Sometimes.
Dad: Will I be able to watch my BritComs without it blocking me because I’m from the US?
Me: You should be! And you can watch Cricket. VPNs help with things like that.
Dad: Ok, so this wormhole makes me hacker proof?
Me: Well, nothing makes you hacker “proof,” but this makes it much more difficult for the bad guys to control your Internet connection when you’re using Free Wi-Fi.
Dad: So, what’s the difference if it’s not making me “hacker proof.”
Me: Would you walk barefoot in the gym or in a public shower?
Dad: No! I’d try to wear shower shoes at least.
Me: Same thing.
Dad: That’s nasty. A friend of mine did that at his gym. He got a fungus so bad that even his lonely widow friend didn’t want him over for tea anymore. It was nasty.
Me: Sounds like it killed his love life.
Dad: It’s for the best. I didn’t like her. She smelled funny and her tea was terrible.
Me: What’s that line about beggars and choosers?
Dad: Well, I choose not to hang out with the stinky widow tea lady. I’m not that desperate. She was complaining about the look of his feet, and I couldn’t sit at the table with her because of the smell.
Me: Well, what happened to your friend?
Dad: Him? His feet were really messed up. I eventually convinced him to go to the doctor. They gave him some stuff and told him to go get a pedicure of all things.
Me: Pedicure? That doesn’t sound like something you guys would do.
Dad: Well, he needed it. Eventually he took to liking it, and now he goes every couple of weeks or so.
Me: Really?
Dad: Yup! Took me with him once.
Me: You!?!? You got a pedicure?
Dad: Yup! Now I get one every couple of weeks!
Me: That doesn’t sound like something you’d do.
Dad: Well, you gotta keep an open mind these days. Plus, the ladies at the pedicure shop smell much better than the widow, and they make better tea.
Me: They make you tea? Why do they make you tea?
Dad: Well, you might not realize this but I can be a very charming guy when I want to be.
Me: Yeah – I remember the story of you reciting poetry to woo my mother. “Jabberwocky,” was it?
Dad: One of the greats! But I didn’t go that far with these ladies. I don’t think they could handle me if I told them to beware the Jibjub Bird. They might get frumious with their Bandersnatch
Me: Ok… but anyway, wearing shower shoes at the gym would go a long way to keep people from getting the foot fungus that your friend got. Using a VPN when you’re out in public keeps your computer from getting “foot fungus.”
Dad: Yeah, but I’m still trying to get my head around that wormhole thing you were talking about. Can’t the bad guys see you doing that?
Me: Yeah – if they’re paying attention. Most of the time they’re looking for low-hanging fruit. They can potentially see your tunnel, but shouldn’t stop it – and they can’t read your encrypted traffic. If you can’t get to your VPN tunnel you should not use that network.
Dad: So, they can see me avoiding them, but they can’t get me?
Me: They can’t see your traffic in the tunnel, no.
Dad: Hell, I could use something like that to get me from my café to my car. I’d be walking to my car and be like “you can see me, but you can’t ask me for change!”
Me: …really?
Dad: Yeah! And I could use it to get from my car into the grocery store! You can see me, but you can’t sell me cookies because I’m in my tunnel!
Me: You love thin mints!
Dad: Yup! But they’re addictive as hell and my gut doesn’t need to get any bigger.
Me: True.
Dad: I could use it to get from my house to the bar!
Me: … or the gym.
Dad: At my age, I don’t know what to do at the gym; but I know what to do at the bar!
Me: So, you’re sold on the VPN.
Dad: We can try it. Where do I get it?
Me: There are multiple choices on the Internet. ProtonVPN is recommended and has a free option, but there are other options like personalVPN that don’t cost much at all. You can probably find one for around $5 a month or less.
Dad: So, I download that and now how hard is it to use?
Me: Not hard at all! Just double-click the app, pick which city you want to pop out of, and start browsing!
Dad: Let me try this then… Hey! Look! I’m in Japan! Google is in a different language!
Me: There you go! It’s that easy!
Dad: Do I have to be in Japan?
Me: If you’re just trying to get out of the Café, you can pick a site near your current location and it works just as well.
Dad: This is easy! Now can I show you what I wanted to show you.
Me: Sure
Dad: Here you go!
Me: What is that?
Dad: The pictures of my buddy’s feet. Before and after.
Me: …really?
_____________________________
Want more? Check out Explaining Cybersecurity to My Dad “Multi-Factor Authentication (MFA)” and “What is this DopeScope thing anyway?”!