January 28th, 2014

Do you need a VPN for Secure Email in a Wireless Hotspot?

LuxSci has been approached by many people asking for VPN (Virtual Private Network) services.  When we ask them why, they indicate that they use wireless hotspots (like at Starbucks and other public places) that are insecure and untrusted and they want to be sure that their email is secure and encrypted there.*

Note that even if the hotspot is password protected and “secure”, that does not mean that it is “trusted”.  The hot stop administrators or other users of that hotspot could still try to intercept your Internet traffic.  So, just because it is a “secure” hotspot with the little lock next to it and a password that you must enter, do not assume you are safe at all.

This is a very legitimate concern.  Wireless hotspots are serious danger zones; we have seen many cases of people who have carelessly used insecure connections to email or web sites and had their login usernames and passwords stolen in such places.  This can lead to identity theft, the leaking of sensitive company or personal information, and other serious problems.  Anyone using public wireless hotspots or other untrusted networks for email and other activities that involve personal information need to take care that the information sent to and from their computers is protected.  If the transmission of your sensitive information is protected, then you have nothing to worry about and hotspots can be great places to work.

So, why is a VPN a good solution?

A virtual private network creates a secure tunnel between your computer and the location of the network, which is typically your office or a VPN-service provider or LuxSci.  When the VPN is enabled, all Internet traffic travels through it first to get out to the Internet (though some VPNs only transport traffic that is destined for a specific provider or location).  This means that this secure tunnel secures your email, chat, web browsing, and anything else that you may be doing on the Internet (or between yourself and your provider), from malicious users of the local hotspot.

So, if you have a VPN, you can turn it on and know you are safe … from people in the hotspot anyway.

There are some downsides to VPN use

Typically, a VPN costs money.  Sometimes you have to have special software installed on your computer and the license to use that software will cost you or the VPN provider money (other solutions, like LuxSci’s VPN service, use the VPN software that is built into modern operating systems).  There are open source VPN solutions (like OpenVPN), but they can be complex to setup and get working correctly.

Additionally, a VPN only protects your communications between your computer and the VPN itself.  So, in the case where the VPN is in your office, your data travels from your computer to the office over the secure VPN.  Any information that then goes on and out to the Internet at large is no longer protected and could still be eavesdropped upon unless it is otherwise secured.

Use of SSL is a good alternative to the use of a Virtual Private Network

If your concern is in securing access to your email (POP, SMTP, IMAP, and/or WebMail), then use of a VPN is not the only solution.  An email service that provides “Secure Email” will give you the option of connecting to your email over SSL (How Does Secure Socket Later (SSL or TLS) Work?).

When you use SSL to connect to your email or WebMail server, then all communications from your computer all the way to your email server are encrypted and protected from eavesdropping.  In fact, once you setup your email program (i.e. Outlook or Thunderbird) to use an “SSL-enabled” connection, it will always be secure no matter from where you are connecting.

All modern email clients and web browsers support SSL very well and it is usually just the matter to “checking a box” to turn it on, if secure email services are an option for you.

The advantages of SSL over VPN are:

  1. You do not have to remember to enable SSL (like you do for the VPN).  Once configured, you are always using SSL and are thus secure even if you are in a hurry and would have forgotten to enable your VPN
  2. SSL protects your communications all the way to the email servers; a VPN only protects you for part of the trip.  Of course, if the VPN is next to the email server, this is a moot point.
  3. SSL is generally much cheaper than using a VPN
  4. Most web sites that you use that deal in sensitive information will allow you to login securely over SSL so that your web sessions are secured and cannot be eavesdropped upon.

Use of SSL can be less secure than a VPN:

  1. Man in the middle: If you are going through an unknown and untrusted network, there could be a system there that tries to interpose itself between you and your email / WebMail server, decrypting and altering/storing your traffic. Generally, if this is happening, you will get a warning about your sever’s SSL certificate not being trusted.  if you ignore that warning, or click it away without thinking, then your communications are secure … but readable by that third party system.  This is a serious consideration whenever using an untrusted network and a good reason to pay attention to warnings!  The possibility of this kind of man in the middle attack on a VPN connection is very much smaller.

Of course, if you need other types of communication which are not SSL-enabled to be secure, or if you need access to information behind a company firewall, then a VPN will be invaluable for you.  Otherwise, SSL-enabled connections provide as good security and protect against forgetfulness.

The best solution is to use a VPN plus SSL for maximal safety and privacy.

What does LuxSci provide?

LuxSci does provide VPN services to it servers, as well as SSL for its users’ POP, IMAP, SMTP, and WebMail connections.  The optional VPN service can be used to augment the security of SSL.

Furthermore, all new LuxSci accounts have SSL use enforced by default.  This means that, unless you take steps to change your account security settings, all connections by yourself or your users are required to use SSL — there is no option of connecting insecurely.  So, the possibility of setting up your services insecurely “by accident” or “by laziness” and then having your personal information stolen at a wireless hotspot or other untrusted network is greatly reduced right from the beginning.

Where can you get VPN services?

If you need a VPN and your office doesn’t offer it, you can check out

7 Responses to “Do you need a VPN for Secure Email in a Wireless Hotspot?”

  1. Extreme WebMail Login Security with OpenID | LuxSci FYI Says:

    […] There is no guarentee that the authentication is happening over a secure (SSL) connection.  The connection could be insecure and any usernames or passwords that you send could be eavesdropped upon. […]

  2. iPhone: The Ultimate Mobile Email Client? | LuxSci FYI Says:

    […] One very nice feature is that, while you have the option to use secure or insecure connections for each of these protocols, the iPhone configures itself for a secure connection by default — you actually have to do extra work to disable the SSL/TLS security options.  This is notable, especially since it is common to be checking your email in an untrusted wireless hotspot where use of SSL (or a VPN) is essential. […]

  3. How Can You Tell if an Email Was Transmitted Using TLS Encryption? | LuxSci FYI Says:

    […] is less of a problem than eavesdropping near the sender and recipient (i.e. in their workplace or local wireless hotspot).  So, one must take care that messages are sent securely and received securely.  This […]

  4. les Says:

    To protect my mail and other means of communication, I
    always use this vpn, I like very much, and I advise you to use it too.

  5. Security Simplified: The Base+Suffix Method for Memorable Strong Passwords | LuxSci FYI Says:

    […] can read your sensitive information.  This is especially dangerous if you are connecting from a wireless hotspot or other location where you do not trust everyone who may be using the local […]

  6. Mike Says:

    I’ve found it’s best to use an OpenVPN based VPN, many hotspots block GRE which is required for a PPTP connection to be maintained, whereas OpenVPN can be configured to just use TCP (on port 443 – HTTP over SSL for example). This has the best of both worlds, easy connection, and very very secure data.

    If you don’t have a hosted server to setup OpenVPN on, there are several providers to choose from. I’ve used http://www.overplay.net and http://www.strongvnp.com before, they both work well!


  7. Tory | Progacz | backlinks Says:

    Excellent read, I just passed this onto a colleague who was doing a little research on that. And he actually bought me lunch because I found it for him smile So let me rephrase that: Thanks for lunch!

Leave a Comment

You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.