Do You Still Need VPN If You Use HTTPS?

Bitdefender Premium vpn

If you’re not entirely new to the world of Internet, then basic privacy and security concepts such as HTTPS, encryption and VPN shouldn’t be foreign to you.

Lately, HTTPS has been widely adopted by websites worldwide for security reasons. HTTPS is the secure version of HTTP (Hypertext Transfer Protocol), and it makes sense why it slowly became a standard.

Using HTTPS instead of HTTP is an effective way to secure users’ browsing data through encryption and is paramount when making online payments, sending emails or IMs, and logging into various accounts.

Although all websites (especially those with login pages) should use HTTPS, many still don’t. Certain web browsers, such as Google Chrome, flag HTTP websites differently by displaying a Not secure tag next to the website’s address in the URL bar. For HTTPS websites, Chrome displays a padlock.

A common misconception is that using a VPN is redundant if you only plan on browsing HTTPS websites since both practices rely on solid data encryption. However, it’s a bit more complicated than that.

How does HTTPS work?

HTTPS uses an encryption protocol called Transport Layer Security (TLS) to protect the data it relays. This protocol relies on two different keys:

  1. Private Key – controlled by the website owner; this key is used to decrypt data encrypted by the public key.
  2. Public Key – kept securely but still available to everyone who wants to access the website; this key encrypts data that only the private key can decrypt.

HTTPS protects private data from being broadcast for everyone to see when accessing a website. HTTP traffic is sent in plaintext so attackers can sniff it quite easily with the right tools. By comparison, HTTPS encrypts traffic, so even if perpetrators intercept it, they won’t be able to decipher it.

Although HTTPS sounds like a silver bullet against privacy violations, a trustworthy VPN service such as Bitdefender VPN can be far more effective.

VPN provides system-wide traffic encryption (including HTTP)

As mentioned above, not all sites use HTTPS, which leaves you vulnerable to a broad range of cyber threats. Attackers can easily monitor and log HTTP traffic, which is not encrypted.

Using a VPN in this situation can give you the upper hand by encrypting all traffic relayed by your device. By contrast, HTTPS only encrypts browser traffic, which leaves you vulnerable if you use other apps or services for online communications (email or IM clients, for instance).

Therefore, even if you’re visiting a website that uses HTTP, entities that can monitor your traffic such as your Internet Service Provider (ISP) or other snoops won’t be able to decipher it if you’re behind a VPN.

On the other hand, this protection only lasts between your device and the VPN server you chose; once the traffic leaves the VPN server, it’s susceptible to being monitored again. In this situation, attackers can’t trace the data back to you if you don’t send any identifiable information through the HTTP connection.

Avoid DNS leaks

Even when browsing HTTPS websites, your device can leak DNS requests, especially if you don’t use a VPN. DNS servers translate URLs into IP addresses, so whenever you want to access a website using its URL, your device makes a DNS request, which is usually unencrypted.

Since ISPs usually provide you with a DNS server, they can also see what websites you visit, whether they use HTTP or HTTPS. Remember that HTTPS only encrypts the data between you and the website, not its address.

Aside from encrypting your traffic, a VPN can also cloak DNS requests so your ISP or other snoops can’t see them. Furthermore, a reliable VPN such as Bitdefender VPN will go the extra mile to prevent DNS leaks that expose your data.

VPN hides your IP address

If the website you’re browsing uses HTTPS, it doesn’t mean it can’t still see your actual IP address. This may not sound like a big deal for some, but if you’re not a fan of tracking and want to keep your whereabouts private, then it definitely is.

Most websites rely on tracking modules that collect all sorts of data from visitors and use it to tailor their experience. If it sometimes seems like websites know a surprising amount about you, it’s because they do.

A lot of information can be extracted from your IP address, including your real (approximate) location and your Internet provider. This data can even be used to restrict your access to specific content, and a VPN can help you circumvent that.

Connecting to a VPN server hides your IP address so the website or online service you’re trying to access sees your requests as if they’re coming from the VPN server. As a result, the website can’t restrict your access or get identifiable information from you (as long as you don’t intentionally provide it) based on your IP address.

Keep in mind that even while connected to a VPN, websites, and online services (email, IM clients) can see who you are if you log into your personal account. A VPN only prevents the website from knowing your real IP address and your ISP or other entity with monitoring capabilities from snooping on you.

Thus, if you want to keep yourself truly anonymous while using a VPN, you should avoid logging into your personal accounts. You can do so by using the service or website without an account (if possible) or creating a decoy (throwaway) account that you can use while connected to a VPN server.

Do you need a VPN if you’re using HTTPS?

The bottom line is that, although VPN and HTTPS can protect your data through encryption, they shouldn’t be regarded as exclusive.

In other words, not only is it good to combine HTTPS and VPN for increased privacy protection, but it’s also recommended that you do so, especially on public, insecure networks.