As you would expect of someone who writes a Defensive Computing blog, I am a frequent VPN user. I both pay for a full-fledged VPN service and also dabble with a couple VPNs that offer limited monthly bandwidth for free.
My main VPN provider offers servers all over the world. Sometimes I connect to a server on the West coast of the U.S., sometimes the East coast, sometimes the South and sometimes Canada. Why Canada? Just because.
There are occasionally things that don't work well on a VPN, but I often stay connected all day. As such, its easy to forget that the VPN is active -- and I recently got burned by forgetting. Normally, of course, the situation is reversed, trouble comes to those whose VPN is off rather than on.
What mistake can someone make while connected to a VPN?
Buying something.
In my case, I purchased a license for Avast antivirus software; three PCs for one year.
As I recall (it was over a month ago) the price varied. Someone upgrading from an installed copy of their free software paid a different price than someone who went directly to store.avast.com. After dealing with these different prices, I let my guard down during the purchase process.
Receipt for a purchase of Avast antivirus
The emailed receipt clearly shows (above) a VAT of $4.88. We don't do VAT in the U.S.
Credit card bill for Avast antivirus
When the credit card bill arrived, there was a Foreign Transaction Fee of $1.34 (above). Even then, it didn't sink in immediately. My first thought was that Avast must be based outside the U.S. In fact, their headquarters are in the Czech Republic.
It took a while for the light bulb to click on.
I must have made the purchase while connected to a VPN server in Canada. The giveaway is in the second line of the credit card bill above.
Lesson learned.
In my defense, the Canadian currency is also called the dollar. Had I been connected to Mexico, I might have noticed a price quoted in pesos (plus, there are almost 18 pesos to the American dollar).
This being a Defensive Computing blog, I don't want to leave a wrong impression. VPNs, as a rule, are great.
Elsewhere, VPNs are plugged for public Wi-Fi, but there is no need to limit their use. I often use one at home, even on computers with a wired Ethernet connection. Without a VPN (or TOR), your ISP knows everywhere you go on the Internet. What do they do with this information? One thing my ISP does, is publish a booklet detailing their privacy rules, as shown below.
An ISP privacy notice pamphlet features lots of small print on both sides.
VPNs are great for privacy. Still, there are two sides to every coin.