Imagine, for a moment, that former senator Ted Stevens of Alaska was right, and the Internet is "a series of tubes." Glass tubes. Clear glass tubes, that anyone can peer into and see the information whizzing by.

To an extent, this is a true analogy and information surveillance can happen. Your work IT folks are likely not jazzed at the thought of confidential information by/from/about your workplace or its clients whizzing through the clear glass Intertubes such that anyone sufficiently interested can snoop on it.

A VPN is a clever encryption-based setup that basically paints the Intertubes between your device and your workplace an opaque black. No more snooping on information in transit over the Big Bad Internet between you and your workplace.
posted by humbug at 2:20 PM on August 22, 2022 [8 favorites]

You need someone to walk you through what they want you to do. Just ask them to screen share and have them drive it. It should be a little tiny program that all you basically have to do is press "Connect"

Based on the fact they just found out I guess you don't need a VPN to actually access anything work related, or you'd know. I wouldn't worry about it, send in the request to whomever say you don't know what you're doing and ask for them to set it up and walk you through, it is a common request. If you're worried CC your boss so they know the request is made then go about your day.
posted by geoff. at 2:21 PM on August 22, 2022 [5 favorites]

They should be able to tell you what the standard for your organization is - can you ask them to send you any sort of documentation?

In a work context, a VPN is often used to provide access to sites or data that exists only within the company intranet, basically. It allows your computer to connect to the intranet remotely, encrypting the traffic between you and your company. At least that's how I, someone who basically just uses them, understand it.

I wonder if their incredulity is that it might be an easier way to access some of your work assets, or something along those lines?
posted by sagc at 2:22 PM on August 22, 2022

A VPN is a “virtual private network”, and generally works by setting up an encrypted “tunnel” between your computer and some other computer over the Internet. Once it’s set up, all the traffic from your computer to the Internet will first go through the VPN, then out to its eventual destination.

If your IT department is suggesting you use a VPN, it’s probably one that they have set up and managed. They might expect you to do that so you can access “internal” sites on your company’s network that aren’t available without the VPN. This is a common way companies set up IT resources for remote access without exposing them to the Internet at large.

(For example: my company requires that we sign into the company VPN to access our wiki and other internal documentation. Think of it as an extra security layer to ensure only employees see these sites.)

Confusingly, VPNs are also available as free or commercial services outside an employment situation. They can be used any time you might want to “tunnel” your traffic through another computer. That might be for privacy, or for making it look like your computer is in another country (say, for streaming purposes…). The technology has a lot of uses.

The free Chrome extension you found is likely not the VPN that IT expects you to use. If you’re using a company-managed computer, they may have set up the VPN in advance, but not always. And they don’t seem to have documented how to use it very well!

On preview: geoff and sagc are correct. You should ask your IT department to walk you through exactly how to set this up, ideally using screen share. Sadly there is very little standardization for this between organizations.
posted by learning from frequent failure at 2:28 PM on August 22, 2022 [6 favorites]

Is this when you are working remotely or in the office?
posted by soelo at 2:28 PM on August 22, 2022

Whenever you perform any activity on your computer, a link is set up between your computer and the server you're trying to reach (Google, Amazon, Metafilter.com, your work server, wherever). Your location is logged as a matter of due course and your ISP can see anything/everything you do, if they have motivation to do so. Security is left up to you.

When you use a VPN, your traffic goes to the Virtual Private Network, which acts as an intermediary. Your internet requests go to them, they act as a relay, such that everything goes through them and back to you.

This accomplishes one or more of three main things:

1. The VPN can provide security, filtering everything before it gets to you, acting as a sentry to keep bad stuff away from you
2. The VPN can provide you with a secure connection to an internal set of their resources, as though you had a direct private connection rather than a generic internet one.
3. Your activity and location can be masked from everyone except you and the VPN.

In the third example, your internet traffic, from your ISP's perspective goes from "mumimor's computer talked to sites A, B, C, and D" to "mumimor's computer spoke to a VPN for a while." And from the point of view of the sites you visit, your activity goes from "mumimor's computer, which is located in [mumimor's actual geographic region] asked us for X, Y, and Z" to "mumimor's computer, which is [wherever the VPN bounced the request from] asked us for X, Y, and Z."

The work applications are: a company can supervise your security, protecting their data (and you) from bad decisions/risky behavior on your part, by routing your traffic through a particular security setup they control; and, they can let you access stuff specific to your company that they don't want to put out in the public internet.

The privacy/personal uses for this are: keeping your ISP (and via them the gub'mint) from knowing what you are looking at; and being able to get around geographically locked sites/services. (You could, for example, bump your traffic through the UK and watch shows on BBC's iPlayer, were you so inclined.)
posted by DirtyOldTown at 2:35 PM on August 22, 2022 [1 favorite]

Strongly seconding humbug's excellent non-technical but conceptually useful analogy!
posted by Greg_Ace at 3:51 PM on August 22, 2022

There are two kinds of VPNs. If you're talking to your IT people, it's this type:

Your computer is on your home network which you can think of as a gated neighborhood or campus. You have your own private addressing system and road names, and can fairly freely connect from one building to another. Any traffic that wants to leave the neighborhood must go through the front gate, aka your modem. There's a checkpoint there (firewall) that makes sure that all incoming traffic was authorized from within, or else is data returning home after a day at the shops. There's also one single address for the outside public to see, the address of the front gate. Directing traffic from the outside is also the firewall's job.

Your company also has a private campus with private roads and private addresses, a firewall and a front gate with a public address. Probably it has more than one gate, but in any case, there's a gate designated for your firewall.

Let's say you want to drive to a building from your home neighborhood to the work neighborhood. You'll leave through your front gate, arrive at the work gate, and work's firewall says, "sorry, I don't recognize you, please turn around." You say, "I work here!" and hte sentry says, basically, "sorry, I don't have anything here that says that; please turn around."

VPN is a way around this problem-- it lets you prove you work there and also lets you make use of buildings inside. Start the VPN, get in your VPN car*, and you find yourself in a tunnel. It has twists and turns and you get the feeling you're just on the regular internet but nobody can see you, like you're in a special blacked-out lane; as you come out of the tunnel you find yourself... exiting a garage at an address inside the company campus! You've tunneled into a new address there. Now you can access stuff on campus, drive it back to your home network, etc.

*Your home computer can connect to multiple networks at once, and so it has a table that says, basically, "if the address is in this range, use car #1 (which drives in network #1) to reach that address. If the address is in this range, use car #2 on network #2. If the address is not in those ranges, you can't get there from here." This two-car approach is called Split VPN, where you have 2 cars, one for regular use, one for work use. It *should be* the norm.

The alternative is where you are only using one car at a time; Car #1 when VPN is off, and you go out via your home gate to the internet, and Car #2 when VPN is on, always going through the work gateway, even if you're going to something that isn't a work-owned resource, like google.

--------

The other kind of VPN is the one you hear advertised on podcasts and youtube videos. Same setup, but instead of going to work, it goes to a neighborhood that's not gated, but it is in another city, or another country. You go places in that country as if you live there; if someone suspects you might be foreign (and not you specifically-- region-locked things check everyone) follow you home, they can only follow you home to the end of the VPN tunnel, and that satisfies them that you live in their country and they can treat you like a local. You get all the local benefits-- region-locked public TV and Radio content, the google you search on is a local google in the local language, and so on. This is also the kind of VPN you use if you're doing something that's not fully above board, or that you can't afford to have traced: illegal downloading, illegal uploading, sending secret whistleblowing reports to Glenn Greenwald.
posted by Sunburnt at 4:13 PM on August 22, 2022 [1 favorite]

I've been in infotech for a very long time. That said,

For what purpose? Connecting to work from home? If your work even allows that without a company VPN, that's on them and should be fixed.

If it's for your personal use, depends what you are doing. You have to trust someone somewhere, to be your endpoint to the greater internet and they can log you. That could be your isp, or the VPN provider.

I trust my isp more than shady VPN providers who openly court people trying to evade country locks or copyright infringe.

Vpns slow things and add latency, so there's a cost, in addition to monetary. Some websites maintain block lists against known VPN endpoints to prevent abuse.

Many people use them to hide from their isp enforcement against pirating software/movies/music.

For coffee shops and other access points there's an argument to use them, because some wifi can be malicious. But with https everywhere and pinned certificates and such, I think there's far less danger than there used to be.

Apple has some kind of VPN service for idevices, might even be free, not sure, I'm on the other team.

If your job IT is advocating for VPN usage for personal use at home through a reputable isp. I question their competence, they sound overly paranoid and should know better. If they are just out of college, they've probably been getting copyright strikes for piracy from their isp.

Take any of their advice about anything infotech from your it department with a grain of salt.
posted by TheAdamist at 4:24 PM on August 22, 2022 [2 favorites]

I agree with the sentiment others had - was IT surprised officially as a department, or was the recent graduate bro surprised that you don’t use a VPN? (And also that you don’t own any bitcoin?)

If they didn’t set you up with anything I would just bounce it off of a non-technical coworker in passing, “Do you use a VPN from IT? They implied I need one but left me to my own devices so I don’t know if that’s actually something I need in order to follow company policy.”
posted by Nonsteroidal Anti-Inflammatory Drug at 5:43 PM on August 22, 2022 [4 favorites]

In addition to what others have said, VPN adds another layer of connections on top of your internet connection. If it's like the one my company uses, my work laptop has severely limited internet access until I connect to the corporate network. Even though my work laptop can hop on the WiFi at my house and be on a gigabit Verizon Fios connection, my work laptop then connects to one of a number of different corporate-owned access points, based on my geographic location. So one day, my work internet traffic might be routed through a city on the east coast, a city in the middle of the country, a city on the west coast, etc, and the fast broadband connection takes a hit because I'm connected to Verizon AND whatever else the IT folks put in place.

Consider yourself lucky that your company's IT people were merely surprised that you're not using a VPN. In many corporate setups, you wouldn't be able to get any work done without it.
posted by emelenjr at 7:30 PM on August 22, 2022

Two things worth mentioning I think also:
1) Using a VPN gives the provider access to everything you do through it (unless further encrypted).
2) Any free VPN is making money somehow, you'd better hope it's ads and not something more underhanded.

Don't send confidential work traffic through any VPN that IT didn't specifically bless. But especially not a free one. Nor your own activity you care about, either.

My approach would be don't change anything until either there's something you can't access without VPN (and IT's job then is to set it up to work) or you get told explicitly there's a requirement to follow (and IT's then needs to make that work).
posted by away for regrooving at 9:52 PM on August 22, 2022

This thread is closed to new comments.