Your greatest security and privacy risk relates to data in transit, as it passes to and from your devices. In a coffee shop, airport, or other public space using Wi-Fi, your information passes in the clear between your hardware and the network's hub. You may not be sure how and whether the hotspot secures access to the wired side of its routers, either.
Even if you're using a secure Wi-Fi network at home, work, or school--or even wired Ethernet--your bits still pass across a broadband modem and through intermediate points on the Internet before reaching the destination server and vice-versa. (Cellular networks are generally considered quite secure unless you are being either individually targeted or swept into a government-backed interception project.)
While most email servers offer secure connections, not all do and you might never have reconfigured your client to protect those sessions. (If not, you should!) Plain old FTP--not SFTP or FTP over SSL/TLS--sends a password in the clear, as well as all data. While financial, medical, ecommerce, and social-networking sites encrypt all or nearly all their Web sessions, most other sites don't, leaving your behavior open to outside inspection.
Imagine the Internet as a series of pipes--seriously. And then imagine that you could thread your own thin, flexible, impenetrable stainless-steel pipe from your house through all the water mains to where the water comes. That's a virtual private network (VPN). It's a secure end-to-end tunnel between your device and some far-off destination.
How a VPN works
A VPN has two termination points, more or less like a secure connection to a website. One end is a VPN client on a piece of hardware under your control. The other is at a VPN server. Typically, when setting up the connection, you have a mechanism that lets you verify that the right security credentials are in place, which prevents a party from inserting itself between you and the server.
Data traveling in the tunnel is encrypted and decrypted at each end. With proper, modern techniques, VPN traffic is essentially uncrackable. There are weakness, either accidental as with Microsoft's early PPTP standard, or intentional, as with the NSA's hidden efforts to reduce the quality of modern VPN standards. But these typically only affect you if you're individually targeted by criminals or a government.
VPNs date back decades, and Apple natively supported standard VPN methods from early versions of Mac OS X and added robust support by iOS 5. They were originally deployed by corporations to allow remote workers a kind of safe extension of the security policies and firewall of the enterprise network everywhere they roamed. In many cases, the client software was free (built into Mac OS X, for instance), but the hardware required to run server software was the deterrent.
Sign up for MIS Asia eNewsletters.