Is the VPN obsolete, or should I continue using it?

Image of a hand holding a VPN shield and title: Is a VPN obsolete?

According to a study by OpenVPN, 68% of employees say that their organization expanded VPN usage during the COVID-19 pandemic. A 2024 study by Forbes also shows that 77% of VPN usage is now by private individuals. 

Still, in recent years, this hasn’t prevented media outlets from running articles asking if the VPN is dead, given the rise of other technologies. 

Rest assured, the VPN is not only alive but kicking. In this guide, we’ll explore some of the common reasons why people feel VPNs are obsolete. We’ll also detail why they still matter for your privacy in 2024 and beyond. 

All websites now have TLS. Why would I need a VPN?

This is one of the most common arguments against subscribing to a VPN service these days.

TLS 1.3 certainly offers excellent security and faster ‘handshakes’ between devices and websites that implement it correctly. You can also easily check that your connection to the website is secured by looking for the padlock icon in your browser address bar.

Still, there are some good reasons why TLS on its own won’t always provide the best protection:

Compromised CA’s

CAs (Certificate Authorities) assign SSL certificates to websites. Your browser uses the CA to determine the identity of a domain and to begin exchanging data securely.

As such, using TLS to access websites is only as secure as the CA your browser uses. Recent initiatives like eIDAS 2.0 in the EU would force browser developers to accept government-controlled certificate authorities. This could lead to bad actors impersonating legitimate websites and decoding your encrypted traffic.  

DNS Leak

Even if you access a website via TLS, if you’re using DNS servers assigned by your ISP, your browsing history can still be monitored. The DNS (Domain Name System) acts as a virtual phone book for the internet, converting human-readable website addresses into human-readable IP addresses. 

If your device sends an unencrypted DNS ‘query’ to one of these servers, it can be monitored by snoopers. This is known as DNS Leak. Reliable VPN services like hide.me handle DNS queries from your device. This means they are encrypted along with all your other traffic, so they can’t be monitored.

Email Security

While Email isn’t a very secure method of communication, in recent years, mail protocols like SMTP have introduced support for encryption via STARTTLS. This command upgrades the connection to use TLS. 

However, not all email servers do this, meaning that if you use your device to send emails, they could still be intercepted and read.

Unencrypted Traffic

Even in this day and age, not all websites use HTTPS. A good example is captive portals on Public WiFi. These sometimes ask you to enter your name and contact information. Without TLS, this information can be monitored by bad actors. Older IoT (Internet of Things) devices also don’t support secure TLS connections.

My messaging app uses E2EE. Do I still need a VPN?

In theory, using E2EE (end-to-end encryption) is an excellent way to secure messages. As the virtual ‘key’ used to decrypt your messages or calls never leaves your device, even if a cybercriminal is monitoring your internet traffic, they can’t view your data.

Unfortunately, this protection only applies to the traffic itself, not your overall computer security. Bad actors monitoring your internet usage can still see metadata like your IP address and that of your correspondent. This means they can work out you’ve had a conversation and even possibly trace your device’s location.

Meta, the owner of the most popular E2EE messenger WhatsApp, has complied with law enforcement cybercrime requests to hand over metadata in the past. As the app is proprietary, there’s also no way to verify that WhatsApp implements E2EE properly publicly.

If, however, you use an open-source E2EE Messaging App like Signal with a VPN, you can exchange messages securely. As your connection is routed via the VPN server, your device can’t be traced via the IP address. 

As the VPN encrypts all your internet traffic, it’s also extremely difficult to detect you’re using a messaging app in the first place.

What about a proxy server?

Using a proxy server allows you to route your internet connection via a remote computer, meaning you may be unable to block geo-restricted websites and platforms.

However, proxy servers don’t encrypt your internet traffic meaning it’s easy for snoopers to monitor your online activity. Cybercriminals even run some “free” proxy servers to try to steal your information.  

What about SaaS?

As more organizations and individuals switch to SaaS (Software as a Service) like Microsoft 365, it’s only fair to wonder if VPNs are still necessary.

Authentication and encryption are handled via TLS, plus all data is stored and backed up via cloud computing.

However, VPNs are still relevant for the same reasons: you can’t rely on TLS alone to protect your Internet security.

While traffic between your device and the SaaS platform may be encrypted, the fact you’re using it is obvious to bad actors engaging in network eavesdropping.

The protection offered by platforms like Microsoft 365 also doesn’t apply to other websites and web apps such as email and messaging programs. 

However, using a VPN encrypts all your computer network traffic. This means anyone monitoring your connection won’t know which SaaS platform you’re using, nor will they be able to monitor traffic from other apps.

Using a VPN also ensures you can access your SaaS when traveling. Some platforms, such as Google Workspace, are blocked in countries like China. If you connect via a VPN server outside the country in question, you’ll still be able to access the platform.

What about SASE?

SASE (Secure Access Service Edge) is a type of architecture capable of combining multiple technologies like SD-WAN (Software-defined Wide Area Networks), secure web gateways (SWG), firewalls as a service (FWaaS), cloud access security brokers (CASB), and zero-trust network access (ZTNA). 

A dedicated provider usually offers this. SASE can arguably provide better endpoint security and lower latency than traditional corporate VPNs. However, VPNs are still the best way for regular internet users to protect their online traffic. 

What about ZTNA?

ZTNA (Zero Trust Network Access) is a component of Zero Trust Architecture. In principle, it means that any person or program accessing the business or home network is given access only to those resources they need. 

Usually, the zero trust security model follows the “doctrine of least privilege.” In other words, it constantly verifies that the user/program has permission to access files and programs. This model provides excellent network security against both internal and external threats.

How is a VPN different from ZTNA?

Zero Trust Network Access isn’t a physical or virtual object; it’s a framework of best practices for ensuring security for your network. Fundamentally, it ensures that no entity, whether inside or outside the network, is trusted by default. 

A VPN is more than a concept: it’s a type of overlay network that creates a secure, encrypted connection over a less secure network, such as the World Wide Web. This is done via a specialist tunneling protocol like WireGuard.

Is ZTNA making the VPN obsolete?

Traditionally VPNs in business environments had major security flaws. Any user who ‘dialed in’ to the corporate network via the encrypted VPN ‘tunnel’ could access files, programs and other network resources as they saw fit.

This meant bad actors like hackers and rogue employees could compromise network data and programs.

As such, older virtual private networks aren’t as secure as networks that follow zero trust access principles, given that there’s both broad access and an ‘assumption of trust.’

Are ZTNA and VPNs mutually exclusive?

There’s no contradiction between zero trust access and VPNs. The OpenVPN Blog notes that it’s very feasible (and desirable) to build a VPN with zero trust principles. 

In the case of their software, ‘OpenVPN Access Server,’ this can be accomplished using its built-in features. These include creating ACLs (Access Control Lists) to limit access to network resources for specific user groups. Network Managers can also use ‘Connect Auth’ to authenticate each connection. 

Of course, these features are more relevant to remote work in a corporate environment than if you’re using a VPN service designed for personal use. 


We love bringing you this content and hope it helps keep you safe and secure online. Feel free to share it with your friends, too.

Here at hide.me we are all about internet freedom, and we are happy to be in a position to bring that to everyone. That is why we give you a 30-day money-back guarantee on our Premium plan. No questions asked and no logs recorded.

Get hide.me VPN!

If you have any questions, please feel to contact our 24/7 support team either at support@hide.me or via live chat.

Related articles

Christmas Sale

Includes 3 months extra

Days

Hrs

Min

Sec

Get the offer