Here's what he asked:
I think I am am protected because my handset says "internet connection secure," but in fact all the things I do on my laptop are not protected at all. I was rather surprised to discover this behaviour. Was I stupid/naive or, in your opinion, should this aspect be either better publicised by VPN providers or better still fixed?
Craig, you are most definitely neither stupid nor naive. Networking is one of the more counter-intuitive aspects of all our technology. Consumers these days are forced to use insanely advanced technology to protect against sophisticated actors, whether they're well-funded criminal organizations, nation states, or that pesky teenager down the street.
That said, there's a best practice here that you may be missing. I'll talk about that in a minute. First, let's talk about how Wi-Fi tethering works. Actually, before we even do that, let's talk about how traditional desktop routing works.
In a tradition home or office-based network, there's usually an access device (like a cable modem or a fiber interface) that connects the internet to the local area network. Usually, there's a router between the access device and all the client devices (computers, tablets, IoT devices, etc).
Also: How to select a trustworthy VPN TechRepublic
That router serves a number of functions. At the very minimum, it does network address translation and traffic direction, so that packets coming from the internet route to the appropriate client device (and vice versa).
Most routers also add firewall functionality, along with a variety of security and additional functionality. Routers like the Synology RT2600ac provide their own app ecosystem, while routers like Google WiFi allow for the easy formation of mesh networks.
Smartphones combine access device, router, and client device -- all in one palm-sized package. Sort of. When you access something on the internet from your phone via your cell signal, you do so through that triad of capabilities. On the other hand, when you use your phone's Wi-Fi, you're using your phone as a client device alone, and using a stationary router and access device.
With me so far?
With a few limited exceptions, when you use your phone as a hotspot, your phone serves as access device, router, and client device just like before. But the router component provides network address translation capabilities to yet another client device, usually your laptop.
Here's what's happening: Your laptop connects to your phone's hotspot feature as if that hotspot were a stationary router. The phone acts as a network access device and sends and receives internet packets between the internet as a whole and your laptop, which is now the client device.
That brings us back to the VPN. A VPN app establishes a secure tunnel between your phone and a VPN service provider. The app is running on the client device part of that smartphone connection triad, not in the router space. There are some hacks that get around that, but they're definitely not supported and are fiddly and relatively unpredictable. So, we won't go there.
My point, Craig, is that when you're running VPN software on your phone, it's protecting your phone, not your laptop. That's not bad, nor is it particularly unexpected (although now that you ask, I can definitely see how you might be confused).
Fortunately, the workaround is easy. Just run the same VPN software on your laptop. Most of the VPN service providers I looked at in my guide on CNET have both mobile and laptop clients. And every one of our top-rated VPN providers allow you to connect multiple devices with one account.
That means all you have to do is install the VPN client from your provider on your laptop, sign into your same VPN-provider provided account, and you're good to go. You should be reasonably safe (or as safe as a VPN can make you).
Craig's excellent question was one I'd never thought of before. If you have a VPN question, feel free to send me a note, and if I get a chance, I'll try to answer it.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.
RELATED AND PREVIOUS COVERAGE:
It can be difficult to access your home Internet services and resources when you travel out of the country. Here are six ways a virtual private network can help.
Now that American ISPs have been granted new freedoms to monetize and spy on their users, there's a renewed interest in VPNs. Who are these VPN providers and why should you trust them? Let's find out.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
Welcome to the CNET directory of mobile VPN services for 2018.