Which is better?

[TheLyppardMan]

Excuse my lack of understanding of this but I just want to ask something relating to security, which will probably be easy for our forum experts.

This evening, I was curious to find out about the ASUS VPN Fusion feature, so I installed the ASUS official firmware briefly and set it up using my Surfshark account, of which I still have a few months left on my subscription.

It did work, but it seemed to reduce some of the protection that you get with Cloudflare (at least, that's what it looked like when I went on their test site) and also, GRC ShieldsUP! showed port 443 as being open and with a strong warning message. So I suppose, what I am asking is, what are the security gains and losses using something like the ASUS VPN Fusion and also, if that is recommended, is there a similar feature in the Merlin firmware?

This is what I saw when using VPN Fusion:

and this is what I normally see:

 

[RMerlin]

If you use a VPN tunnel and that VPN tunnel provides its own DNS servers, then they will bypass any server you might have manually configured.

 

[TheLyppardMan]

So which would you say offers the best protection from hackers/fraudulent websites when using online banking, a VPN such as the one I would use (Surfshark) but no Cloudflare DNS or just using Cloudflare without a VPN?

 

[drinkingbird]

So which would you say offers the best protection from hackers/fraudulent websites when using online banking, a VPN such as the one I would use (Surfshark) but no Cloudflare DNS or just using Cloudflare without a VPN?

They accomplish two totally different things.

VPN is for "privacy" (really more like hiding stuff) but won't filter malicious sites.

Filtering DNS will filter many malicious sites but provides no extra encryption or privacy.

If you want both, you must find a VPN service that has that feature, as far as I know surfshark DNS does no filtering.

Browser/PC based filters are often better than DNS filters anyway, so good security software along with VPN will cover both. Layer ublock or similar browser plugin on top of that for extra protection and ad blocking etc.

Honestly there are only specific use cases where VPN is necessary, such has trying to make it look like you're in a different physical location, bypassing censorship (in countries that do that), or anonymizing yourself when doing illegal stuff like pirating or hacking.

The only time it is useful for privacy is when using public wifi, and given most stuff is encrypted, it is of limited benefit there (but I do use a VPN when in a hotel or the rare times I need to use public wifi elsewhere to be safe).

One use case I've found for VPN is some hotels block wifi calling. They also block many known VPN IPs to prevent you from bypassing that, but can often find one that works, after which wifi calling also will work through the tunnel.

From your home network, using a VPN for everyday traffic is just going to limit your throughput, add latency, and cause you to not be able to access some sites. Many banks for example block VPNs. Then there is the security concern of that VPN provider being able to see all of your traffic and potentially even execute a man in the middle attack etc. So you must be 100% sure you trust them.

 

[TheLyppardMan]

They accomplish two totally different things.

VPN is for "privacy" (really more like hiding stuff) but won't filter malicious sites.

Filtering DNS will filter many malicious sites but provides no extra encryption or privacy.

If you want both, you must find a VPN service that has that feature, as far as I know surfshark DNS does no filtering.

Browser/PC based filters are often better than DNS filters anyway, so good security software along with VPN will cover both. Layer ublock or similar browser plugin on top of that for extra protection and ad blocking etc.

Honestly there are only specific use cases where VPN is necessary, such has trying to make it look like you're in a different physical location, bypassing censorship (in countries that do that), or anonymizing yourself when doing illegal stuff like pirating or hacking.

The only time it is useful for privacy is when using public wifi, and given most stuff is encrypted, it is of limited benefit there (but I do use a VPN when in a hotel or the rare times I need to use public wifi elsewhere to be safe).

One use case I've found for VPN is some hotels block wifi calling. They also block many known VPN IPs to prevent you from bypassing that, but can often find one that works, after which wifi calling also will work through the tunnel.

From your home network, using a VPN for everyday traffic is just going to limit your throughput, add latency, and cause you to not be able to access some sites. Many banks for example block VPNs. Then there is the security concern of that VPN provider being able to see all of your traffic and potentially even execute a man in the middle attack etc. So you must be 100% sure you trust them.

Thank you for your detailed reply. I've never really been that keen on VPNs, even though I purchased a subscription with Surfshark at a discounted rate (at that time), but I've hardly used it, so I doubt I shall be renewing it when it expires next Spring. There is a VPN provided by my Bitdefender internet security suite anyway, so I could always switch that on if it were needed, but I think that continuing to use Cloudflare as my DNS resolver is the better option.

 

[RMerlin]

So which would you say offers the best protection from hackers/fraudulent websites when using online banking, a VPN such as the one I would use (Surfshark) but no Cloudflare DNS or just using Cloudflare without a VPN?

A VPN provider will give you zero protection against hackers and fraudulent websites.