Is there a way to use VPN for Google Workspace subscribers? I am aware that there’s a VPN service for Google One subscribers but not for Google Workspace subscribers. Any solution anyone?
TL;DR: Turn on DoT or DoH, and you’re good to go.
Risking r/UnpoularOpinion’ing myself here: VPNs are overrated, borderline fraud, with some very frightening undertones.
Especially in the US, and in other countries where ISPs can sell on your data, you do need to take precautions, but a VPN is rarely the best solution. First off, virtually all traffic you send over the internet is encrypted by default. The HTTPS scheme, and the padlock in the URL bar means that all traffic you send to a site is already encrypted and protected from prying eyes (like free random wifi providers stealing your logins, or your ISP selling data from the content of your traffic) using (usually) the same algorithms and key sizes as a VPN would use.
There are two general exceptions to this. First, DNS is not encrypted by default… yet. This means the name of the sites you visit and the services you use is out in the open, and it’s this data that is often resold by ISPs in the US (the EU and elsewhere have better protection laws to prevent it). You can however opt in to DNS-over-TLS (DoT) or DNS-over-HTTPS (DoH) to get the same protection described above, for DNS. The usual free-and-open DNS providers allow this option, so Google (8.8.8.8 / 8.8.4.4), Cloudflare (1.1.1.1) and Quad9 (9.9.9.9) are the obvious options here.
The second loophole is the meta-data. Your ISP (and anyone who can man-in-the-middle the connection - usually that means the government) can see which IP addresses you contact - but only the addresses (IP & Port); none of the encrypted content[1]. This sounds a little worse than it is though, as (in an IPv4 world, at least) these addresses are regularly shared, often between thousands of different services. For example many cloud-hosted services would show up not as a connection to IdontWantTheGovtToKnowAboutThis.com, but to their host’s shared load-balancer (ie Cloudflare / Google / Amazon / Microsoft / etc); undiscernible from the thousands of innocentsite.org’s also hosted there.
Then there’s the problems. With a VPN, who are you giving this data to? While in the case of the GoogleOne VPN that’s obvious - teh Googs, but how much do you know about the dozen or so other common VPN providers? Did you know that many of them have been bought by the same company, often with the privacy promises being watered-down in the process? That some have barely hidden links back to Israeli Security services (and presumably through them back to the US and Five-Eyes?). Did you know that others have links to shady Russian businesses? You’re trusting all your data to these people, so unless you’ve spent at least as much time checking their trust credentials and ownership background as you’ve spent finding the 83% off and 6-months free discount code[2], you’re doing yourself a disservice.
There is one thing, and one thing alone, that VPNs are good for, and that’s watching region-locked content from a different region. That can be legally questionable in and of itself, though, so you could eventually get your Netflix/etc account closed, if one day they decide (or more likely are forced by copyright holders) to enforce region exclusivity.
The advertising of VPNs to less-aware users, overplaying the risks and the protections they bring, while obscuring the price, by organisations who often are less trust-worthy than the ISP-only option is a scourge on the internet and content-provider industries. Stay away.
Edit: See also: Tom Scott’s This Video Is Sponsored By ███ VPN on Youtube 
[1] There’s subtleties here, eg traffic pattern analysis can be used to infer what services are in use, but that’s beyond the scope of this already too-long rant, and using a VPN doesn’t help here either.
[2] If it’s always 83% off, is it ever really 83% off?
How does one turn on DoT or DoH? Do you just edit your DNS servers in your network settings to one of the ones you mentioned? I wonder if that would be blocked by my company when using my personal laptop connected to the company network.
I never used VPN’s other than for logging into company resources (the original reason for VPN’s), which allows us to tunnel and basically act as if we are located at the company in terms of using printers, network sharing resources, etc. For this application, VPN’s always seemed appropriate to me.
Today is the first day I tried it, and it’s because I signed up for google one for a different reason. I turned on the google VPN, and I’m rather pleased because I can access my gmail again while connected to the company network. But if there were a simple solution which encrypts the initial DNS lookup, I could imagine it would do the same thing. I agree I would rather not encrypt already encrypted data… mostly just because this is a waste of compute.
closed
You’re just rambling
Thanks for the post. Very informative. Other dude clearly had a hair up…something.
Shrug - There’s a TL;DR: there for a reason.
I also suspect you don’t know what rambling is. As I recognised my advice (in the TL;DR) may be unexpected, what you have in the rest is a somewhat technical and fully explained justification, and explanation that your opening position may be the result of you having been mislead. As the edit points out, I spotted later it’s also largely the opinion of a major Youtube educator (>5M followers, ~4.5M views on that video).
If you didn’t want a technically well-founded, researched, and explained answer to that question, and to potentially save some money, that’s fine, you should have asked a better question - maybe “I want to change my location to cheat my way to silly flags to go on my profile in the Garmin app. Is there any VPN free to Google Workspace users?”. To call it “rambling” just because it’s not what you wanted to hear, that’s just rude.
Well you could always take the advice of one of the many other answers you got here.
Oh…