Mystery Solved!

This past week, I visited one of my favorite customers, for whom I helped set up a new Windows 11 laptop last Summer. He called me, very worried, because he couldn't access any of his important websites, including the bank account he uses to pay his bills. I told him I had some appointments I couldn't move, but due to the severity of his emergency, I would visit outside normal operating hours to see what I could do.

When I arrived, I tested his network speed, which is measured in "megabits per second," or, Mbps. A "bit" is the smallest possible piece of data, and a "megabit" refers to one million bits. In the modern age, home Internet speeds can easily be anywhere from 100Mbps to 1,000Mbps. My customer, on the other hand, was getting only 14Mpbs. Although he was on a cheaper plan with his Internet Service Provider, I found this suspicious.

When your Internet is unexplainably slow and you are pretty sure it has nothing to do with your computer, the first thing to try is usually to reset your modem (the box that takes outside cable signals and turns them into something your computers can understand), and, if it is a separate device, your router (the device that gets outside Internet data to the correct devices in your home). Customers with fiber optic (or, "fiber" connections are likelier to have a device called a "gateway", but the idea is just the same: when speeds are slow, one should try pulling the power cord on these boxes first. Sometimes they just get a little out-of-whack from running for so long uninterrupted.

I cycled the power supply on my customer's modem by unplugging it, waiting about 15 seconds, plugging it back in, and then waiting several minutes for it to come fully up again. When his computer indicated it had an Internet connection, I tested his speed again. 87Mpbs! That was a big improvement, and much closer to what I'd expect given the price he told me he pays for Internet service.

He had tried to do his own troubleshooting, and his browsers seemed all mixed up. He downloaded Mozilla Firefox, because when the bank website didn't work, it said (among other things): "try another browser." Unfortunately, it didn't work. He uninstalled Firefox for that reason, and that caused all of the web shortcuts on his Desktop to change to Microsoft Edge links. This made matters more complicated because my customer really likes to use Google Chrome, and despite sharing some important similarities, they are distinctly two different pieces of software.

I made sure his computer still had Google Chrome, and set it as his default browser again so when he opened his Desktop shortcuts, they used the correct browser to reach the sites he wanted. I signed him back into his browser, and that caused his favorites ("bookmarks"), passwords, and other saved information to become available again.

I tried visiting his banking website, and there seemed to be no issue. I checked Facebook and Amazon, two other sites he complained did not work, and found I could reach them as well. He did not, however, remember the passwords, and the ones he had written down didn't work. I helped him set new, unique, strong passwords for these websites, and we moved on to some other issues he had with his smartphone.

I considered the case closed, and left after about an hour.

But was it?

Part 2: The Plot Thickens

I wouldn't hear about it until the following morning, but it turns out that after I left my customer's house, the issue proved to be unresolved when he tried to log into his bank account.

He texted me again and requested a return. I told him there would be no charge since I had, apparently, overlooked something in my detective work.

When I arrived, I minimized a BitDefender window that was up on his screen. He had subscribed to BitDefender when I advised him to do so in the Summer, as he was on the hunt for a good anti-malware solution. It had said "Connected", which I noticed the evening before when I power cycled his modem (it disconnected, and about two minutes later when the modem came back online, it said "Connected" again), and which would later become a crucial piece of evidence of our problem.

I saw the error message he was encountering, but had not described. It occurred not when he tried to reach his bank website, but rather when he tried to log in. For good measure, I (like he) followed its advice to try a different browser, although I was confident this would not help. Why wouldn't it work? And more importantly, why did it work for his daughter, who tried it herself from her mobile phone, using his login credentials? Another clue...

Sometimes the way that customers understand a problem is different from the way an IT technician understands a problem, and here I had assumed too much rather than asking the right questions to get to the bottom of the trouble. When a customer says something isn't working, or isn't available, that could really mean a thousand things. Had I been more thorough, I might have asked, "what is the expected behavior, and, what does it actually do?" in regards to the websites in question. I didn't take it to mean anything that he was mysteriously logged out of all of his important websites, but just because he was unable to explain how he somehow became logged out of all of them didn't mean that the answer might not be a major clue worth investigating.

He showed me that he could not access his social media sites based on the links they sent him in the email. You know the kind: "Your friend So And So posted photos of his vacation! Click here to view!" and so forth. Even though we could navigate to, and were now signed into these social media websites, for some reason he could not get to them by clicking the links sent to him in his email. Another major clue!

And then, like an apple falling from a tree, it landed on my head. A revelation!

Links from social media websites are not simple things. They are complex, and contain all sorts of referral information that tells the social media website the things it wants to know about which link you clicked, and when you clicked it, so they can learn more about you. (Whether you think this is a good thing is beside the point!) Those are a lot of extra 'moving parts' that could break if your email provider or the social media website you're trying to visit don't trust the computer you're using.

It was also telling that the customer couldn't get into the bank website even though we knew for a fact his credentials were correct. The fact his daughter was able to sign in with them on her own phone proved there was nothing wrong with his username and password! But banking apps on smartphones are a controlled kind of ecosystem, and they will only work if the bank can trust your connection. If they ever think there is something suspicious about the phone you're using, or the network you're using to connect, the apps may refuse to work at all. The customer's daughter's phone app worked fine, but his web browser did not, and that might mean that the bank didn't trust his computer or his network connection.

Then, the smoking gun: what was that BitDefender window I had seen before? Why had it said Connected? Antimalware doesn't need to maintain a connection to anything!

A light bulb appeared over my head where the proverbial apple had bonked me.

My customer had accidentally activated a VPN.

What the heck is a VPN?

VPN stands for Virtual Private Network. I'll explain it first in a fairly literal way, and then, I'll offer a metaphor that might help illustrate the idea.

A VPN is formed when data is encrypted between your device (computer, smartphone, etc.) and some other point where it is decrypted. That other point can be anywhere in the world! When it arrives, it is decrypted and sent on its way to whatever website you were trying to communicate with, but until that happens, in its encrypted state it looks like computer gibberish soup.

Think of yourself, driving a pickup truck down a long road toward the mountains. A buzzard flies overhead, nosy and trying to see what you're carrying.

Your pickup bed is open. All of your stuff is visible: your furniture, your stack of books, perhaps some embarrassing items that you don't need anyone snooping into. But that buzzard is trying to have a look!

Up ahead, you see a fork in the road. You can go left, and stay on the same highway, but you will have no privacy. On the other hand, you can go right, and enter a tunnel through the mountains.

The tunnel is definitely going to take longer. It isn't as straightforward as the highway. But it will be private. That buzzard won't follow you in here! And it's a long range. Miles long! When you come out the other side, close to your destination, you will have maintained your privacy, and with minimal additional travel time.

There is a catch, however. The people at the Elks club and the local banks can see who takes the highway, and who takes the private mountain tunnel. They gossip among themselves. They are protecting important things like folks' money, and social connections. They have noticed that people who take the tunnel very often show up, new to town, but pretending they're from around here, and trying to defraud the banks and social organizers. Because of this common pattern, they have decided, unofficially, to deny service to anyone who comes into town through that tunnel. If a person was honest, they reason, they would have no reason to hide, and they would have just come into town by the highway instead.

This is the best metaphor I can think of for my customer's situation.

VPNs protect privacy in data, but they don't distinguish between good people trying to maintain their privacy, and bad people trying to do bad things in secret. In just the way that the notion of free speech means that people should be protected even when they say things that offend you, VPN providers are only trustworthy for protecting privacy if they agree to...well, protect privacy without determining why the privacy was requested. In order to be private, it must truly be private.

Some people use VPNs to pretend they are in other countries. Sometimes this helps them be more effective hackers, but sometimes this just helps them watch movies on Netflix that aren't available in their own country.

Other people use VPNs to hide their location because they are under the real threat of oppression from government violence. Imagine being a protestor in an authoritarian regime somewhere in the world where the Internet can be used to surveil, arrest, beat, imprison, and even kill you. In those situations, having a secret tunnel to express your ideas can be a literal life-saver! But others might just use a VPN to illegally download and share pirated movies and music.

Like any tool, VPNs are useful but amoral. They make no value judgment on why they are being deployed. And they don't cost much for a provider to set up and deploy. That's why these privacy-minded solutions are often bundled with other security-minded solutions such as anti-malware software such as BitDefender. It looks like an easy value add that doesn't require much of the provider. Most customers will likely never use it, but for the ones who do, it saves them having to buy a separate VPN subscription from some other company.

All of which brings us back to my customer.

In Sum

My customer didn't know how the VPN got turned on. It's possible that he mixed it up with his anti-malware solution. After all, "BitDefender" and "BitDefender VPN" look a lot alike. Perhaps he assumed he had to click that "power button" icon (which actually connected his VPN) because he thought it would activate the malware protection.

Whatever the reason, it broke all of his favorite websites, because they are all the sort of websites that demand a clear, straightforward connection. When they detect any hint of funny business--like a signal that appears to be coming from a foreign nation, or a signal that takes too long to reach them (due to the extra "hops" involved) for a customer who's supposed to be in Ohio, they will either refuse to connect in the first place (like his bank, and like the email links to his social sites), or they will log him out, presuming him to be a foreign hacker (like Amazon, Facebook, and his other social sites).

These measures are done primarily to protect you, the customer, because as we described, VPNs can be used for good as well as for evil, and hackers are essentially always using VPNs when they try to do their cyber crime. If Facebook thinks you're in France or Japan when 5 minutes ago you were in Ohio, they will boot you out for safety because they think your account could really be under attack from a hacker in France or Japan.

I laughed. In truth I probably laughed too hard. I bet I looked crazy to my customer. When I realized what was going on, I opened BitDefender VPN, and saw again, "Connected". I laughed again, and clicked the button to disconnect. Then, I logged into his bank account without any trouble at all. I further logged into his social sites, and tested that the links to those sites which arrive in his email inbox worked, too.

The case was closed.

Over the course of both evenings we were able to accomplish a lot of other good work besides getting him reconnected to his accounts. For one thing, I disabled the application feature that launches the VPN every time his computer turns on. Now there will be no confusion between BitDefender and BitDefender VPN.

We also got a PIN set on his smartphone for his security, and then made that security less cumbersome by setting up his thumbprint for a quick unlock. The people at the smartphone store had apparently told him that it couldn't be done. I can't imagine why, except that they didn't want to take the time.

I hope you learned something about VPNs! They are a cryptic but increasingly popular technology worth understanding, at least in the broad strokes.

If you would like help better understanding anything about your own computing life, feel free to reach out to CozyTech! It's always free to call for a quick consultation, and I think you'll find our prices are more affordable than anyone else in town!