VPN is and acronym for Virtual Private Network. VPNs virtualize a local network (LAN) over a distance. With a VPN computers in two locations work together like they are on one local network.
The business applications of VPNs are obvious. Employees in different offices can share resources like they’re on one local network. The data travels through the Internet inside an encrypted VPN tunnel.
What does that have to to do with privacy?
Of course, this guide isn’t for business applications. When a computer connects to a VPN, it is in two places at once. Physically, it’s in the location where its actual hardware is. Virtually, that computer is in the location of the VPN server. So, when you connect to the Internet through a VPN, you appear to be in the location of the VPN server. Instead of where it physically is.
The Problem With You IP Address
Your IP address is easily the most identifiable piece of information available online. When your device sends traffic to a website it sends the data in packets. Your IP address is at the top of each packet. It’s the return address. Every packet your device sends leads back to YOU.
Your IP address is assigned to your device by your Internet service provider (ISP). Their routers use your unique IP address to send incoming traffic to your device. Your ISP is already logging the IP addresses of traffic sent to your device. Your ISP has unprecedented access to your traffic.
You use your ISP’s Domain Name Servers
(DNS) to look up external IP addresses. When you go to a website, you enter in the site’s URL or connect to the URL through a hyperlink. But URLs like www.google.com don’t mean anything to computers. Computers like IP addresses.
The translation from URL to IP address is where DNS servers shine. They bridge the gap between human and computer. As a trade-off, the DNS servers have full control over the URL to IP translation. They can log your queries, inject ads on pages and even send your traffic to alternative websites. Guess who usually controls your DNS servers? If you guessed your ISP, then you are right.
ISPs would never inject ads on pages that shouldn’t have ads, or send you to a fake google lookalike website. Right…
…wrong. Verizon, Comcast, AT&T, and Sprint were caught injecting ads and redirecting traffic.
In case you were not already disturbed enough.
New legislation in the US makes it legal for ISPs to sell the logs they collect to anyone that is willing to pay for it. Imagine prospective employers checking your browsing history as a job requirement.
VPNs: Defenders Of Your Privacy
So, where do VPNs come in? They are one way to fend off this massive invasion of privacy.
Your ISP sees the connection to the VPN but not what happens after. VPN tunnels use encryption. There’s no way for snooping on data as it passes between you and the VPN server.
ISPs monitoring packets tunneling through a VPN only sees the VPNs IP address. ISP cannot see what type of traffic is being sent or its final destination. The outside Internet sends the traffic to the VPN instead of directly to your device. It doesn’t know you are on the other end.
VPN services like LiquidVPN mix your traffic with other VPN users traffic. It’s very difficult, if not impossible, for packets coming from a VPN to be attributed to a single person. Like a LAN, the VPN has dozens of people browsing the Internet from a single IP address.
But, How Do I Choose A VPN?
Not all VPNs are created equal. There are a number of factors that differentiate a quality VPN from one that can be a privacy liability.
It’s important to consider how you plan to use your VPN service before deciding on the right one for you. If you need to connect from your phone, make sure that the service offers a compatible client. If torrents or downloads are important, check that they’re supported on every server.
Connect and Encrypt
It sort of goes without saying that being able to connect to your VPN service is an important part of the process. But, it is easy to overlook. Verify your VPN service offers clients for each type of device you have.
Connection protocols to VPNs aren’t created equal. Protocols have their own strengths and weaknesses.
SSTP is the Secure Socket Tunneling Protocol. This protocol is considered to be one of the more secure VPN protocols. SSTP uses SSL, which looks similar to HTTPS traffic and is very hard for firewalls to block. It uses strong AES encryption to ensure that transmissions cannot be easily decrypted. SSTP isn’t open source, though, and can be slower than other protocols.
L2TP w/ IPSEC is a lightweight tunneling protocol that is better suited for mobile devices. While it isn’t quite as secure as the others, if it is using AES encryption it is still quite safe. Beware of connections not using AES or with PSKs that are not password protected.
And, saving the best for last…
OpenVPN s the best all-around option. Choosing open source over proprietary technology is usually the right move. OpenVPN is fast and very reliable. It can take advantage of 256bit AES encryption, making it an extremely secure option. The only real drawback of OpenVPN is that it isn’t available on all devices.
At the very least, find a VPN service that supports OpenVPN. Look for 2048 bit RSA keys, 256 Bit AES-CBC encryption and SHA2 authentication. This will provide a great balance of privacy, speed, and security.
Excuse Me, But Your DNS Is Leaking…
It’d be awful to pay for a VPN and configure your machines to connect to it only to have your DNS traffic leak out through an improperly configured DNS. It’s a scenario that happens too often.
Find a VPN provider that maintains its own DNS service. Make sure it has its own IPv6 DNS or block IPv6 connections to outside DNS.
You can test your VPN for DNS leaks with tools like Cryptoip’s DNS Leak Test
Travel The World
Having a VPN in one location is good. Having a VPN that can shift between multiple locations is great. Quality VPN services allow you to connect to gigabit servers all over the world. You can appear in a different country and bypass potential content restrictions. Shifting between locations from time to time makes you more difficult to track.
Small Birds and Glass Houses
You don’t want a VPN service hiding things from you. That defeats the whole purpose of using one. If your VPN is as opaque as your ISP, how can your really trust them?
Your VPN provider should have clearly published privacy policies. It should tell you exactly what they store. Every VPN must store some data. Do not settle for blanket statements.
It’s also important to know what requests and notices have been received by your VPN service. A VPN provider with a strong transparency policy will publish court orders and warrants.
What about those little yellow birds?
Back in the old days of mining, miners would bring canaries down into the mines with them. If poisonous gas was released in the mine, the canary would die, letting the miners know to get out.
VPN providers have their own version of that miner’s trick, the warrant canary. A quality VPN will publish a warrant canary letting customers know if a warrant to gag order exists. This also covers the troubling and secretive National Security Letters.
Warrant canaries usually aren’t explicit. They can’t be. Often, they take the form of a document or a part of a web page that changes if a warrant has is in place. The change is usually a negative one, meaning something is removed or not updated. VPN services that publish warrant canaries are looking out for your privacy.
I’m A Lumberjack, and I’m Okay
It’s important to be able to trust your VPN. After all, your traffic is going to be traveling through their servers. While it’s nice to generally have confidence that they aren’t doing something shady with your data, it’s even better to have it in writing.
You may not want anyone to know that you’re using a VPN for an added degree of anonymity. That’s not possible if you have to pay with a credit card.
VPN providers that value their customers’ anonymity offer anonymous payment options. Look for services that allow cryptocurrency like Bitcoin. Some of the better services even allow cash payments if you ask them.
Streaming, Download, and Bandwidth Restrictions
Not all VPN providers allow you to use their services how you choose. Some place unnecessary restrictions on certain types of traffic. BitTorrents, SMTP, and streaming media are frequent targets. Some even limit your overall bandwidth. If all else fails check their Terms of Service.
Do you intend to use BitTorrent? Find a VPN that allows you to use BitTorrent from any server.
If you’re interested in Netflix sign up for a month and find out if Netflix is working before going annually. If Kodi is your thing test make sure it’s not blocked by their firewall.
Your VPN should never impose bandwidth limits either. Choose a VPN that can fully support your traffic as well as all of its other users. Don’t get bogged down by overloaded servers.
What happens if you get disconnected from your VPN? Will you even know? In most cases, you will, but that’s only most. The rest of the time, you’re stuck, unprotected, and you won’t know.
Look for a VPN service that includes a robust kill switch in its client. A kill switch will shut off all connections coming from your computer if the connection to the VPN fails. Kill switches guarantee that no personal information leaks in the case of a failure. Kill switches are not created equal. You want one that is a firewall and kill switch.
If something goes wrong, what are you going to do? Sure, if you’re a technical person, you might be able to struggle through it. But for everyone else that isn’t an option.
Choose a VPN that has excellent 24/7 customer support. Know you’re going to be covered if there is ever an issue or an outage.
Customer support is also a security issue. It’s important to have an expert that you can consult in the setup of your network. You need to ensure that everything is configured properly.
Shoddy configurations are major security risks for IT all over the world. Avoid problems before they start by working with an expert.
Tor To The Rescue
VPNs aren’t the only way to hide your IP address from the Internet. Tor bounces your traffic to different locations before it gets out to the Internet.
Tor is a free (as in cost) open source project. Its developers are a non-profit foundation online anonymity as its main goal.
In fact, Tor is an invaluable tool. It is relied on by activists, journalists, students, security researchers, and people protecting their privacy around the world.
Tor is integrated into privacy-focused tools like the TAILS Linux distribution.
It is used and recommended by Edward Snowden and was credited in the documentary, Citizenfour.
How Is Tor Different From A VPN?
Unlike a VPN, Tor isn’t a private network. You’re not setting up a Tor network for your business to share files. You aren’t going to torrent over Tor. It’s too slow for that.
Tor is altogether more chaotic than a VPN. It is completely decentralized and distributed everywhere. There aren’t providers of Tor services. Tor nodes are set up by volunteers and are public.
Tor bounces your traffic through many different nodes instead of one server. These nodes are selected at random to form a path to your target. As little information as possible is passed to the nodes. There is never one clear path between you and the site that you’re accessing.
Of course, this also means that Tor is much slower than most VPNs. Very often the speed of Tor traffic is under 100kbps. You wouldn’t want to stream over Tor, and even listening to music can be painfully slow.
While a VPN is a great solution for general everyday use, Tor is better suited for special use cases where you have to be anonymous. With a good VPN, you can actually use Tor and the VPN together. It adds another layer of privacy at the cost of a lot of speed.
Hiding In An Onion
This was touched on in the previous section, but it’s worth elaborating on. Tor has a unique way of keeping users private, and it can be kind of confusing.
Tor has its own decentralized network made up of nodes. Traffic on the Tor network is passed randomly between these nodes to its destination. The paths that traffic takes between nodes are relays. They hand off network packets like runners in a relay race.
You didn’t see nothin’, right?
Tor nodes only know the node that just passed them data and the node they need to pass it to. They never know the full path.
All Tor traffic is encrypted. Tor generates its own set of encryption keys for each relay between nodes. Every relay is a uniquely encrypted connection. These individual connections make it difficult to trace a full path through the Tor network.
The Tor Browser Bundle
So, how can you use Tor? There are a few ways, actually. Tor can be installed on your computer as a service. You can connect to it with a web browser or any program that supports SOCKS connections. However, that’s not a good solution for average users. The Tor project offers a convenient browser bundle for average users.
The Tor Bundle is a pre-packaged browser containing everything needed to use Tor. It’s based on Firefox and includes the Tor service pre-configured. The Tor Bundle is available from the Tor Project’s website
Using the Tor Browser Bundle is super easy. You only need to download the bundle and unpack it. The entire bundle will be in the resulting folder. Open up that folder, run the browser, and start surfing the net through Tor.
Did you miss parts of our epic How To Protect Your Online Privacy in 2017 guide? Click the links below to read the other sections
The Introduction – VPN and Tor – Desktop Web Browsers and Add-ons