VPNs, how to use them properly and stay anonymous (part 2)
This article has five parts. The second part focuses on the practical implications of everyday use of a VPN.
Contents of part 2:
6. Problems that VPNs bring
7. VPN for everyday use
8. Which VPN provider to choose
9. Making your own VPN
10. Claims that VPN providers make in their ads
• • •
6. Problems that VPNs bring
So, yes, VPNs help. But there is also a few problems that need to be mentioned.
Problem №1: It's not free
Obvious as it is, you have got to pay for it.
Problem №2: It's not fast
If you have a true gigabit Internet connection at home, there is no way your VPNized connection would be nearly as fast. As VPN is a shared service, each VPN server is used simultaneously by dozens, if not hundreds users. Therefore all you get is a fraction of bandwidth, even if VPN provider does not impose artificial restrictions. Expect the bandwidth to be in order of tens of megabits. Barely enough for HD streaming perhaps.
On the other hand, since all VPN traffic goes through a busy remote server, latency suffers too. If you are an online gamer and the difference between 10ms and 50ms ping is crucial, VPN will not work for you.
Problem №3: They'll know you have something to hide
There is this ridiculous saying "if you are not a criminal, you have nothing to hide (and therefore must not encrypt your traffic)".
No matter which side of the privacy wars you take, we may agree that VPN does hide traffic from prying eyes, at least some of them. Then, those who were looking will know that you are hiding something. It is possible that your using of VPN alone buys you a place on the aforementioned list of potential criminals.
To be clear, it is impossible to hide the traffic so that it becomes invisible. Your Internet provider (and your employer, if you are using VPN in the office for example) will always be able to see that you are using VPN or something similar that generates a stream of encrypted data.
Problem №4: Some sites will not like you
It's basically their collective revenge for your trying to get around.
Even the biggest VPN providers have a fleet of just a few thousand servers, and it's no big deal to have them all listed. And then the sites may notice that you are using VPN, therefore they assume that (1) you have something to hide and (2) they don't know where you really came from.
At a minimum, you will be subject to more captcha scrutiny at every entrance. Or you could be locked out at all.
Problem №5: The VPN provider will see all your traffic
When you are using VPN, your traffic is only encrypted between you and the VPN server. There it is decrypted and passed along in its original form. What it means is that just like your local Internet provider before it, your VPN provider is able to read all your traffic.
By switching to VPN you trade an Internet provider, which is obliged by law to spy on you, for a VPN provider, which (surprise !) is also obliged by some of the same laws to do the same. But at least for the latter it may be in the best commercial interest to keep it to the absolute minimum possible under law, and not reveal without proper legal procedures.
If I was to guess, I would say that Internet providers are subject to law enforcement and other no such agencies attention routinely, whereas VPN providers - specifically. Not much of a choice.
7. VPN for everyday use
Let's say you've got convinced and now want to use VPN. Here are my recommendations.
It's very convenient to have a separate Wi-Fi router at home, which always stays connected and unconditionally routes all your traffic to VPN. This way, all your laptops, smartphones and tablets are automatically protected. And from VPN provider's standpoint, it's just one connected device.
If you decide you need one, first consult the web site of the chosen VPN provider, they could be selling preconfigured routers themselves or have a link to an associated site that does. I didn't try it myself, but I assume setting one up would be as easy as unpacking and entering a few passwords. The price of such router would be $200-$400.
You could also buy a stock Wi-Fi router and configure it manually. That's what I do. That would be a bunch cheaper at the expense of the pulled hair. If you go this way, don't buy the cheapest device, be sure that it at least has adequate CPU power, encryption requires a lot of it. Also, before you buy, be aware that you'd likely have to update its firmware to one of the popular open source product like DD-WRT or OpenWRT etc., thus losing the warranty. Make sure that the exact device model up to the minor revision is supported by that firmware, or you risk getting yourself a brick.
So, like I said, it is very convenient to have such a VPN umbrella at home, but what happens when you step out ? To be protected outside, you would need to install a provider-specific application on every laptop or smartphone.
This time, each device would count as a separate VPN client. Depending on how many of them you have in the household, you may exceed the number of simultaneously connected devices that your VPN provider allows. Therefore be sure to check that number before you sign up.
Installation of said applications should be trivial, and then all you need to remember is to activate VPN every time you leave home. Even better, leave it always on, but then it makes less reason to have a dedicated VPN Wi-Fi router at home, since each device is already protected by itself.
There are typically just a handful of configuration parameters in such applications (and for good reason) and it makes sense to leave everything at default. The only thing that I would recommend to turn on when you can is something called "Kill switch". It's a function which disconnects you from the network, when it is not protected by VPN. It's a shame to find out that VPN was not protecting you that one time.
Once you have VPN up and running, make sure you visit your VPN provider's site and see the section that checks your connection for leaks - configuration problems that render some of the protection useless. If it's all green - congratulations, you are now protected.
8. Which VPN provider to choose
As soon as anonymity is not your goal, you can pick pretty much any popular service out there. Theoretically, they should protect you from all the aforementioned threats equally well. There can be minor differences in speed, usability, prices, support etc.
You could give a few a try, compare the prices and then make your pick.
9. Making your own VPN
An alternative to subscribing to a public VPN service is to roll out your own. To do so you would need to rent a virtual machine from a hoster, install a VPN server software on it, and configure VPN clients on all your devices to use that server.
That would be like buying yourself a second car and parking it outside of town in a rented garage.
When you know what you are doing, it takes 15 minutes. Some hosters offer virtual machines with preinstalled VPN servers, saving you even that hassle.
But is it better or worse than a public VPN ?
As always, there are good sides and bad sides.
All other things being equal, using your own server makes you less anonymous (even at that limited scale that it gives). It will be just you alone who is using that VPN server, and it's just one machine, then you are tied directly to its only IP address. All the responsibility for any activity from that IP address is yours alone, you could no longer hide in a crowd of thousands of other users, there is no plausible deniability.
You will not be able to switch the country in which that VPN server resides. Streaming providers will still have you locked out because of the region of your server.
You will need to know how to configure it, both the server and the clients. Or purchase a prepackaged VPN server from a hosting provider. Running VPN server requires zero maintenance, so there's that.
On the plus side, it would cover all the other threats discussed previously just fine, you'd have all the bandwidth to yourself, you can be sure that there is no logging, the number of VPN clients that you can connect to it is unlimited, and you would not be denied by the Internet sites that don't like VPNized guests. That lone IP address would also likely receive less attention from the censors.
Also, it can make a good short term option, when you need a disposable VPN connection for just one time, and you manage to get a virtual machine for free, for example as a trial/demo. Some virtual machine hosters have this option, and if 15 minutes of anonymity is all you need, to quickly install a VPN server and discard it immediately after is a good choice.
10. Claims that VPN providers make in their ads
Here be some debunking. When you see VPN advertisements that claim certain their features, take it with a grain of salt. Some of the claims are justifiable, while the others are bordering on red herring.
Claim №1: VPN makes you unhackable
This is a big big stretch. Modern personal computers (their operating systems more specifically) are already protected against intrusions from outside pretty well. As far as being hacked goes, the most common cause is still ourselves, our own actions. A single negligent click under some technical warning that you did not even understand could open your computer for intrusion.
For example, if you connect to an open Wi-Fi in a cafe, and your computer is again annoying you with "is this Wi-Fi trusted ?", and you abruptly shut it with "yes", then you just opened a few doors yourself. A warning that a web site is presenting an invalid certificate could mean that the site you are entering is not the site you want, and you are being spoofed. If you OK that off, you are falling for the bait. And don't let me even start on opening an attachment to an urgent e-mail saying you've won the lottery.
Some of the threats of hacking nature are alleviated by using VPN, but saying "unhackable" is certainly an exaggeration.
Claim №2: VPN makes you anonymous
This is absolute nonsense. I'm going to address anonymity later, but for now you could think about it this way - you are only anonymous if you never step out of the rented car. You can drive around all you want without anyone knowing who you are, but as soon as you get out of it, get drunk and make a scene at a local restaurant, it will be your face at the CCD footage, no matter which car you drove.
In technical terms, in order to stay anonymous, you must at the very least never reveal your true identity yourself. If you post a comment under your own name, it would not matter whether you used VPN or not as it will have your name under it. Likewise, as soon as you log in to Google Mail, a social network or any web site really, they will know who you are exactly, no matter which IP address.
Claim №3: VPN prevents online platforms from tracking you
This is a weaker variation of the anonymity claim. It says that when you are using VPN, web sites cannot profile you across visits, observe the patterns in what you watch or buy, and so forth.
I hate to disappoint, but that's also practically not true. They don't track you by IP address. They track you by cookies and login details. As soon as you log in to a site, login cookie sticks to your browser and follows you around (that's the reason why you don't have to log in every time). Next time you enter, there is no question of who you are, you are the same cookie owner as before, coming perhaps from a different IP address, but who cares, they build the profile of the user, not of an IP address.
Claim №4: Unless you are using VPN, anyone can read your data
This is correct but very misleading. The precise way to put it would be this - without a VPN, your traffic can be intercepted locally in its original form.
The most important difference between the two statements is read vs. intercept. Yes, your traffic can be intercepted, but not necessarily read, as most of it is already encrypted. The same SSL protocol which prevents spoofing, encrypts all traffic between you and HTTPS sites. Note, that some sensitive information goes unencrypted and is revealed, for example the names of the sites that you visit.
Also, note the word "locally" - even if you are using VPN, your traffic can be intercepted just the same, only after it exits the VPN tunnel.
Claim №5: SomeVPN uses military-grade encryption
This is a classic red herring. If you see this in a VPN advertisement being a major selling point, don't go there.
First, there are just two important grades of encryption: the one that we can break and the one we can't. And no one in their right mind would use the former for VPN or anything else for that matter.
Second, what "military" even stands for there, is just a hyperinflation of some primitive encryption routine. It is like saying that your rented car is military-grade protected because its windshield is made of 7" thick bulletproof fiberglass. That's fine I guess but what about the rest of the windows ? The tires ? The doors ? Is there a seat belt ?
Third, no attacker would ever target the encryption protocols he does not know how to break. That there exists no such agency, that is more capable then the rest of the world about breaking cryptographic protocols, is a cryptographer's bad dream. It is always a risk. But there is nothing anyone can do about it really.
• • •
Thank you for reading !
In the next part of the article:
11. Being of name unknown
12. Quick and easy shortcuts to anonymity
13. Adversary model
14. The ways you could be found
15. Addresses and other identifiers
16. Global data collection