Dec. 22nd, 2016

9. VPNs

Dec. 22nd, 2016 11:06 am
cybersecurity: (Default)

Time to write about VPNs. VPN means Virtual Private Network. Using a VPN is one of the best ways to improve your online privacy and security. There are many tutorials out there on how to get started with that, but most of them are trying to steer you towards a certain provider; there are also good and neutral articles. I will provide links to them later.
But first, since I'm writing this for people like my mother, who is plenty smart but not super well versed in technical stuff (hi mom!), I will explain how VPNs do what they do.


How it works

Let's imagine the internet like a village. It has streets, houses and stores. Just like in any village, people in your neighbourhood can see what goes on there.
Let's say that one fine day, I want to go out for a stroll and visit the sex shop at the other end of the village. This is something I probably don't want everyone to know! Because when I return with a big bag of none of your business, printed in bold bright letters that say 'Ye Olde Sexy Shoppe', my neighbours will probably see me.

One of them is the janitor (my ISP), who, when asked, reports my comings and goings to the mayor... who may very well have strong opinions on what the villagers should and should not be buying.
Another is a store owner, who would probably start shouting at me: "Wouldn't you like a bottle of wine to go with that? Maybe these candles, or some chocolate? How about these flowers? Perfume? Lingerie?"
A third one might be a burglar, who notes down where and when I shop, in order to mug me or rob my house later.

So I sign up with the VPN store. I pay them, and they dig a tunnel from my house to their store. I leave my house through the tunnel. This is great! The neighbours can't see who is walking there. I'm strolling along through the tunnel without a care. The only problem is, I'm underground and I want to visit stores that are on street level. So I need to come up.

For that reason, I walk straight to the VPN store. The greeter says: "Welcome! You gave me the secret handshake, so I know that you are one of our customers. Here's a coat. Right this way, please!"
I enter the store and put the coat on. I walk out the back door onto the street and to the sex shop, and to all the other places in the village where I may want to go! No one, not even the janitor, saw me leave my house: I popped up from out of nowhere behind the VPN store, and I'm wearing a coat with my VPN provider's name printed on it, so I have more privacy. You'd have to take my fingerprints to recognise me. The greeter doesn't care what I do, and ideally does not keep a log.

When I walk back home, I go back through the tunnel, for the distance from the VPN store to my house, carrying all my bags full of none of your business. (I should probably draw some pictures of all of this, it won't make things clearer, but it might be fun.)

Translated back to the internet, this means:
  • Your VPN service accepts encrypted traffic from your computer to their servers (we call them endpoint), because you're their customer. You'll need some kind of software in order to do this encryption; they will generally provide this and make it easy to use.
  • Your connection to the internet will then go through their servers and be shielded.
  • This is especially great when you are using public WiFi, because in that case you may not even know who is acting as your ISP by providing you with internet access. Using a VPN here is a big deal and makes your browsing much more secure!

What it does... and doesn't do

  • Using a VPN does not make you fully anonymous. Of course, when you log in somewhere, you are then known by that identity. But your system can also be recognised by its fingerprint. Still, a VPN does hide your IP address and also your physical location and this adds a layer of privacy and security to your browsing.
  • Using a VPN does not protect you from fake websites or malware. But it does protect you from man-in-the-middle attacks that happen 'in your neighbourhood': if you are connecting to a free WiFi that's not actually run by who you think is running it, or if someone is listening in on your WiFi connection, they get only encrypted data from you.
  • Using a VPN can make it possible to use websites that are otherwise blocked to you because of your location (geoblocking). If that's what you're after, choose a provider that has endpoints in the location where you wish to access content, or at least a 'friendly' location that has this access.

How to get started

You get started by picking a provider. They'll tell you what to do. They want to make this stuff easy for you, because they want you as a customer.


How to choose a VPN


Most VPNs are probably better than none at all. Still, you usually get what you pay for. While there are some free VPN providers, they are generally not reliable. And since it's not easy to check how well they do what they say they do, it's probably better to pay a few dollars and have more peace of mind. Some things to look out for:
  • Make sure they offer support for the OS(ses) that you are using! Don't forget your mobile devices.
  • Make sure they do not keep logs. Read their statements on this.
  • Make sure they are using up-to-date technology. Find out whether they support OpenVPN. This is software that runs on your end and handles the encryption, and it's open source and probably the best option that is currently available. It runs on multiple platforms.
Here are some articles to help you choose.

EFF makes no recommendations but has a great outline on the basics. I would start here.
Choosing the best VPN for you
goes into great detail... for some of us, too much detail. But it's good stuff, so give it a try.
How To Geek is very thorough on this, as well.
PC Mag has a nice table and a decent looking article.
Torrentfreak: Which VPN providers take your anonimity seriously?
If you're really picky (and why shouldn't you be?) check out this list on privacytools.io

This blog post was edited on December 23 based on feedback from savvy friends. Thank you, KdB and Stoneshop!



Go back to the index of Cybersecurity for the Trumped.
Back to Index

About

cybersecurity: (Default)
cybersecurity

Hello!

I'm from the Internet and I'm here to help. Please feel free to comment, and to ask questions.


Powered by Dreamwidth Studios