What is a VPN?

Ever since Snowden's revelations, both security and anonymity have become increasingly critical. Due to Snowden’s disclosure of mass global surveillance internet users are starting to use various Virtual Private Network (VPN) services.

In simpler terms a VPN creates a tunnel, and in most cases these tunnels are encrypted.

This helps to prevent prying eyes from looking in to what a particular internet user is up to, as well as helping to mask the identity of that user - regardless of the device or operating system.

A good analogy to explain a VPN tunnel would be going out for your lunch break at work. Someone can see exactly where you are going for lunch, watch you go back into your place of work, and then from work, and even trace you back to where you live when you leave.

If however you had a tunnel leading from your house to your place of work, they are only able to see you leave and enter your place of work at lunch. They would not be able to establish where you live due to you traveling via the tunnel, and exiting at work.

A VPN tunnel works in a very similar way as you create an encrypted tunnel to an end point somewhere in the world. It is only from that end point you then connect out to the internet. If anyone was monitoring web activity all they could see is that it has come from that end point.

In addition to this, multiple users would be using that endpoint as well. This helps to mask your identity further by hiding in numbers.

Why should I use a VPN?

There are many reasons why someone should use a VPN. The two main points that it always boils down to is providing an additional layer of security and privacy. Usage of a personal VPN will differ to the use of a corporate/work VPN, which is normally required to provide secure remote access to corporate networks.

Depending on the level of security and privacy you require, further research will have to be carried out regarding what you need to consider when inspecting the features and services a VPN provider has to offer.

Example:

An example of when to use a VPN tunnel is when connecting to a open wireless network.

Without having an encrypted tunnel from your device to the VPN providers end point, someone could setup a Man-in-the-Middle attack. This is where they sit in between you and your connection to the internet. What this malicious attacker can then do is monitor your traffic, and potentially gain sensitive information such as banking details and personal data.

If however you were connected to a VPN, all that data would be encrypted inside a VPN tunnel, which would act as a barrier and prevent the malicious attacker from seeing what truly is being sent back and forth.

What to look for in a VPN provider?

As previously discussed it is beneficial to connect to an encrypted VPN tunnel, to help prevent people from seeing your identity and personal data.

Although other internet users may not be able to establish that information, your VPN provider certainly has the ability to see who you are and what you are doing.

This is why it is important to do some research prior to using a particular VPN provider.

It will always come down to what you value more: Privacy, Security, or both. What you need your VPN provider to provide is based upon your reasoning.

Some users may want just another level of security especially if they tend to use open access points.

Others may want to protect their identity whilst browsing the internet.

Or even both.

So what do we need to look out for and why?

The location of the VPN provider is an important matter. This is due to what jurisdiction they are under, and the laws and legislations they have to abide by.

This can have a direct impact on the level of anonymity and security they can provide.

Primarily due to certain countries having an agreement with one another to cooperatively collect, analyse and share data between one another. The countries involved in these agreements are referred to as the Five, Nine and Fourteen Eyes. A VPN provider that resides within one of these countries may not give you the anonymity you would hope for, due the agreements in place that span across a total of 14 countries.

Anonymity also becomes increasingly difficult in countries that by law require certain information or logs to be retained for a select amount of time. Collecting logs and data for any period of time on your activities in the first place can compromise your anonymity.

However when data is held for a period of time a relatively accurate profile can be made of you as a user and how you use the internet. This information is then available to anyone that has the power to view it, and depending on what they do with that information if down to the individual viewing it.

The jurisdiction in which the VPN provider is under can also be beneficial. There are certain laws and legislations in place around the world that ensure the best security practices are abided by. In the instance where your VPN provider isn't based within a country with those requirements, it can pose a threat due to the lack of mandatory security practices. This is therefore a crucial key factor in where the VPN provider resides.

Ideally a VPN provider will hold no activity logs, whilst also providing a high level of security. This then protects your anonymity as a user, as well as providing a good to high level of security to protect any data in transit.

Depending on the VPN provider there are always varying features and functions that each may provide. However, for most decent VPN services they are not free. Presenting just another issue with anonymity and security; how do we pay for this service?

Referring back to what was said at the beginning… it all comes down to the level of security and anonymity that you would like to have as a user.

If you would like the VPN service primarily for security, you may not worry about the VPN provider having your identity via payment details (debit, credit card), yet you would still like those details to be secure.

For anonymity, payment options reduce and complexity increases. Debit/Credit card payments can identify you as a user to the VPN provider, and your bank will also see details regarding purchase of a VPN service. In the majority of cases, financial information is also subject to a set retention period resulting to more historical logs of data.

So how do you retain your anonymity whilst still paying for a service?

The alternative for making a payment and still remaining anonymous would be whether the VPN provider accepts bitcoin as a payment method. This maybe a beneficial option for users who find themselves in a country with an oppressive regime, or for whistle blowers or journalists who need to protect their identity.

Bitcoin in itself is a massive subject, so if you aren't aware of what this is already, a brief description would be that is an anonymous online cryptocurrency. It is most certainly worth a read into.

Conclusion:

The main points to take away when looking to use a VPN service is to firstly establish what you will primarily use that service for, and what information you are comfortable with sharing. This could be either with the VPN provider, or any related third party (bank, financial institute).

This is when you need to consider the country the VPN provider is based within. This could be whether they log any activity on the VPN, whether you want to stay anonymous when making a payment, and obviously the impact any other features they provide has on both your security and anonymity.

Due to many users having concerns and the numerous VPN providers to chose from, there is a great VPN comparison chart that has been created. This can be viewed from the link below:

https://docs.google.com/spreadsheets/d/1FJTvWT5RHFSYuEoFVpAeQjuQPU4BVzbOigT0xebxTOw

The One Privacy Guy's VPN Comparison Chart is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

- Ryan Tate, Security Analyst at Emeiatec - CCNA, ISCP III