Choosing a VPN provider can be complicated. VPN services are themselves complex networks, doing sophisticated routing, standing up to frequent attacks on multiple fronts, and operating on thin margins. They are very different, and which one is right for you depends on your situation. I’ll try to break it down a little to help make choosing easier.
A proper VPN service provides security and privacy to users by establishing an encrypted comunications channel between your device(s) and a node on the VPN’s network. Once established, this encrypted channel prevents onlookers from discerning much of anything about your traffic, other than the fact that you’re using the VPN service.
Never use a free VPN service
Don’t even consider using a free VPN service. Running a VPN service is an expensive undertaking. The hardware costs are high, technical expertise is needed in-house in multiple knowledge domains, regulatory compliance issues can be expensive, and defending against attacks usually means paying 3rd parties to help. If the service is free – where does the money to pay for this come from?
With free VPN, the best you can possibly hope for is that the operators believe they can sell your Internet usage data for a profit, and their business model consists of doing just that. In the worst case, they’re profiting by attacking their customer base, or spreading malware, and misleading customers about what they’re providing.
In the past, free VPN services have been caught behaving badly, like simply swapping the IP address of one user for another. Not the end of the world if your granny gets to use my IP, but if another user gets my IP and downloads kiddie porn or buys illegal stuff online it will look like it was me!
Why use a VPN service?
So why even use VPNs in the first place? The typical reasons people give are:
- to hide all online activity from ISP, who collects and sells this data
- to avoid Man-in-the-middle (MITM) attacks when using public Wi-fi
- to hide IP address from destination website
- to hide online activity from a government
Some of these reasons are legit, others questionable. Let’s step back and consider what is actually happening. The details are actually quite difficult in some cases, but no worries – we’re going to stick to the basic ideas and gloss over the complexity of the VPN network operations. Let’s just say top tier VPNs go to great lengths to provide services like SSH tunneling, Shadowsocks, obfsproxy, and Stunnel – and this stuff requires a lot of ongoing engineering expertise.
The first reason metioned, “hiding online activity from ISP” is right on the money. This reason alone is why I advise everyone I meet to use a VPN. In the United States, all restrictions were recently removed with respect to using the most agressive and ethically-challenged ways known in order to collect your detailed Internet usage data.
Internet Service Providers’ (ISP) collection of detailed information about users can basically be avoided by establishing a direct, encrypted connection to a host that is not operated by the ISP in question. The ISP can see traffic but cannot see the destination or the details of that traffic. I must hedge slightly here though, because traffic analysis has gotten pretty sophisticated, and it’s sometimes possible to tell from the shape of the traffic if a user is on Tor network, for example.
And of course, there are mitigating strategies for all of this as well. You can wrap your traffic in another layer designed to obscure the nature of the traffic. You can tunnel one VPN connection through another to avoid letting your VPN provider log your real IP address. You could run your own OpenVPN server, highly recommended if you have the ability. You can use SSH tunneling, or use mixnets to accomplish these things too – get creative!
Privacy and Security Concerns
From a security perspective, using public Wi-fi networks is always dicey. Using an encrypted connection to an external host like a VPN provider will prevent snooping by others on the local network. MITM attacks happen regularly on public Wi-fi networks, so this one is a really important reason.
Hiding your IP address from the destination website is high priority for some people. The classic example is the user trying to watch Netflix while on vacation. Sites sometimes restrict access based on geographic location, and this can often be bypassed by connecting to a VPN server in another country.
Hiding your online activity from a government by using a VPN is usually a fools errand. Connecting to a commercial VPN service outside the country can bypass harsh regimes intent on surveilling their population. However, oppressive regimes tend to outlaw VPNs, and known IP addresses of VPN providers are blocked by the ISPs. VPNs have recently been banned in Russia, China, Turkey and other countries hostile to human rights. In these cases it is recommended to use alternate means of connecting to endpoints outside the country, for example by connecting to a Tor bridge node.
So what should you look for in a VPN provider? Stay tuned, that’s coming up in the next post!