With thousands of VPN services to choose from, each promising to keep your data secure, each advertising roughly about the same technical features, how can any sane person make a rational choice? Fortunately it is actually easier than you might think, read on…
What’s a VPN?
A Virtual Private Network or VPN is a private computer network constructed within a public network like the global Internet. Imagine a VPN like a tunnel through which you connect to the Internet, on one side is you and on the other side is your VPN provider. If someone looks at the tunnel from the outside they only see the tunnel, if anything, and the traffic inside remains hidden. The websites you visit only see your VPN provider’s information including your VPN provider’s IP (Internet Protocol) address, hence you and your activity remain hidden from the rest of the world. Anyone sniffing your traffic – like your ISP, law enforcement, malicious hackers – will not see anything of interest, just garbled information. However, your VPN provider, by design, has access to your Internet activity and can log information such as the IP address you are connecting from, connection start and end times, or any other information they are interested in – more on this later…
Why Use a VPN Service?
Keeping messages private is a desire as old as humanity. The main purpose of a VPN is to do just that, to keep data private. If you shop online or connect to your bank via the Internet, whenever you see https instead of http, you are already using a VPN, albeit a one-to-one VPN, from your computer to the https-server, the data exchanged between the two encrypted.
It is important to understand that the desire for privacy has nothing to do with engaging in illegal activity . It is completely legitimate. The argument that you don’t need to worry about your privacy if you have nothing to hide is logically flawed, but unfortunately often used by government and law enforcement to further their agendas, successfully clouding the real issues.
Who is Using VPNs?
The simple answer is anyone who handles confidential information or who has a need to keep their activities and information private. VPNs are used by law enforcement, fire departments, many other government entities, banks and other corporations, but also lawyers, doctors and many business travelers.
More recently VPNs have made their way into the consumer space. Originally used by file sharers to hide their identities when pirating copyright protected content, today consumers use VPNs to protect their privacy when connecting to public Wi-Fi (such as at Starbucks or students in a dormitory), to gain access to sites and services many governments block to squash dissent and the free flow of information. VPNs incidentally also enable access to protected regional content (such as Hulu or Pandora).
What do you use a VPN for?
Most people use a VPN for one of three reasons or a combination thereof:
1. To secure their web traffic from prying eyes, i.e. accessing social networks or email from your local coffee shop without the fear of the creepy guy next to you getting a glimpse at your passwords or worse, access to them.
2. Anonymity on the Internet: Your right to browse the web unrestricted and without revealing your identity or being tracked, i.e viewing websites containing information uncomfortable for your government without fear of your front door being knocked down because of it, or less dramatic, browsing porn at your leisure without your employer or significant other knowing about it.
3. Gaining access to region restricted content.
Just about any VPN service will provide you access to region restricted material and secure your connection to stop the nosy guy next to you seeing things he isn’t supposed to, but not all of them completely protect your privacy.
What do PPTP, L2PT and OpenVPN mean?
How much privacy you need determines the level of security you require. You can keep your personal information 100% private, just don’t connect to any network you don’t 100% control. For the rest of us that means dealing with technology to ensure privacy. For the purpose of this article, consumer dial-up secure networking, there are three main Point-to-Point Protocols (PPP) available to connect to a VPN, Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2PT) and OpenVPN. PPTP originally developed by consortium including Microsoft is the most widely distributed protocol, L2PT is a hybrid of Layer 2 Forwarding (L2F) and the best of PPTP, and OpenVPN is an open source protocol developed by OpenVPN Technologies Inc.
Confused yet? Don’t be, all you really need to know is that PPTP has been hacked, L2TP is safest when used with IPSec, and OpenVPN offers the highest level of security. They all have their pros and cons and what protocol to use will largely depend on what devices you want to use it on and what services a VPN provider offers.
The Logging Issue
Cody Kretsinger, a Phoenix resident, was identified by law enforcement as being the LuzSec member, known as ‘recursion’ participating in the breach of Sony Pictures website in 2011 (http://www.informationweek.com/news/security/privacy/231602248) once HdeMyAss (HMA) handed over their logs after receiving a court order to do so. He used his credit card to pay for anonymity, ups…
Actually, shouldn’t it be considered a fraud to advertise protecting your privacy while maintaing logs that can be used to to identify you?
Since the Kretsinger incident and governmental efforts to crack down on privacy, VPN providers’ logging policies have come under intense public scrutiny. If anonymity is your main concern, information logging is a problem, because if there is a log of your activity (for whatever the publicly stated reason might be) stored for any length of time, your privacy is NOT 100% protected, so if absolute privacy is your concern, DO NOT sign up with any VPN provider that logs activity (IP address you are connecting from, start and end time of your connection, your DNS queries etc). Don’t fall for a company’s claims that they will not share your information with third parties, all of them will cave in, it is just a function of pressure!
If I were concerned with absolute anonymity, the very popular VPN HMA wouldn’t be my first choice of VPN providers. Fortunately there are VPN Services not logging identifying user information, or purging these logs frequently enough to minimize the risk of possessing information useable to law enforcement.
How-To Choose a VPN Provider?
Looking at the number of services available will make your head spin, so how are you supposed to pick the best provider? Start with considering your needs:
- If your main goal is to watch region restricted entertainment online just about any VPN provider will do and speed will be your main concern.
- If your main concern is the security of your connection when accessing public Wi-Fi or you just don’t want your ISP to know what you are doing, again, any provider will do.
- If anonymity is your main priority choose a non-logging VPN provider that offers encryption.
- If you live in a country with restrictive Internet access, the question will be which VPN providers can you reach and choose a non-logging VPN provider offering encryption and anonymous payment methods to make sure your identity does not fall into the wrong hands.
A Matter of Trust
No matter which vpn provider you choose, it is always helpful to consider the fowling:
How much do you trust the marketing statments of any VPN provider and their claims of either not having any logs or purging them frequently enough to protect your anonymity? Statements similar to “we don’t keep any logs” followed by “we will suspend any user’s account if we determine they engage in illegal activity” certainly make me wonder…
Check out which countries your prospective provider has servers in, which operating systems they support, if they allow concurrent connections and if you can use your account with your mobile devise as well as your desktop or laptop.
If anonymity is your main concern check out which payment methods the VPN provider accepts. Paying with a credit card in your name obviously blows your anonymity right out of the water. Fortunately more and more providers accept PayPal, Payza or other more anonymous payment options.
Next sign up for a free trial account. Most VPN providers will allow you to do that without requiring a credit card or personal information. This way you can test the VPN from your computer and with those websites and services you regularly use, making it easy to decide if a provider will meet your needs or not.
Last but not least, if a provider meets all your criteria and worked well during your trial, consider signing up for a paid account.
Picking the right VPN provider from thousands of choices can seem daunting, but once you figure out what you really need it becomes relatively simple:
- If anonymity is your primary concern you should always choose a Non-Logging VPN. I use VPN4ALL, a provider that claims not to log anything.
- If you just want to protect your Wi-Fi connection or bypass regional restrictions to watch videos, I would recommend HideMyAss. HMA has servers in so many countries that no matter where you are or where you want to connect to, they have you covered.
Obviously there are thousands of other VPN providers, those are the two we currently use in our office and the ones we compare other services to.
Image Credit: Kolin Toney