With thousands of VPN services to choose from, each promising to keep your data secure, each advertising similar technical features, how can any sane person make a rational choice? Fortunately, it is easier than you might think. Read on…
What is a VPN?
A Virtual Private Network (VPN) is a private computer network constructed within a public network (such as the global Internet). Imagine a VPN as a tunnel connecting you to the Internet through your VPN service – on one side is your computer, and on the other side is your VPN provider’s server. If someone looks at the tunnel from the outside they see only the tunnel, and the traffic inside remains hidden. When you use a VPN, websites you visit see only your VPN provider’s IP (Internet Protocol) address, so your real IP address and your activity remain hidden from the rest of the world. Anyone sniffing your traffic (your ISP, law enforcement, or malicious hackers, for example) will see only encrypted data. However, your VPN provider, by design, has access to your Internet activity and can log information such as the IP address you are connecting from, connection start and end times, or any other information they are interested in – more on this later…
Why Use a VPN Service?
Keeping messages private is a desire as old as humanity. The main purpose of a VPN is to do just that, to keep your data private. If you shop online or connect to your bank via the Internet, whenever you see https instead of http, you are already using a VPN, albeit a one-to-one VPN. From your computer to the https-server, the data exchanged between the two is encrypted.
It is important to understand that the desire for privacy has nothing to do with engaging in illegal activity. Privacy is perfectly legal. The argument that you don’t need to worry about your privacy if you have nothing to hide is illogical, and often used by government and law enforcement to further their agendas, successfully clouding the real issues.
Who Uses VPN Services?
Everyone who handles confidential information, or who has a need to keep their activities and information private uses VPNs. This includes not only law enforcement, fire departments, many other government entities, banks and other corporations, but also lawyers, doctors and many business travelers.
VPNs have recently become popular in the consumer space. Originally used by file sharers to hide their identities when pirating copyright protected content, consumers now use VPNs to protect their privacy when connecting to public Wi-Fi (such as at Starbucks or student dormitories), or to gain access to sites and services many governments block to quash dissent and restrict the free flow of information. VPNs also enable access to region restricted content such as Hulu, or Pandora.
What do you use a VPN for?
Most people use a VPN for one of three reasons, or a combination thereof:
1. To secure their web traffic from prying eyes. For example, connecting to social networks or sending email from your local coffee shop without concern that the creepy guy next to you is secretly accessing your passwords or private communications.
2. Anonymity on the Internet. For example, to browse the web without revealing your identity or being tracked, i.e., viewing websites containing information uncomfortable for your government without fear of your front door being knocked down because of it, or, less dramatically, browsing porn at your leisure without your employer or significant other knowing about it.
3. Gaining access to region restricted content. Most VPN services make it possible to view region restricted content securely, but not all of them protect your privacy completely.
What do PPTP, L2PT and OpenVPN mean?
How much privacy you need determines the level of security you require. You can keep your personal information 100% private if you don’t connect to any network you don’t 100% control. When that is not practical you have to use solutions like VPNs to protect your privacy. The three most common Point-to-Point Protocols used to connect to a VPN are: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2PT) and OpenVPN.
PPTP, originally developed by a consortium including Microsoft is the most widely distributed protocol. L2PT is a hybrid of Layer 2 Forwarding (L2F) and the best of PPTP. OpenVPN is an open source protocol developed by OpenVPN Technologies, Inc.
Confused yet? Don’t be, all you really need to know is that PPTP has been hacked, L2TP is safest when used with IPSec, and OpenVPN offers the highest level of security. Each protocol has its own pros and cons, and what protocol you should use depends on what devices you want to use it on, and what services your VPN provider offers.
The Logging Issue
Cody Kretsinger, a Phoenix resident, was identified by law enforcement as LulzSec member ‘recursion’, and accused of participating in the breach of Sony Pictures’ website in 2011 (http://www.informationweek.com/news/security/privacy/231602248). Mr. Kretsinger’s legal troubles began after his VPN provider, HideMyAss handed over their logs to the authorities upon receiving a court order to do so. Cody used a credit card to pay for his VPN connection, and that traced directly back to him.
Should it be considered fraud to advertise protecting your privacy while maintaining logs that can be used to to identify you?
Since the Kretsinger incident, and subsequent government efforts to crack down on privacy, VPN providers’ logging policies have come under intense public scrutiny. If anonymity is your main concern information logging is a problem because if there is a log of your activity stored for any length of time your privacy is NOT 100% protected. So, if absolute privacy is your concern, don’t sign up with any VPN provider that logs your activity (the IP address you are connecting from, start and end time of your connection, your DNS queries, etc.). Don’t believe a company’s claims that they will not share your information with third parties; all of them will cave in eventually, it is just a function of pressure!
If I were concerned with absolute anonymity, the very popular VPN provider HideMyAss wouldn’t be my first choice. Fortunately, there are VPN Services that do not log any identifying user information, or who purge their logs frequently enough to adequately minimize the risk of maintaining incriminating evidence.
How-To Choose a VPN Provider?
Looking at the number of services available will make your head spin. So how are you supposed to pick the best provider? Start with considering your needs:
- If your main goal is to watch region restricted entertainment online just about any VPN provider will do, and speed will be your main concern.
- If your main concern is the security of your connection when accessing public Wi-Fi, or you just don’t want your ISP to know what you are doing, again, any provider will do.
- If anonymity is your main priority choose a non-logging VPN provider that offers encryption.
- If you live in a country with restrictive Internet access, the question will be which VPN providers can you reach. Choose a non-logging VPN provider offering encryption and anonymous payment methods to make sure your identity does not fall into the wrong hands.
A Matter of Trust
No matter which VPN provider you choose, it is always helpful to consider the following:
How much do you trust a VPN provider’s promises of either not logging, or purging their logs frequently enough to protect your anonymity? Statements like “we don’t keep any logs” followed by “we will suspend any user’s account if we determine they engage in illegal activity” certainly make me wonder…
Check out which countries your prospective provider has servers in, which operating systems they support, whether they allow concurrent connections, and whether you can use your account with multiple devices.
If anonymity is your main concern check out which payment methods the VPN provider accepts. Paying with a credit card in your name obviously blows your anonymity right out of the water. Fortunately, more and more providers accept PayPal, Payza or other more anonymous payment options.
Next, sign up for a free trial account. Most VPN providers will allow you to do that without requiring a credit card or personal information. This way you can test the VPN from your computer and with those websites and services you regularly use, making it easy to decide if a provider will meet your needs or not.
Finally, if a provider meets all your criteria and worked well during your trial, consider signing up for a paid account.
Picking the right VPN provider from a bewildering array of choices can seem daunting, but once you figure out what you really need it is relatively simple:
- If anonymity is your primary concern you should always choose a Non-Logging VPN. I use VPN4ALL, a provider that claims not to log anything.
- If you need only to protect your Wi-Fi connection or bypass regional restrictions to watch videos, I would recommend HideMyAss. HMA has servers in so many countries that no matter where you are or where you want to connect to, they have you covered.
Obviously there are thousands of other VPN providers, those are the two we currently use in our office and the ones we compare other services to.
Image Credit: Kolin Toney