Why you need a VPN?
Prevent ISPs from spying you and throttling your speed.
Keep your online information private.
You can't get hacked while using public Wi-Fi.
What is a VPN?
VPN stands for Virtual Private Network, as the name implies it is a network created between the user and the entity you’re communicating with. The specialty is that the communication that happens between the two parties is encrypted meaning no one will be able to snoop on the communication. There is a misconception that administrative bodies like IT managers, network administrators, ISPs are unaware of the communication that happens between the user and the other entity; this is a false presumption. The reality of the situation is that administrative bodies do see communication happening between the two parties, but they have no way of viewing the content of the communication. There are two types of: Remote Access VPN, and Site-to-Site VPN. The differences will be discussed below.
Remote Access VPN
Remote Access VPN is used to facilitate a private network for a user, who is then able to utilize the resources of the said network. Mostly this type of VPN is used among home users to bypass geographical restrictions that might be enforced by administrative bodies of an organization or a country. They allow users to remain anonymous and access content which if not channeled through a VPN are inaccessible to them. These come with a software that runs on the computer which connects to the provider’s server, hence the network is created more on the application level. The nature of the VPN allows providers to give the user the option to specify which applications are to be channeled through the VPN, this may differ from your provider. There are many factors to consider when choosing a VPN for personal use, they will be discussed in the topics to follow.
Site-to-Site VPNs are often used within cooperate environments, where an organization may have its branches spanning multiple geographical locations. In contrast to the other model of VPN this method allows for users of the organization to access organizational resources independent of their location (given access to the internet), in a situation where the network is facilitated within the same organization it can be called an intranet VPN. If the network is created outside the scope of the company, it becomes an extranet VPN. The distinction of the two models of VPN, Remote Access, and Site-to-Site is in the way the network is created: In a Site-to-Site model network is created on the gateway level, meaning that all traffic passing through the routers of the networks will pass through the VPN; hence it’s also called router-to-router VPN.
How to choose a VPN
Since most Site-to-Site VPNs come with proprietary software that are tailored to the needs of the organization, and their main purpose is geography independent organizational resource access; there is little to no reasoning to be done when going with a provider or vendor since it’ll mostly be dependent on the organization’s needs. In this section, what I will focus on is Remote Access VPN, with which everyday users deal with.
Like the previous misconception, here users aren’t aware that even though a VPN stand for geographical freedom in the cyber world, the providing bodies are still subject to laws of the country or region their infrastructure is in. Meaning, not all VPNs will provide anonymous logins/signups, zero log policies, or unrestricted protocol use. The average user might just want to unblock their favorite streaming service while traveling, but some users rely on the level of privacy provided to remain safe in situation where revelation of their identities might mean harm to their lives. A VPN is not a tool to be abused for destructive purposes, and the use of one doesn’t make you invisible on the internet; it’s used to improve privacy for a user. If privacy is your need for using a VPN, look for the residing country of the provider’s infrastructure, read their privacy agreement and ToS (Terms of Service), research on the reputation of the provider. Remember, your provider has details of your activity; hence it’s important to select a trustworthy one. For more reference on the importance of selecting the right provider refer to privacytools.io.
Out of many protocols to choose among PPTP, L2TP, IPsec, SSL, OpenVPN, SSTP, IKEv2 not all of them provide the same level of security. Let’s see what each entail.
This protocol offers fast connection speeds but is high vulnerable. Most clients use the CHAPv2 authentication, which is a red flag for any privacy seeker. But support for this protocol is built into all major operating systems, hence might appeal to novice users who want to forego the hassle of setting up other software.
L2TP is not implemented standalone since the protocol lacks in confidentiality, IPsec is implemented alongside to encapsulate L2TP encrypted data, and for key exchange. One of the slower protocols out of the list due to its double encapsulation of data, it’s a secure protocol to be used despite the unproven theories that this too might be compromised by government security bodies. Although support for this protocol is inbuilt in most OSes, users might find it useless in environments with very restrictive firewalls since IPsec uses UDP port 500 which is blocked on most firewalls.
Becoming the de facto of VPN protocols, OpenVPN allows for flexibility unlike the other protocols discussed here. OpenVPN allows the provider to offer users a range of cyphers to choose from, also a plus being OpenVPN can be configured on port 443/TCP which means VPN traffic will be masqueraded as regular HTTPS traffic which is almost never blocked on firewalls. It’s not as OpenVPN doesn’t carry concerns, it’s often encouraged that users go with providers that offer PFS (Perfect Forward Secrecy) key exchange mechanism. Also, it’s a slightly advanced for users to setup since OSes don’t come with built-in support for OpenVPN unlike the protocols discussed above, hence might demand slightly higher computer literacy. But users prefer the use of OpenVPN since the code is opensource, meaning the public can verify for vulnerabilities in it.
A protocol some users might prefer over OpenVPN since it offers the ability to reconnect upon loss of internet connection. This protocol lacks overhead due to the absence of the PPP (Point-to-Point Protocols), making it the fastest out of the protocols discussed here. It’s considered a very secure protocol which is also user friendly. But due to the nature of setup on the server end it presents providers with too much hassle, which is why the protocol isn’t as widely used as OpenVPN. It also features support for the AES-128 and AES-256 encryption along with PFS which is very attractive if privacy is a main for you.
A Microsoft proprietary protocol which offers very good privacy due to the implementation of AES. It’s very easy to setup, only caveat being it’s mostly supported on Microsoft systems. SSTP operates on TCP 443 like OpenVPN can be configured to, which makes it a very effective protocol even in very restrictive environments. Since this is a proprietary protocol, open auditioning for vulnerabilities is not an option which might be of concern to the ultimate privacy seeker.
Choosing the best protocol for a VPN would be made less effective if the VPN provider doesn’t provide good quality of service. Many providers brag about their number of servers, or unlimited usage capabilities; in most cases only few actually deliver on their promises. Sheer quantity wise grading is insufficient, and the qualitative aspects of the service has to be taken into consideration. A service might only offer 5 servers in select countries, but those few servers might be geared with multiple gigabit ethernet ports. So here are a few pointers to finding yourself a very good service provider:
- Generally, services that have their infrastructure closer to your geographical location tend to be optimal since latency between sending and receiving is minimized. A VPN is an intermediary between you and the global network which means the added obstacle will take your everyday performance down a notch; it must be the goal to minimize this since it’s inevitable.
- Look for providers that advertise what hardware and software platforms they use. Unlimited usage can be allowed even on a 10Mbps connection, but that is little to no value if you’re used to accessing the internet at 100Mbps.
- Evaluate your purpose of using a VPN, it’s much easier to pick out a provider once your needs are set. Providers that claim to do it all, tend to take a dive in the service quality department.
- Many providers tend to be cheaper when subscriptions are bought for a lengthier period, if you have taken a trial and found a provider fits your criteria, opt for a lengthier subscription. Most often than not, you will find the investment useful.
- Research, research, research… Not enough can be stressed about the importance of doing your own research before picking a provider. If you don’t already know, most “review” sites are paid to do their reviews by the providers they review. Do your own research, since most providers offer trials you can experience firsthand what their service is like.
- Take customer support into consideration: If you’re not a tech savvy, chances are you’re going to run into a bump or two when you start out with a VPN service, here a provider’s customer support will be crucial to your experience.