VPN Services

From Mark Weiman's Wiki
Jump to navigation Jump to search

VPN services are widely advertised as a way to anonymize, hide, and secure your use of the internet. These claims are wildly misleading or downright lies.

Introduction

What Is A VPN?

A VPN (or a Virtual Private Network) is a software defined network (as opposed to your Wi-Fi card or your Ethernet controller on your computer, which are hardware based) that allows one to set up a network over another network (like the wider internet). This is useful if you have a need to network computers or routers together that are not in the same location to allow access to systems that are available only to a specific network address.

I use VPNs myself, two in fact (one that I manage and one that my employer manages) and these are the reasons I use them.

  • To easily network my own systems and servers together for easy access.
  • To access systems and routers that belong to my family (I am the de facto IT service technician for my family).
  • To access systems that are related to my job.

What I do not use them for:

  • Having "private" internet access.
  • Gaining an ability to "anonymize" my internet use.
  • Circumventing region-locked services (the only real legitimate use of these fraudulent services).

My general recommendation if asked whether someone should buy into one of these services is don't. It doesn't give you any meaningful security and just exposes another leak in your wallet.

How Are They Misleading?

The issue is that most users of the internet are not completely aware of how using it works. This is not just non-computer scientists either as you see a lot of "computer experts" recommend use of VPN services.

Who are they misleading? Let's start with some of the claims.

Password Hijacking

Claim: That person at the coffee shop can steal your password!

This claim is mostly false these days. With the wide adoption of HTTPS (secured hyper-text transport protocol), your communication with the site you're visiting is encrypted. This includes the part when your credentials are being sent to the site for verification.

The only time this is not true is when you are using a site that doesn't support HTTPS and only does regular plain-text HTTP. For most sites you visit though, like GMail, Twitter, etc, they use HTTPS and often enforce its use.

The only way around this is with a "man in the middle attack", which isn't common, nor is 100% prevented with a VPN (if the MITM attack is being performed between the VPN's gateway point and the service you're accessing).

Solution: Make sure you have a lock icon in your address bar that signifies that you're using HTTPS.

Stop Your ISP From Spying On You

Claim: Use our VPN and now your ISP cannot see what sites you visit!

This is true, but you know who can see your traffic? The VPN service itself! All you're doing is trading one set of network engineers for another. They may claim that they don't actually log or analyze your traffic, but if they also do not disclose their systems to you, how are you supposed to know if they actually are discarding all that information? There are instances of organizations that made this claim, then proved to not actually discard them and disclosed the information at a government's request.

Now remember, like in the section above, the ISP and VPN provider (whichever applies here) cannot actually see the content of most packets, only the header information (addresses, ports, etc). This is useful information for either for some optimization of their networks, but mostly not useful for an attack.

Solution: Use Tor, real private browsing or use DNS over TLS/HTTPS for private DNS.

Stop X Site From Tracking You

Claim: Using our VPN will stop those dirty tech companies from tracking you!

This is complete horse shit. Your IP address only really tells them approximately where you are and who your ISP is. This information can be useful, but not even remotely as much as the other tricks they use. They employ many tactics such as just asking your phone where on the planet you are with its built in GPS, keeping a cookie in your browser, running some JavaScript across pages, etc to do this task. The IP address is just not all that useful. A VPN alone cannot stop this from happening.

Solution: Stop using services that you are concerned are using your data in bad faith. Install Privacy Badger, Ad Blockers, JavaScript blockers, etc to stop them from doing this.

Real Ways To Secure Yourself

Use An Up To Date Computer

This goes without saying, using a computer that has outdated software makes you particularly vulnerable to exploits.

Use HTTPS

Make sure that lock icon is always present in your browser's address bar. This signifies that you are encrypting your traffic and the browser verified the certificate to be authentic. Avoid using sites that do not enforce HTTPS usage.

Use DNS over TLS/HTTPS

DNS is done unencrypted and can be seen by anyone between you and the server you're using. Having it encrypted with TLS or being done over HTTPS mitigates this and encrypts your queries. This doesn't prevent your ISP from seeing which IP addresses you're talking to, but they cannot see what domain name you used to get that IP address.

Don't Use Your ISP's DNS

This kinda is self explanatory. If you are trying to not let your ISP watch your usage, telling them which sites you use is counterproductive. I recommend using a service that supports DNS over TLS (like Cloudflare's 1.1.1.1).

Stop Using Sites That Don't Respect Your Privacy

If your goal is to stop services from tracking you, a VPN doesn't actually do anything for you. If you are concerned that Facebook knows when you're on the toilet, it may be better to just ditch their service altogether.

Use An Ad Blocker And Privacy Badger

Privacy Badger is a browser extension that watches sites that store cookies or JavaScript on your computer and learns of which ones are tracking you. It then blocks those sites from storing any more cookies or loading at all.

Ad Blockers stop you from seeing ads and in turn prevents you from clicking on them.

When To Use A VPN

What VPN Services Actually Offer

They only offer a glorified proxy service, not a VPN. They are proxying your data via their gateways to make it appear like you're coming from a different location.

Reasons

To Connect Private Networks Together

This is actually the intended purpose of VPNs. Connect to your work or home's network from another location. I use this to connect to my own networks, my family's networks, and the network at my employer to access servers and computers without it being open to the wide internet.

To Spoof Your Location

I mentioned this above, but the claim that you can watch a Netflix show not available in your area is true and a valid reason to do so. Saying that though, it may be better to get a cheap VPS server and do this yourself and setting specific routing rules instead of buying into a VPN service.