What To Consider With VPN Services – A Guide
VPN, Virtual Private Network is also moving the general public to the “anonymously on the net” area. The concealment of the IP address is actually only a by-product, but it is far from being anonymous.
In contrast to proxies, VPNs are intended to connect company networks to other locations. For example, a service employee who is traveling can be with the customer, but technically he can still stay in the company network and use all internal services.
A proxy is like a forced way point for every packet you send to the internet and then receive others, neither encrypted nor anonymous, because the proxy simply tells the web server: “Hey, user XY asked me to call the page for him”. – so proxies are something completely different.
VPNs are encrypted, e.g. to keep corporate communication private. The IT representative in the customer company should not necessarily know what purchase price you actually pay for a spare part if you order it directly from the customer in the VPN network.
It is exactly this encryption rail that companies use and sell VPN services because they are encrypted. With this you enter the company network of a company that only promised to make you look like you’ve been abroad.
Many people are not aware that this alone creates risks.
You are in a company network with other customers and employees of the provider. The provider has to ensure that these cannot communicate with each other like in a classical company network, some inexpensive providers do not. You are then in a network with your computer and every customer and every employee sees that you are there and possibly also which shares you have with Windows.
If, for example, a printer is shared in your local network, it can now be controlled by every customer on this VPN server.
It basically works in such a way that your computer is part of a company network and the actual protection mechanisms offered by a router are no longer available.
Many services pay attention to this and do not allow it, but even then there are some things to consider. It always depends on the purpose for which you want to use the VPN. For example, if you travel to China and want to continue surfing the Internet as usual, you have to consider something completely different than if you do not want to pay the GEMA fees for watching the videos on YouTube in order to make these videos available in Germany.
The GEMA Youtuber
The case is quite simple, your VPN does not have to attach any importance to any data protection at all. It should only be fast enough to let a 1080p video pass smoothly, which is blocked in Germany. Switzerland, the Netherlands or the surrounding area of Germany in general is a good location, but almost every service should have a location there. In addition, Hulu, Wilmaa and other services that are basically not allowed or active in Germany due to license chaos also work.
Encryption is a minor issue here and even insecure connection methods such as PPTP or OpenVPN without activated encryption already lead to the desired result. So the free choice is at your disposal, even if you should test some services for speed beforehand.
The search for privacy…
For example, your employer has the right to check what you are doing in the company network. Even during the lunch break, during which many employers allow private things to be looked up on the Internet, he is allowed to have a look. If you want to make this more difficult, you need a VPN that is strongly encrypted and ideally does not log.
Even then, the employer may ask what you are doing while you are connected and ask to disable the VPN, but in this case he must ask and cannot just log because you have taken special precautions. However, the employer may also demand that the service no longer be used in the company network.
A further protective mechanism is then created here. Without encryption, an employer may be able to log, but not with encryption – but most corporate programs and services are not available when using encrypted VPNs and your employer may have already taken precautions to prevent this. Then just ask your employer here, or try it out. If you can connect to the VPN service at home, but not in the company – then it seems to have already been blocked in the company.
Perhaps a more practical application here are public hotspots, which, as in New York, are often recently refinanced by the sale of all the data you produce in this way. A VPN is rarely blocked in hotspots – so it is usually possible to provide more security here. Besides, you protect yourself a little better against attackers who try to record the data of other visitors in the same network.
The Network Outbreaker…
Some networks are closed, mostly in schools and universities. But some employers also like to install censoring firewalls so that colleagues can work and not have fun on the Internet. Instead of using the TOR browser you can also use a VPN which e.g. supports OpenVPN over TCP port 443. Such communication is basically not distinguishable from normal network traffic via HTTPS, only they all go to a single server. It requires a relatively comprehensive firewall to distinguish such traffic from normal web surfing. However, very few institutions make this investment.
SSH tunnel is the next point. Many locks can be easily bypassed by setting up an SSH connection and thereby directing any Internet traffic that you cause. A little further and we are already at obfsproxy, one of the programs created thanks to the Chinese Internet surveillance.
The Persecuted – Or, Who Suffers From Internet Censorship…
The situation becomes much more serious if you know, for example, that you are being monitored by state organizations. Usually this is also told to the persons concerned by the flower, therefore they know mostly that the state is anxious to find out everything about you. Here the location of the VPN service provider is critical again.
Germany, half of Europe, Great Britain and the USA will thus already be eliminated. Secret services function particularly well here, even across borders. Fourteen Eyes” plays a role here. The service provider may not be located in one of the listed countries, as the secret services there could, on their own free decision, intervene too extensively in company activities.
Ideally you have a closer look at the country in which a VPN service is registered. “How well organized is the legal system there?” “How much is already regulated by law and how quickly are new ones enforced”, a certain degree of unorganisation is okay, but one should not overdo it. If a state system is not as efficient as, for example, EU countries, then the secret services have more difficult information to obtain “officially”.
Here again, more decision-making power lies with the VPN service provider. If this ensures that as little traceability as possible is possible on its servers, half the game is already won once. Secret services have a lot more work to do here because they have to actively hack into the company servers to get ahead at all. A VPN service provider that attaches great importance to security is worth its weight in gold.
Another important point here is that the provider’s support can be contacted in encrypted form. By this I do not mean a contact form on an HTTPS website, but an e-mail address with ideally linked PGP public key. This is a bit cumbersome, because the customers also have to have PGP, but always better than HTTPS.
The Great Firewall of China
A quality feature is also obfsproxy. This program was originally developed by the Tor project. It serves to enable Chinese citizens to surf the Internet without the state as an intermediary. The network traffic is “hidden” in other harmless-looking data and, as the name suggests, sent to a proxy server, which in turn finds the hidden data and can send it on without problems. The same would be possible with a VPN without obfsproxy. However, pure VPN connections can be identified and traced.
The TOR project is technically possible in China, but everyone who uses this network is targeted by the state. Obfsproxy switches to Tor, sends all traffic to the proxy server and then continues on the TOR network. The proxy can not only be used with the TOR network, it can also be switched before VPN. A service whose software brings this function with it is a good deal better – at least in terms of the configuration effort.
In China itself, obfsproxy is a completely different caliber, where further developments are now recommended, since security experts are constantly working for the state to locate and block such proxy servers.
For Germany and the rest of the world Obfsproxy is already overkill. German politicians and their thoughts on data retention do not even go so far as to deliberately hide network traffic from programs or users.
If you look for service providers with the above criteria, many already fall out, and those that remain are not cheap. Costs of 5-10€ per month are more evidence that the provider also gets the money to ensure security. Cheap providers for 2-3€ per month need other ways to win. As a result, the company is no longer fully focused on VPN services and their security. It lives actively from advertising on the webistes or even intervenes in the connections of the customers to cheat own advertising. The sale of user data is also popular. With VPNs, this is the entire network traffic of a device.
As an example I take here gladly times ivpn.net. With 15 USD per month in the single month and not much cheaper (approx. 7.50 EUR) in the (half-)yearly offer one of the most expensive offerers. However, obfproxy is integrated into the client software here and routes that work via two IVPN servers in succession also work. In addition, the service provider is very anxious to present incidents to the public. There is a public promise that no incident has happened to IVPN staff, that everyone is contactable and will not be knowingly prosecuted. This is signed with the PGP key of IVPN. This way you can make sure that the text comes from the administrator behind IVPN. (or at least from someone in possession of their private key).
This is a matter of trust, but it is still better than a service that is completely silent.
The servers are basically fast enough. I’ve been using the service for a few months now and I can easily get what the Internet provider provides me from the nearest servers in terms of data throughput. They also respond quickly to incoming PGP encrypted emails and respond quickly.
On the side of encryption, they are very anxious to raise it very high.
North VPN can be seen as an alternative to IVPN. Technically identical to IVPN, but not so much about guaranteeing that nothing has happened with NordVPN yet. The promise the IVPN gives one searches in vain with NordVPN and also obfsproxy must be furnished before. NordVPN also does much more bumming and advertising for its own service, which could also be interpreted negatively.
Find the ideal VPN service
The two services above are intended more for China travelers and for those who may be really paranoid or afraid of losing their privacy. All possible services are also available in an English table, which takes some time to load. The whole procedure for selecting a suitable VPN service provider can also be made a little more detailed than described here. All these things are also explained here in the English How-To.