Good and bad reasons to use a VPN

Posted March 28, 2014 by David Redekop to VPN

There are good reasons to use a VPN, and there are bad reasons to use a VPN. We will articulate some common reasons VPNs are deployed in this article.

vpn_gateway_icon-orange

 

VPN stands for Virtual Private Network. It is a layer on top of your Internet connection to provide access you otherwise may not have, or to provide a layer of security and encryption so as to hide your otherwise visible network traffic or metadata.

VPNs can be complex to setup for the non-technical person because there are so many options and purposes for one. I’m going to focus on VPN use from a mobile or desktop device. Enterprise use of VPNs will be out of scope for the purposes of this article.

Top 3 GOOD reasons to use a VPN

  1. You are online via a public hotspot such as a coffee shop or hotel. Now you have a very good reason to protect yourself. The layer of the VPN makes it impossible for a sniffer to gather anything useful from your activities. Even if your traffic were all captured by a WiFi Pineapple (an “evil twin”), it would be meaningless noise to them. This is assuming, of course, that your VPN itself is secure and of good quality.
  2. Your work requires one. Many corporate resources provide an excellent layer of protection by limiting all access to LAN and VPN users only. While this is inconvenient, it is an excellent strategy for a better level of security.
  3. Circumvent unreasonable content filtering and/or censorship.

Top 3 BAD reasons to use a VPN. Even though you will often see these as reasons *to* use a VPN, we explain why not.

  1. Anonymity. As explained in a previous blog post VPN PROVIDES FALSE SENSE OF SECURITY, a VPN simply shifts visibility of your traffic to a different location on the network. So you may hide from the ISP that connects you to the Internet, but you still expose those same details to the VPN provider and ISP at the VPN exit point. So much for anonymity.
  2. Access geo-locked content. Say you’re travelling outside of your home country and suddenly you have a different Netflix catalogue (or worse, none at all). Using a VPN for this is highly inefficient because it completely breaks how Content Delivery Networks operate to bring the content to the edge of the Internet. This causes the Netflix experience (via VPN) to be unreliable and at best gives you a low-resolution experience. Forget HD.
  3. Download or upload illegal content via peer-to-peer. Again, a VPN simply shifts your identity from one IP to another. All other signals that your computer emits are also shifted to this IP so don’t count on anonymity protecting your illegal uploads or downloads.

Not all VPNs are the same

It is worth noting that corporate VPNs very often provide no hotspot visibility protection except for their own traffic. In other words, the VPN may be used to encrypt the traffic to and from your corporate network, but the rest of your Internet traffic may not be protected at all. Look for settings such as “split tunnel” or an unchecked setting of “Send all traffic over VPN connection”.

If not VPN, then what?

DNS-based inverse proxy solutions solve this problem in an elegant way without breaking any SSL security. There are quite a few out there now including services such as Unblock-US. However, the one shortcoming in those services is that sending all of your DNS queries to one provider, breaks Content Delivery Networks (CDN) technology. Netflix, for example, uses Akamai’s CDN technology. Akamai is then unable to serve you from the server geographically closest to you and instead may be serving a video to you from across the world.

DNSthingy, by contrast, uses deterministic DNS and continue to benefit from CDN’s technology.

VPN provides false sense of security

Posted March 28, 2014 by David Redekop to VPN

VPN has many legitimate functions. We use it on a daily basis in order to access services that are not available to the public for reasons of security.

A VPN in most cases is analogous to having a key to a building. Once you are inside the physical building, security is relaxed and you can accomplish what you need to get done.

A lot of marketing of VPN services out there appears to be geared towards our need or want for anonymity. Don’t fall for that because it provides neither privacy nor anonymity. It simply shifts the exposure to another part of the network. As for the signals that server-side services receive, everything (other than your Internet exit IP) remains the same.

Let’s talk about signals. Here are just a few:

  1. IP address. In the consumer’s mind, this is the most obvious signal that a web server has on you. Provided the public IP databases are accurate, it may narrow it down as far as a city, state, country. Most IP lists are about 97% accurate to the country, and about 90% accurate to the city/state level.

  2. Location data – try going to http://mylocation.org/ and you will see additional location data signals that you may be sending unknowingly. The accuracy doesn’t even matter because in aggregate, you may be sending the same location data as previously

  3. Cookies – unless you’re running in incognito mode all the time, Google (and others) can easily identify you from a previous visit

  4. When you’re logged into any website – as soon as you’re logged into a website, a record now exists on a web server somewhere that matches your username with a public IP address

  5. Garden varieties “phone home” protocols including any of the following services you may have running on your computer:

    • dynamic software updates

    • remote access software (logmein, back to my mac, team viewer, gotomypc, etc)

    • calendar, contacts or email software that synchronizes

    • and many more pieces of software that have one reason or another to phone home

  6. Email software that sends/receives email in clear-text

  7. Any “Internet Account” that is configured on any software application on your Mac, Windows or Linux
Again, VPNs are a very necessary part of everyday security on the Internet. Just don’t be fooled into thinking it provides you anonymity or security from prying eyes. It simply shifts the visibility from your Internet access location and ISP to the VPN provider’s location. If you believe that the VPN exit point country has a lower likelihood of spying on your traffic, then there may be a little safety there, but most of us will just never know and certainly never be able to confirm that.