What is a VPN? How does it work? What can you use a VPN for? In this video and article I will attempt to answer those questions without getting into too much technical detail. I will go through the basics of VPNs, how to use them securely and how to choose the best VPN service.
What is a VPN?
VPN is a acronym for virtual private network. Basically, in a nutshell, with a VPN you use an encrypted connection to connect your computer to a VPN server. You then connect to the rest of the internet through that server.
VPN for Security and Privacy
OK, so why is this useful? Well, because the VPN connection is encrypted, it can provide an extra layer of privacy and security for what you’re doing. So if you’re involved in something where data security and privacy are priorities, then it makes sense to take some extra measures to secure your work and online activities. For example journalists, lawyers and activists might benefit from using a VPN service.
Also, if you’re traveling and using an unencrypted or poorly encrypted public wifi, a VPN will also provide extra security.
You can also use virtual private networks to circumvent geoblocking. There are websites and online services that restrict access based on the location of the user. For example BBC iPlayer is only available for people in the UK and Netflix has different media libraries for different regions.
So for example if you’re an American traveling in Europe, and you want to access Netflix. To access the same movies and shows available in the US, you need a VPN. When connecting through a US based VPN to Netflix it will look like you are in the US, even though you’re not.
Another alternative is SmartDNS, which can do the same thing, except its not encrypted which also makes it a bit faster.
Bypass Firewall Restrictions and Censorship
You can also use a VPN to circumvent firewalls that block certain types of content. For example many online video games and social media websites may be blocked at schools or workplaces. If you’re traveling in countries like China, they will also restrict access to many websites and sometimes they may also try to block VPNs as well.
In most cases you can use a VPN service to circumvent these restrictions. But some VPN protocols are easier to detect than others and thus can also be blocked by a internet service provider or government.
Strong encryptions are more secure, but also require more processing power from your computer to encrypt and decrypt the data. Weaker encryptions are less secure but can be faster. Especially if you have a slow CPU on your computer or an older and slower broadband router.
There’s basically two common VPN protocols and two others that are somewhat less common.
PPTP is one of the oldest VPN protocols. It’s fairly weakly encrypted, not very secure and easier to detect and block by firewalls. It is still usable for some purposes like circumventing geoblocking and gaming. But I would not recommend using it for anything where you need good security and privacy.
OpenVPN is another very common VPN protocol. It is open source, highly encrypted and probably the most secure protocol at the moment. Because it is open source, third party network security experts can look at the code and see if there are backdoors built in to the software. OpenVPN is good for pretty much all purposes you’d use a VPN for.
SSTP is a fairly secure but a less common protocol developed by Microsoft. It basically routes VPN traffic through a secure socket layer, or SSL. However, the code is proprietary and not accessible for inspection by independent entities. So it may have backdoors that are accessible by governments and certain corporations. But it is still usable and perfectly safe for most purposes. However if you’re doing some really high level journalism or something, then you may want to consider using OpenVPN instead.
L2TP with IPSec is another less common VPN protocol. It’s more secure than PPTP but less than OpenVPN. If I had to choose between PPTP and L2TP with IPSec, I’d choose L2TP.
DNS Leaks: A Privacy Risk
If you’re using VPN services for privacy purposes, then you should watch out for DNS leaks. Basically DNS stands for domain name system. It’s the system whereby numerical addresses like 220.127.116.11 are translated into domain names like youtube.com.
Sometimes even when connected to a VPN, your operating system may use its default nameservers when requesting the IP address for a domain name. This data is often logged by the nameserver. Your default nameservers are often owned by your internet service provider. So law enforcement or legal courts could potentially request that information from your ISP and get your real IP address.
One way to fix this is to change your DNS servers in your network settings or router to servers operated by Google or OpenDNS. However, this may not always work as ISPs have started to use a technology called transparent DNS proxying. This allows them to intercept all DNS lookup requests, thereby forcing their customers to use their DNS servers.
However, there are ways around that. You can use DNSLeakTest.com to test if your DNS is leaking and they also have some good instructions on how to fix a DNS leak.
IPv6 Leaks: A Protocol That is not Always Supported
IPv4 addresses are used to identify computers, servers and other devices on the internet. However, they are basically running out. Yes there is actually a finite number of them. So a next generation IP protocol was introduced some years ago to eventually replace IPv4, this protocol is called IPv6.
However, most broadband and mobile internet users don’t yet have a IPv6 address. But for those who do have one, basically you can’t connect to a IPv6 address with a IPv4 address. So if you’re using a VPN service without IPv6 support, a website that tries to connect you to a IPv6 address will be connecting you without going through a VPN. This could reveal your actual IPv6 address which can then be used to identify you.
You can go to IPv6Leak.com to test if your IPv6 address is leaking. Some VPN clients have a IPv6 leak protection feature, but you can also turn off your IPv6 address in your network settings. In Windows 7 and 8 you can go to the ”Network and Sharing Center”, click on ”Local Area Connection” or ”LAN”. Then click on ”Properties” and untick the option that says ”Internet Protocol Version 6”. Instructions may vary depending on your operating system.
Choosing a VPN Service
Before choosing which VPN service to use, you may want to do some basic research first.
Another thing you may want to look at is the jurisdiction of the VPN service. Basically where it is incorporated. Generally you want it to be outside your own country and in a country with good data privacy laws. This immediately rules out countries like the United States, United Kingdom and Australia. Canada, Romania and offshore countries like Cyprus or the British Virgin Islands are some fairly good jurisdictions. Sweden has some good data privacy laws as well.