Choosing the right VPN
a guest Aug 24th, 2017 1,998 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- The place pointed by X is a good source since those are honest reviews; head to https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/ for a thorough, larger list.
- What you should be asking yourself before acquiring your product is: why I'm hiring a VPN service?
- a) To 'safely' sail the convoluted seas that are the WWW nowadays
- b) To anonymize online activity
- Bear in mind that one doesn't necessarily imply the other as you can gain a good amount of safety while being perfectly traceably while conversely you can make your way completely anonymized being openly exposed to dangers of all kind.
- To make it clear:
- 1) If you want a mix of both safety and anonymity: first thing you should check is that the VPN service you hire provides an additional level of protection in the form of malware detection which will help squash lots of malicious code, sometime downloadable by the user but often embedded on the websites themselves, without breaking the intended user experience (at least most of the times). Malware can come in a form of deliberate exploits, usage tracking, user profiling and so on. What these services usually do is block the malicious stuff and also offer to spoof your browser user agent string -- which may be a blade of two edges sometimes.
- The problem with spoofing the UAS with a random pick is that sometimes websites and webapps rely on this information to better serve their content according to the browser the user is using; most of the times this shouldn't be an issue though as any modern browser should more or less be enough compliant with the web standards. Still, if a webapp (or website) detects you're running Firefox while you're running Safari, and it indeed has any specific optimization for Safari or any kind of additional feature only available to it, you will miss it. Said that, any VPN service that provides this kind of firewall should be enough. Some providers I know offer this kind of extra protection are F-Secure's Freedome VPN (Finland), Private Internet Access (USA), VPN Unlimited (not sure, USA & Ukraine?), Windscribe (Ontario, Canada) and PureVPN (Hong Kong). Again, when picking a provider take your time to examine the strengths and weaknesses of each one, i. e.: F-Secure focus is on security, they have been manufacturing anti-malware software for IDK, 20 years, so you could reasonably believe that they know how to deal with malware and - again - reasonably expect to deliver a quality product. However as stated in their usage policy they log way too much stuff so in the event that they receive a court order to identify a specific user, they would not only be able to do that but they will promptly comply. They won't otherwise state on your business, you can even use other protocols like BitTorrent (on selected nodes) or Tor (anywhere). This is a clear example of how a VPN service can provide a nice safety layer but forget about anonymity.
- 2) If your primary concern is anonymity then what you have to watch out is that the provider legal address (and consequently law jurisdiction) isn't established in any of the so-called Fourteen Eyes countries. Yes, there are VPN providers on some of those countries that pride themselves for protecting their customers' information with nails and teeth but as lovely as the idea is if their companies are established in any of the above mentioned countries at some time they will have to comply with legal mandates or face operations shutdown -- if anything, to protect their customers from legal troubles much like the owner of Lavabit did years ago. I'm not saying one can't trust companies with roots in any of the Fourteen Eyes countries, I'm just saying that depending on the use you will do of the service, i. e. protecting you and your family from your ISP abuse, online malware, connecting to untrusted WiFi spots, etc, companies like Private Internet Access (PIA for short) will do great - in fact they are regarded as of a quality provider with people being quite happy with them. On the other hand if you presume that your planned online activities might in some way clash with local laws (no matter how 'unfair' that could be) then think it twice.
- Wrapping things up:
- - For non-technical users most VPN companies will provide a graphical interface to deal with their service. This has some advantages like easily switch between gateways, enforce adware/malware protection or enforce "killswitches" (a somewhat discussed topic, more on this next). The bad part? Some of those clients are AWFUL: while they can look neat and polished and adorned with pop-out eye-candy graphical interfaces, the coding SUCKS as when you monitor the resources consumption on your device (CPU & RAM) they are ridiculous heavy, genuine pieces of bloatware that eats anything between 5 ~ 20% of your CPU! Now, if you think about a VPN service as something that will most likely be up most part of the day, only down when you put your computer (or yourself!) to sleep, this is unacceptable. Then there are those clients that are well crafted and barely uses any additional resources no matter how much traffic is flowing in and out; Freedome VPN client is a fine example of this (I mention it because it is the service I'm currently using for my 'normal' everyday navigation).
- - Those fancy interfaces I mention will most likely be running OpenVPN in the background which itself it's quite lightweight. Some providers - the cool ones - will offer to download the configuration files so you can connect using whatever OpenVPN client you like. They might also offer to download the configuration files for other protocols as well like IPSec/IKEv2 protocol (macOS provides built-in support for IKEv2; you can use Viscosity, Tunnelblick or Shimo to manage OpenVPN configuration files as well, just remember what I said about the killswitch and any possible other features provided by the official client of your VPN provider).
- - Speed: speed varies on a lot of factors being 1) the VPN provider, 2) the nodes you connect to within that provider (load), 3) latency - you might experience slow responses when resolving DNS first time but afterwards great connection speeds. It's really a blend of factors.
- - Reliability: some providers provide more reliable connection than others. For example I never had *any* connection drop with Freedome VPN, but yes I did have - still have - with my other provider.
- - Lifetime subscriptions: BEWARE with these. Not only no-one nor nothing can ensure that next month you will have the same quality of service you have today -- let alone next year, the next 5, 10 years or for instance whatever silly amount of time you can think of.
- EVEN WORST: when you use a VPN service provided by a third-party (that is not set up by yourself) you are basically trusting in the commitment and good faith of the company that is handling your information. They very well may be logging all your traffic, saving a copy of any file you download, anything could be possible. When you connect to a VPN service visualize it as your connection flowing through a black box where you don't know shait what's happening there: you only see your traffic coming in and knowing it's coming out because you can connect to your end-point. But what happens in the middle is a complete mystery (I would love to say "what flows through a VPN infrastructure remains there", really would love to say that but that would be completely foolishness). Now: can you imagine connecting for years to come to the same service which may or may not honor their part of the contract? If there's something I'm well aware of is that we aren't precisely living in a world of jumping unicorns and singing butterflies. Your choice.
- - Privacy: if you really want to go dark (for whatever reasons, I'm no one to judge) then take the minimum precautions for that Most VPN services can be hired using crypto$ (no, Bitcoin isn't anonymous -- well... MAYBE if you know how); you should do that from an IP that can't be related back to you, use, a disposable email (beware, of course), etc. Most of the times such extreme precautions aren't necessary until you're in something shady or are a security researcher. You should be well by simple staying away from any of the 14 eyes countries.
- - A nice place to check your IP, your DNS, WebRTC and all that stuff is IPLeak.net <3
- - If you are a Mac user I highly recommend you Gas Mask (how it isn't hunted yet!?) found at http://clockwise.ee to easily manage malware / gambling / adult blacklists (these are awesome: https://github.com/StevenBlack/hosts)
- - "Killswitches" enforces all traffic in your devices to be routed through the active VPN connection and automatically drops all communications if for whatever reason the VPN connection is dropped. This ensures that there won't be any leak of information in the meantime between you actually start a VPN connection and the connection is made (of course this can be done manually using the built-in firewall shipped with your OS, but it's cumbersome).
- - Run your own VPN server: yes, you will need some knowledge about *nixes operating systems and networking but it isn't as nearly as complicated as it may seem. In fact, provided you have the time to sit down and read any of the plenty tutorials on the subject I have no doubt you will end setting up your own VPN server.
- - Last: using a trusted VPN service (PIA? NordVPN? Freedome? blackVPN?) to regain online anonymity and safety is just the tip of the iceberg. Sure, it's something that everyone should be using, but nonetheless one part of the problem. In https://prism-break.org, https://eff.org and https://fsf.org you will find lots of information to correctly educate yourself on the subject.
- As with everything else in life there's always a compromise between choices and the balance between Security vs Usability isn't the exception - you will likely have to learn new habits _specially_ when talking about security and usability. In the end it's up to the user to understand that there isn't any magical solutions and that a minimum of knowledge and effort is needed in order to make the most out of those choices.
- Choose the right stuff for you. Take care.
RAW Paste Data