To VPN or not to VPN

Have you ever questioned if virtual private networks (VPNs) provide adequate privacy and security?

Do you trust your VPN?

There has always been something suspicious about VPN, because instead of trusting your own ISP, you choose to trust some guys somewhere in the world and an unknown ISP.

VPNs are supposed to hide your data from third-party eavesdroppers, but many free VPNs will sell your data to others. Third-parties typically use this information to better target ads to individuals. So instead of protecting your data, many VPNs pawn off your data to the highest-paying organization.

Promoting online security and Privacy as being all about VPNs is like telling people health and wellbeing is all about face masks.

Promises or scare tactics like: “Unless you utilize legitimate programs, malicious websites can infect your devices with malware.” Or “Keep your activity and identity private while you browse, stream, email or download. Protect all of your devices with just one click.” make it seem that a VPN will solve all your security issues.  It will not.

It’s already Safe

Many think that VPNs are what is needed to stay private and secure, but in reality, they are paying for slower speed and time spent training machine learning algorithms while there isn’t even a real added security value.

Most of web browsing is already encrypted without a VPN, and securing DNS traffic in Firefox or Chrome is literally just a click away.  Unlike in the internet’s early days when everything was sent in clear text nearly all websites nowadays are secured and only send data over a safe HTTPS connection

But I should hide IP address when surfing!

When your device talks to a website, it sends packets tagged with a source and destination IP. These travel from your device and a series of ISPs to reach the final website. Anything logging traffic in between can see your source IP address, which can get geolocated to within a few zip codes away from your home.

Unless if you have a fixed IP address your IP address will be shared by hundreds of other people over time and changes regularly, so it will not be possible to find your exact location just based on your IP address but it will most likely be able to detect which area you are in.  

With a VPN tunnel, the original packet gets encrypted and wrapped in another IP header. With the VPN server as the destination, the server will unwrap the packet and forward it through its own ISP using its own IP address as the source. Devices sitting before the VPN server can see your source IP but not the destination. Devices sitting after can see the destination but not the source.

Not only your IP address, Google Analytics cookies or social media plugins, but also ETags, HTML 5 local storage, single Pixel web beacons, JavaScript and device tokens provided from your smartphone are used to identify you and tie multiple accounts and devices back to you for tracking purposes.

Just like pieces of a puzzle: If you’re at your local Star Bean coffee shop using their Wi-Fi, Google is registering your hardware address, location timestamp, true IP, Google accounts and services, then correlating that with your internet usage.

And if you’re the government, you can just buy or ask for that data.

2 VPN || ! 2 VPN

You shouldn’t use a VPN to:

  • Encrypt your traffic: Most common sites support HTTPS so your traffic is already encrypted. Encrypting your DNS queries is becoming standard too in web browsers.
  • Hide your identity: There is already a wealth of other metadata present in your network packets to follow you. Advanced software can correlate them to track and discover your location.

There are some cases where using a VPN does make sense though.

  • You want to mask your IP address.
  • Circumventing IP blocks to watch Netflix
  • Getting around national firewalls
  • Bypassing download limits
  • Performing offensive security assessments
  • Conducting OSINT and research

How to do it right

If you do need a VPN, the best option is to do-it-yourself. Tunnel back to a home server or set up your own cloud server.  Open-source software like Wireguard, Shadowsocks, and SSH make this relatively easy.

Peplink routers offers a very easy way to create your own private VPN and run it either via Peplink’s own Speedfusion cloud servers or even through your own Peplink Fusion Hub on any Cloud Service of your choice or even your own home or office servers.

Alternatively, you can set up your own VPN between 2 devices by using Wireguard. WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs), and was designed with the goals of ease of use, high speed performance, and low attack surface. It aims for better performance and more power than IPsec and OpenVPN.

Leave a Reply