VPN is a way of ensuring privacy when using private and public networks such as the internet and WiFi hotspots. It works by connecting a user’s computer (which may be a mobile device such as a phone of tablet as well as the more traditional desktop or laptop PC) to a VPN server via an ‘encrypted tunnel’.
Example setup without VPN: Home PC -> ISP -> Internet
Example setup with VPN: Home PC => ISP => VPN server -> Internet
Once data has entered the VPN tunnel (=…=) it is hidden from view by encryption protocols (usually IPsec or OpenSSL, see here for more details) which mean that no-one, not even the Internet Service Provider (ISP), can ‘see’ it. The only computers that can see the data are the ones at each end of the VPN tunnel.
An external observer will only see data entering and leaving the IP address of the VPN server, but will not be able to determine any details about the computer at the other end of the tunnel. An ISP on the other hand can see that a customer’s computer is connected to a VPN server, but cannot see what data is being transmitted thanks to the encryption used (although it can see how much).
VPN is therefore a highly secure method of accessing the internet anonymously and securely (it also has business uses, which we will discuss briefly later).
In a world in which governments in even supposedly ‘free democracies’ such as the United States (CISPA Cyber Intelligence Sharing and Protection Act) and the UK (Communications Data Bill) want to implement wide ranging legislation to spy on every aspect of their own citizens online life, and where oppressive regimes such as China and Iran try to prevent their citizens from free access to the internet, personal use of VPN is rapidly increasing in popularity.
People use VPN for a number of reasons:
- To circumvent restrictive firewalls. This can be for anything from accessing Facebook using the school or business Local Area Network (LAN), to bypassing the internet censorship of The Great Firewall of China
- To provide a secure connection over public WiFi. Public hotspots can be a hacker’s paradise as ‘data snooping’ such unsecured connections is both very easy and very common
- They are privacy activists. Even when doing nothing on the internet that requires hiding, many people believe in the right to privacy, and are prepared to defend this right by using a VPN service
- Watching web TV and on-demand music streaming services from abroad. Many web TV services are geo-locked to their country of origin. Prominent example of this are Hulu and Netflix which can only be watched by viewers in the united States, and BBC iPlayer and 4oD which can only be watched by UK residents. In addition to this, on-demand radio services such as Pandora and Spotify are similarly geo-locked. Because a VPN user’s IP address always appears to the outside world as the IP of the VPN server he or she is using, if a server is located in a particular country then the user appears to be accessing the internet from that country too. Therefore anyone using a VPN server located in the US can access Hulu or Pandora as if they were actually in the US themselves. VPN providers typically have servers in a number of different counties.
- For P2P filesharing. Despite many arguments and much evidence that P2P filesharing is not damaging the entertainment industries (and is arguably doing the opposite), these industries are putting pressure on to governments and pursuing individuals identified as filesharers in an increasingly militant way (not even to mention the huge rise copyright troll legal sharks). Even legal torrent users are being a tarred with the same brush and receiving sanctions form ISPs keen to demonstrate a hard line attitude towards copyright infringement
- Any other activity that involves wanting to remain anonymous when online
Using a VPN provider is a very secure means of remaining anonymous when using the internet, with the weak points coming at either end of the encrypted data tunnel. The user end is usually secure enough as data cannot be traced to it, although police can seize and examine computers for unrelated reasons. However, as police are only very interested in highly illegal activity, this should not be a concern for most.
More important is the fact that a VPN server can see the traffic that passes through it. If any record of this traffic is kept (logs) then it can be handed over to authorities, something that some ISP’s have been only too happy to do. The only way to ensure that an ISP will not hand over data is to only use an ISP that keeps no logs, so that in the event it is asked or forced to, it has nothing to hand over. We discuss this in more detail here.
The other main concern for ordinary users when connecting by VPN is that is does slow down an internet connection. The data has to be sent via the users ISP to the VPN server, be encrypted, go to whatever websites etc. the user is visiting, and then return by the same way. In practice, if the VPN server is not too geographically distant (e.g. anywhere in Europe for a European user), then the slowdown is usually so minimal it’s unlikely to be noticed, but if someone is connecting to a server in California from Europe, then they may experience considerable lag.
As today’s world lurches ever more towards being a ‘surveillance society’, more and more people are using VPN to maintain their rights to privacy and to access resources denied them by censorship and unreasonable and counterproductive copyright limitations (why should some countries have access to television programs months before others for example). It does (usually) mean handing over some money, but at typically less than $10 a month, what price freedom?
VPN for business
This website is primarily concerned with reviewing and discussing ‘home’ VPN services for private use. However, for the sake of completeness and to help clear up any confusion that the presence of business VPN services on the internet may bring, we’ll have quick look at how VPN is used in business.
Many businesses use VPN as a method for employees to securely connect their home PC’s or laptops to a company intranet (internal Wide Area Network). In this case the VPN server acts as a gateway between the company WAN and the internet.
Example incoming business VPN setup: Laptop => Employee’s ISP => VPN server -> Company WAN and resources
Example outgoing business VPN: Company WAN and resources -> Laptop ==> VPN server -> Businesses ISP -> Internet
As you can see, the fundamental concepts remain the same, but instead of providing anonymity for its users, the function of a business VPN is to allow to access company resources from the internet without compromising internal security.
Update 27 May 2014: While accurate, this article was written before Edward Snowden’s revelations about ubiquitous mass surveillance on a global scale by the United States National Security Agency (NSA), and its Five Eyes spying partners . These revelations have fundamentally changed the nature of the debate on online privacy, and have proved more than ever that securely encrypting one’s internet connection is vital if privacy is to have any meaning.
We simply cannot trust our government’s to look after our best interests or to respect our most fundamental human rights, and it is through the use of technologies such as VPN that ordinary people can take a measure of control back. We should note however that while VPN can be highly effective at evading dragnet surveillance, if the insanely powerful and well resourced NSA (or similar organization) singles an individual out, it is unlikely they can do much to protect themselves against it.