Virtual private networks (VPNs) are increasing in popularity amongst internet users. But what the heck are they?
Photo by Michel Spingler/AP.
A virtual private network encrypts your traffic before it leaves your device, and that data stays encrypted while it goes through your ISP's network. Once it reaches the VPN's server, it then decrypts the data then sends it off to the internet at large. It's a middleman between you and the internet. So your ISP can only see a bunch of encrypted traffic that looks like random characters. To your ISP, using a VPN all the time looks like you only visit one web site. They'd have no idea what you're looking at on the internet. VPNs are subscription services that range from free to around $13/month.
For the uninitiated, VPN (virtual private network) software effectively encrypts your online activity to mask your IP address, allowing you to surf the web free from the prying eyes of eavesdroppers, hackers, and government agencies. VPNs come in all shapes and sizes with their own unique strengths and weaknesses. It's up to us to take online privacy into our own hands — and VPNs are the best way to do it.
Historically, VPNs are most popular for security. Businesses use them because it's an easy way for remote employees to access their work network securely when they're away. That same security goes for the rest of us too, especially when we're using public Wi-Fi. I've used a VPN while travelling at hotels or working from coffee shops for a very long time.
VPNs are also a popular means to get around geo-restricted content or government blackouts. A provider can host a VPN anywhere in the world, and wherever that VPN is, that's where you'll appear to the internet. So, if you use a VPN in England, you can access the the UK version of the internet, including all that BBC content you've been dying to watch. If you're in North Korea, you can circumvent that country's censorship. VPNs do not provide anonymity, they merely encrypt your traffic, making it hard for a third-party snooper to see what web sites you visit.
VPNs are all the rage today, but they're no magic bullet. The hotter these things get, the shadier the business practices will be, and nobody can stop them.
A VPN knows as much about your web traffic as your ISP would. A VPN might hide that traffic from the ISP, but they could be collecting and selling that same data themselves. Worse, VPNs aren't regulated and there's no strong peer review system, which means it's hard to find one that's trustworthy. A lot of VPN software is free and open source, which means anyone with reasonable technical skills can set one up and charge you to access it pretty easily. If you want to display your tin foil hat proudly for a second, there's even the possibility that the VPN companies are collecting and selling data to government, or heck, maybe they're even run by governments, because why not at this point.
Case in point, earlier this year, researchers released a white paper that found that 18 per cent of Android VPNs didn't encrypt traffic at all. Why? Because they don't have to. They can do whatever they want. Sure, once they're caught, they go out of business, delete their apps, and disappear, but they can pop up in another form as quickly. Encryption is only one piece of that puzzle. Security is important, but so is privacy. If your VPN provider is logging all your traffic and selling it, then they're no better than your ISP.
We've broken down a system for finding a reliable VPN before, so I won't repeat that here, but the short version is: Free is almost always bad news, and do your research before you subscribe to a VPN provider. That One Privacy Site has a massive list of VPNs that includes what country they're based in (which also means what jurisdiction they fall under), whether the VPN logs traffic, whether it logs IP addresses, and whether it accepts anonymous payment methods. For our take, we've found Private Internet Access, SlickVPN, NordVPN, Hideman and Tunnelbear have all been reliable and transparent over the years. Remember, it isn't just your home internet provider that's collecting this data, it's your mobile phone provider too, so you'll need to use a VPN at home and on the go to get around this.
If you don't want to trust your data to a third-party VPN, I don't blame you, but creating your own solution isn't exactly simple. To roll your own VPN that's useful for circumventing your own ISP's data tracking, it needs to be off-site. That means you'll need to host it on a web server. Popular options for doing so include Streisand, Sovereign, OpenVPN and AutoVPN. Streisand is the simplest of these tools, but you'll still need to know how to set up an Ubuntu server on DigitalOcean or the other providers they support, and you'll need some technical know-how to do it. Also, while the software itself is free, the web server isn't. You will at least get the peace of mind that your VPN is fully under your control though.
To further secure your privacy, more sites could make the switch from HTTP to HTTPS, which secures your connection to a web site. It also makes it harder for your ISP to see what you're doing on any web site, as they can only see that you're at YouTube, not which video you're on. This isn't easy by any means. Last year, Wired detailed their process and they ran into a lot of problems. Adding the HTTPS Everywhere browser extension is great for the tech-minded amongst us, but my mum, who also doesn't want her ISP tracking her, isn't going to do that.
Finally, to state the obvious, your ISP isn't the only one tracking you. Nearly every web site, from Google to Amazon to some random blog deep in internet-land, track and collect your browsing data. They do this through cookies or scripts, and their data profiles of you are likely much more advanced than your ISPs. Using an extension like uBlock Origin or Disconnect can help block that data collection, but if you still insist on being logged into your Google account all the time, that's all for naught. This will all happen regardless of whether you're on a VPN. Remember, a good VPN only solves one part of the problem, obscuring your traffic from your ISP or from gnarly snoopers on public Wi-Fi. A ton of other places collect data about you.