The New Oil

The New Oil logo
Privacy: VPNs

Privacy: VPNs

What is a Virtual Private Network (VPN)?

A VPN is an encrypted connection from your device to the VPN provider’s server. All your internet traffic is routed through that server. Additionally, your traffic appears to be coming through that server, which can help to obscure your true IP address.

Why do I Need a VPN?

A VPN protects from local attackers. While most of the internet is encrypted, not all of it is, and unfortunately important websites like government websites are typically the worst offenders for this. While unlikely, public wifi is also susceptible to being spoofed or spied on, so a VPN can keep your traffic safe from a malicous or nosey admin. Even at home, your Internet Service Provider can see your traffic and legally can sell your browsing data to marketers or inject their own ads. A VPN also has the advantage of obscuring your IP address, which is an important piece of identifying information about you online, thus helping to protect your privacy. As a peripheral benefit, many VPN providers offer servers in multiple countries so you can bypass geographic content restrictions on sites like Netflix and YouTube.

What Should I Look For in a VPN Provider?

The most important thing is to look for a VPN provider who doesn’t keep logs. A provider who logs your activity is no better than your current internet provider in that your traffic can still be sold, censored, or spied on. Unfortunately, “no logs” is a buzzword these days, and numerous providers have been caught lying about this. The best way I’ve found to verify this claim is to search “[VPN provider] logs” on your privacy-respecting search engine of choice. If the provider has been around for any amount of time and has any positive reputation, you will likely find articles or posts confirming or denying their logging policy in some way. You’ll also be alerted to any potential accusations of logging, discussions on that claim, and other information to help you decide if the company is serious or not.

Make sure to see how the provider makes money. Running an VPN server is expensive and requires great technical knowledge. “If a product is free, you are the product.” Make sure the company has a viable business plan or else assume they are likely logging and selling your data, or worse. Never trust a free VPN unless it’s a trial (or in Proton’s case, a limited freemium business model).

Listed in alphabetical order, not order of recommendation

Pros
Cons
    Pros
    • Recently audited

    • Available on all operating systems

    • Flat rate of $5/month for all services and payment lengths

    • Anonymous payments (cash and Monero) available

    • Offers malware, tracker, and ad-blocking for all plans

    • Frequently engages in early-adoption practices to improve user privacy and security, like post-quantum safe tunnels, diskless infrastructure, numerous audits, and more.

    Cons
    Pros
    • Recently audited

    • Available on all operating systems

    • Anonymous payments (cash) available

    • Offers a limited number of free servers

    • Offers malware, tracker, and ad-blocking (paid plans only)

    • Advertises to work with streaming services such as Netflix and Disney+ (paid plans only)

    • Offers TOTP and hardware token multifactor authentication for accounts

    Cons

      Click here to see my criteria for selecting these services

      For more information on providers not listed here, see Techlore’s VPN Toolkit.

      Honorable Mention: Safing Private Network

      spn logo VPNs were never designed for privacy. They were designed to allow employees to securely connect to the company network to access company resources and intellectual property while offsite. It’s only in the last few decades that commercial VPNs became widely available to private citizens and were co-opted for privacy uses. However, this has left a significant number of inadequacies in their current protections (see Tips & Tricks below). The Safing Private Network - from Safing, the company behind Portmaster - aims to solve these problems. SPN takes a hybrid approach between a VPN and Tor to achieve to maximum user privacy while also retaining user-friendliness, speed, and stability. Some features include giving each connection a different IP address, a multi-hop node architecture, and the ability to easily split-tunnel apps with the click of a toggle. SPN is still very new technology and may contain some bugs as the developers work to mature the product, however early adopters who desire a stronger solution than traditional VPNs have to offer may wish to look into this option.

      Honorable Mention: RiseUp VPN

      riseup logo Riseup is a free offering from the nonprofit activist group RiseUp Collective. Riseup offers a free VPN service, however we have opted to listed it here instead of among our other recommended offerings because it is extremely limited in scope: you have no choice of server, location, protocol, or any other advanced features such as split tunneling, custom DNS resolver, or tracker/malware/ad-blocking. RiseUp does offer a reputable, reliable, and private VPN that should meet the most basic needs for those who need a VPN but have no budget to spare.

      DNS Leaks & Custom Resolvers

      On the How Network Communication Works page, I suggested changing your DNS resolver on your device, but I also suggested (as well as on the Securing Mobile: Replacement Apps and Securing Your Browser pages) only doing so if you don’t plan to use a VPN on your device. This is because using a different DNS resolver can cause DNS leaks. To put it simply, a DNS leak is when your DNS requests are exposed. Using the same DNS provided by your VPN provider dramatically reduces the likelihood of this happening, while in my experience using an alternate DNS with a VPN dramatically increases the likelihood. Depending your threat model, the consequences of a DNS leak could range from “virtually meaningless” to “life threatening.” To avoid DNS leaks, I suggest you avoid manually changing your DNS resolver and instead use the DNS resolver provided by your VPN provider. You should only change your DNS resolver if you do not plan to use a VPN.

      Tips & Tricks

      I recommend using a VPN on all devices whenever possible. For mobile devices, this will not hide your real location from your carrier. It will, however, fool your browser and some apps, and it allows for a secure, encrypted connection - even from your carrier - at all times.

      Please note that a VPN is not anonymous. Many companies will advertise that using a VPN will make you invisible to various potential snoops, but VPN protections can be defeated in a variety of ways and do not protect against other advanced tracking features like cookies and browser fingerprinting. VPNs do exactly two things: they change your IP address and they create an encrypted tunnel. They will not block trackers or malware (though some providers employ DNS-based blocking to mitigate some - but not all - of these risks), they will not make you anonymous, and they will not speed up your connection. In some cases they can help with unblocking content that is restricted based on your location because of the changed IP address, but true anonymity is difficult and complicated to achieve online depending on your activites and goals. Please see my notes about the Tor Browser for more information on this.